Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai: How They Fought Recent DDoS Attacks

Posted by timothy on from the malice-is-unbounded dept.

yootje writes "Infoworld is running an interesting article about Akamai and the DDoS attack that hit the network of Akamai Tuesday. According to this article one of the defenses of Akamai is the big diversity of their hardware: 'We deliberately use different operating systems, different name server implementations, different kinds of routers, different kinds of switches, different kinds of CPUs, and especially, different operational procedures.' So says Paul Vixie, architect of BIND and president of the ITC." Yootje points to another article on this subject as well, this one at Internetnews.com. Update: 07/07 19:38 GMT by T : Note that Vixie's quote here is actually presented out of context; he was commenting by way of contrast on the diversity of the root DNS servers, not Akamai's content-serving system.

7 of 231 comments (clear)

  1. WRONG! by Anonymous Coward · · Score: 5, Informative

    It says the root servers use different stuff, not akamai. RTFA.

    1. Re:WRONG! by Travis+Fisher · · Score: 5, Informative
      Exactly! Correct quotes from the article:
      • Paul Vixie, architect of BIND (Berkeley Internet Name Domain) and president of the Internet Systems Consortium, charged that Akamai's proprietary approach to DNS makes it a single point of failure. ... [I]f Akamai tried to diversify the implementation of its large-scale content-delivery network, Vixie said, the cost would "drive their accountants crazy."
  2. Re:Quote misattributed by tcopeland · · Score: 4, Informative

    > Quote misattribute

    Exactly. And Vixie goes on to say that Akamai can't do that because "the cost would 'drive their accountants crazy.'".

    But I'm not sure having diverse bits of gear is such a huge cost. Wouldn't it instead be a way for sysadmins to broaden their experience and learn more about which tools are best for which jobs?

    --
    The Army reading list
  3. Re:Never heard of syn cookies or what? by Burdell · · Score: 4, Informative

    SYN cookies are for TCP connections (because TCP uses a three-way
    handshake to set up a connection). DNS uses (primarily) UDP traffic,
    which is connectionless (there is no "stateful" connection with UDP).
    SYN cookies do no good when your DNS servers are under attack.

  4. Re:Trade-Off by Anonymous Coward · · Score: 5, Informative

    Akmai doesn't have a heterogeneous IT solution. It is the root nameservers that do. In fact, TFA says that the cost would be too high for them to do this.

    Mod this whole story down "-1 incorrect".

  5. Diversity Doesn't Refer to Akamai at All by SeinJunkie · · Score: 5, Informative
    I RTFA, and it doesn't say that Akamai has a diversity of hardware at all, that was talking about BIND:
    Paul Vixie, architect of BIND (Berkeley Internet Name Domain) and president of the Internet Systems Consortium, charged that Akamai's proprietary approach to DNS makes it a single point of failure. He added that the 13 DNS root servers, which weathered a vicious DDoS attack in 2002, are even more defensible today than they were back then. The root servers are resilient, Vixie said, because their operators embrace diversity. "We deliberately use different operating systems, different name server implementations," etc...
    AFAIK, all of the text that the quote from the submitter is regarding not Akamai, but BIND in criticism of Akamai. He's saying that they would have performed better had they used a more diversified network.

    Correct me if I'm wrong.

  6. Re:What do they do? by Tmack · · Score: 4, Informative
    For not knowing about the recent Akamai attacks, you must have just joined /. or been hiding in a cave for the past few months. Basically, a bunch of the recent worms that have been going around have a client built into them for targeted DOS attacks, and most of them target various servers in Akamai's network. For not knowing who Akamai is, you are just lazy. Try www.akamai.com. Akamai is a large hosting company (they estimate 15% of ALL internet traffic goes through them), hosting sites such as Microsoft. As for why the attack? Why does any site get attacked? Akamai is also a very large target, this attack just happened to disrupt service to 2% of its customers for a short time. And since you probably didnt RTFA, it was due to their DNS implementation. The rest of the article read like an ad for a new beast of a security server, and the article as a whole was rather uninformative and boring. The "Akamai got attacked" part was only in the first few lines.

    tm

    --
    Support TBI Research: http://www.raisinhope.org