[
Lists Home |
Date Index |
Thread Index
]
Thanks Chris. That is certainly interesting as well
s the other research he is doing. In discussing the
DDoS challenge with engineers here, I hear similar
proposals (that is, as much as I can determine from
the short description of 'anycast') where a box
at the perimeter shields the rest of the network.
If he has a generalized solution, that sounds
like a money maker.
I would think these issues would be of some concern
to an industry obsessed with web services. Currently,
we keep them in the Intranet and are very careful to
assess any kind of service that is on the Internet
with regards to criticality. We can do that. I
have to wonder about industries that have some
wide-eyed vision of 'seamlessness' and 'just in time'.
It seems like driving ahead of the headlights.
len
From: Chris Wilper [mailto:cwilper@cs.cornell.edu]
Maybe something on the horizon from Paul Francis (the NAT guy):
". . . The IP Internet was simply not designed to repel this kind of attack.
We are looking at an architecture for an anycast-based DDoS perimeter than
can be incrementally deployed at the edge of the network. In this
architecture, IP anycast is used to force packets to travel through the
boxes
that constitute the perimeter, thus protecting servers from direct attack.
We believe that this architecture can be extended to provide DDoS protection
to all Internet users."
http://www.cs.cornell.edu/People/francis/
|
