Over a decade of DDOS--any progress yet?

Jared Mauch jared at puck.nether.net
Mon Dec 13 08:32:03 CST 2010


On Dec 12, 2010, at 12:05 AM, Christopher Morrow wrote:

> verizon's ddos service was/is 3250/month flat... not extra if there
> was some sort of incident, and completely self-service for the
> customer(s). Is 3250/month a reasonable insurance against loss?
> (40k/yr or there abouts)

Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this month?) to burn for ddos.

The problem I've found is that some of the vendors of ddos gear still have significant problems they are working to address.  The Cisco (riverhead) guard would have a 1 second delay (for example) for each configuration line one would add.  If you dealt with a wildcard rule, it would be 1 second per underlying rule to make the configuration change.

The ability to 'paste' something in to a device and have a predictable output seemed to be too high of a bar for them to solve, this could be one of the reasons the product went to the wayside.

I'm also not sure that anyone else is much better in this regard.

Of course everyone is willing to sell you a seven-figure "solution" for your problems, but once you actually start talking about the usability, ease of provisioning, and the customer education about the caveats most people start to glaze quickly.

Even with the right gear, technology, etc.. the vendors don't make it easy to deliver these solutions.

- Jared





More information about the NANOG mailing list