On Mon, Oct 24, 2011 at 3:29 PM, Stefan Fouant <sfou...@shortestpathfirst.net> wrote: > On 10/24/2011 1:54 PM, Andreas Echavez wrote: > >> obviously they will get blocked. My personal experience is that when >> you're >> dealing with a DoS at the scale that you need Prolexic, there is simply no >> one else that can handle that level of traffic. > > Andreas, > > I think there are a lot of people on this list that would argue with that > statement. As was mentioned earlier, AT&T, Verizon, and several others > including Verisign have very ample networks capable of handling attacks just > as large as Prolexic, if not bigger. > > One thing to note about Prolexic, where it stands out from some of the > others is that it is a completely off-net solution. Many of the other > offerings from folks like Verizon require you to have WAN circuits connected > to their network in order to avail of such a service (in other words, they > will only scrub that which would normally traverse their network on it's way > towards your WAN interface). > > Others like Verisign have (smartly) adopted a similar model to that of > Prolexic. They understand that requiring a physical connection into a > provider's cloud is a monolithic approach (and certainly runs counter to > today's mantra of offering up cloud-based services). >
but... often the cost of scrubbing includes the cost of transit to/from the remote provider, which is why 'cheapest' only counts for an entire process, NOT for 'lookie, I bought the service!'. either way, folks will learn one way or the other which works for them. -chris > Stefan Fouant > JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI > Technical Trainer, Juniper Networks > > Follow us on Twitter @JuniperEducate > >