nanog mailing list archives
Re: Akamai DNS Issue?
From: Daniel Golding <dgolding () burtongroup com>
Date: Wed, 16 Jun 2004 11:00:05 -0400
On 6/15/04 9:28 PM, "Stewart, William C (Bill), RTSLS" <billstewart () att com> wrote:
Daniel Golding suggested that the problem was that many folks are sharing Akamai's magic DNS algorithms. This doesn't appear to be a problem with magic algorithms - it appears that they're sharing the _servers_, and that the reported attack on the servers means that it doesn't matter how magic the algorithms are. Good luck to them on developing a longer-term workaround for the next attack. Bill Stewart, bill.stewart () pobox com Disclaimer: This note is, as usual, my personal opinion, not my employer's.
Bill, The point still holds - when too much high value content shares anything - algorithm, infrastructure, etc you get vulnerability. The problem I was highlighting was excessive sharing, not AkaDNS magic. (Of course, everything shares the general DNS infrastructure, but the numerous roots (some of which are anycast-ed) plus the distributed nature make that tougher to completely take out. ) It looks like this was an attack on the Akamai DNS redirection infrastructure rather than the Akamai hosting infrastructure. Their DNS servers present far fewer points to attack. It would be interesting to hear a detailed analysis of the attack at some point. Maybe a good topic for the next NANOG? (Patrick? :) Part of the difficulty of discussing this is, that by bringing up points of potential vulnerability in a public forum, it provides hints for those who would wreak havoc. I'm sure many of us can come up with other bits of vulnerable shared infrastructure, but it seems inappropriate to discuss this on such an open forum. I can only wonder if the more private forums being hosted by government organizations are effective, or simply boondoggles designed to provide political cover. - Dan
Current thread:
- RE: Akamai DNS Issue?, (continued)
- RE: Akamai DNS Issue? Sean McPherson (Jun 15)
- RE: Akamai DNS Issue? wrolf . courtney (Jun 15)
- Re: Akamai DNS Issue? John Neiberger (Jun 15)
- Re: Akamai DNS Issue? Randy Bush (Jun 15)
- RE: Akamai DNS Issue? Mike Tancsa (Jun 15)
- Re: Akamai DNS Issue? Stewart, William C (Bill), RTSLS (Jun 15)
- Re: Akamai DNS Issue? Joe Abley (Jun 16)
- Re: Akamai DNS Issue? Mark Radabaugh (Jun 16)
- Re: Akamai DNS Issue? Joe Abley (Jun 16)
- Re: Akamai DNS Issue? Laurence F. Sheldon, Jr. (Jun 16)
- Re: Akamai DNS Issue? Joe Abley (Jun 16)
- Re: Akamai DNS Issue? Daniel Golding (Jun 16)
- Re: Akamai DNS Issue? Hannigan, Martin (Jun 16)
- Re: Akamai DNS Issue? Matt Levine (Jun 17)
- Re: Akamai DNS Issue? Patrick W Gilmore (Jun 17)
- Re: Akamai DNS Issue? Matt Levine (Jun 17)
- Pushing GTLD zones [WAS: Akamai DNS Issue?] Patrick W Gilmore (Jun 17)
- Re: Pushing GTLD zones [WAS: Akamai DNS Issue?] bmanning (Jun 17)
- Re: Pushing GTLD zones [WAS: Akamai DNS Issue?] Michael Loftis (Jun 17)
- Re: Pushing GTLD zones [WAS: Akamai DNS Issue?] Paul Vixie (Jun 17)
- Re: Pushing GTLD zones [WAS: Akamai DNS Issue?] D'Arcy J.M. Cain (Jun 17)
- Re: Pushing GTLD zones [WAS: Akamai DNS Issue?] Jeroen Massar (Jun 18)
- Re: Akamai DNS Issue? Matt Levine (Jun 17)