nanog mailing list archives
RE: D/DoS mitigation hardware/software needed.
From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Mon, 11 Jan 2010 11:14:08 -0500
-----Original Message----- From: Rick Ernst [mailto:nanog () shreddedmail com] Sent: Monday, January 11, 2010 10:39 AM To: NANOG Subject: Re: D/DoS mitigation hardware/software needed. As a service-provider/data-center, it seems like outsourcing would be either ineffective and/or removes the "big red button" in case of trouble. Am I missing something, overly paranoid, or are there other mechanisms for outsourced protection?
In fact, quite the opposite. Those providers who do offer DDoS mitigation services usually allow the customer to trigger the redirect in a manner similar to RTBHs by substituting the blackhole community for some type of mitigation community. This causes the Provider's edge router (or Route Server) to advertise the affected route within the Service Provider's network with a next-hop of the scrubbers. There are some providers who do auto-mitigation on behalf of the customer, but IMO this approach is asking for trouble. Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Current thread:
- RE: D/DoS mitigation hardware/software needed., (continued)
- RE: D/DoS mitigation hardware/software needed. Raj Singh (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. kowsik (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Martin Hannigan (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 05)
- Re: D/DoS mitigation hardware/software needed. jul (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 10)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. jul (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)