Re: Outsourcing DDOS

[Andreas Echavez <andreas () livejournalinc com>]

We've dealt with these guys too too. There are lots of providers; I've used
ones through ISPs and they can work well. Our only issue is that the ISP we
were talking with only had XYZ Gb of mitigation, and Prolexic has a ton more
capacity (in the hundreds of gigabits when I last checked).

Prolexic is the go-to company for handling large-scale DDoSes. We haven't
yet tried the service, but they've been extremely professional. Every time
we're on the phone it's with engineers that know their stuff. Ultimately
you're going to want to have a mix of internal mitigation and one or several
providers if you're a big target.

I doubt anyone is going to be perfect -- it's simply impossible. Heck, lots
of the attacking "bots" are just spyware on legitimate users' PCs, so
obviously they will get blocked. My personal experience is that when you're
dealing with a DoS at the scale that you need Prolexic, there is simply no
one else that can handle that level of traffic.

-Andreas


On Sat, Oct 22, 2011 at 6:22 PM, Jimmy Hess <mysidia () gmail com> wrote:

> On Wed, Oct 19, 2011 at 8:46 AM, Vlad Galu <galu () packetdam com> wrote:
> > They say that "When an attack is detected, our protection services are
> implemented within minutes.
> > Upon activation, a Prolexic customer routes in-bound traffic to the
> nearest Prolexic scrubbing center
> > where proprietary-filtering techniques, advanced routing, and
> patent-pending hardware devices
> > remove bot traffic close to the source."
>
> If that's true, that they have a technology that is so good they will
> only describe it as proprietary magic, that will efficiently scrub all
> bot traffic and not scrub legitimate traffic,  and it really works
> every time, and they've persuaded you/made a convincing argument, i'd
> be thrilled.  But probably there is no way to validate that it will
> actually work to your satisfaction  against whatever sort of attack
> you face,  before actually buying the service.
>
> If they are confident it is so great, they ought to be happy to either
> price your cost of the service based on its effectiveness or otherwise
>  provide you a very good SLA, clearly stipulate what they can and
> can't handle,  both in terms of type of attack, and volume of attack
> (realistically,  there is some flood volume that will exceed _any_
> service's capacity).   Make sure they will waive fees, early
> termination fees at least, fees for "protection they failed to
> provide" at least, and give you a cancel option/way out, should their
> technology fail to be as effective as their marketing would have you
> believe,    and make sure they have a burden of proof under the SLA to
> show their  protection service worked properly after an incident,
> rather than you having to prove it did not.
>
> Clearly you would want to discuss the technical details with them and
> costs, whether some sort of subscription or per-incident;  that
> protection services are only implemented "when activated", indicates
> there is cost or technical disadvantage  during any time you choose to
> have "protection active"
>
> -
> -JH