[52897] in North American Network Operators' Group
Re: WP: Attack On Internet Called Largest Ever
daemon@ATHENA.MIT.EDU (lordb@nomad.tallship.net)
Wed Oct 23 04:01:59 2002
From: lordb@nomad.tallship.net
Date: Wed, 23 Oct 2002 00:53:59 -0700 (PDT)
To: <Valdis.Kletnieks@vt.edu>
Cc: Jeff S Wheeler <jsw@five-elements.com>, <nanog@merit.edu>
In-Reply-To: <200210230716.g9N7GmaO011242@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
i think we would benefit from a traceroute - paul - f to a and j? paul
may very well be correct - but what if their internetworked with each
other.
paul?
On Wed, 23 Oct 2002 Valdis.Kletnieks@vt.edu wrote:
> On Tue, 22 Oct 2002 20:35:06 EDT, Jeff S Wheeler <jsw@five-elements.com> said:
> >
> > performance this seems true. However, I did notice that several of the
> > servers which are operated by VeriSign were not responding to at least a
> > large, 50% or greater, fraction of test queries. Even so, VeriSign was
> > good enough to chime in that their root servers were unaffected.
> >
> > Did I mis-perceive this, or is it another bold-faced lie from VeriSign?
>
> If a server that can handle 500K packets/sec is sitting behind a pipe that
> maxes out at 400K packets/sec, it won't be affected when the pipe is flooded.
>
> Most likely, half your packets were being dropped 2 or 3 hops from the
> server (where the DDoS starts converging from multiple sources). So we
> probably can't pin a "bold-faced lie" on VeriSign this time. Dissembling
> and misleading perhaps, but not a total lie (unless somebody can prove that
> the pipe still had capacity and wasn't dropping stuff)
>
>
