<div dir="ltr">Don't bet on the PR blurb.<div><br></div><div>IBM isn't responding to anyone. the gummint won't say anything cogent. the talking points are clearly to say this is not an attack. If not, WTF is it?</div><div><br></div><div>S.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 10, 2016 at 7:04 PM, Alan Maher <span dir="ltr"><<a href="mailto:alanmaher@gmail.com" target="_blank">alanmaher@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I am familiar with this. IBM stands for "I've Been Moved". In
fact, I have almost forgotten the number of IBM reunions that I
have seen.</p>
<p>Ultimately, the cause will be investigated, sanitised, and
eventually released as a PR Blurb. This par for any Govt. around
the globe.</p>
<p>Why do I not seem surprised? Seen it all before, more than once.<br>
</p><div><div class="h5">
<br>
<div>On 10/08/2016 8:33 p.m., Simon Sharwood
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">FWIW I know several IBMers recently made redundant.
They say that anyone on decent money and with a couple of
decades experience has been let go to save on wages. The folks
left behind are bright, but inexperienced. Which may be why the
mitigations discussed above weren't employed.
<div><br>
</div>
<div>The thing that will be interesting in the washup is whether
the ABS/McGibbon ever admit this was hostile action.</div>
<div><br>
</div>
<div>McGibbon is currently saying DDOSes are not any form of
attack, just a blocking action. I think a truckies blockade is
a better example. Or perhaps a zombie truckie blockade.</div>
<div><br>
</div>
<div>One last thing: ever security vendor capable of spelling
DDOS is contacting media today saying they can explain this
crisis away and keep you all out of the headlines. </div>
<div><br>
</div>
<div>S.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Aug 10, 2016 at 4:49 PM, J
Williams <span dir="ltr"><<a href="mailto:jphwilliams@gmail.com" target="_blank">jphwilliams@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">In hindsight, they could have blocked
international access via their upstream providers. This
would have avoided almost all issues whilst still reaching
almost all of the audience.
<div><br>
</div>
<div>Regards,</div>
<div>Julian</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Aug 10, 2016 at 4:11
PM, Paul Wilkins <span dir="ltr"><<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Well here's the thing. Supposedly the
Census site had capacity to serve say 10M
Australian clients.<br>
<br>
</div>
So if your architecture has its ducks in a
row, you have a dedicated resource pool(s)
for Australian IPs. Now someone has to come
up with a botnet with > 10M Australian
based IPs. <br>
<br>
Any overseas botnet will just disable access
for the stragglers resource pool, either
overseas or on VPNs.<br>
<br>
</div>
<div>Get the architecture right, and the
operations takes care of itself.<br>
</div>
<div><br>
</div>
Kind regards<span><font color="#888888"><br>
<br>
</font></span></div>
<span><font color="#888888">Paul Wilkins<br>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 August 2016
at 16:03, Mark Delany <span dir="ltr"><<a href="mailto:g2x@juliet.emu.st" target="_blank">g2x@juliet.emu.st</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>>
Mark,<br>
> If your point is that if an
attacker can flood a server with
traffic, the<br>
> DOS will succeed, then we agree.<br>
<br>
</span>There are plenty of other
resources to exhaust besides traffic<br>
capacity, but ok.<br>
<span><br>
> The point is to ensure that your
attacker has an upper limit to
resources<br>
> available to them on the server.
This is much harder to achieve with
HTTPS,<br>
> where you can't successfully
create a session with a spoofed IP.<br>
<br>
</span>True. But bots don't need to
spoof IPs. Nor recipients of IMG<br>
tags. What makes you think the so-called
DOS was based on spoofed IPs<br>
anyway? I don't think I made any mention
of it.<br>
<br>
Point being, excepting the very largest
destinations, it's not that<br>
hard to acquire more bot capacity than
your target's server capacity.<br>
<div>
<div><br>
<br>
Mark.<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div data-smartmail="gmail_signature">
<div dir="ltr">Simon Sharwood | JargonMaster Corporate
Communications |<br>
M +61 (0)414 37 37 26 |<br>
E <a href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a>
| W <a href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br>
24 North Street Marrickville NSW 2204 AUSTRALIA<br>
ABN: 14743763968<br>
Work blog: <a href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br>
Free/Busy details: <a href="http://www.jargonmaster.com/calendar/" target="_blank">http://www.jargonmaster.com/<wbr>calendar/</a><br>
I'm a member of <a href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and
a vExpert
<div><img src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png" height="131" width="200"><br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<br><br>
<hr style="border:none;color:#909090;background-color:#b0b0b0;min-height:1px;width:99%">
</div></div><table style="border-collapse:collapse;border:none">
<tbody><tr>
<td style="border:none;padding:0px 15px 0px 8px">
<a href="https://www.avast.com/antivirus" target="_blank">
<img border="0" src="http://static.avast.com/emails/avast-mail-stamp.png" alt="Avast logo">
</a>
</td>
<td>
<p style="color:#3d4d5a;font-family:"Calibri","Verdana","Arial","Helvetica";font-size:12pt"><span class="">
This email has been checked for viruses by Avast antivirus software.
<br></span><a href="https://www.avast.com/antivirus" target="_blank">www.avast.com</a>
</p>
</td>
</tr>
</tbody></table>
<br>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Simon Sharwood | JargonMaster Corporate Communications |<br>M +61 (0)414 37 37 26 |<br>E <a href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a> | W <a href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br>24 North Street Marrickville NSW 2204 AUSTRALIA<br>ABN: 14743763968<br>Work blog: <a href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br>Free/Busy details: <a href="http://www.jargonmaster.com/calendar/" target="_blank">http://www.jargonmaster.com/calendar/</a><br>I'm a member of <a href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and a vExpert<div><img src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png" width="200" height="131"><br></div></div></div>
</div>