nanog mailing list archives
Re: Yahoo outage summary
From: Sean Donelan <sean () donelan com>
Date: Sun, 8 Jul 2007 22:26:20 -0400 (EDT)
On Sun, 8 Jul 2007, Steven M. Bellovin wrote:
Any clue about the root cause, i.e., malice or accident?Does it matter? You are screwed either way.It tells us what we need to do to prevent such things from happening in the future. For example, most misconfigurations could be blocked if all routers matched prefixes against originating ASNs, and it doesn't matter much if the assertion is digitally signed or not -- all that matters is that the check is done against some authoritative database run, say, by the RIRs. (No, that's not quite the right solution, but it serves to illustrate my point.) That's completely inadequate against an attacker.
The bad guys will (almost) always say Oops, it was an accident while being very clever at deliberatly bypassing every safety feature you can design into a system.The foolish guys will (almost) always say Oops, I didn't know while also being very clever at accidently bypassing every safety feature you can design into a system.
Unfortunately engineering can't rely on human intentions. Both the evil and the foolish have the same result. The hope is the foolish will give up before bypassing the last step, so you keep adding more steps to stop the fool. The hope is the evilish will go after something easier before bypassing the last step, so you keep adding more steps to stop the evil (sic).
As always evil or foolish gals do the same thing as evil or foolish guys.
Its not just IP addresses that exhibit misrouting. But it only occassionaly effects the important or famous enough to attract attention.
http://blog.oregonlive.com/siliconforest/2007/06/rivalry_between_qwest_comcast.html
Current thread:
- Re: Yahoo outage summary, (continued)
- Re: Yahoo outage summary Sam Stickland (Jul 10)
- Re: Yahoo outage summary Roland Dobbins (Jul 08)
- Re: Yahoo outage summary Randy Bush (Jul 08)
- Re: Yahoo outage summary Roland Dobbins (Jul 08)
- Re: Yahoo outage summary Tony Tauber (Jul 09)
- Re: Yahoo outage summary Randy Bush (Jul 09)
- Re: Yahoo outage summary Sean Donelan (Jul 09)
- Re: Yahoo outage summary Douglas Otis (Jul 09)
- Re: Yahoo outage summary Steven M. Bellovin (Jul 08)
- Re: Yahoo outage summary Sean Donelan (Jul 08)
- Re: Yahoo outage summary Joe Abley (Jul 09)
- Re: Yahoo outage summary Jared Mauch (Jul 09)
- Re: Yahoo outage summary Tony Tauber (Jul 09)