[185518] in North American Network Operators' Group
RE: NANOG list attack
daemon@ATHENA.MIT.EDU (Brian R)
Mon Oct 26 20:12:57 2015
X-Original-To: nanog@nanog.org
From: Brian R <briansupport@hotmail.com>
To: Larry Blunk <ljb@merit.edu>, "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 26 Oct 2015 17:12:53 -0700
In-Reply-To: <562E7C51.509@merit.edu>
Errors-To: nanog-bounces@nanog.org
Thank you Larry and Job for the responses=2C mitigation steps taken=2C and =
work to further resolve these kind of events.
=20
Food for thought for the rest of us out there. Had there been a network at=
tack on Sunday (for example) and several of these lists (multiple received =
this spam "attack") were switched to require a moderator to filter all emai=
ls manually. How quickly would information have gotten out through the net=
working community? No NANOG and Outages are not the only places I check or=
subscribe to but I DO check them to see if anyone else is reporting anythi=
ng. And they are some of the places I would report real network problems t=
o.
=20
For me this didn't kill my weekend or destroy my ability to check my emails=
. I know for many others it didn't either. =20
I use my android mail client to group emails with the same subject and afte=
r checking multiple of them I didn't worry about those threads anymore. Ye=
s I received several hundred emails about it but I was still able to functi=
on and watch for anything that came in that would note a threat to the netw=
ork as a whole.
=20
Maybe if this event has caused such a stir and inconvenience we should look=
at what we are doing and how we are doing it. These lists are tools that =
can be valuable to get information out to a large group of people. Anythin=
g that would block that I would consider a threat to the purpose of the lis=
t as well. This event caused blockage as well and the NANOG staff are look=
ing into mitigation for that.
=20
Thank you
Brian
=20
> To: nanog@nanog.org
> From: ljb@merit.edu
> Subject: NANOG list attack
> Date: Mon=2C 26 Oct 2015 15:17:37 -0400
>=20
>=20
> All=2C
> Just wanted to apologize for the attack over the weekend. The
> posts came from a email address that was subscribed to the list=2C so
> it was not subjected to moderation. While a filter was added
> to block further posts (which were made in a short time window)=2C
> there were existing message queues that were not cleared in a
> timely basis.
>=20
> As Job Snijders (a fellow Communications Committee member) noted
> in an earlier post=2C we will be implementing some additional protection
> mechanisms to prevent this style of incident from happening again. We
> will be more aggressively moderating posts from addresses who have
> not posted recently=2C in addition to other filtering mechanisms.
>=20
> Regards=2C
> Larry Blunk
> NANOG Communications Committee
> Admins@nanog.org
=
