> -----Original Message----- > From: William McCall [mailto:william.mcc...@gmail.com] > Sent: Wednesday, April 28, 2010 10:09 AM > To: nanog@nanog.org > Subject: DDoS mitigation services from SPs > > All: > > I did some searching and have not found any concrete replies on the > list, but what carriers can offer L3 DDoS mitigation? Specifically, I > noticed an old UUnet offering, but it seems like I must be speaking > the wrong language to my sales drones. Specifically, we're dealing > with AT&T, Qwest and Verizon Business. My thought is that they all > offered some type of service like this, but my security folks have > been driving this and having limited success. > > Names of other SPs (we're looking at Verisign) is helpful, but we are > stuck with the Dallas area. > > Note: I am not interested in changing DNS records and prefixes should > be able to be advertised through BGP like normal. (Apparently, people > like to do funky DNS stuff to make this work and sometimes don't want > to do BGP in other scenarios.)
Verizon Business and AT&T both have DDoS Detection & Mitigation Services available, as do other providers such as Tata, Prolexic, and Verisign. Providers like AT&T, Verizon, and Tata unfortunately do not sell services off-net, so you'll need to have the sites you want protected connected to their networks. Similarly, these providers tend to put "all their eggs in one basket" by using a singular technology for their service. On the other hand, providers like Prolexic and Verisign have very robust offerings selling off-net and utilizing multiple vendors as they understand a one-size-fits-all doesn't work. I'd strongly advocate talking to the Verisign folks as they really seem to be attracting all the top talent right now - I'd be willing to bet their offering is the one that others will eventually emulate. Cheers, Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB5E3803D