<span style="font-family: Arial, Helvetica, Sans-Serif; font-size: 12px"><div>Let's just say its a very successfull 'attempt' at an attack! :)
<div> </div>
<hr align="center" size="2" width="100%" />
<div><span style="font-family: tahoma,arial,sans-serif; font-size: 10pt;"><b>From</b>: "Simon Sharwood" <simon@jargonmaster.com><br />
<b>Sent</b>: 10 August 2016 19:11<br />
<b>To</b>: "Alan Maher" <alanmaher@gmail.com><br />
<b>Cc</b>: "ausnog@lists.ausnog.net" <ausnog@lists.ausnog.net><br />
<b>Subject</b>: Re: [AusNOG] census issues tonight</span>
<div> </div>
<div dir="ltr">Don't bet on the PR blurb.
<div> </div>
<div>IBM isn't responding to anyone. the gummint won't say anything cogent. the talking points are clearly to say this is not an attack. If not, WTF is it?</div>
<div> </div>
<div>S.</div>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Aug 10, 2016 at 7:04 PM, Alan Maher <span dir="ltr"><<a href="mailto:alanmaher@gmail.com" target="_blank">alanmaher@gmail.com</a>></span> wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I am familiar with this. IBM stands for "I've Been Moved". In fact, I have almost forgotten the number of IBM reunions that I have seen.</p>
<p>Ultimately, the cause will be investigated, sanitised, and eventually released as a PR Blurb. This par for any Govt. around the globe.</p>
<p>Why do I not seem surprised? Seen it all before, more than once.</p>
<div>
<div class="h5">
<div>On 10/08/2016 8:33 p.m., Simon Sharwood wrote:</div>
<blockquote type="cite">
<div dir="ltr">FWIW I know several IBMers recently made redundant. They say that anyone on decent money and with a couple of decades experience has been let go to save on wages. The folks left behind are bright, but inexperienced. Which may be why the mitigations discussed above weren't employed.
<div> </div>
<div>The thing that will be interesting in the washup is whether the ABS/McGibbon ever admit this was hostile action.</div>
<div> </div>
<div>McGibbon is currently saying DDOSes are not any form of attack, just a blocking action. I think a truckies blockade is a better example. Or perhaps a zombie truckie blockade.</div>
<div> </div>
<div>One last thing: ever security vendor capable of spelling DDOS is contacting media today saying they can explain this crisis away and keep you all out of the headlines. </div>
<div> </div>
<div>S.</div>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Aug 10, 2016 at 4:49 PM, J Williams <span dir="ltr"><<a href="mailto:jphwilliams@gmail.com" target="_blank">jphwilliams@gmail.com</a>></span> wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">In hindsight, they could have blocked international access via their upstream providers. This would have avoided almost all issues whilst still reaching almost all of the audience.
<div> </div>
<div>Regards,</div>
<div>Julian</div>
</div>
<div>
<div>
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins <span dir="ltr"><<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>></span> wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Well here's the thing. Supposedly the Census site had capacity to serve say 10M Australian clients.<br />
</div>
So if your architecture has its ducks in a row, you have a dedicated resource pool(s) for Australian IPs. Now someone has to come up with a botnet with > 10M Australian based IPs.<br />
<br />
Any overseas botnet will just disable access for the stragglers resource pool, either overseas or on VPNs.<br />
</div>
<div>Get the architecture right, and the operations takes care of itself.</div>
<div> </div>
Kind regards<br />
</div>
<span><font color="#888888">Paul Wilkins</font></span></div>
<div>
<div>
<div class="gmail_extra">
<div class="gmail_quote">On 10 August 2016 at 16:03, Mark Delany <span dir="ltr"><<a href="mailto:g2x@juliet.emu.st" target="_blank">g2x@juliet.emu.st</a>></span> wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>> Mark,<br />
> If your point is that if an attacker can flood a server with traffic, the<br />
> DOS will succeed, then we agree.</span><br />
<br />
There are plenty of other resources to exhaust besides traffic<br />
capacity, but ok.<br />
<br />
<span>> The point is to ensure that your attacker has an upper limit to resources<br />
> available to them on the server. This is much harder to achieve with HTTPS,<br />
> where you can't successfully create a session with a spoofed IP.</span><br />
<br />
True. But bots don't need to spoof IPs. Nor recipients of IMG<br />
tags. What makes you think the so-called DOS was based on spoofed IPs<br />
anyway? I don't think I made any mention of it.<br />
<br />
Point being, excepting the very largest destinations, it's not that<br />
hard to acquire more bot capacity than your target's server capacity.
<div>
<div><br />
<br />
Mark.<br />
______________________________<wbr />_________________<br />
AusNOG mailing list<br />
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br />
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr />n/listinfo/ausnog</a></div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<br />
______________________________<wbr />_________________<br />
AusNOG mailing list<br />
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br />
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr />n/listinfo/ausnog</a><br />
</blockquote>
</div>
</div>
</div>
</div>
<br />
______________________________<wbr />_________________<br />
AusNOG mailing list<br />
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br />
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr />n/listinfo/ausnog</a><br />
</blockquote>
</div>
<div> </div>
--
<div data-smartmail="gmail_signature">
<div dir="ltr">Simon Sharwood | JargonMaster Corporate Communications |<br />
M +61 (0)414 37 37 26 |<br />
E <a href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a> | W <a href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br />
24 North Street Marrickville NSW 2204 AUSTRALIA<br />
ABN: 14743763968<br />
Work blog: <a href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br />
Free/Busy details: <a href="http://www.jargonmaster.com/calendar/" target="_blank">http://www.jargonmaster.com/<wbr />calendar/</a><br />
I'm a member of <a href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and a vExpert
<div><img alt="" height="131" src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png" width="200" /></div>
</div>
</div>
</div>
<fieldset> </fieldset>
<pre>
______________________________<wbr />_________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr />mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br />
<br />
<hr style="border:none;color:#909090;background-color:#b0b0b0;min-height:1px;width:99%" /></div>
</div>
<table style="border-collapse:collapse;border:none">
<tbody>
<tr>
<td style="border:none;padding:0px 15px 0px 8px"><a href="https://www.avast.com/antivirus" target="_blank"><img alt="Avast logo" border="0" src="http://static.avast.com/emails/avast-mail-stamp.png" /> </a></td>
<td>
<p style="color:#3d4d5a;font-family:"Calibri","Verdana","Arial","Helvetica";font-size:12pt"><span>This email has been checked for viruses by Avast antivirus software. </span><br />
<a href="https://www.avast.com/antivirus" target="_blank">www.avast.com</a></p>
</td>
</tr>
</tbody>
</table>
</div>
</blockquote>
</div>
<div> </div>
--
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">Simon Sharwood | JargonMaster Corporate Communications |<br />
M +61 (0)414 37 37 26 |<br />
E <a href="mailto:simon@jargonmaster.com" target="_blank">simon@jargonmaster.com</a> | W <a href="http://www.jargonmaster.com" target="_blank">www.jargonmaster.com</a><br />
24 North Street Marrickville NSW 2204 AUSTRALIA<br />
ABN: 14743763968<br />
Work blog: <a href="http://jargonmaster.wordpress.com" target="_blank">jargonmaster.wordpress.com</a><br />
Free/Busy details: <a href="http://www.jargonmaster.com/calendar/" target="_blank">http://www.jargonmaster.com/calendar/</a><br />
I'm a member of <a href="http://DHBC.org.au" target="_blank">DHBC.org.au</a> and a vExpert
<div><img alt="" height="131" src="https://communities.vmware.com/servlet/JiveServlet/download/26788-1-122263/vExpert-2014-Badge.png" width="200" /></div>
</div>
</div>
</div>
<p>Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.<br />
<a href="http://www.mailguard.com.au/mg">http://www.mailguard.com.au/mg</a></p>
<br />
<a href="https://console.mailguard.com.au/ras/1P15yB5QLv/550HfatvSxuQcg3gxSZ51b/0.222">Report this message as spam</a> <!-- MailGuard Message ID: 57aaefa6a436f9 - use this number for reporting --> <br />
<br />
</div>
</div></span>