RE: Yahoo! Lessons Learned

["Roeland M.J. Meyer" <rmeyer () mhsc com>]

> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
> Sean Donelan
> Sent: Tuesday, February 08, 2000 3:26 AM
>
> As much as I enjoy finding out about Yahoo & GlobalCenter issues by
> reading the newswires, I wonder if there are any lessons we can learn
> from these events.  Or was this not big enough to get attention of
> upper management?

I doubt if upper management could have done anything about it. AFAICT, Yahoo
was not compromised directly. Reports that I have seen, and some of them are
hearsay, indicated that this is one of the very first of a distributed DOS
attack. One that CERT recent;ly warned us about.

http://www.cert.org/advisories/CA-2000-01.html

> Was there something Yahoo!, GlobalCeneter or other providers could
> have done, either individually or in cooperation, to prevent the problem?
>
> Likewise, could they, individually or in cooperation with other providers,
> have shortened the duration or severity by doing something different?

highly unlikely.

> And finally, would they be more successfull in tracking the source the
> the problem by doing something different?

The only defense I can think of is to prevent other systems from being
"owned". This takes a tightly cooperative environment. We don't have this.
At best, we have a loosely co-operative anarchy, with none of the big
entities playing together consistently. Evenso, this may not be possible.