D/DoS mitigation hardware/software needed.

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Rick Ernst [mailto:nanog at shreddedmail.com]
> Sent: Monday, January 11, 2010 10:39 AM
> To: NANOG
> Subject: Re: D/DoS mitigation hardware/software needed.
> 
> As a service-provider/data-center, it seems like outsourcing would be
> either
> ineffective and/or removes the "big red button" in case of trouble.
> 
> Am I missing something, overly paranoid, or are there other mechanisms
> for
> outsourced protection?

In fact, quite the opposite.  Those providers who do offer DDoS mitigation
services usually allow the customer to trigger the redirect in a manner
similar to RTBHs by substituting the blackhole community for some type of
mitigation community.  This causes the Provider's edge router (or Route
Server) to advertise the affected route within the Service Provider's
network with a next-hop of the scrubbers.

There are some providers who do auto-mitigation on behalf of the customer,
but IMO this approach is asking for trouble.

Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]