[39464] in North American Network Operators' Group
Re: DDoS attacks
daemon@ATHENA.MIT.EDU (Jon O .)
Wed Jul 11 23:33:49 2001
Date: Wed, 11 Jul 2001 20:33:24 -0700
From: "Jon O ." <jono@microshaft.org>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: Ariel Biener <ariel@fireball.tau.ac.il>, nanog@merit.edu
Message-ID: <20010711203323.A15099@networkcommand.com>
Reply-To: "jono@networkcommand.com" <jono@microshaft.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0107111929180.9021-100000@overlord.e-gerbil.net>; from ras@e-gerbil.net on Wed, Jul 11, 2001 at 07:40:45PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
This is pathetic. Someone asks for help and you demean them with jokes.=20
Logic? Network Operators provide the ammo, Operating systems the guy, and s=
cript kiddies the finger.=20
Ebay, Etrade, Yahoo, etc all got SMOKED by some unknown attacker and I've y=
et to see a good fix that stops this kind of attacking. Why, because right =
now there isn't one. What do the powerless do? They resort to poking fun, i=
llogical behavior. I think you might do better discussing, testing, plannin=
g how to prevent this type of thing on your own network. However, I'm concl=
uding from the type of behavior displayed that most of you manage nothing l=
arger than a couple T-1s.=20
There is no solution to this problem. This guy asking for help provided a p=
erfect case where you could have learned something, asked questions and gen=
erally ACT AS YOU WOULD LIKE TO BE TREATED. Both of you are in my shitheads=
for life book and the only way to get out is to apologize to the poster, C=
C: nanog and ask a good question about the attacks so that we might all lea=
rn something. =20
Sooner or later another big attack like the last one is going to hit us. Do=
n't kid yourself. During the last one all those companies got lucky that th=
e attacker decided to turn it off.=20
On 11-Jul-2001, Richard A. Steenbergen wrote:
>=20
> > For the last few days, I have experienced a series of DDoS attacks
> > on various targets around the globe. The general target is the EFNet
> > irc network, and servers have been attacked all through Europe, USA,
> > Canada, Israel, and such.
>=20
> Wow, EFNet is being attacked? That's never happened before. Someone should
> alert the media.
>=20
> > Due to the various attacks, more than half of the servers on the
> > network were black holed (null routed). The others which hold 1/3 of
> > the client count, are attacked, or going to be attacked soon.
>=20
> Perhaps because there are only 5 servers which actually accept clients?
>=20
> > If this keeps on going, this irc network will cease to exist.
>=20
> Oh the humanity.
>=20
> > In this time of need, it would be a great help if the large
> > carriers would be helpful in tracing the traffic.
>=20
> Hrm you may have an idea there. Since so many attacks are related to
> EFNet, and there are so many possible reasons for it to be impacting the
> rest of the internet, I propose we introduce a new ICMP type, ICMP EFNet.
> This message type could be used to convey all kinds of important
> information about why things are broken, for example:
>=20
> ICMP EFNet code 1 - Smurfing
> ICMP EFNet code 2 - SYN Flooding
> ICMP EFNet code 3 - Channel takeover
> ICMP EFNet code 4 - Warring botnets
> ICMP EFNet code 5 - Dianora
>=20
> and many other useful messages.
>=20
> --=20
> Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
> PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7TRqD6nXMS6O+1XQRAtbYAJ90A6+XlrbI6iYpDreYXNdU8z9H0QCfSErl
/GbsbKZ1PxPI3lMnA84H4OA=
=QTSY
-----END PGP SIGNATURE-----
--tThc/1wpZn/ma/RB--
