From Wikipedia:
Some upper layer protocols provide their own defense against IP
spoofing. For example, Transmission Control Protocol (TCP) uses
sequence numbers negotiated with the remote machine to ensure that
arriving packets are part of an established connection. Since the
attacker normally
TCP/IP is the protocol underneath HTTP, is not a web service protocol and
requires a whole different method to manage and use connections. Think of
it as the raw data pipe by which the HTTP protocol is used to communicate
between a client program (i.e. a web broswer) and the server program (i.e.
With a DOS attack, you are sending requests to the server in order to
tie up resources. The reason for the sequence numbers in TCP is order
to make sure that data can flow to and from client and service. With
HTTP, a TCP packet is sent, and a response is sent. However for a DOS
you don't need the
They can, but apparently they don't, otherwise Twitter wouldn't have
used it as a tactic. They're going through a very difficult time, we
need to be patient and supportive of them!
Dave
http://twitter.com/DavidHaber
On Aug 8, 8:53 am, Kyle Mulka repalvigla...@yahoo.com wrote:
An attacker can
I support them wholeheartedly and appreciate everything they've done to
thwart the DDOS attack.
While it is true that many of the tools used in the attack do not appear to
follow the 302s right now, you can be your bottom dollar that they will very
quickly be updated to do just that, perhaps even
Are the redirects only occuring with oauth? I've yet to run into them, but
I'm not really using oauth much so that might be why.
On Sat, Aug 8, 2009 at 7:09 PM, Howard Siegel hsie...@gmail.com wrote:
I support them wholeheartedly and appreciate everything they've done to
thwart the DDOS
Well I must be lucky then. :)
I'll probably add redirect support into my library anyway. Shouldn't be too
hard to implement.
On Sat, Aug 8, 2009 at 9:25 PM, Chad Etzel jazzyc...@gmail.com wrote:
No, they are not limited to only oauth related calls.
-Chad
On Sat, Aug 8, 2009 at 10:22 PM,
In a simplified sense, the redirect nullifies a pernicious class of
attack where the source IP address is forged. A redirect cannot be
followed with a false source address. The attacks that remain are
those where the source IP address is valid. You can then imagine other
techniques that than can
Can someone point me to the details on the attack? I am a little out
of the loop. I've heard Twitter only uses around 200Mbit/s of data.
From a net ops perspective, why is this challenging to detect and
block?
I'm not trying to degrade the efforts of the engineers, this is a
genuine
Perhaps someone should set up a wiki page for this with basic info we can
all collaborate on so we can know how to adapt to the new changes in our own
language. I'm sure that's something we can all work together on. Does
Twitter want to take the initiative to at least just start this so we can
A secret key will help at application level. But the first defense in
DOS is at network gear level where you cannot check secret keys
against db tables.
On Aug 9, 12:01 am, Scott Haneda talkli...@newgeo.com wrote:
Can someone point me to the details on the attack? I am a little out
of the
A forged source IP address is a good reason for doing 302s. Thanks for
the explanation. Now... if only OAuth worked...
--
Kyle Mulka
http://twilk.com
On Aug 8, 10:45 pm, John Kalucki jkalu...@gmail.com wrote:
In a simplified sense, the redirect nullifies a pernicious class of
attack where the
12 matches
Mail list logo