Discuss mailing list

[Zach Gibbens <infocop411 AT gmail.com>]

if it were just dns traffic, it'd be no real increase in bandwidth, a small delay for the crypto in the processor, I've thought about having a vpn between the servers to take some of the attacks off the tier1 servers (sadly, as long as the tier2s have to be public servers, they will see attacks)

the issue then is, what ip range will the vpn use so there are no collisions, I've assigned my vpn a few addresses that I thought were out of the way, only to wind up at a hotel, college network or hotspot that thought the same thing.

then, what's the subscription cost, where are the proceeds going, the usual questions there.

there's a few reasons I hate this idea, however, I hate the problem more, idk how many times I've gotten a ToS letter due to an attacker, to the point where I realized if the attacks keep up, I won't be able to keep a tier2 server up for a month, I'd be willing to bring back up a few servers if they weren't open resolvers.

I like Julian's white-listing idea, but it needs a dynamic ip solution too (for linux this is easy with an rndc key, haven't been on a windows machine in awhile, not sure how to set that up)

On Tue, Oct 29, 2013 at 8:00 PM, A.J. Maurin <coyo AT darkdna.net> wrote:

Julian DeMarchi wrote:

Good to be thinking out of the box like this. However, the user would then be depandant on the bandwidth the VPN provides, and thus can provide I think a slower, less enjoyable expereince... ?

If you guys have enough bandwidth that using you guys for amplification attacks is almost a given, then you almost certainly have enough bandwidth for hosting the VPN servers.

You guys are networking geniuses, and my heroes. I'm sure you could do it, if you set your minds to it.

--------
You are a member of the OpenNIC Discuss list. You may unsubscribe by emailing discuss-unsubscribe@lists.opennicproject.org