Alexei Roudnev (alex@genesyslab.com) said:
[deploy WFQ and RPF universally] Then , if someone want to kill yahoo (for example), he need a few thousands different data streams to do it - which is impossible.
Several thousand different data streams is exactly what DDoS is. Also there is a presumed high correlation with people who do not secure their servers adequately againts intrusion (and thus turning these things into DDoS clients) and people who do not run RPF right next to those servers. Therefore this is only 'impossible' if there are not more than 2000 servers sitting on clueless or fallible peoples network. Recent experiences with internet scaling suggest even if this were true now (which it isn't), it won't last long. -- Alex Bligh VP Core Network, Concentric Network Corporation (formerly GX Networks, Xara Networks)