D/DoS mitigation hardware/software needed.

Rick Ernst nanog at shreddedmail.com
Mon Jan 11 09:38:37 CST 2010


I thought I had mentioned outsourcing earlier, but I don't see it in the
thread...

The two mechanisms I've seen for outsources D/DoS are DNS manipulation, or
essentially remote BGP peering with an tunnel back to the local presence.

Even if we are purely hosting, DNS manipulation doesn't do anything for
attacks against an IP.
For remote BGP peering/tunneling, you are are adding additional complexity
and moving control outside your network.

As a service-provider/data-center, it seems like outsourcing would be either
ineffective and/or removes the "big red button" in case of trouble.

Am I missing something, overly paranoid, or are there other mechanisms for
outsourced protection?

Rick


On Mon, Jan 11, 2010 at 6:33 AM, Stefan Fouant <
sfouant at shortestpathfirst.net> wrote:

> > -----Original Message-----
> > From: Christopher Morrow [mailto:morrowc.lists at gmail.com]
> > Sent: Monday, January 11, 2010 2:05 AM
> >
> > On Mon, Jan 11, 2010 at 12:26 AM, jul <jul_bsd at yahoo.fr> wrote:
> > > Martin Hannigan wrote on 05/01/10 16:50:
> > >
> > > Outsourced services have higher cost than Arbor but can handled more.
> >
> > Do they? VerizonBusiness's solution was $3250US/month so ~$90USk over
> > 2yrs. Arbor, I think, for a TMS + collectors was +100k.
>
> Don't forget to factor in OpEx.  This can often tilt the scales in favor of
> one vs. the other.
>
> Stefan Fouant, CISSP, JNCIE-M/T
> www.shortestpathfirst.net
> GPG Key ID: 0xB5E3803D
>
>
>



More information about the NANOG mailing list