dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13
share rss forum feed

borntochill

join:2003-02-09
united state
reply to Arne Bolen

Re: DDOS Attacks - Is Any VoIPP More Immune ?

said by Arne Bolen:

said by borntochill:

For instance, Prolexic and Verisign among others offer cloud-based clean pipes services, however these systems/services do not come cheap. We're talking annual operating service costs in the five figures or even six figures.

Would be difficult to offer free calls between customers and low price to/from PSTN.

Do you know that for sure, or is that a guess?

Let's suppose a VSP has 50,000 customers and it costs $50,000/year extra for a robust DDoS mitigation service. That's an extra $1/year per customer. Or let's go further and say it costs $600,000/year extra with the same number of customers. That's an extra $1/month per customer. And yes, I'm reaching for numbers myself, because I don't have personal experience deploying such systems. Regardless, if these numbers are in the ballpark, for my own clients I can say with some certainty that they'd be more than willing to pay either amount extra to not endure future protracted DDoS outages like the one that afflicted CallCentric. I can also say with some certainty that it will be difficult or impossible to persuade some of my clients to stay with any VSP that suffers more than one outage like this. It could be ruinous to their business. I'm glad I have backup providers, but it nevertheless requires my intervention.
said by Arne Bolen:

said by borntochill:

If certain VSPs have deployed more robust anti-DDoS measures, I'd like to hear from them here.

There are many such VSPs. ISPs offering voip probably use a closed network for SIP device registrations, thus more difficult to take out with DDoS.

I should have clarified: BYOD VSPs.

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
Reviews:
·Bright House

We forget that this happens on POTS also, just that in those cases its all the people trying to make calls after a major disaster like an earthquake or something that ties up all the circuits.
--
...Who, What, When, Where, How... Why? Why Not?


PX Eliezer7
Premium
join:2008-08-09
Hutt River
kudos:13
Reviews:
·callwithus
·voip.ms

1 recommendation

reply to borntochill

You raise good points.

My understanding is that the costs are even higher than you considered.

But here are some problems that I see:

1) How well can these DDoS mitigation services actually prevent the super-massive attacks?

By all accounts, MANY providers have been fending off these attacks on a constant basis.

When it comes to the super-massive attack (imagine Charlie Sheen's reaction if you rear-end his car) it may be that these DDoS mitigation services add little or nothing.

2) If a VoIPP publicizes that it is using a DDoS mitigation service, it becomes more of a target.

3) If a VoIPP keeps it confidential to avoid becoming more of a target and to enhance the safety of their security program, then customers won't know to preferentially choose them. And the VoIPP will suffer as competitors will charge less.

These problems can be surmounted, I am just saying that it is difficult.

------------------------------

I bet that in upcoming months some providers may offer more options of service, security, and support levels. It's a natural evolution.



Arne Bolen
Happy Anveo customer
Premium
join:2009-06-21
Cyberspace
kudos:4
Reviews:
·Anveo
·voip.ms
reply to borntochill

said by borntochill:

said by Arne Bolen:

said by borntochill:

For instance, Prolexic and Verisign among others offer cloud-based clean pipes services, however these systems/services do not come cheap. We're talking annual operating service costs in the five figures or even six figures.

Would be difficult to offer free calls between customers and low price to/from PSTN.

Do you know that for sure, or is that a guess?

50,000 free riders paying $0.00 extra gives the enormous extra revenue of zero. I'm sure Verisign will be happy to accept that large amount as payment for their services.
--
My VoIP News


Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7

said by Arne Bolen:

50,000 free riders paying $0.00 extra gives the enormous extra revenue of zero. I'm sure Verisign will be happy to accept that large amount as payment for their services.

 
Put lots of trailing zeroes after the decimal point.

THAT'll impress 'em !


Arne Bolen
Happy Anveo customer
Premium
join:2009-06-21
Cyberspace
kudos:4
Reviews:
·Anveo
·voip.ms

said by Davesnothere:

said by Arne Bolen:

50,000 free riders paying $0.00 extra gives the enormous extra revenue of zero. I'm sure Verisign will be happy to accept that large amount as payment for their services.

 
Put lots of trailing zeroes after the decimal point.

THAT'll impress 'em !

said by Davesnothere:

said by Arne Bolen:

50,000 free riders paying $0.00 extra gives the enormous extra revenue of zero. I'm sure Verisign will be happy to accept that large amount as payment for their services.

 
Put lots of trailing zeroes after the decimal point.

THAT'll impress 'em !

You are right. The whopping high amount is:
$0.0000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000

Verisign will give their best service for such large amount...
--
My VoIP News

borntochill

join:2003-02-09
united state

1 edit
reply to PX Eliezer7

Those are all good points and good questions, ones unlikely to occupy much mental space for most residential VoIP end-users looking for a dial tone on the cheep (or for free). However, they preoccupy those of us who must put out fires for others when things go south. I have a colleague in a fortune 500 enterprise who I think has been directly involved in DDoS preparedness and I'll bend his ear next time I see him.

In this forum there are frequent posts touting the importance of DNS SRV bypass in choosing a VSP and I do not doubt its value. However, I've set up the majority of my clients on a VSP without it and in the year-and-a-half with that outfit, there's been under a handful of hours of reported issues with the server they're on, more importantly, zero perceived outages from my clients' perspective. Conversely, I put one client on CallCentric because of their stellar reputation for uptime and DNS SRV bypass support, and then ironically experience this multi-day outage. I intend no criticism of CallCentric in mentioning this. The same attack could just as easily happen to any of their competitors, and already has to a few.

What I'm saying is that the spate of sophisticated DDoS attacks against VSPs and their serious impact on end users leave me more inclined to prioritize DDoS protection than, say, DNS SRV. I acknowledge the dilemmas you mention about how, and how much, information providers should share about DDos defenses, but we need some ability to evaluate the relative investment in DDoS preparedness among VSPs all the same.