[160164] in North American Network Operators' Group
Re: Ddos mitigation service
daemon@ATHENA.MIT.EDU (Pierre Lamy)
Fri Feb 1 11:23:00 2013
Date: Fri, 01 Feb 2013 11:22:42 -0500
From: Pierre Lamy <pierre@userid.org>
To: James Thomas <jim@nimblesec.com>
In-Reply-To: <510BE3EA.1010009@nimblesec.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I'm aware that they exist but don't have any knowledge or experience
with CloudFlare.
if you're considering using them, I would ask them for a list (under
NDA) of what large enterprises use them, what their POPs are - global is
good - and for any analytical product they have relating to DDoS that
they have mitigated and investigated. Also a procedure guide on how you
would engage them in event of a DDoS. You should really be asking a lot
of questions before signing anything with anyone, and once you select
one - TEST IT!!! A lot of orgs do not test their mitigation processes.
The total time to mitigation if you're not already swung to a provider,
should be down to 30 mins to an hour, this is reasonable for detection
to full mitigation in large companies. Without running through an
exercise, companies will find that mitigation takes 1-4 hours. It's also
highly recommended that you have incident handlers who are able to make
big decisions.
-Pierre
On 01/02/2013 10:48 AM, James Thomas wrote:
> Hi Pierre,
>
> Thank you for your interesting note.
>
> On 01/02/2013 09:57, Pierre Lamy wrote:
>> The 3 major scrubbing vendors:
>>
>> Prolexic
>> Verisign
>> Akamai
> IIRC, CloudFlare claims to the same capcity of DDOS mitigation as
> Prolexic (500gb) and also has a free option with fewer scrubbing
> features. Do you have experience with it, or is there some other reason
> to have excluded it from your list? I apologize for my noobish question.
>
> Cheers,
>
> James
>
