[52967] in North American Network Operators' Group
Re: DNS issues various
daemon@ATHENA.MIT.EDU (Richard Forno)
Thu Oct 24 12:50:21 2002
Date: Thu, 24 Oct 2002 12:49:54 -0400
From: Richard Forno <rforno@infowarrior.org>
To: Randy Bush <randy@psg.com>, <nanog@merit.edu>
In-Reply-To: <E184l3V-000PDT-00@rip.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
> protecting the servers is not the *critical* point. protecting the
> service is. don't obsessed up on silly boxes.
You're right.
It comes down to risk mitigation, not risk elimination.
I'd posit it's impossible to PREVENT a DDOS attack -- as such, as we did
when they first manifested themselves in 1999, we need to develop response
plans capable of meeting the onslaught and mitigating its impact so that
things continue to function, even if they're degraded somewhat.
It's like airport security - total security is a fantasy, but we have to
raise the bar to make it more difficult for an attacker, and couple that
with effective plans to respond when things occur, thus ensuring both an
acceptable level of service during the incident and a smooth
recovery/investigation afterward.
Of course, in the airport security case, the bar's still lying on the
ground..... :(
Rick
Infowarrior.org
