Pros and Cons of Cloud Computing in dealing with DDoS
Stefan Fouant
sfouant at shortestpathfirst.com
Fri Nov 6 01:35:17 UTC 2009
> -----Original Message-----
> From: Paul Ferguson [mailto:fergdawgster at gmail.com]
> Sent: Thursday, November 05, 2009 8:26 PM
>
> On Thu, Nov 5, 2009 at 4:46 PM, Stefan Fouant
> <sfouant at shortestpathfirst.com> wrote:
>
> >>
> >> Actually, no - the miscreants are always going to have more
> bandwidth
> >> at their disposal, plus they utilize attack vectors which provide a
> >> great deal of amplification (including at layer-7) which make
> >> bandwidth largely irrelevant.
> >
> > So if I'm hearing you correctly, you're saying that no matter how
> much
> > infrastructure you have to potentially absorb the problem, there is
> > nothing you can do because the bad guys are always going to have more
> > bandwidth at their disposal. Man, that's a pretty bad position to be
> in
> > for a vendor who's fundamental premise is to sell boxes to deal with
> > these sorts of
> > problems. ;)
>
> Well, the fact of the matter is that you can't put 10 lb. of
> [expletive]
> in a 5 lb. bag, so to speak. :-)
Which is why vendors selling DDoS mitigation equipment will always tell you
to get a 15lb. bag first. ;) Their solutions work, but only if you got a
bag big enough to store a lot of crap.
Stefan Fouant
GPG Key ID: 0xB5E3803D
More information about the NANOG
mailing list