[AusNOG] census issues tonight
Simon Sharwood
simon at jargonmaster.com
Wed Aug 10 18:33:59 EST 2016
FWIW I know several IBMers recently made redundant. They say that anyone on
decent money and with a couple of decades experience has been let go to
save on wages. The folks left behind are bright, but inexperienced. Which
may be why the mitigations discussed above weren't employed.
The thing that will be interesting in the washup is whether the
ABS/McGibbon ever admit this was hostile action.
McGibbon is currently saying DDOSes are not any form of attack, just a
blocking action. I think a truckies blockade is a better example. Or
perhaps a zombie truckie blockade.
One last thing: ever security vendor capable of spelling DDOS is contacting
media today saying they can explain this crisis away and keep you all out
of the headlines.
S.
On Wed, Aug 10, 2016 at 4:49 PM, J Williams <jphwilliams at gmail.com> wrote:
> In hindsight, they could have blocked international access via their
> upstream providers. This would have avoided almost all issues whilst still
> reaching almost all of the audience.
>
> Regards,
> Julian
>
> On Wed, Aug 10, 2016 at 4:11 PM, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>
>> Well here's the thing. Supposedly the Census site had capacity to serve
>> say 10M Australian clients.
>>
>> So if your architecture has its ducks in a row, you have a dedicated
>> resource pool(s) for Australian IPs. Now someone has to come up with a
>> botnet with > 10M Australian based IPs.
>>
>> Any overseas botnet will just disable access for the stragglers resource
>> pool, either overseas or on VPNs.
>>
>> Get the architecture right, and the operations takes care of itself.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On 10 August 2016 at 16:03, Mark Delany <g2x at juliet.emu.st> wrote:
>>
>>> > Mark,
>>> > If your point is that if an attacker can flood a server with traffic,
>>> the
>>> > DOS will succeed, then we agree.
>>>
>>> There are plenty of other resources to exhaust besides traffic
>>> capacity, but ok.
>>>
>>> > The point is to ensure that your attacker has an upper limit to
>>> resources
>>> > available to them on the server. This is much harder to achieve with
>>> HTTPS,
>>> > where you can't successfully create a session with a spoofed IP.
>>>
>>> True. But bots don't need to spoof IPs. Nor recipients of IMG
>>> tags. What makes you think the so-called DOS was based on spoofed IPs
>>> anyway? I don't think I made any mention of it.
>>>
>>> Point being, excepting the very largest destinations, it's not that
>>> hard to acquire more bot capacity than your target's server capacity.
>>>
>>>
>>> Mark.
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
--
Simon Sharwood | JargonMaster Corporate Communications |
M +61 (0)414 37 37 26 |
E simon at jargonmaster.com | W www.jargonmaster.com
24 North Street Marrickville NSW 2204 AUSTRALIA
ABN: 14743763968
Work blog: jargonmaster.wordpress.com
Free/Busy details: http://www.jargonmaster.com/calendar/
I'm a member of DHBC.org.au and a vExpert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/452d1ab5/attachment.html>
More information about the AusNOG
mailing list