From: Christopher L. Morrow [mailto:christopher.morrow@mci.com]
Sent: Thursday, March 04, 2004 11:50 AM
To: Lumenello, Jason
Cc: Suresh Ramasubramanian; Randy Bush; nanog@merit.edu
Subject: RE: UUNet Offer New Protection Against DDoS>
> No, but it sounds like SLA payouts are made in the event that they
fail
> to respond in 15 minutes after a call is made. Maybe I am
fail to get you in touch with 'security expertise' in 15 minutes...
> misinterpreting their SLA, but this seems much different then
offering
> blanket payments for DoS down time.
>downtime is seperate from this SLA.
> I will give them credit for guaranteeing a response in 15 minutes or
> less. Now is a response the opening of a ticket or the null routing
of
> the attack traffic in 15 minutes?
Just speaking to an engineer that can help you. There is no way to
guarantee and end to a DoS in any reasonable amount of time ;( For
instance, Suresh's main 'job' is email, so null routing his MX hosts
will
stop the attack, but it is hardly desirable, eh? Same for filtering
tcp/25
syn packets
There is no magic here, you all are smart enough to understand how DoS
works, how to stop it and the complications inherent in both.
Well, kudos to you guys for raising the SLA bar to include this
provision then.
Jason