[82785] in North American Network Operators' Group
Re: Provider-based DDoS Protection Services
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Thu Jul 28 22:50:35 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Fri, 29 Jul 2005 02:47:34 GMT
To: jfeger@feger.net
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
As I said, previously, I'm afraid I can't be much help here.
There are methods to protect oneself whether you are a home user,
an SMB, or a lerge-ish entity...
If it comes to down to business decisons, then do whatever
business dictates.
But me -- I'm an engineer/instigator. ;-)
- ferg
-- James Feger <jfeger@feger.net> wrote:
On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote:
>
> John,
>
> Contrary to popular belief, I (not alone, of course) run,
> manage, defend, and continually architect very large
> networks. Very large. On none of them do we outsource
> the protection of them -- because, in cases where we
> have extended trust in the past, we have been screwed
> (PC translation: disappointed).
>
> So we protect ourselves.
>
> It's been a business decision for my customers' networks
> (ie. their network) not to outsource security, or rely on
> an upstreampipedream, for protection of any sort.
>
> Thus, I personally can't provide any insight here. Sorry.
>
> - ferg
>
Ferg,
Not everyone is in a position to have anetwork large enough to be
"self-defending". I think he has clearly stated they are not in a
position from a capacity standpoint to self-defend. If he has a few sites
with some T1's or DS3's or whatever, his goal is to not stop the traffic
at his router, but not ever allow the traffic onto his pipe.
I too have been involved in large, very large, networks and we used to see
it happen everyday. Customers with OC12's getting smoked off the planet
because of some kiddie made someone else mad in IRC. If the upstream
offers a "value add" service such as DoS protection, why balk at it?
-j
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
