New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes, it is. Sure, not as much as the number of sources, I never claimed that, but it does matter, like in DNS/NTP amplifications, those do not come from residential people which host their own recursive dns, for example, but from datacenters. Also, while not the decisive factor, home bandwidth does matter, botnets can attack multiple targets at once with big udp packets and, while PPS is not much, it does bomb even carriers in extreme cases.
If you are waiting for politicians to do something about, good luck. They move slow, have no idea what they do and will always resort to more surveillance instead of fixing the issue.
Critical infrastructure is mostly irrelevant in this case. That should not be available over the internet, but have own separate network, such as dark fiber, for example, wireless/satelite, etc. If you think the codes to release nuclear attacks go over the internet, you are probably wrong. No flood will stop us from retaliating on a russian nuclear attack for example, and all critical infrastructure should be handled the same. Even if not, everyone can prioritize traffic and never international traffic will exceed internal traffic capacity in any network designed by someone with half a neuron. it might be used as a pretext for more spying over citizens, but this does not make it a relevant point in a serious discussion.
@Maounique
Besides the sad fact that you "misunderstood" me as propagating a political solution (which I certainly and obviously did not) ...
No, bandwidth is not a major concern. It seems to be, yes, and numbers like 200 Gb/s certainly look impressive, but:
Whether a packet has 14 or 1400 bytes is virtually irrelevant for a firewall. Yes, even on L7 (because of the way pattern matching and modern CPUs work).
What, however; is problematic is pattern spread and source spread and number of endpoints. Because each endpoint requires setting up state and slows down lookups. Because source spread requires more blocked states and blocked lookups. Because pattern spread brutally decreases scanning efficiency.
You see, if, say party A, B, and C attack me, say each with 50 Gb/s that's an attack I can easily mitigate. Actually I will probably not even need any mitigation because that will quite probably already have been done upstream. Plus, it's easy to propagate the attack parameters and to block out the attack source pretty near to the origin.
This changes drastically when those same 150 Gb/s are spread over, say 10.000 sources, each just sending rather little. And it gets worse again when those sources use (even slightly) different patterns.
Simple thing. 10.000 lookups for the same pattern are dimensionally faster than 10.000 lookups for 5.000 patterns. Yes, even when the pattern differences are minimal. To make it worse, IDS can handle only so much information; increase load by a factor of just 100 and chances are, the engine will drop dead. And never mind that an IDS is dimensionally slower than a firewall, let alone one in semi-hardware.
The fact that this in consequence leads to huge bandwidth being billed to the end use is just a painful consequence - not the real problem.