Pros and Cons of Cloud Computing in dealing with DDoS

Sean Donelan sean at donelan.com
Sun Nov 8 22:27:01 UTC 2009


On Sun, 8 Nov 2009, Dobbins, Roland wrote:
>>  if the discussion hasn't shifted from that of DDoS to EDoS, it
>> should.
>
> All DDoS is 'EDoS' - it's a distinction without a difference, IMHO.
>
> DDoS costs opex, can cost direct revenue, can induce capex spends -
> it's all about economics at bottom, always has been, or nobody would
> care in the first place.  And look at click-fraud attacks in which the
> miscreants either a) are committing fraud by causing botnets to make
> fake clicks so that they can be paid for same or b) wish to exhaust a
> rival's advertising budget when he's paying per-impression.  Plain old
> packet-flooding DDoSes can cost victims/unwitting sources big money in
> transit costs, can cost SPs in transit and/or violating peering
> agreements, etc.
>
> There's no need or justification for a separate term; Chris Hoff
> bounced 'EDoS' around earlier this year, and the same arguments apply.

The so-called "E"DOS is easy to solve.  Just re-negotiate your contract 
with the cloud service provider to exclude that traffic from your bill. 
After all, if the cloud security provider's security is great, they 
shouldn't have a problem giving their customers credit for those 
problems which the cloud solves.  No more "E" problems for thec customer, 
the DOS risk is shifted to the service provider.  But now the service 
provider still needs to solve the same problem.

Oh, the cloud service provider won't negotiate, won't give you unlimited 
service credits, want to charge extra for that protection, don't want to 
make promises it will work, and so on :-)

The same unsolved problems from the 1970's mainframe/timesharing era still 
haven't been solved with virtualization/cloud/etc.




More information about the NANOG mailing list