To:
Bill Manning <bmanning@ISI.EDU>
cc:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, <dnsop@cafax.se>
From:
Bill Woodcock <woody@pch.net>
Date:
Tue, 29 Oct 2002 11:42:19 -0800 (PST)
In-Reply-To:
<200210291852.g9TIqTE22027@boreas.isi.edu>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
On Tue, 29 Oct 2002, Bill Manning wrote:
> anycast will not prevent DoS attacks.
Correct. It will merely sink attacks at the nearest instance. This is
not particularly useful until there are a _lot_ of instances. For
instance, if every major carrier ran instances near their customer edges,
then all attacks would be sunk before they left any of those carriers, or
before they even affected those carrier's internal backbones. That would
be ideal, since it would localize the pain in the same locality as the
fault. However, we're presumably quite a long ways away from being there.
-Bill
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.