<div dir="ltr">FWIW I know several IBMers recently made redundant. They say that anyone on decent money and with a couple of decades experience has been let go to save on wages. The folks left behind are bright, but inexperienced. Which may be why the mitigations discussed above weren't employed.<div><br></div><div>The thing that will be interesting in the washup is whether the ABS/McGibbon ever admit this was hostile action.</div><div><br></div><div>McGibbon is currently saying DDOSes are not any form of attack, just a blocking action. I think a truckies blockade is a better example. Or perhaps a zombie truckie blockade.</div><div><br></div><div>One last thing: ever security vendor capable of spelling DDOS is contacting media today saying they can explain this crisis away and keep you all out of the headlines. </div><div><br></div><div>S.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 10, 2016 at 4:49 PM, J Williams <span dir="ltr"><<a href="mailto:jphwilliams@gmail.com" target="_blank">jphwilliams@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">In hindsight, they could have blocked international access via their upstream providers. This would have avoided almost all issues whilst still reaching almost all of the audience.<div><br></div><div>Regards,</div><div>Julian</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins <span dir="ltr"><<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Well here's the thing. Supposedly the Census site had capacity to serve say 10M Australian clients.<br><br></div>So if your architecture has its ducks in a row, you have a dedicated resource pool(s) for Australian IPs. Now someone has to come up with a botnet with > 10M Australian based IPs. <br><br>Any overseas botnet will just disable access for the stragglers resource pool, either overseas or on VPNs.<br><br></div><div>Get the architecture right, and the operations takes care of itself.<br></div><div><br></div>Kind regards<span><font color="#888888"><br><br></font></span></div><span><font color="#888888">Paul Wilkins<br></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 10 August 2016 at 16:03, Mark Delany <span dir="ltr"><<a href="mailto:g2x@juliet.emu.st" target="_blank">g2x@juliet.emu.st</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>> Mark,<br>
> If your point is that if an attacker can flood a server with traffic, the<br>
> DOS will succeed, then we agree.<br>
<br>
</span>There are plenty of other resources to exhaust besides traffic<br>
capacity, but ok.<br>
<span><br>
> The point is to ensure that your attacker has an upper limit to resources<br>
> available to them on the server. This is much harder to achieve with HTTPS,<br>
> where you can't successfully create a session with a spoofed IP.<br>
<br>
</span>True. But bots don't need to spoof IPs. Nor recipients of IMG<br>
tags. What makes you think the so-called DOS was based on spoofed IPs<br>
anyway? I don't think I made any mention of it.<br>
<br>
Point being, excepting the very largest destinations, it's not that<br>
hard to acquire more bot capacity than your target's server capacity.<br>
<div><div><br>
<br>
Mark.<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Simon Sharwood | JargonMaster Corporate Communications |<br>M +61 (0)414 37 37 26 |<br>E <a href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a> | W <a href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br>24 North Street Marrickville NSW 2204 AUSTRALIA<br>ABN: 14743763968<br>Work blog: <a href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br>Free/Busy details: <a href="http://www.jargonmaster.com/calendar/" target="_blank">http://www.jargonmaster.com/calendar/</a><br>I'm a member of <a href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and a vExpert<div><img src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png" width="200" height="131"><br></div></div></div>
</div>