Pros and Cons of Cloud Computing in dealing with DDoS

Stefan Fouant sfouant at shortestpathfirst.com
Thu Nov 5 19:35:17 CST 2009


> -----Original Message-----
> From: Paul Ferguson [mailto:fergdawgster at gmail.com]
> Sent: Thursday, November 05, 2009 8:26 PM
> 
> On Thu, Nov 5, 2009 at 4:46 PM, Stefan Fouant
> <sfouant at shortestpathfirst.com> wrote:
> 
> >>
> >> Actually, no - the miscreants are always going to have more
> bandwidth
> >> at their disposal, plus they utilize attack vectors which provide a
> >> great deal of amplification (including at layer-7) which make
> >> bandwidth largely irrelevant.
> >
> > So if I'm hearing you correctly, you're saying that no matter how
> much
> > infrastructure you have to potentially absorb the problem, there is
> > nothing you can do because the bad guys are always going to have more
> > bandwidth at their disposal.  Man, that's a pretty bad position to be
> in
> > for a vendor who's fundamental premise is to sell boxes to deal with
> > these sorts of
> > problems. ;)
> 
> Well, the fact of the matter is that you can't put 10 lb. of
> [expletive]
> in a 5 lb. bag, so to speak. :-)

Which is why vendors selling DDoS mitigation equipment will always tell you
to get a 15lb. bag first. ;)  Their solutions work, but only if you got a
bag big enough to store a lot of crap.

Stefan Fouant
GPG Key ID: 0xB5E3803D





More information about the NANOG mailing list