NeuStar UltraDNS is apparently one of the leading global managed DNS providers – handling a quarter of the Internet’s authoritative DNS traffic. One of the additional services they offer is called SiteProtect – a “cloud based DDoS mitigation service” that offers “Defense against DDoS attacks before they reach your infrastructure” , ” Protection for all HTTP and HTTPS traffic, regardless of type and size of attacks” and “Global coverage through our network of traffic scrubbing centers”.
The way it works is basically that in the case of DDoS attack patterns occuring, traffic can be redirected through a super-bandwidth traffic-diagnosing-and-scrubbing system. Redirection is activated through DNS changes in the UltraDNS management portal.
That is a nice technical idea and an interesting option; a proactive measure to ensure the availability of critical public-facing infrastructure. An eyebrow (or actually both of them) might be raised though when having had a closer look at the fine print, such as the Master Service Agreement. The one item brought to my attention (by a legal professional) is the Neustar Master Service Agreement v.2.0, August 2009, which reads like this (paragraph 11):
” NEUSTAR DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR SECURE ..”
(ok, it is not exactly fine print – rather a Capital Font)
Seriously, what is that supposed to mean ? I actually wonder what I should be more concerned of: A) the potential unavailability (to the public) of public-facing infrastructure due to an epic and lasting DDoS attack – or B): in the case of such an attack – to route my organizations Internet communication through a “scrubbing center” provider with no security, quality and availability commitment in the contract fine print whatsoever …
RealLifeISM 
Posted on October 22, 2011 by zentralsachse
0