Anders Norrbring wrote:
> Henrik Krohns skrev:
>> On Wed, Jul 11, 2007 at 07:44:37PM -0400, Phil Barnett wrote:
>>> We can't be the first people to come up against this problem. How
>>> have others solved it?

>>
>> Bunch'o'Mirrors? Crude and effective.
>>

>
> *raise a hand* I volonteer to mirror, I have lots of both hd and bw
> capacity to spare.


Sure, until you get your first DDoS...

SURBL had like 10 mirrors for www when they started getting the ddos,
and all of them took over 200mbit/s.. some upwards of 450mbit. URIBL
had 3, and Spamhaus has 2 that I know of. If they can ddos at well
over 3gbit/s (15*200), it really doesnt matter how many damn mirrors
there are. Even if your mirror providers would take 20mbit/s each and
not null route your ass, you'd need well over 150 mirrors.

I do not believe "Bunch'o'Mirrors" is "the solution". It may be all
fine and good for distribution of load/bandwidth, but thwarting off ddos
it is not.

The proper solution would be to dismantle the botnets that are capable
of mass ddos. Some ISPs need to gain a clue, step it up, and do their
part to cut off access to infected PCs.

--
Dallas Engelken
dallase@uribl.com
http://uribl.com