-----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Tuesday, May 10, 2005 8:06 AM To: Hannigan, Martin Cc: Kim Onnel; Scott Weeks; nanog@merit.edu Subject: Re: DOS attack tracing
On 5/10/05, Hannigan, Martin <hannigan@verisign.com> wrote:
DDOS' is rather infrequent to zero for most enterprises. That DDOS golden banana is rather yummy with sprinkles on top. Don't get me wrong, the DDOS problem is real, but not for everyone, and not as frequently as it's being hyped up to be. A managed service is a better way to go if they're worried, IMO.
There's also the "minimze risk" thing .. take a conscious business decision not to host one of the typical DDoS magnets (dont allow people to run IRC bots on your colo farm, for example)
There's two classes of discussion here. One for service providers who should have DDOS defense, and one for enterprises who should have risk mitigation in mind. I think that operators should have DDOS defense capabilities for themselves and their customers, and I think that enterprises should seriously evaluate their need for a full blown implementation of a DDOS solution based on a solid risk analysis. As far as DOS tracing goes, using the freeware tools locally, and either buying and/or subscribing to a ddos defense service make sense as much as it makes sense to analyze the cost and your own capability as well as your providers capability to quickly and successfully defend against a DDOS. -M<