Re: Provider-based DDoS Protection Services

[John Neiberger <jneiberger () gmail com>]

In this case it's a business decision. I understand that we could
simply weigh the costs of an attack with the costs of preemptively
detecting and mitigating an attack, but in our case we won't lose hard
dollars like an ecommerce site would. We have different reasons for
wanting to have some protection in place before we need it. I look at
it like it's an insurance policy, but I don't want to be ripped off.

It's like I'm getting estimates on building a protective dike around
my house. One contractor tells me that the floodwaters commonly reach
six feet so I should pay him $12,000 to build a wall at least that
high. Another contractor is telling me that he'll build a six-foot
wall for $6,000. Another contractor is telling me that the floodwaters
most likely won't go over two feet and he suggests that I pay him
$1,000 for a three-foot-high wall.

If it turns out that we really do need a six-foot-high wall then so be
it. I'm not the one who pays the bills so it isn't really my decision.
I just want to make sure I have a clearer picture of reality before I
make any suggestions to my boss.

Thanks again,
John

On 7/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:
> I should've asked the most important question first -- is this
> a technical decision, or a business decision? I mean, forgive me
> for pointing out the obvious, but you made an issue of cost in your
> original post...
>
> - ferg
>
> -- John Neiberger <jneiberger () gmail com> wrote:
>
> Protect thyself how? For DDoS protection to work, the nasty traffic
> must be stopped before it gets to my access circuits. Once it gets
> close enough for me to do anything about it directly it's too late.
>
> The problem is that I don't know enough about DDoS traffic patterns to
> make an accurate assessment of these statements, which is why I asked
> the question here. I'll be doing other research on my own, of course,
> but I thought I'd check here first.
>
> Many thanks,
> John
>
> On 7/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:
> > They're all lying... or telling the truth.
> >
> > Dependent upon their _own_ business models.
> >
> > I'd say: protect thy self.
> >
> > - ferg
> >
> >
> >
> > -- John Neiberger <jneiberger () gmail com> wrote:
> >
> > I've been talking to various providers about their DDoS detection and
> > mitigation services and I'd like to get some opinions about what I'm
> > hearing.
> >
> > One provider prices their product based on how much traffic you will
> > need to mitigate during an attack. The sales engineers say that most
> > DDoS attacks are in the 2-3 Gbps range so, of course, they recommend
> > that you pay for that much protection at great cost.
> >
> > Another provider (using the exact same hardware and software) costs
> > about half as much per month.
> >
> > Yet another provider (again, using exactly the same hardware and
> > software) has much more flexible pricing that is far more attractive,
> > but that's because their engineers state that DDoS attacks are usually
> > sized to match the size of the network they're attacking. For example,
> > according to this sales engineer, attackers usually won't launch a 3
> > Gbps attack on someone who only has a handful of T1 circuits. So, this
> > provider's pricing looks much more attractive to end-users who have
> > smaller circuit size requirements. If you have a single T1, for
> > example, you could buy 50 Mbps of protection and they say that's
> > enough.
> >
> > What do you think? Is the first vendor closer to telling the truth, or
> > is the third vendor? Or, is there really just no way of knowing ahead
> > of time so you might as well pay for the most protection you can
> > afford?
> >
> > Thanks,
> > John
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  Engineering Architecture for the Internet
> >  fergdawg () netzero net or fergdawg () sbcglobal net
> >  ferg's tech blog: http://fergdawg.blogspot.com/