[Outages-discussion] [outages] BGP outage on Integra
Larry Sheldon
LarrySheldon at cox.net
Thu Sep 10 13:56:06 EDT 2009
Jeremy Chadwick wrote:
> On Thu, Sep 10, 2009 at 10:10:38AM -0700, Raymond, Steven wrote:
>>> Anyone in the Las Vegas area notice a BGP outage with Integra Telecom
>>> within the last 20 minutes? We lost all routes from them at two different
>>> locations in Vegas.
>> Sorry for the disruption. A router was the victim of a DOS attack and it did cause BGP session resets. Steps have been taken to prevent this result.
>
> I'm curious: in this sort of situation, exactly what do networking
> engineers do about this situation?
>
> Let me clarify my question: as a system administrator, when I'm told
> someone is DoS/DDoS'ing something, I immediately react in two ways: 1)
> mitigate impact, and 2) find out why said attack happened.
>
> Working for ISPs the majority of my life has taught me that most of the
> time Netizens don't decide to DoS something without reason, no matter
> how trivial or childish that reason is. Maybe there's a user who's on
> IRC causing trouble, maybe someone hosts a web forum that had some
> remarks someone didn't like, or maybe there's an account which got
> compromised and it's up to something suspicious. Childish, petty, but
> reality.
>
> Do networking engineers do analysis of these scenarios in attempt to
> ensure the situation doesn't recur, or do the efforts stop at "we put up
> some filters, time for lunch"?
I don't want anybody doing more than that anywhere except at the origin
of the disruption (the attacker, not the attackee).
People in the middle have no call to meddle in end-point affairs.
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
Eppure si rinfresca
ICBM Targeting Information:
http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml
More information about the Outages-discussion
mailing list