nanog mailing list archives
Re: anycast and ddos
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 6 May 2005 12:46:30 -0400
On May 6, 2005, at 12:40 PM, Randy Bush wrote:
it seems that anycasting was quite insufficient to protect netsol's service from being severely damaged (udp dead, tcp worked) for a considerable length of time by a ddos [0] last week [1]. it would be very helpful to other folk concerned with service deployment to understand how the service in question was/is anycast, and what might be done differently to mitigate exposure of similar services. anyone have clues or is this ostrich city? maybe a preso at nanog would be educational.
Seconded.
[0] - as it seems that the ddos sources were ip address spoofed (which is why the service still worked for tcp), i owe paul an apology for downplaying the immediacy of the need for source address filtering.
I was under the - possibly mistaken - impression that they activated their Riverhead boxes and that's why only TCP worked, not because of spoofed source.
Or are you saying that since the sources were spoofed, they could not filter the attack and had to resort to Riverhead's 'truncate' mechanism?
[1] - netsol is not admitting anything happened, of course <sigh>. but we all saw the big splash as it hit the water, the bubbles as it sank, and the symptoms made the cause pretty clear.
How much does it suck that a major piece of Internet infrastructure was severely affected and the details are shrouded?
-- TTFN, patrick
Current thread:
- anycast and ddos Randy Bush (May 06)
- Re: anycast and ddos Patrick W. Gilmore (May 06)
- Re: anycast and ddos Christopher L. Morrow (May 06)
- Re: anycast and ddos Randy Bush (May 07)
- Re: anycast and ddos Randy Bush (May 07)
- Re: anycast and ddos Christopher L. Morrow (May 07)
- NetSol disaster (was Re: anycast and ddos) Randy Bush (May 07)
- Re: anycast and ddos Randy Bush (May 07)
- Message not available
- Re: anycast and ddos Hank Nussbacher (May 08)
- Re: anycast and ddos Rodney Joffe (May 08)
- Re: anycast and ddos Hank Nussbacher (May 08)
- Re: anycast and ddos Hank Nussbacher (May 08)
- <Possible follow-ups>
- Re: anycast and ddos Fergie (Paul Ferguson) (May 06)
- Re: anycast and ddos Kim Onnel (May 06)