Can someone point me to the details on the attack? I am a little out
of the loop. I've heard Twitter only uses around 200Mbit/s of data.
From a net ops perspective, why is this challenging to detect and
block?
I'm not trying to degrade the efforts of the engineers, this is a
genuine question of curiosity.
I would imagine a detection system is in place, so why not block off
at the upstream the offending attack?
As far as the API is concerned, I'm not sure I see why this can't be
prevented in the future. If every Twitter app had to get an API key,
which I believe is the case, those get whitelisted, all else are
blocked.
Create a test sandbox for easy non key based testing of new developers
who want to play. There are a few thousand third party apps, whitelist
their secret keys and how is this not solved for API reliability?
--
Scott
Iphone says hello.
On Aug 8, 2009, at 5:09 PM, Howard Siegel <[email protected]> wrote:
I support them wholeheartedly and appreciate everything they've done
to thwart the DDOS attack.
While it is true that many of the tools used in the attack do not
appear to follow the 302s right now, you can be your bottom dollar
that they will very quickly be updated to do just that, perhaps even
quicker than Twitter can finish recovering from the attack and put
in to place measures to better survive future attacks.
At best it is a stopgap to get over the current attack.
