---- On Tue, 04 Nov 2014 17:17:17 +1300 Kris Price wrote ----
There are networks out there that cope with these issues. Develop means to monitor and detect DDoS and police users in near real time at the access port. Think about what happens when someone tries to launch a DDoS from a cloud provider.
The related aspect to this is we can, if we choose provide very high amounts of bandwidth with very low over sub ratios. Network equipment is now a commodity. Provided you have the fiber you can light vast amounts of bandwidth for surprisingly low cost, not just in the access but also the long haul.
100GE interfaces on routers cost very serious money, at least by New Zealand standards. Beginning a sentence "Provided you have the fiber" glosses over the important question of who has the fibre. It isn't most ISP's. The wider discussion can indeed be seen as just the same things as in the past with bigger numbers. The fact that available bandwidths continue to increase dos not reduce the need for attack mitigation by network operators. - Donald Neal
Sent from my mobile
On Nov 3, 2014, at 6:23 PM, McDonald Richards
wrote: Sure - we had the conversation then, when 1.5Mbit of saturation didn't also exhaust firewall state tables, CPU and memory resources of everything in the service path.
What we do have now, that we didn't have then, are bot-nets for hire and parties who intentionally exploit, infect, test and document these hosts for hire as weapons while the end users in a lot of cases have no idea that it's happening outside of a slower Internet connection.
On Mon, Nov 3, 2014 at 5:53 PM, Jeremy Visser
wrote: On 03/11/14 22:26, McDonald Richards wrote: The days of the "any to any, open Internet" are slowly coming to an end. One small flaw in one mass produced and mass distributed piece of software (including software that runs on CPE) can easily snowball into hundreds of gigabits of traffic at the "core" of the Internet (I hate that term but I'm too tired to come up with anything else right now).
We had this same conversation when people started moving from dial-up to DSL.
"OMG a single user on 1.5 Mbit/s can saturate our entire server farm bandwidth"
The world didn't end. The same rules apply today that applied back then. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog