Terror Link to Mass Blog Outage

Bill Humphries bill at whump.com
Fri Oct 24 11:48:11 PDT 2003


On Friday, October 24, 2003, at 11:26 AM, Justin Mason wrote:

> BTW complex forms of distributed hosting is not strictly necessary;
> another way to avoid DDoSes is to (a) use a central site which 
> publishes
> to all mirrors using rsync; or (b) using distributed reverse proxies,
> which serve the pages without disclosing the site's real home server 
> IP.
> Some of the anti-spam sites have been using this kind of technique
> successfully to ameliorate the impact of DDoSes.

Yes, there's a lot of stuff that comes out of the box with LAMP/DAMP we 
can use for distributed hosting.

But how do you run a distributed reverse proxy? A quick trip to Google 
found references to Akamai's products that require extensive rewriting 
of URLs (in practice, you push every HTML document through a tool that 
'Akamizes' URIs before publishing it.)

It still seems like there's a weak link in there somewhere for the 
attacker to exploit.

-- whump



More information about the FoRK mailing list