On Dec 13, 2010, at 11:15 AM, Jack Bates wrote:
On 12/13/2010 8:32 AM, Jared Mauch wrote:
Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this month?) to burn for ddos.
*cough* 10G burstable with 1-2G commit. Still cheaper than anything else I have or can get, and more likely to handle those large DDOS cases, where you can just reroute the effected network through the 10G and mitigate with whatever hardware you have.
my point is, there is this 'middle' space where it's hard to justify spending money on something that isn't used. Of course it's easy to view as "insurance" and easier to justify *after* an attack (or loss). it is hard to proactively justify this type of expense. If for every 10g of capacity, you had a 40k/year "Security" surcharge, at what point do you factor this in as part of your regular bandwidth costs vs the current "down and to the right" pricing trend. Delivering these services is something I have observed it is difficult to ask someone to pay for unless they have experience with it. Most are willing to start off with the "self-insure" premise until it is too much to bear, then immediately they are willing to pay 'something' to allow capital cost recovery.
Of course everyone is willing to sell you a seven-figure "solution" for your problems, but once you actually start talking about the usability, ease of provisioning, and the customer education about the caveats most people start to glaze quickly.
Even with the right gear, technology, etc.. the vendors don't make it easy to deliver these solutions.
True, but they often will dedicate some time and effort during an attack to make things work. There are many in-house custom solutions you can use, and we've seen public blacklists use many of them over the years. If you want the extra support during the crisis, you pay the 3rd party for their product to get it.
I am talking about those purporting to offer ddos solution hardware either past, present or future. If it's 2010 or 2011 and you experience flow-control like issues with your CLI interface, either slow interactive response or garbled processing (over telnet/ssh) there is something not quite right IMHO. Then again, I'm known for being a bit of an odd character. - Jared