[47661] in North American Network Operators' Group
RE: Qwest outage In NY
daemon@ATHENA.MIT.EDU (Patrick McEvilly)
Wed May 8 17:44:31 2002
From: "Patrick McEvilly" <pmcevilly@harvard.edu>
To: <nanog@merit.edu>
Date: Wed, 8 May 2002 17:44:09 -0400
Message-ID: <NBBBJIEKALGDEJIOOKLDEEOOBCAB.pmcevilly@harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-reply-to: <20020508161039.A18137@roxanne.org>
Errors-To: owner-nanog-outgoing@merit.edu
We have been working an issue with Qwest for the past two months where they
simple black hole all our traffic for no known reason. We had an escalation
procedure to get directly to the Ops Eng group when this event started this
morning as we are still trying to find out what causes it in the past.
Today's event had the very same symptoms as before but one router hop
further into the network from the past 2 times it happened. Below is what
the Ops Eng guy told us happened (very reluctantly).
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Eric Gauthier
Sent: Wednesday, May 08, 2002 4:11 PM
To: nanog@merit.edu
Subject: Re: Qwest outage In NY
> Qwest has confirmed a DOS attach against two of their Juniper routers in
the
> NY POP. I believe they had a UDP attack last week also (maybe on
Saturday).
> This time the DOS was a TCP attack on the 100Mb management interface on
the
> Juniper, leaving the box unable to pass packets, hence BGP stays up and a
> full routing table but you cannot get anywhere.
The story I just got from Qwest (from a NOCie who was reading from
their ticket, so take this with a grain of salt) made it sound like
that were flooded with bogus routes from some BGP peer. I tend to
believe what you wrote above though. I mean, getting a bunch of bogus
routes via a BGP peer doesn't seem like the kind of thing where you'd
call the vendor onsite (several Qwest NOC'ies stated that Juniper was
onsite)
whereas a large-scale DOS might... Anyways, that's the scoop that I've got
/me returns to lurking
Eric :)
