[133273] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Dec 7 23:26:26 2010
Date: Tue, 7 Dec 2010 23:26:18 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: North American Operators' Group <nanog@nanog.org>
In-Reply-To: <DE2D3ABF-9B16-457A-9C11-F03FBF61EFE5@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 6 Dec 2010, Patrick W. Gilmore wrote:
>> But as you and others have pointed out, not a lot of defense against
>> DDoS these days besides horsepower and anycast. :-)
>
> Not just anycast. I said distributed architecture. There are more
> ways to distribute than anycast.
The content-side can be duplicated, replicated, distributed. On the
eyeball-side its not as easy to replicate things. DDOS against user
networks doesn't generate as much publicity, outside of the gammer world,
but is also a problem.
Other than trying to hide your real address, what can be done to prevent
DDOS in the first place.
