nanog mailing list archives
Re: register.com down sev0?
From: alex () pilosoft com
Date: Thu, 26 Oct 2006 01:31:39 -0400 (EDT)
On Thu, 26 Oct 2006, Patrick W. Gilmore wrote:
There is no single "appropriately[sic] place" which can absorb 50Mpps. If you meant "appropriately placed" (as in topologically dispersed locations), a well crafted attack could still guarantee _at least_ a partial DoS from an end user PoV. It is essentially impossible to distinguish end-user requests from (im)properly created DoS packets (especially until BCP38 is widely adopted - i.e. probably never). Since there is no single place - no 13 places - which can withstand a well crafted DoS, you are guaranteed that some users will not be able to reach any of your listed authorities.
Yeah - I know it hard-to-impossible to do that, and it is a tug-of-war between worm writers (to generate queries indistinguishable from real client-resolver-generated queries) and trying-to-detect-malformed-queries (such as duplicated qid, or from IP space that shouldn't be hitting this specific node). You probably dealt with more ddos than rest of us combined, so I bow to your superior knowledge.
I know that the above was just rough back-of-the-envelope, and things are far more complicated than that, but this discussion does not really belong to nanog-l.We disagree. Keeping large name servers running is _absolutely_ a network operations topic. Not only is the defense mostly network based (since the network is the most likely thing to break), network operators are the people who get the phone calls when DNS does break.
Sorry - I meant that discussion whether or not register.com is spamming isn't somewhat offtopic. Of course, DNS operations (and particularly dealing with "biblical scale" ddos) is very much on-topic. -alex
Current thread:
- Re: register.com down sev0?, (continued)
- Re: register.com down sev0? Matt Ghali (Oct 25)
- Re: register.com down sev0? alex (Oct 25)
- Re: register.com down sev0? Jim Popovitch (Oct 25)
- Re: register.com down sev0? Matt Ghali (Oct 25)
- Re: register.com down sev0? Randy Bush (Oct 25)
- Re: register.com down sev0? alex (Oct 25)
- Re: register.com down sev0? Paul Vixie (Oct 25)
- Re: register.com down sev0? alex (Oct 25)
- Re: register.com down sev0? Chris Owen (Oct 25)
- Re: register.com down sev0? Patrick W. Gilmore (Oct 25)
- Re: register.com down sev0? alex (Oct 25)
- DNS DDoS [was: register.com down sev0?] Patrick W. Gilmore (Oct 26)
- Re: DNS DDoS [was: register.com down sev0?] Robert Boyle (Oct 26)
- Re: DNS DDoS [was: register.com down sev0?] jerry (Oct 26)
- Re: register.com down sev0? Matt Ghali (Oct 25)
- 10,352 active botnets (was Re: register.com down sev0?) Sean Donelan (Oct 25)
- Re: register.com down sev0? Rich Kulawiec (Oct 26)
- Re: register.com down sev0? - More information Don (Oct 26)
- Re: register.com down sev0? - More information Chris Adams (Oct 26)
- Re: register.com down sev0? - More information Donald Stahl (Oct 26)
- Re: register.com down sev0? - More information Charles Gucker (Oct 26)
- Re: register.com down sev0? Joseph S D Yao (Oct 27)