Verisign Internet Defence Network
hank at efes.iucc.ac.il
Wed Jun 1 00:26:21 CDT 2011
At 10:25 30/05/2011 -0400, Jim Mercer wrote:
My knowledge is from 1.5 years ago when I compared Verisign, Prolexic,
Akamai and others so things may have changed since then.
VeriSign claim that they are servicing their own network globally which has
performed with zero down time over the last decade. Verisign have 2
offerings - one over BGP and the other over GRE/SSL VPNs. The BGP solution
would be faster to turn on but will require more configuration set-up.
Interestingly, their mitigation service is not 'always-on' (they sell their
monitoring and mitigation services seperately). On detection of an attack,
they contact the customer and only once the customer acknowledges that they
want their services "redirected" do they turn on the filtering.
My biggest gripe was their SLA - or lack of one. Back in Dec 2009 I forced
them to start writing an SLA which they had not thought of, which back then
showed an immaturity of service. Things might be different now. Verisign
then took the view that the SLA should be based on *their* mitigation
platform availability ("our scrubbing center has 100% SLA") and not on the
customer site availability (all great and wonderful that your scrubbing
center is up and running - but my site is down). They were willing to give
service credits if their scrubbing center was down but not if the customer
site was down.
I found they had a well established customer portal and ample reporting
Just make sure they have improved on their SLA before buying.
>So, I asked to look into the viability and usefullness of the "Verisign
>Internet Defence Network" service.
>I don't claim to be any kind of expert in DDoS mitigation, but some of the
>claims made by the product descriptions seem suspect to me.
>it claims to be "Carrier-agnostic and ISP-neutral", yet "When an event is
>detected, Verisign will work with the customer to redirect Internet traffic
>destined for the protected service to a Verisign Internet Defense Network
>anyone here have any comments on how this works, and how effective it will be
>vs. dealing directly with your upstream providers and getting them to assist
>in shutting down the attack?
>Jim Mercer jim at reptiles.org +1 416 410-5633
>You are more likely to be arrested as a terrorist than you are to be
>blown up by one. -- Dianora
More information about the NANOG