[104728] in North American Network Operators' Group
Re: [NANOG] An account of the Estonian Internet War
daemon@ATHENA.MIT.EDU (Eric Brunner-Williams)
Sat May 24 14:35:41 2008
Date: Sat, 24 May 2008 11:35:17 -0700
From: Eric Brunner-Williams <brunner@nic-naa.net>
To: Gadi Evron <ge@linuxbox.org>
In-Reply-To: <Pine.LNX.4.62.0805200927130.22643@linuxbox.org>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Gadi,
I read it. As it happens, about a year ago I plowed through a bunch of
Information Operations (formerly known as Information Warfare) papers in
a then-linkable bibliography on the subject. Your GJIA paper is of that
genre. There wasn't enough for me to distinguish between an ad insert
campaign executed by several hundred nodes injecting link and keyword
payload via POST, which I've observed as multi-hour ddos on vhost
targets implemented on generic webservers with no particular load
planning, and whatever happened "in Estonia". Technical details may
change that impression, or the general observation that the relaxation
times of such events is measured in hours to a small number of days.
Note: hosts with domain names ending in .mil have been observed in ad
insert campaigns.
Eric
