-----Original Message----- From: Christopher L. Morrow [mailto:christopher.morrow@mci.com] Sent: Thursday, March 04, 2004 11:50 AM To: Lumenello, Jason Cc: Suresh Ramasubramanian; Randy Bush; nanog@merit.edu Subject: RE: UUNet Offer New Protection Against DDoS
On Thu, 4 Mar 2004, Lumenello, Jason wrote:
No, but it sounds like SLA payouts are made in the event that they
fail
to respond in 15 minutes after a call is made. Maybe I am
fail to get you in touch with 'security expertise' in 15 minutes...
misinterpreting their SLA, but this seems much different then offering blanket payments for DoS down time.
downtime is seperate from this SLA.
I will give them credit for guaranteeing a response in 15 minutes or less. Now is a response the opening of a ticket or the null routing of the attack traffic in 15 minutes?
Just speaking to an engineer that can help you. There is no way to guarantee and end to a DoS in any reasonable amount of time ;( For instance, Suresh's main 'job' is email, so null routing his MX hosts will stop the attack, but it is hardly desirable, eh? Same for filtering tcp/25 syn packets :(
There is no magic here, you all are smart enough to understand how DoS works, how to stop it and the complications inherent in both.
Well, kudos to you guys for raising the SLA bar to include this provision then. Jason