[AusNOG] census issues tonight

Kristoffer Sheather @ CloudCentral kristoffer.sheather at cloudcentral.com.au
Wed Aug 10 19:18:36 EST 2016 

Let's just say its a very successfull 'attempt' at an attack! :)  

----------------------------------------
 From: "Simon Sharwood" <simon at jargonmaster.com>
Sent: 10 August 2016 19:11
To: "Alan Maher" <alanmaher at gmail.com>
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] census issues tonight   
 Don't bet on the PR blurb.  
 IBM isn't responding to anyone. the gummint won't say anything cogent. the 
talking points are clearly to say this is not an attack. If not, WTF is 
it?
  
 S.

   On Wed, Aug 10, 2016 at 7:04 PM, Alan Maher <alanmaher at gmail.com> wrote: 
   

I am familiar with this. IBM stands for "I've Been Moved". In fact, I have 
almost forgotten the number of IBM reunions that I have seen.  

Ultimately, the cause will be investigated, sanitised, and eventually 
released as a PR Blurb. This par for any Govt. around the globe.  

Why do I not seem surprised? Seen it all before, more than once.     On 
10/08/2016 8:33 p.m., Simon Sharwood wrote:
  FWIW I know several IBMers recently made redundant. They say that anyone 
on decent money and with a couple of decades experience has been let go to 
save on wages. The folks left behind are bright, but inexperienced. Which 
may be why the mitigations discussed above weren't employed.  
 The thing that will be interesting in the washup is whether the 
ABS/McGibbon ever admit this was hostile action.
  
 McGibbon is currently saying DDOSes are not any form of attack, just a 
blocking action. I think a truckies blockade is a better example. Or 
perhaps a zombie truckie blockade.
  
 One last thing: ever security vendor capable of spelling DDOS is 
contacting media today saying they can explain this crisis away and keep 
you all out of the headlines. 
  
 S.

   On Wed, Aug 10, 2016 at 4:49 PM, J Williams <jphwilliams at gmail.com> 
wrote:   In hindsight, they could have blocked international access via 
their upstream providers. This would have avoided almost all issues whilst 
still reaching almost all of the audience.  
 Regards,
 Julian

     On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins 
<paulwilkins369 at gmail.com> wrote:      Well here's the thing. Supposedly 
the Census site had capacity to serve say 10M Australian clients.
 
So if your architecture has its ducks in a row, you have a dedicated 
resource pool(s) for Australian IPs. Now someone has to come up with a 
botnet with > 10M Australian based IPs.

Any overseas botnet will just disable access for the stragglers resource 
pool, either overseas or on VPNs.
 
 Get the architecture right, and the operations takes care of itself.
  
Kind regards
 
Paul Wilkins 
     On 10 August 2016 at 16:03, Mark Delany <g2x at juliet.emu.st> wrote:  > 
Mark,
> If your point is that if an attacker can flood a server with traffic, 
the
> DOS will succeed, then we agree.

There are plenty of other resources to exhaust besides traffic
capacity, but ok.

> The point is to ensure that your attacker has an upper limit to 
resources
> available to them on the server. This is much harder to achieve with 
HTTPS,
> where you can't successfully create a session with a spoofed IP.

True. But bots don't need to spoof IPs. Nor recipients of IMG
tags. What makes you think the so-called DOS was based on spoofed IPs
anyway? I don't think I made any mention of it.

Point being, excepting the very largest destinations, it's not that
hard to acquire more bot capacity than your target's server capacity.  

Mark.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
  

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
  
    
--   Simon Sharwood | JargonMaster Corporate Communications |
M +61 (0)414 37 37 26 |
E simon at jargonmaster.com | W www.jargonmaster.com
24 North Street Marrickville NSW 2204 AUSTRALIA
ABN: 14743763968
Work blog: jargonmaster.wordpress.com
Free/Busy details: http://www.jargonmaster.com/calendar/
I'm a member of  DHBC.org.au and a vExpert  

        

 _______________________________________________ AusNOG mailing list 
AusNOG at lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog   

  
----------------------------------------

This email has been checked for viruses by Avast antivirus software. 
			www.avast.com 				  		

    
--   Simon Sharwood | JargonMaster Corporate Communications |
M +61 (0)414 37 37 26 |
E simon at jargonmaster.com | W www.jargonmaster.com
24 North Street Marrickville NSW 2204 AUSTRALIA
ABN: 14743763968
Work blog: jargonmaster.wordpress.com
Free/Busy details: http://www.jargonmaster.com/calendar/
I'm a member of  DHBC.org.au and a vExpert  

   

Message protected by MailGuard: e-mail anti-virus, anti-spam and content 
filtering.
http://www.mailguard.com.au/mg 
Report this message as spam   
 
 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/63993be2/attachment-0001.html>

More information about the AusNOG mailing list