On Wed, Mar 16, 2016 at 08:31:28AM -0400, Paul Wouters wrote:
An internet where to survive on you need an third party anti-ddos
service is pretty fundamentally wrong.
I strongly concur.
What's wrong is fairly easy to understand: DDoS attacks do not magically
fall out of the sky. They come from systems, that are on networks, that
are run by people. Those people (and the organizations they work for)
are responsible for their role in those attacks, but they are rarely,
if ever, held accountable for them. There is thus no reason for them
to perform due diligence and/or to exhibit the competence and
professionalism required to make their operations cease being operational
hazards to the entire rest of the Internet.
Everyone worries about what's inbound; few worry about what's outbound.
And so now we all have to pay in cost and complexity for their negligence
(or in some cases, their willingness to look the other way in return for
profits). The entire business model of these third party anti-DDoS
services is based on this unfortunate situation. (Not that I'm putting
the blame on those services: they didn't create this problem.)
Even large operations with (for all practical purposes) unlimited
personnel and budgets are guilty of this. E.g., two months ago,
Amazon was the #1 spamming network on this planet thanks to massive
and persistent infestation their cloud. I'm at a loss to figure out
how that's even possible: who allowed *that* to happen on their watch?
Until people/operations are held accountable by their peers for
what they allow to escape their networks, this situation won't change.
---rsk