grelmar - 6:18 pm on Oct 21, 2010 (gmt 0)

By all means, if you know of hosting providers that provide DDoS protection that you know actually works, please post them...

Apologies, but I'm not keeping track of hosting services anymore - we manage our own infrastructure.

My surprise comes from the fact that we're a relatively small outfit and have mitigating hardware in place. We did this because we've had DDoS attempts against our services, and we quickly did the necessary research to find out how to deal with it, and haven't had an issue since. It's one of those nice pieces of tech that runs in the background and no one thinks about it anymore.

To me, if a small independent outfit like where I'm at can deal with it, it strikes me as sad that companies that act as "professional" hosting providers aren't.

My suspicion would be that it's cost related. The hardware doesn't come cheap (6 figures US$), but if you're in the business of providing a reliable web hosting, then it's an investment.

All those posts for different IDP/IPS and "Trademarked" DDOS filters make me laugh, they are just modern packet filters with a catchy name. The security industry sure knows how to takle money off the uninformed.

True, to an extent. The issue for a lot of companies comes down to "how many speciality boxes do we want our *nix admins to manage/update." Sure, it's possible to roll your own packet filtering box. But to keep it running and up to date requires man hours. There comes a point where your infrastructure grows to a level that the man hours cost of maintaining your own filtering exceeds the cost of just buying something off the shelf and plugging it in. This also applies to very large storage arrays and other nifty bits of tech that any *nix admin can build themselves. You can pay someone $$$ / year, or you can buy something, install it, and forget about it.