[145823] in North American Network Operators' Group
Re: Outsourcing DDOS
daemon@ATHENA.MIT.EDU (Stefan Fouant)
Mon Oct 24 15:30:58 2011
Date: Mon, 24 Oct 2011 15:29:47 -0400
From: Stefan Fouant <sfouant@shortestpathfirst.net>
To: Andreas Echavez <andreas@livejournalinc.com>
In-Reply-To: <CAJ0NkqjQMRr=b7tkvmRyaY=i-up0nvXNLtar=+Hg=U-gA6AQAA@mail.gmail.com>
Cc: samuel.cunningham@wellsfargo.com, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10/24/2011 1:54 PM, Andreas Echavez wrote:
> obviously they will get blocked. My personal experience is that when you're
> dealing with a DoS at the scale that you need Prolexic, there is simply no
> one else that can handle that level of traffic.
Andreas,
I think there are a lot of people on this list that would argue with
that statement. As was mentioned earlier, AT&T, Verizon, and several
others including Verisign have very ample networks capable of handling
attacks just as large as Prolexic, if not bigger.
One thing to note about Prolexic, where it stands out from some of the
others is that it is a completely off-net solution. Many of the other
offerings from folks like Verizon require you to have WAN circuits
connected to their network in order to avail of such a service (in other
words, they will only scrub that which would normally traverse their
network on it's way towards your WAN interface).
Others like Verisign have (smartly) adopted a similar model to that of
Prolexic. They understand that requiring a physical connection into a
provider's cloud is a monolithic approach (and certainly runs counter to
today's mantra of offering up cloud-based services).
Stefan Fouant
JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
Technical Trainer, Juniper Networks
Follow us on Twitter @JuniperEducate
