TCO08 Sponsored by VeriSign

Chat transcript from SRM 409
Handle Comment
jmpld40Welcome to the VeriSign Chat!
gmohanhai to all
viswanathjmpld40: Thanks :)
millkyjmpld40: can us Chinese get an position in VeriSign?
jmpld40This chat is focused on DDoS Threats and Mitigation Strategies
jmpld40Scott from VeriSign is here to discuss
ikawhat is VeriSign
jmpld40yup, but the best way is for you to just start chatting and they will throw out questions or comments
ahmedsaadcan we start with simple descriptions
VeriSign_ScottVeriSign is a medium-sized Internet infrastructure company.
VeriSign_Scottprimary focus is on three product lines: Internet naming (think ""domain name system""), digital certificates, and Internet identity
cskawould you please brief describe what DDoS is?
NuttyDistributed Denial of service
VeriSign_Scottmy team develops infrastructure software for the naming business
AmithWhat does Distributed signify here
zuloDDoS ss some kind of hacker attack on public servers
fuhjyi.changsomething like BIND?
VeriSign_Scottright, it's a type of attack used to bring down systems by flooding them with traffic
cskabut how does it work?
zzyzzhi scott, any difference of internet naming and internet identity?
VeriSign_Scottthink of flooding a web server with lots of http requests
TheMentorVerisign Hi!
VeriSign_Scottat some point the server can't keep up, so it effectively stops working
VeriSign_Scottnaming vs. identity: yes, very different
fuhjyi.changSo, Scott, you're trying to find a strategy to fitler the attack, perhaps from identifying pattern in the attack traffic?
cskaso what is the meaning of ""distributed"" in this kind of attack
VeriSign_Scottwe're implementing software and hardware systems to protect ourselves against DDOS attacks on the DNS infrastructure
zulodistributed means the attack provided from many hosts in the same time
VeriSign_Scottdistributed: being attacked by many. many systems at once, like with a botnet
zzyzzhow can you tell attack from normal service?
VeriSign_Scottdistributed: it's not often easy, which makes this a difficult problem to solve
Nuttya normal DoS is easier to counter??
VeriSign_Scottdistributed: lots of repeated queries from the same source is one typical attack pattern, though
cskathe normal case should be much easier
Nuttybut its natural that the attacker would use some means of spoofing his IP
Nuttymultiple requests from a single source make it quite obvious
fuhjyi.changit's easy to identify IP spoofing if the DNS query has the same pattern, such as the same query ID
Nuttyhmmm...what about a DDoS?...
fuhjyi.changhowever, attackers are often smart enough to fake many many DNS queries without any repeated pattern among those queries
VeriSign_Scotttruth be told, we believe in adding capacity to absorb most attacks is one of the better ways to deal with them, in addition to filtering and load balancing
VeriSign_Scottprecisely because it's difficult to distinguish attack patterns from normal heavy volume
Nuttywont it end up costing a lot?...i mean u cant just increase capacity at will...
codersinghso what do you want from we programmers
zzyzzso you can dispatch requests to different machines of a cluster, so that the average load of a single machine won't be too heavy
fuhjyi.changThen, Scott, your are combating with the size of the army controlled by attackers
VeriSign_Scottof course there's a cost, but commodity servers get cheaper and cheaper over time
codersinghI want to ask some questions'
VeriSign_Scottand we operate many resolution sites at locations dispersed all over the world
fuhjyi.changbasically, it may be an army race when it comes to absorb attacks
fuhjyi.changI have the same question as codersingh. What do you want from we programmers?
Nuttyresolution of sites at multiple locations is like hosting it on many servers is it?
fuhjyi.changto design better algorithms to distribute the load?
codersinghhow can I approach you
codersinghmeans Verisign
VeriSign_ScottI don't know what the specifics of the upcoming challenge are
VeriSign_Scottbut in general, we've been asking for help with tasks in several different areas'
fuhjyi.changScott, such as?
VeriSign_Scottapproach how?
codersinghyou mean to say that I have to top some of the competitions so that I could gather some limelight
VeriSign_Scottmost recent I was involved with was for a sliimed-down JDBC driver
codersinghare you talking to me VeriSign_Scott
VeriSign_Scottbecause my team is lean on Java experience, but heavy with C++
VeriSign_Scottcodersingh: specifically, no
VeriSign_Scottwhat are you looking for, codersingh?
VeriSign_Scottwe've also looked for help with user interface development
codersinghI want you people to give me a chance\
kinoI'm curious how they get a hold of so many hosts. maybe you could track down the malware and analyze it?
VeriSign_Scotta chance at what?
codersinghjust test my coding skills
thejdevthats why we have topcoder
VeriSign_Scottbotnets are cheap, kino
balakumar86k, let's test his skill
progfooltopcoder tests well
progfoolwe dont need to
codersinghsometimes we programmers do not get times to appear for some competitions and hence it becomes tedious
balakumar86a+b=b+c true or false.. come on codersingh
codersinghare you making mess out of me?
NuttyVeriSign_Scott: what do you mean by infrastucture for naming bussiness?
balakumar86nope, absolutely not
progfoolhii verisign
rokoderhi verisign
VeriSign_ScottNutty: database optimization, monitoring, ddos protection
codersinghI can modify that silly statement so that you might perish
codersinghOK lets check up
balakumar86k, come on, do it
progfoolVeriSign_Scott: suppose i am a java the programming terms what wud u expect from me???
progfoolVeriSign_Scott: i mean...what things shud i know well.....inorder to have a chance of working with verisign?
VeriSign_Scottprogfool: We use Java primarily in our domain name registration systems
VeriSign_Scottprogfool: we look for significant skills in network programming and development of high performance software
progfoolVeriSign_Scott: means u dont require a java programmer who is very good with algorithms?
balakumar86other than network pgmming, what other reqmts r der in java side?
progfoolVeriSign_Scott: i mean topcoder checks algortihms
VeriSign_Scottprogfool: lots of tcp/ip, for example. not co much a focus on algorithms.
progfoolVeriSign_Scott: okk.....
progfoolVeriSign_Scott: thank you
amiuneVeriSign_Scott: about DDoS do you use some pattern recognition algorithms to detect and mitigate?
progfoolVeriSign_Scott: what about web developers who know jsp, struts
progfoolVeriSign_Scott: are they having a chance???
VeriSign_Scottbalakumar86: it's mostly about network programming and software optimization
thejdevHey but topcoder tests your familiarity with STL classes (which i'm bad at) ... so its also a test of your familiarity with programming not just algos
progfoolVeriSign_Scott: whats is the default coding language that ull use
progfoolthejdev: hey buddy...but STL is maibly i guess with algorithms
progfoolthejdev: although i m not also gooda t it:)
thejdevany1 who knows STL to implement a range of data structs will have the advantage at toopcoder
VeriSign_Scottprogfool: very little jsp, struts, etc, but we do use them a little. Most infrastructure work is in C++
progfoolVeriSign_Scott: thank you soo much....
VeriSign_Scottprogfool: np
progfoolVeriSign_Scott: acha one more you provide internship for indian students?
VeriSign_ScottDid I miss any questions?
NikaustrVeriSign_Scott: Hi, have you discussed DDoS attacks yet?
VeriSign_Scottwe do have some summer internships, but nothing specifically for Indian students
VeriSign_ScottNikaustr: Some
amiuneVeriSign_Scott: yes I asked about what kind of algorithms do you use to mitigate DDoS attaks?
progfoolVeriSign_Scott: what do you expect from students who apply for internship
NuttyDo you have a presence in India?
VeriSign_Scottamiune: they're proprietary
sarbjitsinghhi everyone anyone from India
shankhsa lots of us dude
VeriSign_ScottNutty: yes, VeriSign has offices in India near Bangalore I think
geekru2Are there Job opportunities at veriSign
progfoolVeriSign_Scott: what do you expect from students who apply for internship
shankhssarbjitsingh: u r not alone
VeriSign_Scottprogfool: solid programming skills with some exposure to network programming and C++
amiuneVeriSign_Scott: Yes I know but in which general area of rearch they are (pattern recognition, etc)?
sarbjitsinghyes evrisign is good company lemme know how can we apply for it
sarbjitsinghshankhs: Thanks dude
VeriSign_Scottprogfool: other parts of VeriSign look for Java experience
abhinavkulkarniAnd how do we apply for the internship?
sarbjitsinghI ahve both JAVA as well as C experience
progfoolVeriSign_Scott: what other parts are u referring....can u quote a few?
VeriSign_Scottsarbjitsingh: Job openings are listed on our corporate web site
sarbjitsinghThaks scott
VeriSign_Scottprogfool: The domain registration business, specifically
abhinavkulkarniare jaidev from NITT?
VeriSign_Scottabhinavkulkarni: Intern opportunities are also listed on our corporate web site's job openings page
VeriSign_Scottabhinavkulkarni: though there aren't many there right now since summer is already here
abhinavkulkarniVeriSign_Scott: thank you for that information
VeriSign_Scottabhinavkulkarni: np
Nuttyabhinavkulkarni: hi
VeriSign_ScottAny other questions?
abhinavkulkarniNutty: hello!
woldsomThis is perhaps a bit off topic, but have Verisign taken a stand on either side of the network neutrality issue?
VeriSign_Scottwoldsom: Not that I'm aware
Megalhi all
Nuttyabhinavkulkarni: back on the rise in TC eh?..
aman.mohdhey can n e one tell me when does one become a target
MH35DDoS is evil.
McKuzmichwhat about amuine's question?
VeriSign_Scottwhat question is that?
abhinavkulkarniNutty: Hey I don't know your name....
McKuzmichdo you use pattern recognition algorithms?
McKuzmichi'm very interested in that area...
Nuttyabhinavkulkarni: Natarajan ...
VeriSign_ScottAnswered: yes, and they're proprietary and developed in-house
abhinavkulkarniNutty: Which year are you currentely in?
Nuttyabhinavkulkarni: 3rd yr...
VeriSign_Scottwe also use some commercial products, inckluding Arbor peakflow and cisco guard technology
skaterdude69Lots of people.
VeriSign_Scottthough such products are only one tool among a suite of tools
3d_maxgood luck
thundercodergood luk
sarbjitsinghThanks you too 3D
billaHello guys
aravind_88vivekcsemit: hello there
balakumar86billa: hi billa
balakumar86billa: u from tamilnadu?
dlwjdansNewSensation: ? ?? ???? ????
vigilancertest accepted =)
sarbjitsinghi can expect some kind of regular expression problem
dlwjdansNewSensation: ??? ?? ???? ?? ??
AmithVeriSign_Scott: Since DDoS ?& hweavy trafice are tough to distinguish , how did u really know that it was DDos but not heavy trfic
nitdgpMB__: from when the utilities wil be up for today's SRM?
progfoolokk..1 question.....a=0 is false i guess??
MB__nitdgp: it won't be today
dlwjdansNewSensation: ?????
nitdgpMB__: ohh.
MB__nitdgp: read news
VeriSign_ScottAmith: You can't always tell them apart. As noted earlier, that's part of what makes it a hard problem to solve.
nitdgpMB__: ok. fine.
VeriSign_ScottAmith: we tend to deal with the problem by adding capacity
Amithprogfool: and also when a = c
AmithVeriSign_Scott: I see
nitdgpMB__: I loved checking ur site before rating is updated :)
spracleso many people
MB__nitdgp: check for news in next week
theycallmemortyexactly 1000 for div 2
nitdgpMB__: okk. thanks.
ahmedsaadVeriSign_Scott: is that the only soultion for DDoS ?
wixorbtw2: gawry chyba postanowil ulatwic mi dogonienie go ;)
VeriSign_Scottahmedsaad: No, of course not. We also use filtering technology and load balancing technology to deal with the proble,
wixorbtw2: gawry chyba postanowil ulatwic mi dogonienie go ;)
MB__wixor: :P
sarbjitsinghfilteration is lighter solution than load balancing i guess
samsamall the best to all
VeriSign_Scottahmedsaad: but you have to first make sure you stay up
VeriSign_Scottno more questions?
sarbjitsinghnow we are ready for contest so may be later..:)
cyclopseMB__: does ur site predicts rating bound for coming SRM.
Askargood luck!!!
glue2gleewhat is the link of prediction ?
nitdgpcyclopse: not today!
vrajesh1989vivekcsemit: thanks da.. same to u
nitdgpcyclopse: read news there
nishiogood luck
sarbjitsinghchak do phatte
abhinavkulkarninitdgp: Best of luck!
cyclopseMB__: thanx
rajatkumarwhat next?
jmpld40Thanks to Scott from VeriSign for the chat!
jmpld40Best of luck to you all in the match
VeriSign_ScottGlad to help -- good luck!
McKuzmichthanks Scott