[AusNOG] Global internet slows after 'biggest attack in history'

Tom Paseka tom at cloudflare.com
Thu Mar 28 16:49:27 EST 2013


Hi Joshua,

I'm sure: http://openresolverproject.org/

"We have collected a list of 27 million resolvers that respond to queries
in some fashion. 25 million of these pose a significant threat (as of
24-MAR-2013)."


On Wed, Mar 27, 2013 at 10:45 PM, Joshua D'Alton <joshua at railgun.com.au>wrote:

> Hey Tom, are you sure those numbers for open resolvers is correct?
>
> Based on the list on
> http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html I don't count anywhere near a million let alone 21.7? I count 108418 on
> that list.
>
>
>
> On Thu, Mar 28, 2013 at 2:13 PM, Tom Paseka <tom at cloudflare.com> wrote:
>
>> Sure, 300Gbps isn't that much in the scheme of things. But 300Gbps new
>> traffic without any notice is a big deal for anyone. Even the Tier-1s.
>>
>> Australia's international capacity is much higher than 300Gbps - yes, but
>> not in lit and untilised capacity. You're also right in that these attacks
>> were in 4-5 hours.  In the past, we've seen sustained 75Gbps for 3 weeks.
>>
>> Mitigations are not always possible, especially when the attacks are
>> pointed at critical infrastructure, or infrastructure that can't be changed
>> easily (as has been the case here).
>>
>>  So while its not a physical cut, like the death of a telephone
>> exchange, it'd cause a lot of headaches for the ISPs getting attacked.
>>
>>
>> On Wed, Mar 27, 2013 at 7:50 PM, Damian Guppy <the.damo at gmail.com> wrote:
>>
>>> You need to keep in mind that the worse that Cloudflare makes this
>>> attack seem, the better it makes them look for being able to mitigate it.
>>> 300gbps is actually not that much on the scale of global backbone traffic
>>> (the actualy amount of traffic hitting cloudflare only reached 120Gbps
>>> anyway), Australia has much higher international capacity than that. Also
>>> DDOS attacks are rearly sustained over more than a few hours, in the case
>>> of the cloudflare attack it was more like waves of attacks lasting 4-5
>>> hours each, some big some small.
>>>
>>> If some one pointed that kind of botnet attack at Australia the impact
>>> might be degraded internet speeds on some ISP's for a few hours until
>>> either the attack started to subside or for the ISP's NOC (and their
>>> upstream providers - they dont want to carry the traffic any more than the
>>> ISP does) to implement mitigations. You certainly would not be without
>>> total internet access for weeks and weeks on end like what happens if a
>>> critical exchange burns to the ground.
>>>
>>> --Damian
>>>
>>>
>>> On Thu, Mar 28, 2013 at 8:52 AM, Tom Paseka <tom at cloudflare.com> wrote:
>>>
>>>> Definitely. Some ISPs may have enough capacity to soak up this traffic
>>>> internationally, but not to carry it to Australia.
>>>>
>>>> On Wed, Mar 27, 2013 at 5:18 PM, Joshua D'Alton <joshua at railgun.com.au>wrote:
>>>>
>>>>> Nice writeup.
>>>>>
>>>>> It seems they are focusing alot on the open resolver issue, but that
>>>>> is only half or 1/3rd of the coin. The other problem is people being able
>>>>> to send all these forged packets in the first place, and beyond that, have
>>>>> so many tcp connections.
>>>>>
>>>>> There are only a few ISPs globally outside of the tier1 and some tier2
>>>>> that could handle such an attack, I think telstra (and subsequently all AU
>>>>> isps) would crumble easily under such an attack, and I might be wrong,
>>>>> please someone tell me I am, but we could be hit at any moment and with
>>>>> ramifications far above that of the Warnambool fire?
>>>>>
>>>>>
>>>>> On Thu, Mar 28, 2013 at 7:44 AM, Peter Adkins <
>>>>> peter.adkins at kernelpicnic.net> wrote:
>>>>>
>>>>>> There's an interesting write up on the matter on the CloudFlare blog
>>>>>> at the moment -
>>>>>> http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
>>>>>>
>>>>>> (The Massive Attack picture is a nice touch).
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 28, 2013 at 1:29 AM, ComKal Networks <admin at comkal.com.au
>>>>>> > wrote:
>>>>>>
>>>>>>> <http://www.bbc.co.uk/news/technology-21954636>
>>>>>>>
>>>>>>> <QUOTE>
>>>>>>> The internet around the world has been slowed down in what security
>>>>>>> experts are describing as the biggest cyber-attack of its kind in history.
>>>>>>> </QUOTE>
>>>>>>>
>>>>>>>
>>>>>>> Cheers
>>>>>>> Ian Manners
>>>>>>> ComKal Networks Australia
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130327/f8925750/attachment.html>


More information about the AusNOG mailing list