[AusNOG] census issues tonight

Michael Schipp michaelsc at mellanox.com
Wed Aug 10 19:20:22 EST 2016 

+1 to that comment

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Kristoffer Sheather @ CloudCentral
Sent: Wednesday, 10 August 2016 7:19 PM
To: Simon Sharwood <simon at jargonmaster.com>
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] census issues tonight

Let's just say its a very successfull 'attempt' at an attack! :)

________________________________
From: "Simon Sharwood" <simon at jargonmaster.com<mailto:simon at jargonmaster.com>>
Sent: 10 August 2016 19:11
To: "Alan Maher" <alanmaher at gmail.com<mailto:alanmaher at gmail.com>>
Cc: "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>
Subject: Re: [AusNOG] census issues tonight

Don't bet on the PR blurb.

IBM isn't responding to anyone. the gummint won't say anything cogent. the talking points are clearly to say this is not an attack. If not, WTF is it?

S.

On Wed, Aug 10, 2016 at 7:04 PM, Alan Maher <alanmaher at gmail.com<mailto:alanmaher at gmail.com>> wrote:

I am familiar with this. IBM stands for "I've Been Moved". In fact, I have almost forgotten the number of IBM reunions that I have seen.

Ultimately, the cause will be investigated, sanitised, and eventually released as a PR Blurb. This par for any Govt. around the globe.

Why do I not seem surprised? Seen it all before, more than once.

On 10/08/2016 8:33 p.m., Simon Sharwood wrote:
FWIW I know several IBMers recently made redundant. They say that anyone on decent money and with a couple of decades experience has been let go to save on wages. The folks left behind are bright, but inexperienced. Which may be why the mitigations discussed above weren't employed.

The thing that will be interesting in the washup is whether the ABS/McGibbon ever admit this was hostile action.

McGibbon is currently saying DDOSes are not any form of attack, just a blocking action. I think a truckies blockade is a better example. Or perhaps a zombie truckie blockade.

One last thing: ever security vendor capable of spelling DDOS is contacting media today saying they can explain this crisis away and keep you all out of the headlines.

S.

On Wed, Aug 10, 2016 at 4:49 PM, J Williams <jphwilliams at gmail.com<mailto:jphwilliams at gmail.com>> wrote:
In hindsight, they could have blocked international access via their upstream providers. This would have avoided almost all issues whilst still reaching almost all of the audience.

Regards,
Julian

On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Well here's the thing. Supposedly the Census site had capacity to serve say 10M Australian clients.

So if your architecture has its ducks in a row, you have a dedicated resource pool(s) for Australian IPs. Now someone has to come up with a botnet with > 10M Australian based IPs.

Any overseas botnet will just disable access for the stragglers resource pool, either overseas or on VPNs.

Get the architecture right, and the operations takes care of itself.

Kind regards

Paul Wilkins

On 10 August 2016 at 16:03, Mark Delany <g2x at juliet.emu.st<mailto:g2x at juliet.emu.st>> wrote:
> Mark,
> If your point is that if an attacker can flood a server with traffic, the
> DOS will succeed, then we agree.

There are plenty of other resources to exhaust besides traffic
capacity, but ok.

> The point is to ensure that your attacker has an upper limit to resources
> available to them on the server. This is much harder to achieve with HTTPS,
> where you can't successfully create a session with a spoofed IP.

True. But bots don't need to spoof IPs. Nor recipients of IMG
tags. What makes you think the so-called DOS was based on spoofed IPs
anyway? I don't think I made any mention of it.

Point being, excepting the very largest destinations, it's not that
hard to acquire more bot capacity than your target's server capacity.


Mark.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



--
Simon Sharwood | JargonMaster Corporate Communications |
M +61 (0)414 37 37 26 |
E simon at jargonmaster.com<mailto:simon at jargonmaster.com> | W www.jargonmaster.com<http://www.jargonmaster.com>
24 North Street Marrickville NSW 2204 AUSTRALIA
ABN: 14743763968
Work blog: jargonmaster.wordpress.com<http://jargonmaster.wordpress.com>
Free/Busy details: http://www.jargonmaster.com/calendar/
I'm a member of  DHBC.org.au<http://DHBC.org.au> and a vExpert
[https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png]




_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog



________________________________
[Avast logo]<https://www.avast.com/antivirus>


This email has been checked for viruses by Avast antivirus software.
www.avast.com<https://www.avast.com/antivirus>



--
Simon Sharwood | JargonMaster Corporate Communications |
M +61 (0)414 37 37 26 |
E simon at jargonmaster.com<mailto:simon at jargonmaster.com> | W www.jargonmaster.com<http://www.jargonmaster.com>
24 North Street Marrickville NSW 2204 AUSTRALIA
ABN: 14743763968
Work blog: jargonmaster.wordpress.com<http://jargonmaster.wordpress.com>
Free/Busy details: http://www.jargonmaster.com/calendar/
I'm a member of  DHBC.org.au<http://DHBC.org.au> and a vExpert
[https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png]


Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg

Report this message as spam<https://console.mailguard.com.au/ras/1P15yB5QLv/550HfatvSxuQcg3gxSZ51b/0.222>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/74206a25/attachment.html>

More information about the AusNOG mailing list