On Aug 9, 4:29 am, Steve Andaz <mistytha...@gmail.com> wrote:
> Whilst i understand your working on fixing the problem, what i dont
> understand is how come its taking so long. . . . Over the past 18
> months with the extensive popularity of twitter shouldnt you have
> invested in the security used by other social networking sites?
> Afterall,some of them were attacked and are still fully operational.
> Also, rather than have some users unable to acess twitter, would it
> not be more reasonable to just suspend the entire system and work on
> the problem in house?
Steve,
DDoS attacks are not "real" security breaches of the target service
and security "fixes" won't solve the problem. A DDoS is accomplished
by infecting countless computers (e.g. unsecured home PCs) all over
the Internet and turning them into a massive zombie army. That is
then directed to barrage the target of an attack with a ceaseless
flood of requests saturating the target's ability to handle and
respond to requests. The goal is to bring down the target service and
force it offline. In this case to silence everyone who uses Twitter.
The way a DDoS has to be countered is:
1) increasing the target's resources such that it is able to handle
massively larger numbers of requests (this is countered by increasing
the size of the zombie army attacking);
2) identifying signatures of the bogus requests from the zombie army
higher upstream from the target of the attack and filtering those
requests out so that they never reach the intended target (can be
difficult to do for a service like Twitter);
3) tracking down how the zombie army is controlled and taking control
of the zombie army to shut it down;
4) getting people to properly secure their own PCs such that they
never become infected in the first place and/or taking their own
computers offline until they are fixed once they do become infected
(good luck with that).
