Comment Re:But what laws are they breaking? (Score 1) 139
No, it's not the same but the reaction a company should have is similar because the result of the attack is almost exactly the same.
Choking on a hotdog is almost exactly the same as an angry biker wrapping a half-inch steel chain around your neck and choking you to death. The reaction should be similar.
The only way this would be true is if I had the same IP space on the two carriers, and we don't. In fact the amount of work to move IPs between carriers means that nobody does.
Uh. When our
Last month, Comcast managed to lose a fiber line. That line was rerouted through our Comcast link. Packets routed to the same IP addresses came down it.
Notice that you completely ignore the question and go off on a tangent back to your same "I only have 1 IP for access" bullshit answer.
We have 510 IP addresses for access. They're on a
Straw man argument, I never said that there was an instant fix to a DDoS.
You started talking about DNS, remember?
Clients generally don't use the IP address, they use the host name for access.
This is saying, "Oh, you just go change the DNS entry for the host under attack, and the packets go nowhere." Yeah, no. DDoS attacks generally don't use the host name; they use the IP address for access.
Given that you can not consider a world without your invalid premise that everything must live on a single static IP address
My premise is that routing works the way it does in the real world, and that attacking a single IP address in a subnet takes down the whole subnet. That's how it works. My premise is also that changing the link used to route your subnet (e.g. from Verizon to Comcast) will bring all traffic--including attack traffic. You function in this imaginary world where you just switch over all your services and somehow evade shitloads of legitimate-like traffic behaving exactly like legitimate traffic, without taking out your legitimate traffic as well; that doesn't work.
I handle these things in the real world. I've handled 14 DDoS attacks this year. I know how our links are built, I know how our links fail over, I know how routing works from routing protocols right down to the way frames are forwarded across the wire. I know, physically, how DDoS attacks work--what links are lighting up, how the packets are formed, and how the routers decide where to forward them. I know how they comingle with legitimate traffic, and how they crowd it out.
I know god damn everything.
You're floundering around with inspecific and blatantly wrong comments. You don't even understand what DNS does, what it's for, or how IP and hostnames work--otherwise you wouldn't yammer on about how clients access by hostname and not IP. You don't seem to understand how useless DDoS against a DNS server is, either (since every client uses their ISP's local DNS server, which has your server's data cached anyway).
Seriously, what kinds of systems do you architect? Because they're obviously not network systems. Do you mean "System Engineer" as in "guy who builds Web servers"?
Otherwise, if you can answer the question I proposed regarding a line failure and come to a single carrier solution which is HA I will concede to your amazing wisdom.
A DDoS is nothing like a line failure. We already have line failure fail-over: two providers run lines to our building; when our primary ISP has a line failure, our subnet routes to the secondary provider's network, and comes down that line. The entire subnet--that is, the same IP addresses--follow it. So if the line fails (e.g. backhoe hits a comm cable, tree falls on a pole, etc.), we stay up; if someone sends shitloads of data, we don't.
By the way, if you route a separate subnet through the secondary carrier and put two interfaces on every box, you'd have to update DNS (and re-propagate, which could take a day or two) to get your services back up. After all that, there could be a 10 second poll running on the command-and-control box, which sees your site is now responsive (by hostname) and has different IPs; it then relays to all drones to start attacking the new IP address. Congratulations: using multiple IP addresses has gotten you 10 seconds more availability!