Interesting People mailing list archives
DDOS attacks
From: David Farber <dave () farber net>
Date: Mon, 10 Aug 2009 18:11:30 -0400
Begin forwarded message: From: Christian Huitema <huitema () microsoft com> Date: August 10, 2009 12:26:40 PM EDT To: "dave () farber net" <dave () farber net>, ip <ip () v2 listbox com> Subject: RE: [IP] DDOS attacks
From: "Michael O'Dell" <mo () ccr org> Date: August 9, 2009 2:54:16 PM EDT To: dave () farber net Subject: DDOS attacks a fundamental problem with Denial of Service Attacks, and most other Internet "security" problems in general, is that they are "attacks" only in retrospect. In fact, a DDOS attack is indistinguishable from a success disaster (flash crowd, "slashdotted", etc) only after observing the event for a while and then imputing nefarious intent.
Mike is correct, but only partially. The "perfect' DDOS attack would be indistinguishable from a sudden rise in a site popularity, but actual attacks only approximate normal traffic. The old attacks were gross estimates, e.g. SYN attack that would only attempt partial connections, or programmed loops in which the same attacker would repeat the same request at short intervals. The defense strategy then is to understand the patterns of traffic, distinguish abnormal traffic, and slow it down. For example, an IP address that sources too many repeated request might be temporarily blacklisted, and connection requests might be processed in a separate queue. Major web sites have learned to use this kind of defense, and are able to "repel" most attacks. The fact that Twitter did not is either a statement about the cunningness of that particular attack, or a statement about the engineering quality of the Twitter server farm.
-- Christian Huitema ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- DDOS attacks David Farber (Aug 09)
- <Possible follow-ups>
- Re: DDOS attacks David Farber (Aug 09)
- DDOS attacks David Farber (Aug 10)