On Fri, 15 Oct 2010, Michael Scheidell wrote:
> On 10/15/10 9:48 AM, R P Herrold wrote:
>> e DSBL real time block list up,
>> testing and running well.
> dshield.org, part of sans.org, one of the most respected IT
> security training organizations.
that's nice -- but trying to solve a local rate limiting
problem querying out to a delegated exterior collection venue,
and reporting attacks across a link that is being defended
from a DDoS is not likely to be so effective for the obvious
reasons. If the 'spammers' get serious about shutting down a
link, they will; until then, rate limiting to 'look
unappetizing' is both:
1) immediately doable with FOSS technologies
2) not subject to outages when a link is being
attacked
.. I would note that I've been through these DDoS a few times
with clients, and 'blackholeing' certain ports, moving IPs
under attack, and so forth, with my upstream at the other end
of my external links is sometimes the only solution.
As such, having the circuit ID's, account name (and perhaps
the password credential) , and the NOC phone number of one's
counterparty, taped to the router at the site in an envelope,
is cheap insurance against the stress of possible future need
-- Russ herrold
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
