Is the cause of this non-profit a controversial one with a good likelihood of attracting the attention of demographics with the ability to mount DDoS attacks? If your upstream can do it for a good price (on account of being a non-profit organization) and they have lots of bandwidth along with a decent stack of mitigation gear, and some clue on how to operate them, then that should be the first choice. But DDoS mitigation is not their core business, so be prepared for them to blackhole your IP if things get difficult. Make sure your SLA is as bulletproof as possible or at least understand how bad things can get before they bail out on you. If the asset you want to protect is on standard web ports (ie 80 and 443) and is a likely DDoS target (per my first question), then one of the affordable DDoS-Mitigation-as-a-Service (DMaaS) providers would be a better fit for the task. Your upstream will appreciate not becoming collateral victim of the attack traffic. My good friend (who was also a co-founder of Peer1) founded dosarrest.com. They seem to be quite successful and have protected some high profile customers, so feel free to give them a call. If the non-profit is in the high risk of attack profile (ie any cause that is likely to offend techno-savvy bullies or religious fanatics), then you should talk to Prolexic/Verisign/Neustar/NexusGuard. If you are in the high risk category and you cause is that of free-speech, maybe the good folks at virtualroad.org (with help from Prolexic) can help. Regards, Joe -----Original Message----- From: Mike Gatti [mailto:ekim.ittag@gmail.com] Sent: Thursday, December 06, 2012 5:51 PM To: NANOG list Subject: Solutions for DoS & DDoS Hello Everyone, I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the attack from the source. I wanted to get the lists thoughts on our approach going the carrier route and/or hear about successful implementation of other solutions. Thanks, -- Michael Gatti 949.371.5474 (UTC -8)