sa-update and DDOSes (was Re: Rulesemporium)

[Justin Mason <jm...@jmason.org>]

Phil Barnett writes:
> On Thursday 12 July 2007, Justin Mason wrote:
> > Phil Barnett writes:
> > > On Wednesday 11 July 2007, SARE Webmaster wrote:
> > > > There has been discussion of taking down the public site, opening
> > > > something new ( private access, invite only, acl by ip, etc), in hopes
> > > > to avoid ddos and provide better services, more requent rule updates,
> > > > and so on. � � We are trying our best to keep it alive, but there is
> > > > only so much we can do with the limited time and resources we have.
> > >
> > > How about releasing the ruleset via torrent or something similar.
> > > Anything that you could do to distribute the load and location would make
> > > a ddos attack less effective. While there might not be a lot of people on
> > > this list who can use their server to take on the entire DDOS for you,
> > > there are a LOT of servers here that could participate in a pool.
> >
> > If you're going to be looking into new methods to distribute rulesets,
> > may I suggest sa-update? ;)
> 
> Is it DDOS resistant already?

Well, it wasn't a design goal.  But the polling, and initial stages of the
download, are performed using DNS -- which is a hell of a lot harder to
DOS than plain HTTP polling.

--j.