[outages] BGP outage on Integra
petelists at templin.org
Thu Sep 10 13:53:33 EDT 2009
Jeremy Chadwick wrote:
> Let me clarify my question: as a system administrator, when I'm told
> someone is DoS/DDoS'ing something, I immediately react in two ways: 1)
> mitigate impact, and 2) find out why said attack happened.
As a sysadmin, I suspect you're a little closer to the 'end' of the
path, while netadmins (especially SP netadmins) are more in the middle.
I have a customer who's just a magnet for DoS attacks, based on a
bunch of history/legacy of ownership and the like.
For me/us, we (attempt to) do two things: deflect the attack away from
the victim (allowing the rest of the customer's network to come up for
air), then (if possible) deflect the source of the attack. If the
attack continues longer and/or stronger, we contact upstreams to request
investigation and/or deflection upstream.
> Do networking engineers do analysis of these scenarios in attempt to
> ensure the situation doesn't recur, or do the efforts stop at "we put up
> some filters, time for lunch"?
Given the very rare success of finding ANYTHING out, there's rarely
motivation to do much other than filter things.
More information about the outages