<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>I am familiar with this. IBM stands for "I've Been Moved". In
      fact, I have almost forgotten the number of IBM reunions that I
      have seen.</p>
    <p>Ultimately, the cause will be investigated, sanitised, and
      eventually released as a PR Blurb. This par for any Govt. around
      the globe.</p>
    <p>Why do I not seem surprised? Seen it all before, more than once.<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 10/08/2016 8:33 p.m., Simon Sharwood
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAHW_L2hO4YS+EbMiW1dRezw5hqTA07QvenEoChRRnWK5NQX=Qg@mail.gmail.com"
      type="cite">
      <div dir="ltr">FWIW I know several IBMers recently made redundant.
        They say that anyone on decent money and with a couple of
        decades experience has been let go to save on wages. The folks
        left behind are bright, but inexperienced. Which may be why the
        mitigations discussed above weren't employed.
        <div><br>
        </div>
        <div>The thing that will be interesting in the washup is whether
          the ABS/McGibbon ever admit this was hostile action.</div>
        <div><br>
        </div>
        <div>McGibbon is currently saying DDOSes are not any form of
          attack, just a blocking action. I think a truckies blockade is
          a better example. Or perhaps a zombie truckie blockade.</div>
        <div><br>
        </div>
        <div>One last thing: ever security vendor capable of spelling
          DDOS is contacting media today saying they can explain this
          crisis away and keep you all out of the headlines. </div>
        <div><br>
        </div>
        <div>S.</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Aug 10, 2016 at 4:49 PM, J
          Williams <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:jphwilliams@gmail.com" target="_blank">jphwilliams@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">In hindsight, they could have blocked
              international access via their upstream providers. This
              would have avoided almost all issues whilst still reaching
              almost all of the audience.
              <div><br>
              </div>
              <div>Regards,</div>
              <div>Julian</div>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Wed, Aug 10, 2016 at 4:11
                    PM, Paul Wilkins <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:paulwilkins369@gmail.com"
                        target="_blank">paulwilkins369@gmail.com</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">
                        <div>
                          <div>
                            <div>Well here's the thing. Supposedly the
                              Census site had capacity to serve say 10M
                              Australian clients.<br>
                              <br>
                            </div>
                            So if your architecture has its ducks in a
                            row, you have a dedicated resource pool(s)
                            for Australian IPs. Now someone has to come
                            up with a botnet with > 10M Australian
                            based IPs. <br>
                            <br>
                            Any overseas botnet will just disable access
                            for the stragglers resource pool, either
                            overseas or on VPNs.<br>
                            <br>
                          </div>
                          <div>Get the architecture right, and the
                            operations takes care of itself.<br>
                          </div>
                          <div><br>
                          </div>
                          Kind regards<span><font color="#888888"><br>
                              <br>
                            </font></span></div>
                        <span><font color="#888888">Paul Wilkins<br>
                          </font></span></div>
                      <div>
                        <div>
                          <div class="gmail_extra"><br>
                            <div class="gmail_quote">On 10 August 2016
                              at 16:03, Mark Delany <span dir="ltr"><<a
                                  moz-do-not-send="true"
                                  href="mailto:g2x@juliet.emu.st"
                                  target="_blank">g2x@juliet.emu.st</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote"
                                style="margin:0 0 0 .8ex;border-left:1px
                                #ccc solid;padding-left:1ex"><span>>
                                  Mark,<br>
                                  > If your point is that if an
                                  attacker can flood a server with
                                  traffic, the<br>
                                  > DOS will succeed, then we agree.<br>
                                  <br>
                                </span>There are plenty of other
                                resources to exhaust besides traffic<br>
                                capacity, but ok.<br>
                                <span><br>
                                  > The point is to ensure that your
                                  attacker has an upper limit to
                                  resources<br>
                                  > available to them on the server.
                                  This is much harder to achieve with
                                  HTTPS,<br>
                                  > where you can't successfully
                                  create a session with a spoofed IP.<br>
                                  <br>
                                </span>True. But bots don't need to
                                spoof IPs. Nor recipients of IMG<br>
                                tags. What makes you think the so-called
                                DOS was based on spoofed IPs<br>
                                anyway? I don't think I made any mention
                                of it.<br>
                                <br>
                                Point being, excepting the very largest
                                destinations, it's not that<br>
                                hard to acquire more bot capacity than
                                your target's server capacity.<br>
                                <div>
                                  <div><br>
                                    <br>
                                    Mark.<br>
                                    ______________________________<wbr>_________________<br>
                                    AusNOG mailing list<br>
                                    <a moz-do-not-send="true"
                                      href="mailto:AusNOG@lists.ausnog.net"
                                      target="_blank">AusNOG@lists.ausnog.net</a><br>
                                    <a moz-do-not-send="true"
                                      href="http://lists.ausnog.net/mailman/listinfo/ausnog"
                                      rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
                                  </div>
                                </div>
                              </blockquote>
                            </div>
                            <br>
                          </div>
                        </div>
                      </div>
                      <br>
                      ______________________________<wbr>_________________<br>
                      AusNOG mailing list<br>
                      <a moz-do-not-send="true"
                        href="mailto:AusNOG@lists.ausnog.net"
                        target="_blank">AusNOG@lists.ausnog.net</a><br>
                      <a moz-do-not-send="true"
                        href="http://lists.ausnog.net/mailman/listinfo/ausnog"
                        rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
                      <br>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
            <br>
            ______________________________<wbr>_________________<br>
            AusNOG mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
            <a moz-do-not-send="true"
              href="http://lists.ausnog.net/mailman/listinfo/ausnog"
              rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div class="gmail_signature" data-smartmail="gmail_signature">
          <div dir="ltr">Simon Sharwood | JargonMaster Corporate
            Communications |<br>
            M +61 (0)414 37 37 26 |<br>
            E <a moz-do-not-send="true"
              href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a>
            | W <a moz-do-not-send="true"
              href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br>
            24 North Street Marrickville NSW 2204 AUSTRALIA<br>
            ABN: 14743763968<br>
            Work blog: <a moz-do-not-send="true"
              href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br>
            Free/Busy details: <a moz-do-not-send="true"
              href="http://www.jargonmaster.com/calendar/"
              target="_blank">http://www.jargonmaster.com/calendar/</a><br>
            I'm a member of  <a moz-do-not-send="true"
              href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and
            a vExpert
            <div><img moz-do-not-send="true"
src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png"
                height="131" width="200"><br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </blockquote>
    <br>
  
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
        <tr>
                <td style='border:none;padding:0px 15px 0px 8px'>
                        <a href="https://www.avast.com/antivirus">
                                <img border=0 src="http://static.avast.com/emails/avast-mail-stamp.png" alt="Avast logo" />
                        </a>
                </td>
                <td>
                        <p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
                                This email has been checked for viruses by Avast antivirus software.
                                <br><a href="https://www.avast.com/antivirus">www.avast.com</a>
                        </p>
                </td>
        </tr>
</table>
<br />
</body>
</html>