On Wed, Mar 16, 2016 at 08:31:28AM -0400, Paul Wouters wrote: > An internet where to survive on you need an third party anti-ddos > service is pretty fundamentally wrong. I strongly concur. What's wrong is fairly easy to understand: DDoS attacks do not magically fall out of the sky. They come from systems, that are on networks, that are run by people. Those people (and the organizations they work for) are responsible for their role in those attacks, but they are rarely, if ever, held accountable for them. There is thus no reason for them to perform due diligence and/or to exhibit the competence and professionalism required to make their operations cease being operational hazards to the entire rest of the Internet. Everyone worries about what's inbound; few worry about what's outbound. And so now we all have to pay in cost and complexity for their negligence (or in some cases, their willingness to look the other way in return for profits). The entire business model of these third party anti-DDoS services is based on this unfortunate situation. (Not that I'm putting the blame on those services: they didn't create this problem.) Even large operations with (for all practical purposes) unlimited personnel and budgets are guilty of this. E.g., two months ago, Amazon was the #1 spamming network on this planet thanks to massive and persistent infestation their cloud. I'm at a loss to figure out how that's even possible: who allowed *that* to happen on their watch? Until people/operations are held accountable by their peers for what they allow to escape their networks, this situation won't change. ---rsk