Having used some of the largest solutions, I do disagree. After quickly searching google for Verisign, I could find a few documents that claim they have ~350Gb of capacity. On Prolexic's website, they claim to have the largest <http://www.prolexic.com/why-prolexic/index.html> total mitigation capacity at 375Gb. Now if you're talking about upstream providers (ATT/Verizon), even if your upstream mitigates the traffic, do you really N+1 redundancy during an attack? Do the providers have an SLA guaranteeing mitigation within a certain timeframe? Finally, and most importantly to us, was how much do they charge per attack, or if it a flat "insurance" type agreement where they block unlimited attacks. Total capacity certainly isn't the most important factor, but a sane pricing policy certainly was. -Andreas On Mon, Oct 24, 2011 at 12:29 PM, Stefan Fouant < sfouant@shortestpathfirst.net> wrote:
On 10/24/2011 1:54 PM, Andreas Echavez wrote:
obviously they will get blocked. My personal experience is that when
you're dealing with a DoS at the scale that you need Prolexic, there is simply no one else that can handle that level of traffic.
Andreas,
I think there are a lot of people on this list that would argue with that statement. As was mentioned earlier, AT&T, Verizon, and several others including Verisign have very ample networks capable of handling attacks just as large as Prolexic, if not bigger.
One thing to note about Prolexic, where it stands out from some of the others is that it is a completely off-net solution. Many of the other offerings from folks like Verizon require you to have WAN circuits connected to their network in order to avail of such a service (in other words, they will only scrub that which would normally traverse their network on it's way towards your WAN interface).
Others like Verisign have (smartly) adopted a similar model to that of Prolexic. They understand that requiring a physical connection into a provider's cloud is a monolithic approach (and certainly runs counter to today's mantra of offering up cloud-based services).
Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks
Follow us on Twitter @JuniperEducate