[82798] in North American Network Operators' Group
Re: Provider-based DDoS Protection Services
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Jul 29 03:11:18 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: John Neiberger <jneiberger@gmail.com>
Cc: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@nanog.org
Date: Fri, 29 Jul 2005 09:10:06 +0200
In-Reply-To: <547ad0fe0507281859121570d7@mail.gmail.com> (John Neiberger's
message of "Thu, 28 Jul 2005 19:59:27 -0600")
Errors-To: owner-nanog@merit.edu
* John Neiberger:
> Protect thyself how? For DDoS protection to work, the nasty traffic
> must be stopped before it gets to my access circuits. Once it gets
> close enough for me to do anything about it directly it's too late.
It depends. Quite a few DoS attacks are not based on bandwidth
saturation or network device overload. On the other hand, if you
address the easy ones within your own network, the attackers might
switch to types which you can't deal with on your own. 8-(
Anyway, you should examine *why* you (or your customers) are attacked,
and address that. Everything else is likely cost-effective. Of
course, this might mean you have to do without some revenue if you
have customers that are DoS magnets for some reason.
