[68182] in North American Network Operators' Group
RE: UUNet Offer New Protection Against DDoS
daemon@ATHENA.MIT.EDU (Lumenello, Jason)
Thu Mar 4 13:04:52 2004
Date: Thu, 4 Mar 2004 13:03:55 -0500
From: "Lumenello, Jason" <jlumenello@xo.com>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: "Suresh Ramasubramanian" <suresh@outblaze.com>,
"Randy Bush" <randy@psg.com>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> -----Original Message-----
> From: Christopher L. Morrow [mailto:christopher.morrow@mci.com]
> Sent: Thursday, March 04, 2004 11:50 AM
> To: Lumenello, Jason
> Cc: Suresh Ramasubramanian; Randy Bush; nanog@merit.edu
> Subject: RE: UUNet Offer New Protection Against DDoS
>=20
>=20
> On Thu, 4 Mar 2004, Lumenello, Jason wrote:
>=20
> >
> > No, but it sounds like SLA payouts are made in the event that they
fail
> > to respond in 15 minutes after a call is made. Maybe I am
>=20
> fail to get you in touch with 'security expertise' in 15 minutes...
>=20
> > misinterpreting their SLA, but this seems much different then
offering
> > blanket payments for DoS down time.
> >
>=20
> downtime is seperate from this SLA.
>=20
> > I will give them credit for guaranteeing a response in 15 minutes or
> > less. Now is a response the opening of a ticket or the null routing
of
> > the attack traffic in 15 minutes?
>=20
> Just speaking to an engineer that can help you. There is no way to
> guarantee and end to a DoS in any reasonable amount of time ;( For
> instance, Suresh's main 'job' is email, so null routing his MX hosts
will
> stop the attack, but it is hardly desirable, eh? Same for filtering
tcp/25
> syn packets :(
>=20
> There is no magic here, you all are smart enough to understand how DoS
> works, how to stop it and the complications inherent in both.
Well, kudos to you guys for raising the SLA bar to include this
provision then.
Jason
