Re: Congress may require ISPs to block fraud sites H.R.3817
* Jeffrey Lyon: > Net neutrality suffers another blow. I liked Congress when they had no > idea what the internet was, now they've progressed to "still have no > idea but like to pretend." Our company is most likely not the owner of the site associated with this domain. Please do not contact us with inquiries regarding the web site content as they will likely be disregarded. If you keep playing such games, it's guaranteed that there will be some sort of backlash. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: Pros and Cons of Cloud Computing in dealing with DDoS
* Stefan Fouant: > Obviously the cloud is no different than any other infrastructure insofar as > implementing protection mechanisms. It's different in one aspect, though: you don't know with whom you're sharing your toothbrush. To some extent, this is true for other infrastructure as well (even your dedicated Internet connectivity eventually joins shared infrastructure, which is precisely the point, of course). But virtualization makes those risks very difficult to estimate. Some companies have already suffered from this because they completely outsourced their authoritative DNS service to dedicated DNS service providers. Only very few customers of those providers were attacked, but the impact was felt across larger parts of their customer base. (The obvious thing to do is to use both external DNS and DNS on your network, so you stay up even if your external DNS goes down. I suppose a similar model could be used for many in-the-cloud services.) -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: Pros and Cons of Cloud Computing in dealing with DDoS
* Stefan Fouant: > Which is why vendors selling DDoS mitigation equipment will always tell you > to get a 15lb. bag first. ;) Their solutions work, but only if you got a > bag big enough to store a lot of crap. Not all attacks involve saturated pipes. There used to be anti-DDoS vendors whose boxes didn't even have WAN links. Part of the problem is that operating systems come with TCP stacks and web servers which are not very robust, so it's pretty easy to create something which behaves spectacularly better under certain attacks. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
