Can someone point me to the details on the attack? I am a little out of the loop. I've heard Twitter only uses around 200Mbit/s of data. From a net ops perspective, why is this challenging to detect and block?

I'm not trying to degrade the efforts of the engineers, this is a genuine question of curiosity.

I would imagine a detection system is in place, so why not block off at the upstream the offending attack?

As far as the API is concerned, I'm not sure I see why this can't be prevented in the future. If every Twitter app had to get an API key, which I believe is the case, those get whitelisted, all else are blocked.

Create a test sandbox for easy non key based testing of new developers who want to play. There are a few thousand third party apps, whitelist their secret keys and how is this not solved for API reliability?
Iphone says hello.

On Aug 8, 2009, at 5:09 PM, Howard Siegel <> wrote:

I support them wholeheartedly and appreciate everything they've done to thwart the DDOS attack.

While it is true that many of the tools used in the attack do not appear to follow the 302s right now, you can be your bottom dollar that they will very quickly be updated to do just that, perhaps even quicker than Twitter can finish recovering from the attack and put in to place measures to better survive future attacks.

At best it is a stopgap to get over the current attack.

Reply via email to