Chat transcript from SRM 409 |
Handle |
Comment |
jmpld40 | Welcome to the VeriSign Chat! |
gmohan | hai to all |
viswanath | jmpld40: Thanks :) |
chtomek | Hi |
millky | jmpld40: can us Chinese get an position in VeriSign? |
jmpld40 | This chat is focused on DDoS Threats and Mitigation Strategies |
jmpld40 | Scott from VeriSign is here to discuss |
ika | what is VeriSign |
ika | ? |
jmpld40 | yup, but the best way is for you to just start chatting and they will throw out questions or comments |
ahmedsaad | can we start with simple descriptions |
VeriSign_Scott | VeriSign is a medium-sized Internet infrastructure company. |
VeriSign_Scott | primary focus is on three product lines: Internet naming (think ""domain name system""), digital certificates, and Internet identity |
cska | would you please brief describe what DDoS is? |
Nutty | Distributed Denial of service |
VeriSign_Scott | my team develops infrastructure software for the naming business |
Amith | What does Distributed signify here |
zulo | DDoS ss some kind of hacker attack on public servers |
fuhjyi.chang | something like BIND? |
VeriSign_Scott | right, it's a type of attack used to bring down systems by flooding them with traffic |
cska | but how does it work? |
zzyzz | hi scott, any difference of internet naming and internet identity? |
VeriSign_Scott | think of flooding a web server with lots of http requests |
TheMentor | Verisign Hi! |
VeriSign_Scott | at some point the server can't keep up, so it effectively stops working |
VeriSign_Scott | naming vs. identity: yes, very different |
fuhjyi.chang | So, Scott, you're trying to find a strategy to fitler the attack, perhaps from identifying pattern in the attack traffic? |
cska | so what is the meaning of ""distributed"" in this kind of attack |
VeriSign_Scott | we're implementing software and hardware systems to protect ourselves against DDOS attacks on the DNS infrastructure |
zulo | distributed means the attack provided from many hosts in the same time |
VeriSign_Scott | distributed: being attacked by many. many systems at once, like with a botnet |
zzyzz | how can you tell attack from normal service? |
VeriSign_Scott | distributed: it's not often easy, which makes this a difficult problem to solve |
Nutty | a normal DoS is easier to counter?? |
VeriSign_Scott | distributed: lots of repeated queries from the same source is one typical attack pattern, though |
cska | the normal case should be much easier |
Nutty | but its natural that the attacker would use some means of spoofing his IP |
Nutty | multiple requests from a single source make it quite obvious |
fuhjyi.chang | it's easy to identify IP spoofing if the DNS query has the same pattern, such as the same query ID |
Nutty | hmmm...what about a DDoS?... |
fuhjyi.chang | however, attackers are often smart enough to fake many many DNS queries without any repeated pattern among those queries |
VeriSign_Scott | truth be told, we believe in adding capacity to absorb most attacks is one of the better ways to deal with them, in addition to filtering and load balancing |
VeriSign_Scott | precisely because it's difficult to distinguish attack patterns from normal heavy volume |
Nutty | wont it end up costing a lot?...i mean u cant just increase capacity at will... |
codersingh | so what do you want from we programmers |
zzyzz | so you can dispatch requests to different machines of a cluster, so that the average load of a single machine won't be too heavy |
fuhjyi.chang | Then, Scott, your are combating with the size of the army controlled by attackers |
VeriSign_Scott | of course there's a cost, but commodity servers get cheaper and cheaper over time |
codersingh | I want to ask some questions' |
VeriSign_Scott | and we operate many resolution sites at locations dispersed all over the world |
fuhjyi.chang | basically, it may be an army race when it comes to absorb attacks |
VeriSign_Scott | correct |
fuhjyi.chang | I have the same question as codersingh. What do you want from we programmers? |
Nutty | resolution of sites at multiple locations is like hosting it on many servers is it? |
fuhjyi.chang | to design better algorithms to distribute the load? |
codersingh | how can I approach you |
codersingh | means Verisign |
VeriSign_Scott | I don't know what the specifics of the upcoming challenge are |
VeriSign_Scott | but in general, we've been asking for help with tasks in several different areas' |
fuhjyi.chang | Scott, such as? |
VeriSign_Scott | approach how? |
codersingh | you mean to say that I have to top some of the competitions so that I could gather some limelight |
VeriSign_Scott | most recent I was involved with was for a sliimed-down JDBC driver |
codersingh | are you talking to me VeriSign_Scott |
VeriSign_Scott | because my team is lean on Java experience, but heavy with C++ |
VeriSign_Scott | codersingh: specifically, no |
VeriSign_Scott | what are you looking for, codersingh? |
VeriSign_Scott | we've also looked for help with user interface development |
codersingh | I want you people to give me a chance\ |
kino | I'm curious how they get a hold of so many hosts. maybe you could track down the malware and analyze it? |
VeriSign_Scott | a chance at what? |
codersingh | just test my coding skills |
thejdev | thats why we have topcoder |
VeriSign_Scott | botnets are cheap, kino |
balakumar86 | k, let's test his skill |
progfool | topcoder tests well |
progfool | we dont need to |
codersingh | sometimes we programmers do not get times to appear for some competitions and hence it becomes tedious |
balakumar86 | a+b=b+c true or false.. come on codersingh |
codersingh | are you making mess out of me? |
Nutty | VeriSign_Scott: what do you mean by infrastucture for naming bussiness? |
balakumar86 | nope, absolutely not |
progfool | hii verisign |
rokoder | hi verisign |
VeriSign_Scott | Nutty: database optimization, monitoring, ddos protection |
codersingh | I can modify that silly statement so that you might perish |
codersingh | OK lets check up |
balakumar86 | k, come on, do it |
progfool | VeriSign_Scott: suppose i am a java programmer..in the programming terms what wud u expect from me??? |
progfool | VeriSign_Scott: i mean...what things shud i know well.....inorder to have a chance of working with verisign? |
VeriSign_Scott | progfool: We use Java primarily in our domain name registration systems |
VeriSign_Scott | progfool: we look for significant skills in network programming and development of high performance software |
progfool | VeriSign_Scott: means u dont require a java programmer who is very good with algorithms? |
balakumar86 | other than network pgmming, what other reqmts r der in java side? |
progfool | VeriSign_Scott: i mean topcoder checks algortihms |
VeriSign_Scott | progfool: lots of tcp/ip, for example. not co much a focus on algorithms. |
progfool | VeriSign_Scott: okk..... |
progfool | VeriSign_Scott: thank you |
amiune | VeriSign_Scott: about DDoS do you use some pattern recognition algorithms to detect and mitigate? |
progfool | VeriSign_Scott: what about web developers who know jsp, struts |
progfool | VeriSign_Scott: are they having a chance??? |
VeriSign_Scott | balakumar86: it's mostly about network programming and software optimization |
thejdev | Hey but topcoder tests your familiarity with STL classes (which i'm bad at) ... so its also a test of your familiarity with programming not just algos |
progfool | VeriSign_Scott: whats is the default coding language that ull use |
progfool | thejdev: hey buddy...but STL is maibly i guess with algorithms |
progfool | thejdev: although i m not also gooda t it:) |
thejdev | any1 who knows STL to implement a range of data structs will have the advantage at toopcoder |
VeriSign_Scott | progfool: very little jsp, struts, etc, but we do use them a little. Most infrastructure work is in C++ |
balakumar86 | >verizon_scott:fine.. |
progfool | VeriSign_Scott: thank you soo much.... |
VeriSign_Scott | progfool: np |
progfool | VeriSign_Scott: acha one more thing....do you provide internship for indian students? |
VeriSign_Scott | Did I miss any questions? |
Nikaustr | VeriSign_Scott: Hi, have you discussed DDoS attacks yet? |
VeriSign_Scott | we do have some summer internships, but nothing specifically for Indian students |
VeriSign_Scott | Nikaustr: Some |
amiune | VeriSign_Scott: yes I asked about what kind of algorithms do you use to mitigate DDoS attaks? |
progfool | VeriSign_Scott: what do you expect from students who apply for internship |
Nutty | Do you have a presence in India? |
VeriSign_Scott | amiune: they're proprietary |
sarbjitsingh | hi everyone anyone from India |
shankhs | a lots of us dude |
vivek_smashy | sar |
VeriSign_Scott | Nutty: yes, VeriSign has offices in India near Bangalore I think |
sarbjitsingh | wow |
geekru2 | Are there Job opportunities at veriSign |
progfool | VeriSign_Scott: what do you expect from students who apply for internship |
shankhs | sarbjitsingh: u r not alone |
VeriSign_Scott | progfool: solid programming skills with some exposure to network programming and C++ |
amiune | VeriSign_Scott: Yes I know but in which general area of rearch they are (pattern recognition, etc)? |
sarbjitsingh | yes evrisign is good company lemme know how can we apply for it |
sarbjitsingh | shankhs: Thanks dude |
VeriSign_Scott | progfool: other parts of VeriSign look for Java experience |
abhinavkulkarni | And how do we apply for the internship? |
sarbjitsingh | I ahve both JAVA as well as C experience |
progfool | VeriSign_Scott: what other parts are u referring....can u quote a few? |
VeriSign_Scott | sarbjitsingh: Job openings are listed on our corporate web site |
sarbjitsingh | Thaks scott |
VeriSign_Scott | progfool: The domain registration business, specifically |
abhinavkulkarni | are jaidev from NITT? |
VeriSign_Scott | abhinavkulkarni: Intern opportunities are also listed on our corporate web site's job openings page |
VeriSign_Scott | abhinavkulkarni: though there aren't many there right now since summer is already here |
abhinavkulkarni | VeriSign_Scott: thank you for that information |
VeriSign_Scott | abhinavkulkarni: np |
Nutty | abhinavkulkarni: hi |
VeriSign_Scott | Any other questions? |
abhinavkulkarni | Nutty: hello! |
woldsom | This is perhaps a bit off topic, but have Verisign taken a stand on either side of the network neutrality issue? |
MH35 | Hello |
VeriSign_Scott | woldsom: Not that I'm aware |
Megal | hi all |
Nutty | abhinavkulkarni: back on the rise in TC eh?.. |
aman.mohd | hey can n e one tell me when does one become a target |
MH35 | DDoS is evil. |
McKuzmich | what about amuine's question? |
VeriSign_Scott | what question is that? |
abhinavkulkarni | Nutty: Hey I don't know your name.... |
McKuzmich | do you use pattern recognition algorithms? |
McKuzmich | i'm very interested in that area... |
Nutty | abhinavkulkarni: Natarajan ... |
VeriSign_Scott | Answered: yes, and they're proprietary and developed in-house |
McKuzmich | thanks |
abhinavkulkarni | Nutty: Which year are you currentely in? |
Nutty | abhinavkulkarni: 3rd yr... |
VeriSign_Scott | we also use some commercial products, inckluding Arbor peakflow and cisco guard technology |
skaterdude69 | Wow. |
skaterdude69 | Lots of people. |
VeriSign_Scott | though such products are only one tool among a suite of tools |
McKuzmich | interesting |
3d_max | hi |
3d_max | hi,everybody |
3d_max | good luck |
thundercoder | good luk |
sarbjitsingh | Thanks you too 3D |
billa | Hello guys |
aravind_88 | vivekcsemit: hello there |
balakumar86 | billa: hi billa |
balakumar86 | billa: u from tamilnadu? |
elmariachi1414 | test |
dlwjdans | NewSensation: ? ?? ???? ???? |
vigilancer | test accepted =) |
sarbjitsingh | i can expect some kind of regular expression problem today..lol |
dlwjdans | NewSensation: ??? ?? ???? ?? ?? |
13lazyrainy | gl |
Amith | VeriSign_Scott: Since DDoS ?& hweavy trafice are tough to distinguish , how did u really know that it was DDos but not heavy trfic |
nitdgp | MB__: from when the utilities wil be up for today's SRM? |
progfool | okk..1 question.....a=0 is false i guess?? |
MB__ | nitdgp: it won't be today |
dlwjdans | NewSensation: ????? |
nitdgp | MB__: ohh. |
MB__ | nitdgp: read news |
VeriSign_Scott | Amith: You can't always tell them apart. As noted earlier, that's part of what makes it a hard problem to solve. |
nitdgp | MB__: ok. fine. |
VeriSign_Scott | Amith: we tend to deal with the problem by adding capacity |
Amith | progfool: and also when a = c |
Amith | VeriSign_Scott: I see |
nitdgp | MB__: I loved checking ur site before rating is updated :) |
spracle | so many people |
MB__ | nitdgp: check for news in next week |
theycallmemorty | exactly 1000 for div 2 |
nitdgp | MB__: okk. thanks. |
ahmedsaad | VeriSign_Scott: is that the only soultion for DDoS ? |
huoqui | hello |
wixor | btw2: gawry chyba postanowil ulatwic mi dogonienie go ;) |
VeriSign_Scott | ahmedsaad: No, of course not. We also use filtering technology and load balancing technology to deal with the proble, |
nishio | (^o^) |
wixor | btw2: gawry chyba postanowil ulatwic mi dogonienie go ;) |
fish_ball | hello |
MB__ | wixor: :P |
sarbjitsingh | filteration is lighter solution than load balancing i guess |
samsam | all the best to all |
VeriSign_Scott | ahmedsaad: but you have to first make sure you stay up |
VeriSign_Scott | no more questions? |
sarbjitsingh | now we are ready for contest so may be later..:) |
cyclopse | MB__: does ur site predicts rating bound for coming SRM. |
Askar | good luck!!! |
glue2glee | what is the link of prediction ? |
nitdgp | cyclopse: not today! |
vrajesh1989 | vivekcsemit: thanks da.. same to u |
nitdgp | cyclopse: read news there |
Askar | thanks |
nishio | good luck |
sarbjitsingh | chak do phatte |
abhinavkulkarni | nitdgp: Best of luck! |
cyclopse | MB__: thanx |
rajatkumar | what next? |
jmpld40 | Thanks to Scott from VeriSign for the chat! |
jmpld40 | Best of luck to you all in the match |
VeriSign_Scott | Glad to help -- good luck! |
McKuzmich | thanks Scott |