[outages] BGP outage on Integra

Pete Templin petelists at templin.org
Thu Sep 10 13:53:33 EDT 2009


Jeremy Chadwick wrote:

> Let me clarify my question: as a system administrator, when I'm told
> someone is DoS/DDoS'ing something, I immediately react in two ways: 1)
> mitigate impact, and 2) find out why said attack happened.

As a sysadmin, I suspect you're a little closer to the 'end' of the 
path, while netadmins (especially SP netadmins) are more in the middle. 
  I have a customer who's just a magnet for DoS attacks, based on a 
bunch of history/legacy of ownership and the like.

For me/us, we (attempt to) do two things: deflect the attack away from 
the victim (allowing the rest of the customer's network to come up for 
air), then (if possible) deflect the source of the attack.  If the 
attack continues longer and/or stronger, we contact upstreams to request 
investigation and/or deflection upstream.

> Do networking engineers do analysis of these scenarios in attempt to
> ensure the situation doesn't recur, or do the efforts stop at "we put up
> some filters, time for lunch"?

Given the very rare success of finding ANYTHING out, there's rarely 
motivation to do much other than filter things.

pt



More information about the outages mailing list