North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fair Queuing combats DDoS? [was Re: Yahoo! Lessons Learned ]

  • From: Alex Bligh
  • Date: Thu Feb 10 16:14:31 2000

Alexei Roudnev ([email protected]) said:
> [deploy WFQ and RPF universally]
> Then , if someone want to kill yahoo (for example), he need a few
> thousands  different data streams to do it - which is impossible.

Several thousand different data streams is exactly what DDoS is. Also
there is a presumed high correlation with people who do not secure
their servers adequately againts intrusion (and thus turning
these things into DDoS clients) and people who do not run RPF right
next to those servers.

Therefore this is only 'impossible' if there are not more than 2000
servers sitting on clueless or fallible peoples network. Recent experiences
with internet scaling suggest even if this were true now (which
it isn't), it won't last long.

-- 
Alex Bligh
VP Core Network, Concentric Network Corporation
(formerly GX Networks, Xara Networks)