Arbor Networks DoS defense product
Streiner, Justin
streiner at stargate.net
Wed May 15 14:44:32 UTC 2002
On Tue, 14 May 2002, Pete Kruckenberg wrote:
> Have any large networks gathered statistics on how much
> traffic DDoS/DoS/DRDoS attacks consume on an average day?
>
> The attacks I have been able to detect represent around
> 10-15% of my traffic on an on-going basis.
>
> I'm curious about the business case for investing in DoS
> defense mechanisms. DoS traffic is boosting service provider
> revenues through increased customer bandwidth usage.
I disagree. If many of your customers have flat-rate as opposed to
burstable connectivity, such as a full point-to-point T1 or a dedicated 10
meg switch port to host a colo box, the revenue you derive from those
customers doesn't change regardless of how much/how little traffic your
network carries for them. If your customers have burstable connectivity,
their bill only goes up if you have mechanisms in place to do those
calculations - I'll hazard a guess that many providers don't.
I would argue that in many cases a service provider loses revenue due to
DoS traffic - network performance/availability can be impacted as your
network absorbs a DoS attack and your NOC/network engineers/security
people have to spend cycles analyzing (calling vendors, upstreams, etc)
and dampening the attack. Both of these impact windows have costs
associated with them.
I haven't done any formal ROI calculations on Arbor or any of the other DoS
defense products out there. However, from my viewpoint, I'd be willing to
bet that if/once my NOC/network engineers/security people are properly
trained on how to handle a DoS attack, anything that allows me to shrink
those impact windows, e.g. reduce my costs related with dealing with an
attack, is a good thing.
> So the investment in defense mechanisms like Arbor would have to
> replace or increase that revenue. Will these issues inhibit
> wide-spread implementation of DoS defenses?
That depends on how those products are priced, how well they're marketed,
and of course, how effective they are in helping to stop DoS attacks.
jms
More information about the NANOG
mailing list