[191965] in North American Network Operators' Group
Re: Level 3 voice outage
daemon@ATHENA.MIT.EDU (Marco Teixeira)
Tue Oct 4 16:06:30 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CA+8SZ5HpK37PoS_hjF0q5x7rKGkvJ6QV-fE+s8AzP0RNJThGMQ@mail.gmail.com>
From: Marco Teixeira <admin@marcoteixeira.com>
Date: Tue, 4 Oct 2016 21:05:47 +0100
To: Shawn Ritchie <shawnritchie@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Yeap, i know, it was what i understood, as it is my opinion that a zero day
would fit better... in the pure speculation world :)
At the end of the day... maybe some undocumented fault int some obscure
functionality that was activated/deployed a long time ago, and just
revealed it self now... There are so many things that can go wrong on
complex networks even with all the controls imposed on changes...
On Tue, Oct 4, 2016 at 8:54 PM, Shawn Ritchie <shawnritchie@gmail.com>
wrote:
> Well, Level3 has by no means said that this was the result of a DDoS,
> that's just speculation on behalf of folks who do not work at Level3 so
> far.
>
> On Tue, Oct 4, 2016 at 2:49 PM Marco Teixeira <admin@marcoteixeira.com>
> wrote:
>
>> I won't believe a company like Level3 would not deploy backplane
>> protection/policing on routers. Also, 1Tb/s aggregated DDoS towards OVH
>> network didn't pause or rebooted routers. And i guess both companies hav=
e
>> had their share of (D)DoS in the past, so they had the time to get up to
>> the challenge. Now... there where times where one malformed IP packet
>> would
>> cause a memory leak leading to a router reboot... :)=E2=80=8B
>>
>>
>>
>>
>> On Tue, Oct 4, 2016 at 8:23 PM, Mel Beckman <mel@beckman.org> wrote:
>>
>> > 765 Gbps per second directed at a router=E2=80=99s interface IP might =
give the
>> > router pause, so to speak :)
>> >
>> > -mel
>> >
>> > On Oct 4, 2016, at 12:10 PM, Marco Teixeira <admin@marcoteixeira.com>
>> > wrote:
>> >
>> > Multiple reboots across several markets... Does not seem something tha=
t
>> > full pipes would trigger. Had it been an approved chance it would have
>> been
>> > rolled back i guess... On the other hand, a zero day could apply...
>> >
>> > Em 04/10/2016 19:54, "Mel Beckman" <mel@beckman.org> escreveu:
>> >
>> >> Sure. The recent release of the IoT DDoS attack code in the wild.
>> >>
>> >> -mel
>> >>
>> >> > On Oct 4, 2016, at 11:42 AM, Valdis.Kletnieks@vt.edu wrote:
>> >> >
>> >> > On Tue, 04 Oct 2016 18:14:54 -0000, Mel Beckman said:
>> >> >
>> >> >> This could be DoS attack.
>> >> >
>> >> > Or a missing comma in a code update.
>> >> >
>> >> > Or a fumble-fingered NOC monkey.
>> >> >
>> >> > Or....
>> >> >
>> >> > You have any reason to suspect a DoS attack rather than all the oth=
er
>> >> > possibilities?
>> >>
>> >>
>> >
>>
> --
>
> --
> Shawn
>
