nanog mailing list archives

Re: Over a decade of DDOS--any progress yet?

From: Jared Mauch <jared () puck nether net>
Date: Mon, 13 Dec 2010 09:32:03 -0500


On Dec 12, 2010, at 12:05 AM, Christopher Morrow wrote:

verizon's ddos service was/is 3250/month flat... not extra if there
was some sort of incident, and completely self-service for the
customer(s). Is 3250/month a reasonable insurance against loss?
(40k/yr or there abouts)


Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this month?) to burn for ddos.

The problem I've found is that some of the vendors of ddos gear still have significant problems they are working to 
address.  The Cisco (riverhead) guard would have a 1 second delay (for example) for each configuration line one would 
add.  If you dealt with a wildcard rule, it would be 1 second per underlying rule to make the configuration change.

The ability to 'paste' something in to a device and have a predictable output seemed to be too high of a bar for them 
to solve, this could be one of the reasons the product went to the wayside.

I'm also not sure that anyone else is much better in this regard.

Of course everyone is willing to sell you a seven-figure "solution" for your problems, but once you actually start 
talking about the usability, ease of provisioning, and the customer education about the caveats most people start to 
glaze quickly.

Even with the right gear, technology, etc.. the vendors don't make it easy to deliver these solutions.

- Jared

Current thread:

Re: Over a decade of DDOS--any progress yet?, (continued)
- - - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Aaron Glenn (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 11)
    - Re: Over a decade of DDOS--any progress yet? Loránd Jakab (Dec 13)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Kevin Oberman (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Christopher Morrow (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Jared Mauch (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Jack Bates (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Jared Mauch (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Bill Bogstad (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Jeffrey Lyon (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 13)
    - Re: Over a decade of DDOS--any progress yet? Matthew Petach (Dec 08)
    - Re: Over a decade of DDOS--any progress yet? Dobbins, Roland (Dec 08)
    - RE: Over a decade of DDOS--any progress yet? Drew Weaver (Dec 10)
    - Re: Over a decade of DDOS--any progress yet? Thomas Mangin (Dec 08)

(Thread continues...)