On Nov 6, 2009, at 7:46 AM, Stefan Fouant wrote:
So if I'm hearing you correctly, you're saying that no matter how
much infrastructure you have to potentially absorb the problem,
there is nothing you can do because the bad guys are always going to
have more bandwidth at
their disposal.
What I'm saying is that one can't simply rely on bandwidth capacity/
connection capacity/tps scaling/etc. on their own to always 'eat' the
problem traffic; rather that there's a full spectrum of things one
must do in order to be able to maintain availability in the face of
attack, starting with fundamental architecture at layer-7 and moving
down the model, taking special care to try and avoid design choices
which lead to blocking behaviors and/or open up amplification vectors
(some of these simply can't be avoided due to protocol semantics, of
course).
I'm also saying that threats to availability aren't something one can
always assume one will be able to handle alone; engaging with the
larger opsec community is key.
-----------------------------------------------------------------------
Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625