nanog mailing list archives

Re: Pros and Cons of Cloud Computing in dealing with DDoS


From: Jeffrey Lyon <jeffrey.lyon () blacklotus net>
Date: Thu, 5 Nov 2009 13:20:17 -0500

DDoS is a threat to the cloud just as DDoS is a threat to any other
service when you fail to implement protection. Our company recently
put out a DDoS mitigated cloud product specifically for high risk
clients.

Best regards, Jeff


On Thu, Nov 5, 2009 at 1:06 PM, Stefan Fouant
<sfouant () shortestpathfirst com> wrote:
I'm working on an article on the Pros and Cons of Cloud Computing as an
effective strategy for dealing with DDoS.  I'd like to open this up for
debate and get some perspectives from folks on the list.



In a recent article in ITWire titled "DDoS, the biggest threat to Cloud
Computing", Roland Dobbins states that "DDoS attacks are one of the most
under-rated and ill-guarded against security threats to corporate IT, and in
particular the biggest threat facing cloud computing."  To a certain extent,
I agree with Roland, however, I also believe this perspective is
inconsistent with the view that the elasticity of cloud computing and
ability to scale resources on demand is a good way of dealing with the
problem.  The counterpoint to this is that I can also envision the cloud
computing model causing a shift from that of a DDoS to what some are calling
EDoS (Economic Denial of Sustainability).  In an EDoS, the elasticity of the
cloud and surplus of available resources might be used in such a way that
large botnets generating seemingly legitimate "targeted" requests for
service causing the victim to cloudburst in order to keep pace with the
scale of the requests.  Even though the victim can sustain business
operations, the cost of doing so may be so exorbitantly expensive that to do
so threatens economic sustainability.



Roland also states "The cloud providers emerging as leaders don't tend to
talk much about their resiliency to DDoS attacks".  Which brings about
another point - are there any cloud providers taking a proactive look at
dealing with this problem and deploying effective countermeasures for
dealing with this in their environments?  What motivation would cloud
providers have to deploy DDoS mitigation services and/or services which can
distinguish between legitimate resource consumption vs. targeted resource
consumption, especially if their revenues are driven from service
availability and potential expansion of resource utilization?



Stefan Fouant

GPG Key ID: 0xB5E3803D







-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon () blacklotus net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."


Current thread: