nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NANOG meeting subject of attack? Hmmmm....

From: Bino Gopal <bino () watsun cc columbia edu>
Date: Wed, 9 Feb 2000 19:54:23 -0500 (EST)

As Charles says, from what I've read of the CERT advisories, there is
nothing proactive one can really do for these DDos attacks, besides
securing machines from being hacked, correct?

Also note that the link that Paul gave to the cnet story doesn't mention
anything about NANOG (for those who were looking).  That only came later
tonight, by 8:30pm with this story:

        http://news.cnet/com/news/0-1005-200-1545456.html

Also see CNN (as they got hit) at:

        http://cnnfn.com/2000/02/08/technology/yahoo/

Looks like the news organizations have picked up on the timing
'coincidence' (if it was one).  Apologies if this is old news; I just
didn't see any mention of it yet, and it seemed rather operational, given
the nature of what happened. :)

                                                        BINO


On Tue, 8 Feb 2000, Charles Sprickman wrote:


On Tue, 8 Feb 2000, Christian Nielsen wrote:


On Tue, 8 Feb 2000, Paul Ferguson wrote:


  http://news.cnet.com/news/0-1007-200-1544910.html?dtn.head


I guess the only way to 'protect' against something this big would be to
follow Pauls RFC and/or have big, fat pipes sitting idle.


It's my understanding that these recent attacks are DDoS attacks, which
really don't need to involve any address spoofing.  The MO would look
similar to a smurf (many different source addresses bombarding you), but
here the negligent (call the lawyers?) party with the hacked Solaris boxes
running out-of-the-box configs would not be helped by said RFC, right?


This is a sad day for the internet. :(


Just a reminder that we are working in a anarchic, non-cooperative
business, that's all :)

Charles


Christian
Previous By Date Next
Previous By Thread Next

Current thread: