Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment /. articles cause flashbacks (Score 4, Funny) 453

This article reminds me of the days I would build machines for people that constantly "wanted more". They wanted to be able to stuff every drive they ever owned into it. Then they wanted to have their scanner, printer, phone, 5.25 and 3.5 floppy, and cd player/recoreder attached. Then they wanted the best graphics card for playing games, looking at pictures, watching movies, editing pictures, creating 3d graphis for games, and encoding movies. They wanted the best sound card for games, listening to music, editing music, creating music (which of course meant they needed a way to hook up another slew of midi devices). Then they wanted a web server on it. Then they wanted a database server on it. Then they needed a network card, then two, then bonded interfaces. Ah, fun times.

Comment DNS DDoS is new school (Score 1) 336

Most packet based DDoS attacks (SYN|FYN|ACK|ICMP) floods do not require a return packet. The source address is always bogus. Reporting it is a joke. New fun and exciting targeted DDoS attacks use improperly set up services/daemons. In this case, recursive lookups on DNS servers are the cause. IMHO, If someone has a fast connection and doesn't disable recursive DNS lookups they should get a warning. After tha,t publishing their whois information on a web site would be a great way to motivate them.

Comment Re:DPI != spying (Score 1) 152

You don't need to inspect the deep end of the packet for that kind of traffic. The shallow end (4 bits in) is all you need to do that. TCP over HTTP, HTTP over ICMP, et al all are all easily recognizable by the 4th bit. China doesn't use a great firewall. They use spyware on machines tied into what people think is a great firewall. You need to have something on the end user's machines to filter encrypted traffic or have the keys. China has the keys but prefer spyware.

Comment DPI != spying (Score 3, Insightful) 152

You do not have to do deep packet inspection to spy on traffic. In fact, you have to spy on traffic to do deep packet inspection. The vast majority of information gleaned about people has absolutely nothing to do with traffic filtering. Things like redirecting DNS queries, logging x-forwared-for headers, persistent HTTP connections, are vastly more popular for garnishing user information. It is easier, and much less expensive, to drop information gathering warez on a large number of machines than implementing DPI. DPI is best used to protect networks from stupid people. Yes it is used to filter access. Only a really stupid network engineer would use it for spying.

Slashdot Top Deals

C++ is the best example of second-system effect since OS/360.