D/DoS mitigation hardware/software needed.

Rick Ernst nanog at shreddedmail.com
Mon Jan 11 15:38:37 UTC 2010

I thought I had mentioned outsourcing earlier, but I don't see it in the

The two mechanisms I've seen for outsources D/DoS are DNS manipulation, or
essentially remote BGP peering with an tunnel back to the local presence.

Even if we are purely hosting, DNS manipulation doesn't do anything for
attacks against an IP.
For remote BGP peering/tunneling, you are are adding additional complexity
and moving control outside your network.

As a service-provider/data-center, it seems like outsourcing would be either
ineffective and/or removes the "big red button" in case of trouble.

Am I missing something, overly paranoid, or are there other mechanisms for
outsourced protection?


On Mon, Jan 11, 2010 at 6:33 AM, Stefan Fouant <
sfouant at shortestpathfirst.net> wrote:

> > -----Original Message-----
> > From: Christopher Morrow [mailto:morrowc.lists at gmail.com]
> > Sent: Monday, January 11, 2010 2:05 AM
> >
> > On Mon, Jan 11, 2010 at 12:26 AM, jul <jul_bsd at yahoo.fr> wrote:
> > > Martin Hannigan wrote on 05/01/10 16:50:
> > >
> > > Outsourced services have higher cost than Arbor but can handled more.
> >
> > Do they? VerizonBusiness's solution was $3250US/month so ~$90USk over
> > 2yrs. Arbor, I think, for a TMS + collectors was +100k.
> Don't forget to factor in OpEx.  This can often tilt the scales in favor of
> one vs. the other.
> Stefan Fouant, CISSP, JNCIE-M/T
> www.shortestpathfirst.net
> GPG Key ID: 0xB5E3803D

More information about the NANOG mailing list