RE: DOS attack tracing

["Hannigan, Martin" <hannigan () verisign com>]

> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:ops.lists () gmail com]
> Sent: Tuesday, May 10, 2005 8:06 AM
> To: Hannigan, Martin
> Cc: Kim Onnel; Scott Weeks; nanog () merit edu
> Subject: Re: DOS attack tracing
>
>
> On 5/10/05, Hannigan, Martin <hannigan () verisign com> wrote:
> > DDOS' is rather infrequent to zero for most enterprises. That DDOS
> > golden banana is rather yummy with sprinkles on top. Don't 
> get me wrong,
> > the DDOS problem is real, but not for everyone, and not as 
> frequently as
> > it's being hyped up to be. A managed service is a better way
> > to go if they're worried, IMO.
>
> There's also the "minimze risk" thing .. take a conscious business
> decision not to host one of the typical DDoS magnets (dont allow
> people to run IRC bots on your colo farm, for example)

There's two classes of discussion here. One for service providers
who should have DDOS defense, and one for enterprises who should have
risk mitigation in mind. I think that operators should have DDOS defense
capabilities for themselves and their customers, and I think that enterprises
should seriously evaluate their need for a full blown implementation of a 
DDOS solution based on a solid risk analysis. 

As far as DOS tracing goes, using the freeware tools locally, and either
buying and/or subscribing to a ddos defense service make sense as much
as it makes sense to analyze the cost and your own capability as well as
your providers capability to quickly and successfully defend against a DDOS.

-M<