Death of the Internet, Film at 11

Jean-Francois Mezei jfmezei_nanog at vaxination.ca
Sat Oct 22 23:22:04 UTC 2016


On 2016-10-22 18:35, Ray Van Dolson wrote:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__hub.dyn.com_dyn-2Dblog_dyn-2Dstatement-2Don-2D10-2D21-2D2016-2Dddos-2Dattack&d=DQIBAg&c=n6-cguzQvX_tUIrZOS_4Og&r=r4NBNYp4yEcJxC11Po5I-w&m=iGvkbfzRJPqKO1A6YGa-c1m0RBLNkRk03hCjvVGTH3k&s=bScBNFncB3kt_cG0L3iys0mfXBmwwUR7A8rIDmi94D4&e= 

Thanks for the link.

10s of millons of IP addresses. Is it realistic to have 10s of millions
of infected devices ? Or is that the dense smoke that points to IP
spoofing ?

re: newspaper reports: how did Flashpoint obtain enough details, while
attack was ongoing to be able to draw conclusions told to the media ? Or
was it educated speculation ?

Obviously, Dyn had packet contents to look at and range of IPs being
used etc. Would such a company typically release that info to a trusted
investigator "as it happens" ? (would Flashpoint be such an outfit ?)

Did the attack generate valid DNS queries (overwhelm the servers) or
flood the links with long "random" UDP packets (overwhel the links).


While I can understand that mitigation methods can be seen as
"proprietary", releasing info on the specifics of the attack would help
any/all neteowkrs and data centres better protect themselves.

Assuming hackers don't talk to each others in the 21st century is silly.
They already know how this was done, yet the victims typically remain
silent for fear of educating the hackers for more attacks.



More information about the NANOG mailing list