[outages] BGP outage on Integra

Jeremy Chadwick outages at jdc.parodius.com
Thu Sep 10 13:32:33 EDT 2009


On Thu, Sep 10, 2009 at 10:10:38AM -0700, Raymond, Steven wrote:
> > Anyone in the Las Vegas area notice a BGP outage with Integra Telecom
> > within the last 20 minutes?  We lost all routes from them at two different
> > locations in Vegas.
> 
> Sorry for the disruption.  A router was the victim of a DOS attack and it did cause BGP session resets.  Steps have been taken to prevent this result.

I'm curious: in this sort of situation, exactly what do networking
engineers do about this situation?

Let me clarify my question: as a system administrator, when I'm told
someone is DoS/DDoS'ing something, I immediately react in two ways: 1)
mitigate impact, and 2) find out why said attack happened.

Working for ISPs the majority of my life has taught me that most of the
time Netizens don't decide to DoS something without reason, no matter
how trivial or childish that reason is.  Maybe there's a user who's on
IRC causing trouble, maybe someone hosts a web forum that had some
remarks someone didn't like, or maybe there's an account which got
compromised and it's up to something suspicious.  Childish, petty, but
reality.

Do networking engineers do analysis of these scenarios in attempt to
ensure the situation doesn't recur, or do the efforts stop at "we put up
some filters, time for lunch"?

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |


More information about the outages mailing list