> -----Original Message----- > From: Paul Ferguson [mailto:fergdawgs...@gmail.com] > Sent: Thursday, November 05, 2009 8:26 PM > > On Thu, Nov 5, 2009 at 4:46 PM, Stefan Fouant > <sfou...@shortestpathfirst.com> wrote: > > >> > >> Actually, no - the miscreants are always going to have more > bandwidth > >> at their disposal, plus they utilize attack vectors which provide a > >> great deal of amplification (including at layer-7) which make > >> bandwidth largely irrelevant. > > > > So if I'm hearing you correctly, you're saying that no matter how > much > > infrastructure you have to potentially absorb the problem, there is > > nothing you can do because the bad guys are always going to have more > > bandwidth at their disposal. Man, that's a pretty bad position to be > in > > for a vendor who's fundamental premise is to sell boxes to deal with > > these sorts of > > problems. ;) > > Well, the fact of the matter is that you can't put 10 lb. of > [expletive] > in a 5 lb. bag, so to speak. :-)
Which is why vendors selling DDoS mitigation equipment will always tell you to get a 15lb. bag first. ;) Their solutions work, but only if you got a bag big enough to store a lot of crap. Stefan Fouant GPG Key ID: 0xB5E3803D
