On Sun, Dec 12, 2010 at 12:20 AM, Jeffrey Lyon <[email protected]> wrote: > I'm certain there are thresholds to that. Carrier grade mitigation > solutions will start low and ramp up to 5, 6, 7, etc. figures > depending on the attack and amount of bandwidth to be filtered among > other variables. >
nope, the pricing (when I was there, and I don't think it's changed much) is 3250/month for 500mbps or mitigation, though there was ~12gbps available easily before any work had to be done by the ISP... If the plan I/sfouant put in place was followed you could had scaled the capacity to much higher than that. If a customer continuously abused the 'limit' they may have been boosted to the next tier, but... I'd not ever seen that done. 3250/month... easy, peasy. -chris > Jeff > > > On Sun, Dec 12, 2010 at 12:05 AM, Christopher Morrow > <[email protected]> wrote: >> On Fri, Dec 10, 2010 at 5:51 PM, Joel Jaeggli <[email protected]> wrote: >>> On 12/10/10 12:33 PM, Drew Weaver wrote: >>>> Nobody has really driven the point home that yes you can purchase a >>>> system from Arbor, RioRey, make your own mitigation system; what-have >>>> you, but you still have to pay for the transit to digest the attack, >>>> which is probably the main cost right now. >>> >>> or you outsource it and it's still costlier. >>> >>> Paying for DOS mitigation you rarely if ever use is quite expensive. If >>> you use it a lot it's even more expensive, but can at least be >>> rationalized on the basis of known costs e.g. npv calculation on the >>> number and duration of outages... >>> >> >> verizon's ddos service was/is 3250/month flat... not extra if there >> was some sort of incident, and completely self-service for the >> customer(s). Is 3250/month a reasonable insurance against loss? >> (40k/yr or there abouts) >> >> -chris >> >>>> -Drew >>>> >>>> >>>> -----Original Message----- From: Dobbins, Roland >>>> [mailto:[email protected]] Sent: Wednesday, December 08, 2010 11:54 >>>> AM To: North American Operators' Group Subject: Re: Over a decade of >>>> DDOS--any progress yet? >>>> >>>> >>>> On Dec 8, 2010, at 11:47 PM, Jay Coley wrote: >>>> >>>>> This has been our recent experience as well. >>>> >>>> I see a link-filling attacks with some regularity; but again, what >>>> I'm saying is simply that they aren't as prevalent as they used to >>>> be, because the attackers don't *need* to fill links in order to >>>> achieve their goals, in many cases. >>>> >>>> That being said, high-bandwidth DNS reflection/amplification attacks >>>> tip the scales, every time. >>>> >>>>> Lastly there is usually always someone at the other end of these >>>>> attacks watching what is working and what is not >>>> >>>> >>>> This is a very important point - determined attackers will observe >>>> and react in order to try and defeat successful countermeasures, so >>>> the defenders must watch for shifting attack vectors. >>>> >>>> ----------------------------------------------------------------------- >>>> >>>> >>> Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> >>>> >>>> Sell your computer and buy a guitar. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >> >> > > > > -- > Jeffrey Lyon, Leadership Team > [email protected] | http://www.blacklotus.net > Black Lotus Communications - AS32421 > First and Leading in DDoS Protection Solutions >
