<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 27, 2014 at 1:04 PM, Rainer Hansen <span dir="ltr"><<a href="mailto:rainer.hansen@gmx.net" target="_blank">rainer.hansen@gmx.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div id=":1ok" class="a3s" style="overflow:hidden">Do I understand right that it takes even with "external help" time to<br>
handle a DDoS attack. The attackers might try various methods and you<br>
have defend against them. To get the defense in place and to work<br>
properly takes time and as more scalable your infrastructure is as<br>
quicker you can get to normal service quality. Erlang systems can be<br>
designed to be quite scalable at a reasonable cost which should make it<br>
possible to go back to normal service quality faster than less scalable<br>
systems.</div></blockquote></div><br>DDiS us bit a orecusion tool. The purpose of such an attack is to overwhelm the system such that the weakest link of the system breaks. Depending on setup, that weakest link will be different. It works by forcing systems to misallocate resources. Typical resources are bandwidth, number of socket connections, memory, disk and CPU time. The way you handle a DDoS attack is to thwart an attackers ability to control the resources of your system. You succeed in the defense when your system survives the attack and recovers gracefully after the attack. It is essentially guerilla warfare, where the economic cost of the attacker is much lower than the economic cost of the defender.</div><div class="gmail_extra"><br></div><div class="gmail_extra">The problem with sweeping generalizations are that an attacker will just shift their focus to another part of the system. That is, the attacker will detect that a pattern which crashes processes does not tie up resources, and then proceed to make an attack which does.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Systems have an operating capacity and an engineering capacity. That is, a number of simultaneous work it can do when it is operating nominally, and a number of simultaneous work it can do at its peak stress. The key is to reject work when you hit the engineering peak of the system. This in turn, will protect yourself against the situation where an enemy seek to bind certain kind of resources: CPU, Memory and sockets. But it will not protect you against the situation where the attack goes for the bandwidth resource. hence, if you guard the system against this, then an attacker will overwhelm your bandwidth. This can be solved by talking to your ISP and have them filter out connections from the Attacker.</div><div class="gmail_extra"><br></div><div class="gmail_extra">To summarize: it has to be a joint effort on all of the system. Otherwise, the weakest link will break.</div><div class="gmail_extra"><br><br clear="all"><div><br></div>-- <br>J.
</div></div>