[145824] in North American Network Operators' Group
Re: Outsourcing DDOS
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Oct 24 15:54:01 2011
In-Reply-To: <4EA5BCAB.30702@shortestpathfirst.net>
Date: Mon, 24 Oct 2011 15:53:07 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Stefan Fouant <sfouant@shortestpathfirst.net>
Cc: samuel.cunningham@wellsfargo.com, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 24, 2011 at 3:29 PM, Stefan Fouant
<sfouant@shortestpathfirst.net> wrote:
> On 10/24/2011 1:54 PM, Andreas Echavez wrote:
>
>> obviously they will get blocked. My personal experience is that when
>> you're
>> dealing with a DoS at the scale that you need Prolexic, there is simply =
no
>> one else that can handle that level of traffic.
>
> Andreas,
>
> I think there are a lot of people on this list that would argue with that
> statement. =A0As was mentioned earlier, AT&T, Verizon, and several others
> including Verisign have very ample networks capable of handling attacks j=
ust
> as large as Prolexic, if not bigger.
>
> One thing to note about Prolexic, where it stands out from some of the
> others is that it is a completely off-net solution. =A0Many of the other
> offerings from folks like Verizon require you to have WAN circuits connec=
ted
> to their network in order to avail of such a service (in other words, the=
y
> will only scrub that which would normally traverse their network on it's =
way
> towards your WAN interface).
>
> Others like Verisign have (smartly) adopted a similar model to that of
> Prolexic. =A0They understand that requiring a physical connection into a
> provider's cloud is a monolithic approach (and certainly runs counter to
> today's mantra of offering up cloud-based services).
>
but... often the cost of scrubbing includes the cost of transit
to/from the remote provider, which is why 'cheapest' only counts for
an entire process, NOT for 'lookie, I bought the service!'.
either way, folks will learn one way or the other which works for them.
-chris
> Stefan Fouant
> JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
> Technical Trainer, Juniper Networks
>
> Follow us on Twitter @JuniperEducate
>
>
