ddos attacks

Nick Hilliard nick at foobar.org
Thu Dec 19 13:40:05 UTC 2013


On 19/12/2013 13:17, Dobbins, Roland wrote:
> This is a base requirement for any network operator, without exception.

in fact, this comes down to cost / benefit / application analysis, without
exception.

Many hosting profiles don't require this sort of anti-DDoS kit.  In many
cases it's far cheaper to permanently disconnect a customer who is the
subject of continual DoS's rather than fork out loadsamoney for boxes like
this.

For applications at the higher end of the spectrum, there are many
situations where it's more cost effective / resilient / sensible to farm
out online content to CDNs, whose infrastructure will be much better
equipped to handle several tens of gigs of DDoS traffic than even a
reasonably large deployment of local anti-ddos boxes.

I'm sure mitigation boxes like this serve well in many situations if the
cost / benefit justifies the expenditure, but as with most things, it's a
case of applying the best tool for the job rather than blind application of
shiny toys.

Nick




More information about the NANOG mailing list