Provider-based DDoS Protection Services

Fergie · July 29, 2005, 1:45am

They're all lying... or telling the truth.

Dependent upon their _own_ business models.

I'd say: protect thy self.

- ferg

jneiberger · July 29, 2005, 1:59am

Protect thyself how? For DDoS protection to work, the nasty traffic
must be stopped before it gets to my access circuits. Once it gets
close enough for me to do anything about it directly it's too late.

The problem is that I don't know enough about DDoS traffic patterns to
make an accurate assessment of these statements, which is why I asked
the question here. I'll be doing other research on my own, of course,
but I thought I'd check here first.

Many thanks,
John

Florian_Weimer · July 29, 2005, 7:10am

* John Neiberger:

Protect thyself how? For DDoS protection to work, the nasty traffic
must be stopped before it gets to my access circuits. Once it gets
close enough for me to do anything about it directly it's too late.

It depends. Quite a few DoS attacks are not based on bandwidth
saturation or network device overload. On the other hand, if you
address the easy ones within your own network, the attackers might
switch to types which you can't deal with on your own. 8-(

Anyway, you should examine *why* you (or your customers) are attacked,
and address that. Everything else is likely cost-effective. Of
course, this might mean you have to do without some revenue if you
have customers that are DoS magnets for some reason.

Suresh_Ramasubramani · July 29, 2005, 7:14am

Not allowing your users to run eggdrop or other irc bots on the shells
you give them, and generally not hosting irc stuff would definitely
help there.

Florian_Weimer · July 29, 2005, 7:27am

* Suresh Ramasubramanian:

Petri_Helenius · July 29, 2005, 7:28am

Suresh Ramasubramanian wrote:

Not allowing your users to run eggdrop or other irc bots on the shells
you give them, and generally not hosting irc stuff would definitely
help there.

Filtering anything else than port 80 and maybe 53 would allow them to experience the Internet in safe and controlled manner!

Pete

Suresh_Ramasubramani · July 29, 2005, 7:33am

Petri, if someone has to actually ask on nanog about ddos mitigation
tools, he is much better off not having irc bots, or other such kick
me signs^W ddos magnets on his network.

Real world experience facing down ddos attacks, and googling for docs
of other peoples' real world experiences should have come in useful
long before asking for ddos mitigation 101 on nanog, if he really made
a conscious decision to host these.

--srs