[Mimedefang] monkeys.dom UPL being DDOSed to death

Richard Laager rlaager at wiktel.com
Thu Sep 25 14:56:01 EDT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wrolf Courtney wrote:
...
> Simply using SourceForge and cvs commit seems workable to me 
> for the first
> tier.  I would like to know whether cvs commit does an 
> incremental update,
> or whether it moves the whole zone file.

I believe that CVS uses diffs only in server->client communcations.
If that's true, then a cvs commit would push the whole zone file to
the server. Of course, if the zone file is really really big, there
is no reason that you couldn't use rsync to synchronize your local
copy to a copy on the SF shell server and then commit from there.

> For the second tier, doing a cvs update would work.  Again, I 
> would like to
> know whether you can do an rsync -e ssh, or whether cvs update does
> an incremental update.  We would also need to set up read only 
> access for a
> limited but large number of SourceForge users.

CVS should only send the diffs from the server to the client when you
do a cvs update.

> We would need to recruit a sufficiently large number of people to
> be secondary DNS servers, and set that up in the root servers, 
> and give them
> all SourceForge ids.
> 
> If we did not have to protect the IP addresses of the guilty, 
> then we would
> not need to hand out read-only SourceForge ids, everyone 
> could download,
> official secondary or stealth secondary.

Remember, SourceForge provides anonymous access to the CVS
repositories. This is by design. Also, the whole CVS tree can be
downloaded as a nightly tarball.

Due to the concern of preventing public access to the zone file, I
don't think SourceForge's CVS repository would be an appropriate
place to store the data.

Richard Laager
Wikstrom Telecom Internet

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP3M5y231OrleHxvOEQKCdgCfdiFoujD21xV5eB3DKIbZmQSB/ZYAmgPe
erbIAaG10oWDpmjqXyWOGHDZ
=MQWs
-----END PGP SIGNATURE-----




More information about the MIMEDefang mailing list