Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Client DDoS requests, ideas?

From: Roland Dobbins <rdobbins () cisco com>
Date: Tue, 15 Jul 2008 07:15:58 +0700

On Jul 15, 2008, at 5:48 AM, Sergio Castro wrote:


The DDOS protection company you are thinking about is www.prolexic.com
There are actually many SPs offer 'clean pipes'-type DDoS mitigation services; Prolexic, AT&T, Sprint, Rackspace, SAVVIS, and many others.
And you're correct that no responsible SP offers any sort of DDoS- testing types of services because of the costs and potential for collateral damage. So, in most cases, this sort of testing must take place locally; note that very very few organizations will allow this kind of testing against a production network, so it's generally relegated to the lab.
As someone else pointed out, there are many many different classes of/ flavors of DoS; the main thing to keep in mind is that DoS attacks are attacks against capacity and/or state, and how to defend against them at all layers of the model. 

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // +66.83.266.6344 mobile

     History is a great teacher, but it also lies with impunity.

                   -- John Robb


------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: