Higher powers have decided our 95/5 traffic slit needs to move closer to
60/40 (transit pricing).
I'm looking for legitimate ways to generate a significant amount of pull
traffic, including partnerships with Southern California ISPs.
Thanks.
DoS yourself?
i'm sure search engines like google or altavista or microsoft or yahoo
would happily charge you less for suck than your peers/transits would
(like to) change you for blow. with transit-exchange businesses coming
into existence, and with older peering-exchange businesses willing to
support transit-exchange, there really ought to be a market for suck.
there's certainly no reason for a search engine to pay for their suck;
it's extremely valuable, no matter who they pull it through, big or
small. and it's arguable that quality of suck will be less of a revenue
driver than quality of blow, so arguments of the form "you should suck
through us because we have a better network" aren't very weighty.
my guess is that when isp's start paying customers for suck in order to
balance their own ratios or to upset other people's ratios, that it will
stabilize at about 10% of current blow-based transit pricing. and that
there will all of a sudden be a lot more ddos'ing, fly-by-night crawlers,
and whatnot than there are today. gads, what a world.
(anybody have any guesses how much of the current ddos load is driven by
ratio concerns? that is, now that we know spammers are hiring folks to
ddos antispammers, can we finally admit that isp's are hiring folks to
fix their ratios for them by ddosing from larger-provider networks?
viva laissez faire, i guess.)
re:
mrz@velvet.org ("matthew zeier") writes:
my guess is that when isp's start paying customers for suck in order to
balance their own ratios or to upset other people's ratios, that it will
stabilize at about 10% of current blow-based transit pricing. and that
there will all of a sudden be a lot more ddos'ing, fly-by-night crawlers,
and whatnot than there are today. gads, what a world.
Ahh, but are you saying that current blow-based transit pricing is stable?
(anybody have any guesses how much of the current ddos load is driven by
ratio concerns? that is, now that we know spammers are hiring folks to
ddos antispammers, can we finally admit that isp's are hiring folks to
fix their ratios for them by ddosing from larger-provider networks?
viva laissez faire, i guess.)
Maybe I am exceptionally naive, but are DDOSes *REALLY* that consistent
between providers to affect month-over-month or quarterly ratios?
DJ
support transit-exchange, there really ought to be a market for suck.
apparently there is a huge market for suck....
(anybody have any guesses how much of the current ddos load is driven by
ratio concerns? that is, now that we know spammers are hiring folks to
ddos antispammers, can we finally admit that isp's are hiring folks to
fix their ratios for them by ddosing from larger-provider networks?
viva laissez faire, i guess.)
I know of cases that sure looked like this in the late 1999/2000
timeframe.
I know a webhoster/provider who consistently takes in 1Mpps DOS attacks,
and I'm presuming that the 95th percentile on that will be fairly high...
Would I want that? Not especially...
Having had a few large DoS-magnet customers behind me (and more than
likely being the provider you're talking about :P), I can safely say that
they do absolutely nothing to benefit ratios. The traffic is too short and
bursty to be of any benefit, even when you can successfully filter it so
that no other operations are impacted.
I also stand by my opinion that DoS does not happen without a reason. Yes
there may be that 1% who gets attacked because they are Yahoo or eBay and
are public targets, but it takes a really really special kind of DoS
magnet to consistantly receive enough traffic to affect 95th percentile.
Those kinds of targets are generally not only engaged in some activity
which invites attack (such as running an IRC server), they are actively
encouraging it by their behavior, and probably should be booted anyways
for other reasons that you just don't know about yet.
The only benefit to having a hefty outbound ratio is that you have plenty
of headroom to work with when attacks do come in. Unless you happen to
notice that a large amount of the traffic is coming from certain Asian
Pacific networks, and intentionally peer with them to setup choke points.
The traffic is too short and bursty to be of any benefit, even when you
can successfully filter it so that no other operations are impacted.
I think that would be the biggest trick in order to even ratios - keep
other services unaffected.
I think most DOS traffic is hard to wrangle.
I also stand by my opinion that DoS does not happen without a reason.
I happen to agree with that %100.
Most of the times I get DOS on my network its either:
1. IRC
2. The EFF
#2 doesn't happen that often, but when it does, its sortof entertaining to
figure out where/what/why. Most people love the EFF, and are happy to help
sort out problems
#1 happens more often, but I generally tend to keep a good lot of
direct customers, and the people targeted are customers of customers.
Those kinds of targets are generally not only engaged in some activity
which invites attack (such as running an IRC server), they are actively
encouraging it by their behavior, and probably should be booted anyways
for other reasons that you just don't know about yet.
I've seen a few ISP's who run IRC servers reserve IP blocks for them, and
only announce said blocks to peers. Seems like a good way to cut down on
the number of people to contact when you have DOS aimed at it.
The only benefit to having a hefty outbound ratio is that you have plenty
of headroom to work with when attacks do come in. Unless you happen to
notice that a large amount of the traffic is coming from certain Asian
Pacific networks, and intentionally peer with them to setup choke points.
Good point.
I'd be curious to see in terms of percentages, which networks source the
most DOS and then keep them on INOC-DBA SpeedDial.
I had in fact suggested to a certain Asian Pacific network that we should
peer so that when someone on their network did launch a DOS against one of
my customers, it would only cause problems there
Whats next, DOS-NAP?