The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get through .
This represents the best solution , and also the most expensive . So it may not work for a non profit. This Email was sent from Steve's iPad > Message: 4 > Date: Thu, 6 Dec 2012 09:51:21 -0800 > From: Mike Gatti <ekim.it...@gmail.com> > To: NANOG list <nanog@nanog.org> > Subject: Solutions for DoS & DDoS > Message-ID: <0d89d80c-d288-402f-8723-b837ea523...@gmail.com> > Content-Type: text/plain; charset=us-ascii > > Hello Everyone, > > I'm assisting a non-profit organization to research solutions to secure their > network from DOS/DDOS attacks. So far we have gone the route of discussing > with their ISP's to see what solutions they have to offer, believing that the > carriers are better positioned to block the attack from the source. > > I wanted to get the lists thoughts on our approach going the carrier route > and/or hear about successful implementation of other solutions. > > Thanks, > -- > Michael Gatti > 949.371.5474 > (UTC -8) > > > > > > > ------------------------------ > > > End of NANOG Digest, Vol 59, Issue 24 > *************************************