nanog mailing list archives
Re: Yahoo offline because of attack (was: Yahoo network outage)
From: "Christopher B. Zydel" <czydel () aralan net>
Date: Thu, 10 Feb 2000 00:00:25 -0500
On Wed, Feb 09, 2000 at 03:51:45PM -0500, Travis Pugh wrote:
Host-by-host prevention, during an attack, should be very easy ... assuming a minimal amount of cooperation between upstream provider and compromised network, if link utilization is tracked and the spike is noticible. Perhaps we should be notifying operations staff to be on the lookout for suddenly saturated circuits, and to be prepared to help out owners of compromised hosts with filter configuration?
This sort of alarming is fairly trivial. Just about any network management system can be configured to poll interface counters on a regular basis and alarm when some threshold is reached. The difficult question to answer is "How long should the link be saturated before sending an alarm". With high speed links this is a lot easier. It's relatively easy to saturate a T1 with a file transfer, however the same would not be true for an OC-3c. This type of alarming should be based upon deviation from the established mean as well. (For example, if a circuit sees around 50mbit/sec worth of usage on a regular basis, and then spikes to 130mbit/sec and stays there, something is clearly wrong) /cbz
Current thread:
- RE: Yahoo offline because of attack (was: Yahoo network outage), (continued)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Patrick Greenwell (Feb 09)
- Message not available
- RE: Yahoo offline because of attack (was: Yahoo network outage) Declan McCullagh (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Richard Steenbergen (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) lucifer (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Dan Hollis (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Henry R. Linneweh (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Travis Pugh (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Dan Hollis (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Travis Pugh (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Jared Mauch (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Christopher B. Zydel (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Jim Williams (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Joe Shaw (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Wayne Bouchard (Feb 10)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Joe Shaw (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Christopher B. Zydel (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Roeland M.J. Meyer (Feb 09)
- Re: Yahoo offline because of attack (was: Yahoo network outage) Christopher B. Zydel (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Roeland M.J. Meyer (Feb 09)
- RE: Yahoo offline because of attack (was: Yahoo network outage) Shawn McMahon (Feb 09)
- Message not available
- RE: Yahoo offline because of attack (was: Yahoo network outage) Shawn McMahon (Feb 09)