[27055] in North American Network Operators' Group
RE: Yahoo! Lessons Learned
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Tue Feb 8 12:42:42 2000
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
To: "Sean Donelan" <sean@donelan.com>, <nanog@merit.edu>
Date: Tue, 8 Feb 2000 09:38:14 -0800
Message-ID: <NDBBJKGADKGFDIKIHOBJMECKCDAA.rmeyer@mhsc.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20000208112536.18904.cpmta@c004.sfo.cp.net>
Errors-To: owner-nanog-outgoing@merit.edu
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Sean Donelan
> Sent: Tuesday, February 08, 2000 3:26 AM
>
> As much as I enjoy finding out about Yahoo & GlobalCenter issues by
> reading the newswires, I wonder if there are any lessons we can learn
> from these events. Or was this not big enough to get attention of
> upper management?
I doubt if upper management could have done anything about it. AFAICT, Yahoo
was not compromised directly. Reports that I have seen, and some of them are
hearsay, indicated that this is one of the very first of a distributed DOS
attack. One that CERT recent;ly warned us about.
http://www.cert.org/advisories/CA-2000-01.html
> Was there something Yahoo!, GlobalCeneter or other providers could
> have done, either individually or in cooperation, to prevent the problem?
>
> Likewise, could they, individually or in cooperation with other providers,
> have shortened the duration or severity by doing something different?
highly unlikely.
> And finally, would they be more successfull in tracking the source the
> the problem by doing something different?
The only defense I can think of is to prevent other systems from being
"owned". This takes a tightly cooperative environment. We don't have this.
At best, we have a loosely co-operative anarchy, with none of the big
entities playing together consistently. Evenso, this may not be possible.
