nanog mailing list archives
Re: Provider-based DDoS Protection Services
From: John Neiberger <jneiberger () gmail com>
Date: Thu, 28 Jul 2005 20:50:15 -0600
Ferg, That's an understandable attitude given the nature of your networks. In our case, I'm just talking about two or three T1s that provide Internet connectivity to our website for our customers. I appreciate your input, though. I will accept all advice and input if it gets me closer to a better understanding of the realities of topic at hand and if it helps weed out some of the marketing fluff that's being heaped upon me by salespeople. :) Thanks! John On 7/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:
John, Contrary to popular belief, I (not alone, of course) run, manage, defend, and continually architect very large networks. Very large. On none of them do we outsource the protection of them -- because, in cases where we have extended trust in the past, we have been screwed (PC translation: disappointed). So we protect ourselves. It's been a business decision for my customers' networks (ie. their network) not to outsource security, or rely on an upstreampipedream, for protection of any sort. Thus, I personally can't provide any insight here. Sorry. - ferg -- John Neiberger <jneiberger () gmail com> wrote: In this case it's a business decision. I understand that we could simply weigh the costs of an attack with the costs of preemptively detecting and mitigating an attack, but in our case we won't lose hard dollars like an ecommerce site would. We have different reasons for wanting to have some protection in place before we need it. I look at it like it's an insurance policy, but I don't want to be ripped off. It's like I'm getting estimates on building a protective dike around my house. One contractor tells me that the floodwaters commonly reach six feet so I should pay him $12,000 to build a wall at least that high. Another contractor is telling me that he'll build a six-foot wall for $6,000. Another contractor is telling me that the floodwaters most likely won't go over two feet and he suggests that I pay him $1,000 for a three-foot-high wall. If it turns out that we really do need a six-foot-high wall then so be it. I'm not the one who pays the bills so it isn't really my decision. I just want to make sure I have a clearer picture of reality before I make any suggestions to my boss. Thanks again, John On 7/28/05, Fergie (Paul Ferguson) <fergdawg () netzero net> wrote:I should've asked the most important question first -- is this a technical decision, or a business decision? I mean, forgive me for pointing out the obvious, but you made an issue of cost in your original post... - ferg-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Re: Provider-based DDoS Protection Services, (continued)
- Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re: Provider-based DDoS Protection Services Florian Weimer (Jul 29)
- Re: Provider-based DDoS Protection Services Suresh Ramasubramanian (Jul 29)
- Re: Provider-based DDoS Protection Services Florian Weimer (Jul 29)
- Re: Provider-based DDoS Protection Services Petri Helenius (Jul 29)
- Re: Provider-based DDoS Protection Services Suresh Ramasubramanian (Jul 29)
- Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re: Provider-based DDoS Protection Services James Feger (Jul 28)
- Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re: Provider-based DDoS Protection Services chip (Jul 28)
- Re: Provider-based DDoS Protection Services Christopher L. Morrow (Jul 28)
- Re: Provider-based DDoS Protection Services Christopher L. Morrow (Jul 28)
- Re: Provider-based DDoS Protection Services John Neiberger (Jul 28)
- Re:Provider-based DDoS Protection Services Christopher L. Morrow (Jul 28)
- Re: Provider-based DDoS Protection Services Suresh Ramasubramanian (Jul 28)