<p dir="ltr">Assuming they really did suffer a DDoS attack from overseas.</p>
<p dir="ltr">That appears to be an assumption which is proving hard to support...</p>
<div class="gmail_extra"><br><div class="gmail_quote">On 10 Aug 2016 4:50 PM, "J Williams" <<a href="mailto:jphwilliams@gmail.com">jphwilliams@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">In hindsight, they could have blocked international access via their upstream providers. This would have avoided almost all issues whilst still reaching almost all of the audience.<div><br></div><div>Regards,</div><div>Julian</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins <span dir="ltr"><<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Well here's the thing. Supposedly the Census site had capacity to serve say 10M Australian clients.<br><br></div>So if your architecture has its ducks in a row, you have a dedicated resource pool(s) for Australian IPs. Now someone has to come up with a botnet with > 10M Australian based IPs. <br><br>Any overseas botnet will just disable access for the stragglers resource pool, either overseas or on VPNs.<br><br></div><div>Get the architecture right, and the operations takes care of itself.<br></div><div><br></div>Kind regards<span><font color="#888888"><br><br></font></span></div><span><font color="#888888">Paul Wilkins<br></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 10 August 2016 at 16:03, Mark Delany <span dir="ltr"><<a href="mailto:g2x@juliet.emu.st" target="_blank">g2x@juliet.emu.st</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>> Mark,<br>
> If your point is that if an attacker can flood a server with traffic, the<br>
> DOS will succeed, then we agree.<br>
<br>
</span>There are plenty of other resources to exhaust besides traffic<br>
capacity, but ok.<br>
<span><br>
> The point is to ensure that your attacker has an upper limit to resources<br>
> available to them on the server. This is much harder to achieve with HTTPS,<br>
> where you can't successfully create a session with a spoofed IP.<br>
<br>
</span>True. But bots don't need to spoof IPs. Nor recipients of IMG<br>
tags. What makes you think the so-called DOS was based on spoofed IPs<br>
anyway? I don't think I made any mention of it.<br>
<br>
Point being, excepting the very largest destinations, it's not that<br>
hard to acquire more bot capacity than your target's server capacity.<br>
<div><div><br>
<br>
Mark.<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div></div>