I've been talking to various providers about their DDoS detection and mitigation services and I'd like to get some opinions about what I'm hearing. One provider prices their product based on how much traffic you will need to mitigate during an attack. The sales engineers say that most DDoS attacks are in the 2-3 Gbps range so, of course, they recommend that you pay for that much protection at great cost. Another provider (using the exact same hardware and software) costs about half as much per month. Yet another provider (again, using exactly the same hardware and software) has much more flexible pricing that is far more attractive, but that's because their engineers state that DDoS attacks are usually sized to match the size of the network they're attacking. For example, according to this sales engineer, attackers usually won't launch a 3 Gbps attack on someone who only has a handful of T1 circuits. So, this provider's pricing looks much more attractive to end-users who have smaller circuit size requirements. If you have a single T1, for example, you could buy 50 Mbps of protection and they say that's enough. What do you think? Is the first vendor closer to telling the truth, or is the third vendor? Or, is there really just no way of knowing ahead of time so you might as well pay for the most protection you can afford? Thanks, John