I'm planning on getting a T1 soon. I've spoken to both Qwest and Sprintlink and they both seem to offer me a great deal with a great package.

They both will offer me DoS filters on their gateway routers.

I'm having a problem though. I just realised Qwest has geographical limitations and I can't find a number to their NOC anywhere on their website and my sales rep wont get it to me either. I was able to contact Sprintlink easily and I actually managed to get a network engineer on the phone faster than I get with UUnet. Shocked me.

I'm having a hard time choosing between Sprintlink and Qwest. Can someone share their experience with either backbone?

Who is better, as far as network quality, clued engineers, and filtering.

No flames please.

- Krish

Sprintlink

Not even a question here...Sprint all the way....

Sean R.
BurstNET

I've noticed less and less routes going over Qwest... and more and more going over Sprint... So I would say Sprint... But from a support aspect, I have no idea... I would definately try and ask a few Sprint and Qwest customers to let you know their experiences before making a decision.

Regards,

Thank you, all of you who replied.

Alright, so it seems Sprint is the one but something is really frustrating me.

Sprintlink has offered me state of the art Denial of Service attack filters using Cisco Extended Access Lists (they're limiting me to 20 lines, they kind of figured that should be enough to defend against a DoS, is 20 lines enough?) and rate limiting.

I personally like the rate limiting because you can still allow people to ping and traceroute your network. It's more of a active denial of service attack filter. You can set it where you want no more than say 100 kb/s of ICMP traffic and if it exceeds that amount then start denying any more than 100 kb/s. They offer to do the same for UDP packets and TCP SYN/ACK packets.

The thing that frustrates me is, how in the world does one defend against a TCP SYN flood? I mean, if you rate limit TCP SYN packets, not only will the malicious traffic be filtered, but legitmate TCP SYN's are also filtered. Is there a better way to defend against SYN floods?

- Krish

Thought this resource might be useful to you:

http://www.internethealthreport.com/24/

Regards,

Sprint is great. I would go with sprint. Qwest cant even keep my DSL up all the time.

Yeah, after being b/s'd by a Qwest engineer I chose Sprintlink.

Ugh, if I didn't know what I know I would have eventually went with Qwest. Amazing how sales droids will lie to you and the sales engineers.

They claim that they "automatically" filter DoS attacks out and my line would never be affected. YEAH, AND PIGS CAN FLY!

They also will not allow you to write up your own filters and they'd implement it for you nor can you call them up and request them to write a filter. Seeing it that they didn't offer me that and Sprintlink did, Qwest is now officially off my list :)

I just don't know what carrier to go with in the future that'll offer me the same thing. I've got global crossing and UUnet on my mind, but hey, thats for me to worry about in the future, right?

- Krish