LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-23-2009, 02:42 PM   #16
teebones
Member
 
Registered: Aug 2005
Location: /home/teebones
Distribution: sometimes this, sometimes that..
Posts: 500

Rep: Reputation: 56

what the OP is explaining, exists, it's called Load Balancing.

Mayor websites, use this technique, to distribute the traffic load among x amount of webservers.
(mostly using internal proxy techniques along with load balancers.)

That's the reason mayor sites are always available, even when being heavily DDos'd.
Even more, most of their webservers are distributed among several subnets, and even networks. (peers so to say)
That way, they have a rock stable redundancy.

For smaller sites, this is almost not possible, due to the technical requirements (and money it costs to buy/setup).

Even more so, why should smaller sites? It's no fun for those cyberbullies to ddos a small "personal" webserver. No, what is more likely to happen, is being defaced. (meaning your website, if using a buggy cms, e.g. joomla, the bully will do an sql-injection, so the contents of pages will be changed to whatever this bully wants it to change.. just to nag you).

Last edited by teebones; 10-23-2009 at 02:45 PM.
 
Old 10-23-2009, 02:51 PM   #17
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by teebones View Post
they have a rock stable redundancy.
Isn't it possible for a large enough botnet to bring them down too? Ultimately the main thing that matters is who has the most collective bandwidth, the attacker or the attacked.

So I reckon N adsl users have more bandwidth than www.yahoo.com, and can therefore withstand larger load-attacks. For dos-attacks I guess the numbers would be different, a higher N would be required for a given M. In other words I think a bad guy with a dial-up connection can bring down an adsl site if they use denial of service attacks rather than just a load attack, can anyone confirm?

Now what is N to beat a bad guy with M adsl computers?

Last edited by Ulysses_; 10-23-2009 at 03:13 PM.
 
Old 10-23-2009, 04:13 PM   #18
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Here it says the Storm botnet with some 160,000 infected computers in 2007 could bring down entire countries.

http://en.wikipedia.org/wiki/Storm_botnet

Any thoughts on the proper math for such a conclusion?
 
Old 10-23-2009, 04:32 PM   #19
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
Ulysses

Yes, they update THEIR DNS faster but it does not update ALL the DNS faster, most will still have to go through the process that I described. If ALL of the clients use the services DNS it would work, but that would (again) make that DNS the new target.
 
Old 10-23-2009, 04:54 PM   #20
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
Quote:
Yes, they update THEIR DNS faster but it does not update ALL the DNS faster, most will still have to go through the process that I described. If ALL of the clients use the services DNS it would work, but that would (again) make that DNS the new target.
To put it another way, so long as you can send a SYN flood against a target faster than it can handle them, and so long as you can scale your attack up cheaper than the target can scale up it's ability to handle the traffic, a DDOS attack will alsways win. That's why the Tarpit defense works...it reverses the dynamics, causing the attacking PCs to get bogged down without causing a significant load on the defending server.

Now if only they'd rewrite the law so that you can't get sued for disrupting ILLEGAL communications traffic...
 
Old 10-23-2009, 07:26 PM   #21
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by lazlow View Post
Yes, they update THEIR DNS faster but it does not update ALL the DNS faster, most will still have to go through the process that I described.
I am aware of the process you described but something must render it less relevant in real life because otherwise how can services like DynDNS exist and keep their customers - my guess is 99.9% of visitors to a domain see the latest ip much much sooner than a day after it is changed, probably in minutes, and that's probably good enough for DynDNS customers.

And let's not forget, delay matters little when all ip's have the same content. It is the frequency of updates that matters in our case.
 
Old 10-23-2009, 07:33 PM   #22
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by Jim Bengtson View Post
so long as you can send a SYN flood against a target faster than it can handle them, and so long as you can scale your attack up cheaper than the target can scale up it's ability to handle the traffic, a DDOS attack will alsways win.
Does it not make a difference that the target is a new one every few seconds? Is the attacker going to abandon old targets? If they do, old targets will work normally when normal visitors to them press F5 to an address that looks like http://195.24.13.11/ (random example) or click a link to that.

Last edited by Ulysses_; 10-23-2009 at 07:43 PM.
 
Old 10-23-2009, 07:49 PM   #23
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
What is your alternative to using their service? This is why their service is used. I would guess that 90% of the servers will be updated within a few hours.

If you are going to use strictly IP address (and not www.whatever.XXX) you do not need to use a DNS registration at all. It all boils down to how your clients will get the IP(or IPs). If the attacker can get these IPs then they can attack your sites. The question is, how are you going to provide the clients with the IPs without giving it to the attackers? Once the attackers have the IPs then they can attack. Odds are VERY high that they will have more machines than you do.
 
Old 10-23-2009, 08:06 PM   #24
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by lazlow View Post
What is your alternative to using their service? This is why their service is used. I would guess that 90% of the servers will be updated within a few hours.
If I ever use them, let's make an experiment here online to find out what's the average delay for 5 or 10 of us.

Quote:
The question is, how are you going to provide the clients with the IPs without giving it to the attackers?
I can't hide these ip's from the attackers, it's a public network. I'm only hoping regular users will somehow see ip's not currently attacked by hostile users.

Maybe a firefox addon would ensure all users can press F5 and see the old ip that's been abandoned by the attackers (they'd have to abandon old ones as they cannot attack all 1,000,000 ip's).

For this the addon would bypass normal domain lookups by the system and do its own.

Last edited by Ulysses_; 10-23-2009 at 09:53 PM.
 
Old 10-23-2009, 09:49 PM   #25
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
How frequently may a dns record change?
 
Old 10-23-2009, 10:38 PM   #26
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
I am not aware that there is a limit, although the service may consider it as abuse if one where to change it too often (multiple times a day, every day).

Also keep in mind that in most cases DNS records seldom change. Even your typical IP from a ISP does not change very often. It is fairly common for a cable modem to have the same IP for months, and it is not unheard of for that to extend over a year.
 
Old 10-24-2009, 10:15 AM   #27
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
What if I set up my own dns server that only holds the ip's of participating people (while visitors temporarily change their dns settings to point to my dns server by means of a firefox addon or something).

If my tracking server only accepts dns lookups and no other traffic at all, is it any harder to bring down than a normal p2p server of the same bandwidth?
 
Old 10-24-2009, 10:27 AM   #28
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
In order to change you DNS settings you generally have to restart network services on your machine(client). Most people would be reluctant to do this for two main reasons. First people just do not want to do anything they do not have to. Second it is a security issue, for the time that they are using your DNS all their other running processes are dependent on your security(which is in question).


No, doing it this way would not make any difference. Traffic is traffic and it has to be dealt with in some way.
 
Old 10-24-2009, 11:25 AM   #29
Ulysses_
Member
 
Registered: Jul 2009
Posts: 650

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by lazlow View Post
In order to change you DNS settings you generally have to restart network services on your machine(client)
I thought that firefox addons can provide the required functionality without messing with the system network services settings. You have any information that suggests otherwise, perhaps written an addon?

Quote:
Second it is a security issue, for the time that they are using your DNS all their other running processes are dependent on your security(which is in question).
If it's just the browsing that depends on my dns server it doesn't ask for too much trust, and it's over when you press the addon button and go back to the normal web.

Quote:
First people just do not want to do anything they do not have to.
Not all people get their news from mainstream media and the content that matters is already being suppressed somewhat by google's search engine and others, and much worse is to come, including forced site closures one way or another. So the motivation to read independent content will increase and therefore the motivation to read distributed content will increase.

Quote:
No, doing it this way would not make any difference. Traffic is traffic and it has to be dealt with in some way.
In terms of other functionality, ie when it's not being attacked, isn't it much less costly and more efficient to accept nothing but dns lookups and dns updates?

Last edited by Ulysses_; 10-24-2009 at 11:44 AM.
 
Old 10-24-2009, 11:43 AM   #30
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
Many people use there browsers to do banking (and other necessary secure transactions) using their browser. So yes it is asking for a TON of trust. As far as I know the network service can only use one (set) of DNS severs at a time. I have never seen a setup that changes the DNS for JUST the browser. If you have such a addon please post a link to it. Edit: I suppose you could run through a proxy server but you would be using the local machines DNS until you were on the proxy(then you would be using whatever DNS the proxy was using). Then the target just becomes the proxy server.

What does people not changing their DNS server (due mostly to laziness) have to do with mainstream media?

If you are referring to bandwidth costs, you get charged for all traffic not just the traffic that you accept. Which is one of the reasons metered billing for residential lines is such a bad idea. If you mean machine resources (cpu cycles etc), sure rejecting all traffic except on port (whatever) means that (after refusing that connection) no further machine resources are used on that connection(you still eat the bandwidth).

Last edited by lazlow; 10-24-2009 at 11:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Review: Linux Backups For Real People, Part 3 LXer Syndicated Linux News 0 11-15-2007 12:10 PM
LXer: Tutorial: Linux Backups For Real People, Part 2 LXer Syndicated Linux News 0 11-08-2007 12:30 PM
LXer: Tutorial: Linux Backups For Real People, Part 1 LXer Syndicated Linux News 0 11-01-2007 06:20 PM
Fun Poll for people like me at work. arioch General 10 12-17-2003 09:10 PM
How do many people get Esetroot to work under fluxbox? Rampage2884 Linux - Newbie 1 04-17-2002 07:49 AM


All times are GMT -5. The time now is 10:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration