-----Original Message----- From: William McCall [mailto:william.mccall@gmail.com] Sent: Wednesday, April 28, 2010 10:09 AM To: nanog@nanog.org Subject: DDoS mitigation services from SPs
All:
I did some searching and have not found any concrete replies on the list, but what carriers can offer L3 DDoS mitigation? Specifically, I noticed an old UUnet offering, but it seems like I must be speaking the wrong language to my sales drones. Specifically, we're dealing with AT&T, Qwest and Verizon Business. My thought is that they all offered some type of service like this, but my security folks have been driving this and having limited success.
Names of other SPs (we're looking at Verisign) is helpful, but we are stuck with the Dallas area.
Note: I am not interested in changing DNS records and prefixes should be able to be advertised through BGP like normal. (Apparently, people like to do funky DNS stuff to make this work and sometimes don't want to do BGP in other scenarios.)
Verizon Business and AT&T both have DDoS Detection & Mitigation Services available, as do other providers such as Tata, Prolexic, and Verisign. Providers like AT&T, Verizon, and Tata unfortunately do not sell services off-net, so you'll need to have the sites you want protected connected to their networks. Similarly, these providers tend to put "all their eggs in one basket" by using a singular technology for their service. On the other hand, providers like Prolexic and Verisign have very robust offerings selling off-net and utilizing multiple vendors as they understand a one-size-fits-all doesn't work. I'd strongly advocate talking to the Verisign folks as they really seem to be attracting all the top talent right now - I'd be willing to bet their offering is the one that others will eventually emulate. Cheers, Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB5E3803D