Thank you very much. This is the best suggestion I have seen so far.
Basicly, what you have described is a manually implemented RAID 0. But it uses well supported standards and software. Just read the good bits from each copy and piece them back together.
1) While I have had unrecoverable errors with fingerprints, I will take your word on the scratches. Besides, both can be cleaned/polished to some degree.
2) Exactly! It is the media durability which scares me. Good today, but crap next decade - long after I've removed the files from on-line storage.
3) Which leads me to another favorite lecture of mine - the media needs to last as long as the drive, but not much longer. Digital storage must move from standard to standard or be lost. How much longer before my eight inch floppies are useless?
I suspect that 30 years is sufficient for CD-R's. They are compatable with the next generation, DVD, but probably not with the generation after that. Jumping generations seems about right and should average about 20 years - assuming that we stay with "consumer" media. And that I avoid such wildly popular formats as the 8-track tape;-).
A DDOS attack involves two layers of victims. The obvious victim is the recipient of the attack. But before the attack can be launched several (hundred) intermediate systems must be penetrated and exploited. It is this set of victim machines which launches the final attack.
The procedure proposed by Stephen is quite clever and could be used to trace the attack back to the first layer of victims. But that is where it would end. The procedure requires hundreds of packets to make its trace. But the attacking machine is only listening for a single packet - whose IP can be spoofed - for the command to launch the attack. So the perpetrator remains safe behind his proxy army until he starts bragging on irc.
I personally doubt that there is any defence against a propperly executed DDOS attack. Why? Because there is no difference between a propper DDOS and "The SlashDot Effect."
Forget the ICMP packets. Want to take down a web site? Flood it with web page requests. You now have nothing to filter on and the legitimate users are crowded out.
And just what is a propperly launched DDoS? One in which a multitude of machines make legitimate requests of the server so as to overwhelm its capabilities and deny legitimate users access.
In other words, an induced slashdot effect.
Or, to look at it another way, how would you filter a clever DDoS without filtering slashdot users? The two can be made identical.
Please forgive my spelling. I'm an American so English is only my second language.
Slashdot Mirror
Basicly, what you have described is a manually implemented RAID 0. But it uses well supported standards and software. Just read the good bits from each copy and piece them back together.
Simple, elegant, I love it.
Thanks again,
Bob Washburne
1) While I have had unrecoverable errors with fingerprints, I will take your word on the scratches. Besides, both can be cleaned/polished to some degree.
2) Exactly! It is the media durability which scares me. Good today, but crap next decade - long after I've removed the files from on-line storage.
3) Which leads me to another favorite lecture of mine - the media needs to last as long as the drive, but not much longer. Digital storage must move from standard to standard or be lost. How much longer before my eight inch floppies are useless?
I suspect that 30 years is sufficient for CD-R's. They are compatable with the next generation, DVD, but probably not with the generation after that. Jumping generations seems about right and should average about 20 years - assuming that we stay with "consumer" media. And that I avoid such wildly popular formats as the 8-track tape ;-).
Thanks again,
Bob Washburne
A DDOS attack involves two layers of victims. The obvious victim is the recipient of the attack. But before the attack can be launched several (hundred) intermediate systems must be penetrated and exploited. It is this set of victim machines which launches the final attack.
The procedure proposed by Stephen is quite clever and could be used to trace the attack back to the first layer of victims. But that is where it would end. The procedure requires hundreds of packets to make its trace. But the attacking machine is only listening for a single packet - whose IP can be spoofed - for the command to launch the attack. So the perpetrator remains safe behind his proxy army until he starts bragging on irc.
I personally doubt that there is any defence against a propperly executed DDOS attack. Why? Because there is no difference between a propper DDOS and "The SlashDot Effect."
Forget the ICMP packets. Want to take down a web site? Flood it with web page requests. You now have nothing to filter on and the legitimate users are crowded out.
And just what is a propperly launched DDoS? One in which a multitude of machines make legitimate requests of the server so as to overwhelm its capabilities and deny legitimate users access.
In other words, an induced slashdot effect.
Or, to look at it another way, how would you filter a clever DDoS without filtering slashdot users? The two can be made identical.
Please forgive my spelling. I'm an American so English is only my second language.