Re: UltraDNS: Internet Security Shield?

[Jordan Wiens <numatrix () ufl edu>]

On Tue, 18 Oct 2005, David Dagon wrote:

> On Tue, Oct 18, 2005 at 10:44:33AM -0400, Jordan Wiens wrote:
>
> > Sure, the IP may be resolvable, but in the event of a network failure or a
> > ddos on the public internet, it doesn't matter if you can resolve the
> > domain, it's still likely to be unreachable.
>
> The disaster or DDoS would have to overcome the use of anycast'd DNS.
> On this, see:

I'm not referring to the resolution itself -- I was just pointing out that 
even if this successfully maintains resolution in the face of massive 
outages and DDoS, the odds that you can get to the IP that you've just 
resolved may still be slim.

>   http://www.isc.org/pubs/tn/isc-tn-2003-1.html
>
> And, yes, it needs to be studied (and is):
>
>   http://www.caida.org/projects/oarc/200507/slides/oarc0507-Woolf-anycast.pdf

Thanks -- some good reading to load up on my pda before my vacation next 
week.  :-)

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.