When I was in school, there was a job posting looking for motion sickness study candidates. For $25/session, they'd spin you around until you puked.
Makes all the whining about crappy IT positions seem petty.
Well, with cool tools like airjack, even your nice ipsec encrypted traffic over open non-wepped wireless link is susceptible to getting DOSed. All you have to do is send a broadcast disassociation packet to knock everyone off the AP.
802.1x or other rotating WEP key schemes will make things like airsnort largely useless in that there won't be enough 'interesting' traffic(initialization vectors) to make the WEP key fall out.
WEP not smart? perhaps. But it's better than leaving it open. ipsec will protect the data, but not the transport.
Since webhosters and site owners tend to be net generators of traffic rather than net suckers(like the end-user eyeballs that view them), maybe billing models based on traffic shipped rather than received would be beneficial.
Ferinstance, look at some DDOS. That's inbound traffic and if the website operator would be liable for that inbound traffic bill, what incentive is there from the isp to thwart it? i.e. the slower they attempt to quell the attack, the more money they make.
Conversely, if something like slammer hits the website operators installation and starts generating 50mbps of traffic of noise, it's to the site operators advantage to patch their box pronto, because there's a financial incentive.
In a normal website operation, it isn't the httpget's that generate the bw, it's the responses that send all the html, gifs, jpgs, mpgs, flash, etc...
It shouldn't be too much to take 'normal' inbound webtraffic into account into billing models and at the same time, help allocate responsibility of doing business on the internet to the appropriate parties.
Slashdot Mirror
When I was in school, there was a job posting looking for motion sickness study candidates. For $25/session, they'd spin you around until you puked. Makes all the whining about crappy IT positions seem petty.
Well, with cool tools like airjack, even your nice ipsec encrypted traffic over open non-wepped wireless link is susceptible to getting DOSed. All you have to do is send a broadcast disassociation packet to knock everyone off the AP. 802.1x or other rotating WEP key schemes will make things like airsnort largely useless in that there won't be enough 'interesting' traffic(initialization vectors) to make the WEP key fall out. WEP not smart? perhaps. But it's better than leaving it open. ipsec will protect the data, but not the transport.
Since webhosters and site owners tend to be net generators of traffic rather than net suckers(like the end-user eyeballs that view them), maybe billing models based on traffic shipped rather than received would be beneficial. Ferinstance, look at some DDOS. That's inbound traffic and if the website operator would be liable for that inbound traffic bill, what incentive is there from the isp to thwart it? i.e. the slower they attempt to quell the attack, the more money they make. Conversely, if something like slammer hits the website operators installation and starts generating 50mbps of traffic of noise, it's to the site operators advantage to patch their box pronto, because there's a financial incentive. In a normal website operation, it isn't the httpget's that generate the bw, it's the responses that send all the html, gifs, jpgs, mpgs, flash, etc... It shouldn't be too much to take 'normal' inbound webtraffic into account into billing models and at the same time, help allocate responsibility of doing business on the internet to the appropriate parties.