nanog mailing list archives

Re: Provider-based DDoS Protection Services

From: John Neiberger <jneiberger () gmail com>
Date: Thu, 28 Jul 2005 19:59:27 -0600


Protect thyself how? For DDoS protection to work, the nasty traffic
must be stopped before it gets to my access circuits. Once it gets
close enough for me to do anything about it directly it's too late.

The problem is that I don't know enough about DDoS traffic patterns to
make an accurate assessment of these statements, which is why I asked
the question here. I'll be doing other research on my own, of course,
but I thought I'd check here first.

Many thanks,
John

On 7/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:

They're all lying... or telling the truth.

Dependent upon their _own_ business models.

I'd say: protect thy self.

- ferg



-- John Neiberger <jneiberger () gmail com> wrote:

I've been talking to various providers about their DDoS detection and
mitigation services and I'd like to get some opinions about what I'm
hearing.

One provider prices their product based on how much traffic you will
need to mitigate during an attack. The sales engineers say that most
DDoS attacks are in the 2-3 Gbps range so, of course, they recommend
that you pay for that much protection at great cost.

Another provider (using the exact same hardware and software) costs
about half as much per month.

Yet another provider (again, using exactly the same hardware and
software) has much more flexible pricing that is far more attractive,
but that's because their engineers state that DDoS attacks are usually
sized to match the size of the network they're attacking. For example,
according to this sales engineer, attackers usually won't launch a 3
Gbps attack on someone who only has a handful of T1 circuits. So, this
provider's pricing looks much more attractive to end-users who have
smaller circuit size requirements. If you have a single T1, for
example, you could buy 50 Mbps of protection and they say that's
enough.

What do you think? Is the first vendor closer to telling the truth, or
is the third vendor? Or, is there really just no way of knowing ahead
of time so you might as well pay for the most protection you can
afford?

Thanks,
John

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

Provider-based DDoS Protection Services John Neiberger (Jul 28)
- <Possible follow-ups>
- Re: Provider-based DDoS Protection Services Fergie (Paul Ferguson) (Jul 28)
  - Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
    - Re: Provider-based DDoS Protection Services Florian Weimer (Jul 29)
    - Re: Provider-based DDoS Protection Services Suresh Ramasubramanian (Jul 29)
    - Re: Provider-based DDoS Protection Services Florian Weimer (Jul 29)
    - Re: Provider-based DDoS Protection Services Petri Helenius (Jul 29)
    - Re: Provider-based DDoS Protection Services Suresh Ramasubramanian (Jul 29)
- Re: Provider-based DDoS Protection Services Fergie (Paul Ferguson) (Jul 28)
  - Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re: Provider-based DDoS Protection Services Fergie (Paul Ferguson) (Jul 28)
  - Re: Provider-based DDoS Protection Services James Feger (Jul 28)
  - Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)

(Thread continues...)