Why does it seem like everyone is trying to "solve" this the wrong way? Do other networks' abuse departments just not give a shit? Blackhole all of the zombie attackers and notify their abuse departments. Sure, most of the owners of the PCs being used in these scenarios have no idea they're being used to attack people, but I'd think that if their network's abuse department was notified, either they'd contact the customer about it issue or at least have on file that they were notified. When the unknowing end-user reached out to support over larger and larger parts of the Internet not working, they'd be told to clean up their system. The way to stop this stuff is for those millions of end users to clean up their infected PCs. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Manuel MarĂn" <mmg@transtelco.net> To: nanog@nanog.org Sent: Thursday, January 8, 2015 11:01:47 AM Subject: DDOS solution recommendation Nanog group I was wondering what are are using for DDOS protection in your networks. We are currently evaluating different options (Arbor, Radware, NSFocus, RioRey) and I would like to know if someone is using the cloud based solutions/scrubbing centers like Imperva, Prolexic, etc and what are the advantages/disadvantages of using a cloud base vs an on-premise solution. It would be great if you can share your experience on this matter. Thank you