The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get through . This represents the best solution , and also the most expensive . So it may not work for a non profit. This Email was sent from Steve's iPad
Message: 4 Date: Thu, 6 Dec 2012 09:51:21 -0800 From: Mike Gatti <ekim.ittag@gmail.com> To: NANOG list <nanog@nanog.org> Subject: Solutions for DoS & DDoS Message-ID: <0D89D80C-D288-402F-8723-B837EA52313C@gmail.com> Content-Type: text/plain; charset=us-ascii
Hello Everyone,
I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the attack from the source.
I wanted to get the lists thoughts on our approach going the carrier route and/or hear about successful implementation of other solutions.
Thanks, -- Michael Gatti 949.371.5474 (UTC -8)
------------------------------
End of NANOG Digest, Vol 59, Issue 24 *************************************
My experience with most providers has been that null routing is the "industry standard" when a DDoS hits their network. I would suggest approaching companies who specialize in DDoS mitigation - Prolexic and Blacklotus to name two I am familiar with. These outfits may have something that works for a non-profit from a pricing point of view. Ping me off list, I deal with a few providers and may be able to point you in the right direction. /e On 2012-12-06 3:53 PM, Steve wrote:
The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get through .
This represents the best solution , and also the most expensive . So it may not work for a non profit.
This Email was sent from Steve's iPad
Message: 4 Date: Thu, 6 Dec 2012 09:51:21 -0800 From: Mike Gatti <ekim.ittag@gmail.com> To: NANOG list <nanog@nanog.org> Subject: Solutions for DoS & DDoS Message-ID: <0D89D80C-D288-402F-8723-B837EA52313C@gmail.com> Content-Type: text/plain; charset=us-ascii
Hello Everyone,
I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the attack from the source.
I wanted to get the lists thoughts on our approach going the carrier route and/or hear about successful implementation of other solutions.
Thanks, -- Michael Gatti 949.371.5474 (UTC -8)
------------------------------
End of NANOG Digest, Vol 59, Issue 24 *************************************
-- Erol Blakely easyDNS Technologies Inc.
The most popular solution is Arbor Clean pipes. they have different ways you can get this : http://www.arbornetworks.com/ On Thu, Dec 6, 2012 at 5:26 PM, Erol Blakely <erol@easydns.com> wrote:
My experience with most providers has been that null routing is the "industry standard" when a DDoS hits their network.
I would suggest approaching companies who specialize in DDoS mitigation - Prolexic and Blacklotus to name two I am familiar with. These outfits may have something that works for a non-profit from a pricing point of view.
Ping me off list, I deal with a few providers and may be able to point you in the right direction.
/e
On 2012-12-06 3:53 PM, Steve wrote:
The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get through .
This represents the best solution , and also the most expensive . So it may not work for a non profit.
This Email was sent from Steve's iPad
Message: 4 Date: Thu, 6 Dec 2012 09:51:21 -0800 From: Mike Gatti <ekim.ittag@gmail.com> To: NANOG list <nanog@nanog.org> Subject: Solutions for DoS & DDoS Message-ID: <0D89D80C-D288-402F-8723-**B837EA52313C@gmail.com<0D89D80C-D288-402F-8723-B837EA52313C@gmail.com>
Content-Type: text/plain; charset=us-ascii
Hello Everyone,
I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the attack from the source.
I wanted to get the lists thoughts on our approach going the carrier route and/or hear about successful implementation of other solutions.
Thanks, -- Michael Gatti 949.371.5474 (UTC -8)
------------------------------
End of NANOG Digest, Vol 59, Issue 24 ***************************************
-- Erol Blakely easyDNS Technologies Inc.
participants (3)
-
Ahmed Maged -
Erol Blakely -
Steve