Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you familiar with DDOS attacks? Current mitigation strategies are literally "have more bandwidth than they do" and null routing. Given that null routing effectively means people have accomplished their goal of bringing down a site, the only way to mitigate that is to not allow DDOSers to acquire enormous amounts of bandwidth.

It's true that a lot of the biggest issues would be mitigated if ISPs would consistently perform packet ingress filtering, fix open DNS resolvers, etc. But to act like this is an easy infrastructure problem is to ignore the technical challenges inherent in the problem.



> Are you familiar with DDOS attacks?

No, I'm a clueless newbie who can't tell a twinax cable from a RAM chip.

> Current mitigation strategies are literally "have more bandwidth than they do" and null routing.

I think you may be behind the times a bit.

It is definitely not an 'easy problem' but it is also not so simple as to get rid of symmetrical net access at the consumer level.

Anyway, you're the guru I guess.


> I think you may be behind the times a bit.

Elaborate. I may well be behind the times.

> It is definitely not an 'easy problem' but it is also not so simple as to get rid of symmetrical net access at the consumer level.

No, it isn't. But it's also true that you need 10x more machines with a 10x disparity for a volumetric attack.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: