[Outages-discussion] [outages] BGP outage on Integra

Larry Sheldon LarrySheldon at cox.net
Thu Sep 10 14:44:17 EDT 2009 

IYADATMTDTTDL[1]

I think the discussion list is a better place.

Pete Templin wrote:
> Jeremy Chadwick wrote:
> 
>> Let me clarify my question: as a system administrator, when I'm told
>> someone is DoS/DDoS'ing something, I immediately react in two ways: 1)
>> mitigate impact, and 2) find out why said attack happened.
> 
> As a sysadmin, I suspect you're a little closer to the 'end' of the 
> path, while netadmins (especially SP netadmins) are more in the middle. 
>  I have a customer who's just a magnet for DoS attacks, based on a bunch 
> of history/legacy of ownership and the like.

But I'm not convinced that the magnet should be anything but protected. 
  Assuming of course no illegal or anti-TOS behaviour).

> For me/us, we (attempt to) do two things: deflect the attack away from 
> the victim (allowing the rest of the customer's network to come up for 
> air), then (if possible) deflect the source of the attack.

I think "deflect into the bit bucket" is defensible, deflecting it 
anywhere is an offense greater than the first attack.

   If the
> attack continues longer and/or stronger, we contact upstreams to request 
> investigation and/or deflection upstream.

When I was active in the game, a local blackhole route was more satisfying.

>> Do networking engineers do analysis of these scenarios in attempt to
>> ensure the situation doesn't recur, or do the efforts stop at "we put up
>> some filters, time for lunch"?
> 
> Given the very rare success of finding ANYTHING out, there's rarely 
> motivation to do much other than filter things.

Roger that.

[1]
   InYetAnotherDesperateAttemptToMoveThisDiscussionToTheDiscussionList[2]

[2]
   RIP, Norman DeForest

-- 
Requiescas in pace o email              Two identifying characteristics
                                              of System Administrators:
Ex turpi causa non oritur actio        Infallibility, and the ability to
                                              learn from their mistakes.
Eppure si rinfresca

ICBM Targeting Information:
	http://tinyurl.com/4sqczs
	http://tinyurl.com/7tp8ml

More information about the Outages-discussion mailing list