Anders Norrbring wrote:
Henrik Krohns skrev:
On Wed, Jul 11, 2007 at 07:44:37PM -0400, Phil Barnett wrote:
We can't be the first people to come up against this problem. How
have others solved it?
Bunch'o'Mirrors? Crude and effective.
*raise a hand* I volonteer to mirror, I have lots of both hd and bw
capacity to spare.
Sure, until you get your first DDoS...
SURBL had like 10 mirrors for www when they started getting the ddos,
and all of them took over 200mbit/s.. some upwards of 450mbit. URIBL
had 3, and Spamhaus has 2 that I know of. If they can ddos at well
over 3gbit/s (15*200), it really doesnt matter how many damn mirrors
there are. Even if your mirror providers would take 20mbit/s each and
not null route your ass, you'd need well over 150 mirrors.
I do not believe "Bunch'o'Mirrors" is "the solution". It may be all
fine and good for distribution of load/bandwidth, but thwarting off ddos
it is not.
The proper solution would be to dismantle the botnets that are capable
of mass ddos. Some ISPs need to gain a clue, step it up, and do their
part to cut off access to infected PCs.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
