Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Aug 2016 21:20:10 -0300
From:      "Dr. Rolf Jansen" <>
Subject:   Re: your thoughts on a particualar ipfw action.
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> Am 11.08.2016 um 14:20 schrieb Ian Smith <>:
> On Thu, 11 Aug 2016 10:09:24 -0300, Dr. Rolf Jansen wrote:
>>> Am 11.08.2016 um 08:06 schrieb Ian Smith <>:
>>> On Wed, 10 Aug 2016 -0300, Dr. Rolf Jansen wrote:
>>> ...
>>> ...
>>>> I just submitted a PR asking to add the new port =
>>> Wonderful.
>> The port maintainers were really quick. The port has been accepted=20
>> and has been already committed.
> So it has, on refreshing the page.  Smooth and fast.
> Re __uint128_t I _guess_ there may be macro/s to do that maths for =

Yeah, I am exploring the options. Comparisons, addition and subtraction =
are working already, multiplication, division and remainder operations =
are a tad more difficult, I must leave this for some weekend.

>>> ...
>>> A more tech-savvy article than ABC or other news media managed so =
>>> =
>> Well, I tend to believe that this has nothing to do with DoS attacks,=20=

> Some should have been expected, planned for, mitigation anticipated, =
> well as expecting at least 5 times the legit connections/hr they =
> for, and as the guardian article pointed to, their DNS was screwed in=20=

> several ways: way too long TTL (can't move fast), hard-coded subdomain=20=

> in SSL cert (couldn't readily add load-sharing capacity?) and such.
> But they admit the geo-blocking fell over - whether inline as firewall=20=

> or on another server fielding lookup requests not disclosed - but they=20=

> say that failure caused a/the/some router to fail (crash? explode? :)

Perhaps they did Geo-blocking in the way that I mentioned in the summary =
of the ipdbtool's manual to be a no-go:

Unfortunately, online database look-up is by far too slow for even =
ing about being utilized on the firewall level, where IP packets need to
be processed in a microsecond time scale. Therefore, a locally =
IP Geo-location database is indispensable in the given respect.

> IBM, FFS! but they'll point to govt specs and disclaim hardware =
> but still it's not great product endorsement for their SoftLayer =

Natural but non-professional reaction. My mother always told us, if you =
with your index finger to others, three fingers are pointing back to =
So IBM not only failed technically but also the PR devision did a bad =

>> I mean, of course it is DoS, but not caused by an attack. Exactly the=20=

>> same happens every year on 30th of April between 17:00 and 24:00 on=20=

>> the servers of the Federal Bureau of Finance here in Brazil. That is=20=

>> the deadline for the online-submission of the annual tax declaration=20=

>> of the Brazilian citizens. Seems that the bureaucrats all over the=20
>> world share the same deficiency of creative problem solving.
> Seems it's a requirement for the job, world wide.  Creativity is =
> but you think they could guess that ~8 million households in the =
> timezone were going to have dinner then do their census within ~2 =

Of course they could not guess this, because public servants are trained
to assume that the normal citizen does not meet her/his obligations, and
for sure they were (are) prepared to send out 8 million penalty notices
in 24 hours.

>> Who in the bureaucrats hell told them to go with one deadline for=20
>> everybody? For the census in Australia, I would have told the=20
>> citizens that everybody got an individual deadline which is his or=20
>> her birthday in 2016 -- problem solved.
> That'd be great load-balancing .. shall I let them know? :)

Doesn't cost anything giving it a try, however, you could as well slap =
ox on his horn - same effect.

Want to link to this message? Use this URL: <>