[80703] in North American Network Operators' Group
RE: DOS attack tracing
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Tue May 10 10:53:48 2005
Date: Tue, 10 May 2005 10:53:17 -0400
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "Suresh Ramasubramanian" <ops.lists@gmail.com>
Cc: "Kim Onnel" <karim.adel@gmail.com>,
"Scott Weeks" <surfer@mauigateway.com>, <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com]
> Sent: Tuesday, May 10, 2005 8:06 AM
> To: Hannigan, Martin
> Cc: Kim Onnel; Scott Weeks; nanog@merit.edu
> Subject: Re: DOS attack tracing
>=20
>=20
> On 5/10/05, Hannigan, Martin <hannigan@verisign.com> wrote:
> > DDOS' is rather infrequent to zero for most enterprises. That DDOS
> > golden banana is rather yummy with sprinkles on top. Don't=20
> get me wrong,
> > the DDOS problem is real, but not for everyone, and not as=20
> frequently as
> > it's being hyped up to be. A managed service is a better way
> > to go if they're worried, IMO.
>=20
> There's also the "minimze risk" thing .. take a conscious business
> decision not to host one of the typical DDoS magnets (dont allow
> people to run IRC bots on your colo farm, for example)
There's two classes of discussion here. One for service providers
who should have DDOS defense, and one for enterprises who should have
risk mitigation in mind. I think that operators should have DDOS defense
capabilities for themselves and their customers, and I think that =
enterprises
should seriously evaluate their need for a full blown implementation of =
a=20
DDOS solution based on a solid risk analysis.=20
As far as DOS tracing goes, using the freeware tools locally, and either
buying and/or subscribing to a ddos defense service make sense as much
as it makes sense to analyze the cost and your own capability as well as
your providers capability to quickly and successfully defend against a =
DDOS.
-M<
=20
