[AusNOG] census issues tonight

Mark Delany g2x at juliet.emu.st
Wed Aug 10 16:36:15 EST 2016


> Well here's the thing. Supposedly the Census site had capacity to serve say
> 10M Australian clients.

They are on record as saying they sized it for less than 300
concurrent requests. 10M aggregate requests over time are irrelevant.

> So if your architecture has its ducks in a row, you have a dedicated
> resource pool(s) for Australian IPs. Now someone has to come up with a
> botnet with > 10M Australian based IPs.

No. You need to think more creatively about how a phalanx of bots can
be used. I would suspect that a mere 10,000 or so repeatedly
initiating TLS connections at the same time would swamp their servers
CPU and possibly memory.

And nothing stops a single bot from issued 10 or 100 connection
requests at the same time, does it? Given pervasive IPv4 NATs it's
very risky filtering out concurrent source addresses at the
destination so I suspect that concurrent connections from the same
source would get thru.

Is it possible that there are 10K bots available in AU? I'm not in the
market, but I wouldn't be at all surprised.

If the bots actually do something useful inside the TLS connection,
such as a meaningful GET/POST then I'd think that 10,000 simultaneous
HTTP requests might also put a fair amount of duress on a system
designed to cope with a mere 300 or so simultaneous requests. Don't
you?


Mark.


More information about the AusNOG mailing list