Re: [SECURITY] Application layer attacks/DDoS attacks

[jim deleskie <deleskie () gmail com>]

While I don't think any ISP "wants DDoS" to make $$, I do based on
experience believe that business cases have to be made for everything.
With the prices pay for BW in most of the world now, ( or the last number
of years) its going to be VERY hard to get anyone to allocated time/$$ or
energy to do anything they don't need to, to get the bit to you.

-jim

On Sat, May 23, 2015 at 6:33 PM, Ramy Hashish <ramy.ihashish () gmail com>
wrote:

> Yes Harlan, you are absolutely right, even if this won't stop the
> botnet-based DDoS attacks, but at least will significantly decrease the
> volume/frequency of the volume based attacks.
>
> On the other side, the DDoS protection now become a business where
> all-tiers ISPs make money of, and those ISPs is the exact place where the
> implementation of anti-spoofing make the best sense, conflict of interests
> now...
>
> However, the trusted network initiative might be a good approach to start
> influencing operators to apply anti-spoofing mechanisms.
>
> Salam,
>
> Ramy
> On 23 May 2015 10:48 pm, "Harlan Stenn" <stenn () ntp org> wrote:
>
> Just to ask, what is the expected effect on DDoS attacks if folks
> implemented BCP38?
>
> How does the cost of implementing BCP38 compare to the cost of other
> solution attempts?
>
> H