D/DoS mitigation hardware/software needed.

Dobbins, Roland rdobbins at arbor.net
Tue Jan 5 07:54:33 UTC 2010

On Jan 5, 2010, at 2:38 PM, Darren Bolding wrote:

> PCI DSS does not require a "Web application firewall".


Since no business is going to allow an external 'code review' (if it's even possible, given that they're likely using COTS products, the source code of which they simply don't have), this defaults to a requirement for the 'Web application firewall'.


Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

More information about the NANOG mailing list