[AusNOG] DDOS mitigation
Chris Chaundy
chris.chaundy at gmail.com
Sun May 12 12:33:13 EST 2013
Speaking as an individual...
Of the providers who offer black-hole support, I have not encountered any
that charge for it (thank goodness), but mitigation is another matter
altogether where most charge for it. I can vouch that it is a non-trivial
and expensive process to put in place and unless senior management see some
return-from-investment from it, it is unlikely to attract their approval.
There is a moral aspect to seeing it as part of 'the cost of doing
business', but business and morals are becoming distant relatives in this
age of austerity. Of course, it can still be justified as a
'differentiator', but this is avoiding the fact that many providers simply
cannot be bothered employing the most basic best practices.
Regards, Chris Chaundy
On Sun, May 12, 2013 at 10:15 AM, Joshua D'Alton <joshua at railgun.com.au>wrote:
> good points. and this is why it falls back on the originating networks to
> fix their problems ie udp spoof so that they arent sending so much traffic
> in the first place. obviously not much of a fix and they have no motivation
> to ( more traffic out = more transit sold to downstreams).. but...
>
> sent from android
> On May 12, 2013 9:22 AM, "Phillip Grasso" <phillip.grasso at gmail.com>
> wrote:
>
>> my pessimistic 2cents.
>>
>> Attack volumes should continue to grow proportionally with defensive
>> capability, the capability would reduce to fewer possible attackers (less
>> script kiddies, more large scale professional botnets and state sponsored
>> ops). 40-100G attacks happen now for big targets but my guess it will be
>> common place for rest of market in near future. The bigger risk is how does
>> this affect the second / third tier service providers not able to protect
>> themselves from these types of attacks and what "protection" costs would be
>> required from upstream providers. Already some large providers charge for
>> "DDoS protection".
>>
>> Capacity based DDoS attacks obviously can hurt, but its well known and
>> mostly can be overcome with some filtering, blackholing etc. There are
>> other vectors are increasingly growing concerned e.g. Rolands prior ausnog
>> talk; (where firewalls fall over). Infrastructure weakness attacks can have
>> a greater impact for more sustained period. attacking specific weaknesses
>> in BGP or TCP stacks, or exceeding forwarding rates on devices (not
>> capacity).
>>
>> On another note;
>> There's a possible huge economic and market cost here; it "may" mean that
>> smaller players have harder time to operate against the larger operators
>> that can provide protections at scale. It requires players to have
>> significantly greater amount of network capacity (or infrastructure
>> hardware capacity then needed) A large player can do with less of this and
>> overall percentage of headroom may be minimal. It would be really hard for
>> smaller operators to exist in market without clear 'protection' from larger
>> operators / upstreams.
>>
>>
>>
>>
>> On Fri, May 10, 2013 at 11:18 PM, James Braunegg <
>> james.braunegg at micron21.com> wrote:
>>
>>> Dear Roland
>>>
>>> Nice feature.... back to school I must go ;)
>>>
>>> Kindest Regards
>>>
>>> James Braunegg
>>> W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616
>>> E: james.braunegg at micron21.com | ABN: 12 109 977 666
>>>
>>>
>>>
>>> This message is intended for the addressee named above. It may contain
>>> privileged or confidential information. If you are not the intended
>>> recipient of this message you must not use, copy, distribute or disclose it
>>> to anyone other than the addressee. If you have received this message in
>>> error please return the message to the sender by replying to it and then
>>> delete the message from your computer.
>>>
>>>
>>> -----Original Message-----
>>> From: ausnog-bounces at lists.ausnog.net [mailto:
>>> ausnog-bounces at lists.ausnog.net] On Behalf Of Dobbins, Roland
>>> Sent: Friday, May 10, 2013 11:13 PM
>>> To: ausnog at lists.ausnog.net
>>> Subject: Re: [AusNOG] DDOS mitigation
>>>
>>>
>>> On May 10, 2013, at 7:51 PM, James Braunegg wrote:
>>>
>>> > Have you had enough capacity to be able to absorb attacks thus
>>> collect metrics or have the attacks been larger than your capacity and
>>> hence requiring the need for S/RTBH thus losing the ability to measure the
>>> true size of the attack ?
>>>
>>> S/RTBH doesn't in and of itself take away one's visibility into traffic
>>> on platforms with decent flow telemetry support - dropped traffic is still
>>> tabulated, with the destination ifindex set to 0.
>>>
>>> Notable exceptions are pre-Sup2T Cisco 6500s/7600s, & pre-Sup7 Cisco
>>> 4500s.
>>>
>>> -----------------------------------------------------------------------
>>> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>>>
>>> Luck is the residue of opportunity and design.
>>>
>>> -- John Milton
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130512/e28b7ddb/attachment.html>
More information about the AusNOG
mailing list