[82776] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Provider-based DDoS Protection Services

daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Thu Jul 28 21:49:16 2005

From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Fri, 29 Jul 2005 01:45:17 GMT
To: jneiberger@gmail.com
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu


They're all lying... or telling the truth.

Dependent upon their _own_ business models.

I'd say: protect thy self.

- ferg



-- John Neiberger <jneiberger@gmail.com> wrote:

I've been talking to various providers about their DDoS detection and
mitigation services and I'd like to get some opinions about what I'm
hearing.

One provider prices their product based on how much traffic you will
need to mitigate during an attack. The sales engineers say that most
DDoS attacks are in the 2-3 Gbps range so, of course, they recommend
that you pay for that much protection at great cost.

Another provider (using the exact same hardware and software) costs
about half as much per month.

Yet another provider (again, using exactly the same hardware and
software) has much more flexible pricing that is far more attractive,
but that's because their engineers state that DDoS attacks are usually
sized to match the size of the network they're attacking. For example,
according to this sales engineer, attackers usually won't launch a 3
Gbps attack on someone who only has a handful of T1 circuits. So, this
provider's pricing looks much more attractive to end-users who have
smaller circuit size requirements. If you have a single T1, for
example, you could buy 50 Mbps of protection and they say that's
enough.

What do you think? Is the first vendor closer to telling the truth, or
is the third vendor? Or, is there really just no way of knowing ahead
of time so you might as well pay for the most protection you can
afford?

Thanks,
John

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg@netzero.net or fergdawg@sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/


home help back first fref pref prev next nref lref last post