[52896] in North American Network Operators' Group
Re: WP: Attack On Internet Called Largest Ever
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Oct 23 03:17:23 2002
To: Jeff S Wheeler <jsw@five-elements.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 22 Oct 2002 20:35:06 EDT."
<1035333306.3296.5608.camel@intrepid>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 23 Oct 2002 03:16:48 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-2063916512P
Content-Type: text/plain; charset=us-ascii
On Tue, 22 Oct 2002 20:35:06 EDT, Jeff S Wheeler <jsw@five-elements.com> said:
>
> performance this seems true. However, I did notice that several of the
> servers which are operated by VeriSign were not responding to at least a
> large, 50% or greater, fraction of test queries. Even so, VeriSign was
> good enough to chime in that their root servers were unaffected.
>
> Did I mis-perceive this, or is it another bold-faced lie from VeriSign?
If a server that can handle 500K packets/sec is sitting behind a pipe that
maxes out at 400K packets/sec, it won't be affected when the pipe is flooded.
Most likely, half your packets were being dropped 2 or 3 hops from the
server (where the DDoS starts converging from multiple sources). So we
probably can't pin a "bold-faced lie" on VeriSign this time. Dissembling
and misleading perhaps, but not a total lie (unless somebody can prove that
the pipe still had capacity and wasn't dropping stuff)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-2063916512P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9tkzgcC3lWbTT17ARAkciAKDnX/PjmT1yKFakEAub4TxoV+9b2gCg1jqZ
xRIK6NLAjj7FOqCom7q+GWI=
=lMU4
-----END PGP SIGNATURE-----
--==_Exmh_-2063916512P--
