-----Original Message----- From: Tuc at T-B-O-H [mailto:ml@t-b-o-h.net] Subject: DDOS - How much is "too much"?
Maybe I've been out of the running my larger Managed Server Hosting Company too long, but wasn't the "non-elegant" solutions something ISPs just "did"? Was it only DoS, and when it comes to DDoS they tell you its just too much to handle. And blocking how many netblocks does an ISP consider "too many" before it tells the client there is only so much it can do for them? Do people tell/give clients
In my experience developing DDoS Mitigation and Detection products for Verizon, I believe the typical scenario is that most Service Providers will implement ACLs or rate-limits on their edge and/or implement some form of Real-Time Blackhole routing for small DoS attacks in which the number of sources is fairly small. I'm not sure there is a particular "number" that ISP's would consider "too many" before it suggests moving to a more purpose-built solution, but the general rule of thumb is that if there are a large number of distributed sources and if source-address spoofing is employed, it's much akin to hitting a moving target and the above-mentioned techniques will largely be ineffective. Furthermore, filtering techniques such as this may have the unintended consequence of causing a denial of legitimate service.
3 against, and what I felt was a fair market value for this. I just need to know if people still did that type of stuff for each other or if everything costs nowadays....
Yep, pretty much everything costs nowadays. With IP being the commodity that it is, Service Providers are continually looking at every angle to monetize the network and the services they offer. Stefan Fouant: NeuStar, Inc. Principal Network Engineer 46000 Center Oak Plaza Sterling, VA 20166 [ T ] +1 571 434 5656 [ M ] +1 202 210 2075 [ E ] stefan.fouant@neustar.biz [ W ] www.neustar.biz