[AusNOG] Global internet slows after 'biggest attack in history'
Joshua D'Alton
joshua at railgun.com.au
Thu Mar 28 16:49:40 EST 2013
Never mind, if they are subnets then 108k x 200 = 21 mil, but that does
still seem high. That would imply the majority of those subnets are running
open resolvers on the majority of the IPs in those subnets. Seems unlikely,
but can't argue with the facts if that is the case. But some explanation
might be useful :)
On Thu, Mar 28, 2013 at 4:45 PM, Joshua D'Alton <joshua at railgun.com.au>wrote:
> Hey Tom, are you sure those numbers for open resolvers is correct?
>
> Based on the list on
> http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html I don't count anywhere near a million let alone 21.7? I count 108418 on
> that list.
>
>
>
> On Thu, Mar 28, 2013 at 2:13 PM, Tom Paseka <tom at cloudflare.com> wrote:
>
>> Sure, 300Gbps isn't that much in the scheme of things. But 300Gbps new
>> traffic without any notice is a big deal for anyone. Even the Tier-1s.
>>
>> Australia's international capacity is much higher than 300Gbps - yes, but
>> not in lit and untilised capacity. You're also right in that these attacks
>> were in 4-5 hours. In the past, we've seen sustained 75Gbps for 3 weeks.
>>
>> Mitigations are not always possible, especially when the attacks are
>> pointed at critical infrastructure, or infrastructure that can't be changed
>> easily (as has been the case here).
>>
>> So while its not a physical cut, like the death of a telephone
>> exchange, it'd cause a lot of headaches for the ISPs getting attacked.
>>
>>
>> On Wed, Mar 27, 2013 at 7:50 PM, Damian Guppy <the.damo at gmail.com> wrote:
>>
>>> You need to keep in mind that the worse that Cloudflare makes this
>>> attack seem, the better it makes them look for being able to mitigate it.
>>> 300gbps is actually not that much on the scale of global backbone traffic
>>> (the actualy amount of traffic hitting cloudflare only reached 120Gbps
>>> anyway), Australia has much higher international capacity than that. Also
>>> DDOS attacks are rearly sustained over more than a few hours, in the case
>>> of the cloudflare attack it was more like waves of attacks lasting 4-5
>>> hours each, some big some small.
>>>
>>> If some one pointed that kind of botnet attack at Australia the impact
>>> might be degraded internet speeds on some ISP's for a few hours until
>>> either the attack started to subside or for the ISP's NOC (and their
>>> upstream providers - they dont want to carry the traffic any more than the
>>> ISP does) to implement mitigations. You certainly would not be without
>>> total internet access for weeks and weeks on end like what happens if a
>>> critical exchange burns to the ground.
>>>
>>> --Damian
>>>
>>>
>>> On Thu, Mar 28, 2013 at 8:52 AM, Tom Paseka <tom at cloudflare.com> wrote:
>>>
>>>> Definitely. Some ISPs may have enough capacity to soak up this traffic
>>>> internationally, but not to carry it to Australia.
>>>>
>>>> On Wed, Mar 27, 2013 at 5:18 PM, Joshua D'Alton <joshua at railgun.com.au>wrote:
>>>>
>>>>> Nice writeup.
>>>>>
>>>>> It seems they are focusing alot on the open resolver issue, but that
>>>>> is only half or 1/3rd of the coin. The other problem is people being able
>>>>> to send all these forged packets in the first place, and beyond that, have
>>>>> so many tcp connections.
>>>>>
>>>>> There are only a few ISPs globally outside of the tier1 and some tier2
>>>>> that could handle such an attack, I think telstra (and subsequently all AU
>>>>> isps) would crumble easily under such an attack, and I might be wrong,
>>>>> please someone tell me I am, but we could be hit at any moment and with
>>>>> ramifications far above that of the Warnambool fire?
>>>>>
>>>>>
>>>>> On Thu, Mar 28, 2013 at 7:44 AM, Peter Adkins <
>>>>> peter.adkins at kernelpicnic.net> wrote:
>>>>>
>>>>>> There's an interesting write up on the matter on the CloudFlare blog
>>>>>> at the moment -
>>>>>> http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
>>>>>>
>>>>>> (The Massive Attack picture is a nice touch).
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 28, 2013 at 1:29 AM, ComKal Networks <admin at comkal.com.au
>>>>>> > wrote:
>>>>>>
>>>>>>> <http://www.bbc.co.uk/news/technology-21954636>
>>>>>>>
>>>>>>> <QUOTE>
>>>>>>> The internet around the world has been slowed down in what security
>>>>>>> experts are describing as the biggest cyber-attack of its kind in history.
>>>>>>> </QUOTE>
>>>>>>>
>>>>>>>
>>>>>>> Cheers
>>>>>>> Ian Manners
>>>>>>> ComKal Networks Australia
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130328/331e5c97/attachment.html>
More information about the AusNOG
mailing list