On Mon, 12 Sep 2011 22:38:57 BST, Nick Hilliard said: > Let's throw some figures around (ridiculously simplified): a company has a > choice between a pair of $10k software routers or something like a pair of > MX80s for $25k each. So, one solution costs $20k; the other $50k. $30k > cost difference works out as $625 per month depreciation (4 year). I.e. > not going to affect the bottom line in any meaningful way. > > Now say that this company has a DoS attack for 24h, and the company > effectively loses one day of revenue. On the basis that there are 260 > office working days per year, the point at which spending an extra $30k for > a hardware router would be of net benefit to the company would be 260*30k = > $7.8m. I.e. if your annual revenue is higher than that, and if spending > that cash would mitigate against your DoS problems, then it would be worth > your while in terms of direct loss mitigation. > > Of course, this analysis is quite simplistic and excludes things like > damage to reputation, online stores, the likelihood of DoS attacks > happening in the first place, the cost of transit and many other points of > reality.
One important thing it overlooks is what percent of DDoS attackqs are simple "flood the pipe" attacks directed at a target behind the router. If you got a 100M or 1G pipe to the outside world and you're getting hammered by multiple G worth of packets, things are going to suck no matter what the router is. And let's face it, kicking that pipe to 10G is gonna cost a bit....
pgpaOKFyCFolN.pgp
Description: PGP signature
