[80643] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

NetSol disaster (was Re: anycast and ddos)

daemon@ATHENA.MIT.EDU (Randy Bush)
Sat May 7 19:34:56 2005

From: Randy Bush <randy@psg.com>
Date: Sat, 7 May 2005 13:34:10 -1000
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu


[ i figure if i keep asking poking and naive questions i'll keep
  learning more about this, which may help me and others learn from
  the mistakes of others. ]

> no apologies to me required, but it'd still be interesting to
> hear what happend, eh? :)

i suspect that we don't hear from the horse's mouth is a symptom of
one of the causes, "we know well enough to go it alone, and we can
pretend that we're perfect."  well, a day+ long wipeout should make
it pretty clear that the bunker mentality is as much a fallacy as
the technology of the deployment.  it failed, and badly.

but you are correct, those of us more responsible for network
engineering are as much concerned by the technological aspect(s).

and folk seem to think that it is a bunker mentality centralized
deployment, i.e., a small number of server clusters ripe for the
picking, that fell to a simple, though likely intense, ddos attack.

and one that we do not know was spoofed (i unapologize, paul:-) and
did not really need to be because of the weaknesses of the service
deployment.

and the above combined with problems of riverhead configuration and
limitations, and lack of cooperation with upstreams to mitigate the
attack, turned a fairly normal ddos into a day+ serious mess?

randy


home help back first fref pref prev next nref lref last post