DDoS attacks

Vivien M. vivienm at dyndns.org
Thu Jul 12 03:53:29 UTC 2001


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> John Fraizer
> Sent: July 11, 2001 11:23 PM
> To: Timothy Brown
> Cc: nanog at merit.edu
> Subject: Re: DDoS attacks
>
>
> Really?  Strange.  I can.  And just so nobody is mistaken, 100% of my
> sarcasm resulted in some IRC person whining to the NANOG list VS
> contacting the NOCs of networks in question directly.

He's not the first one to have posted NANOG asking "Can someone from
$NETWORK contact me please?"... Oftentimes if you're being ignored through
normal channels, it's probably a good enough method, since someone from
every single network seems to lurk around here.

> > Your comments do not help this situation whatsoever; if you do
> not like IRC,
> > feel free to rant in your own private forums rather than on a list for
> > network operators.
>
> My comments helped me substantially.  I feel MUCH better!  If they want to
> whine about their IRC network being DDoS'd, they should do it on their IRC
> network and NOT on the North American Network Operators Group mailing
> list.  OOPS!  I almost forgot.  They're being DDoS'd.  They probably can't
> even log onto their IRC servers.  Too bad.  Maybe they'll use this as an
> excuse to perhaps expose themselfs to fresh air (as in OUTSIDE THEIR
> HOMES.)  We can only hope.

Hmmm. Tell me, why can't we s/IRC network/AS13944/ and also s/They/John/ and
apply it to your network?

The issue here is simple: these people are trying to provide a service, one
that's fairly popular and also very easily abused (hmmm, reminds me of large
binaries on Usenet, but that's besides the point). They're getting DDoSed.

Tell me, with your attitude, do you expect people to help you if someone on
your network gets DDoSed? I mean, what makes your customers more important
to the rest of the universe than those people's IRC server? (And I should
mention that IRC server is someone's customer too, somewhere)

> > No matter what you may think about IRC, or EFNet in particular,
> it should
> > be accorded at least your professional courtesy.  IRC (EFNet) has been
>
> Excuse me?  I'm not condoning ANY attack.  If they MUST attack something,
> I'd rather it be IRC then anything else I can think of.

You seem to be condoning the attack, actually. You're saying above: "Great.
Too bad those people are being DDoSed, maybe they can go outside and get a
life." That doesn't strike me like an anti-DDoS stance.

Remember, their IRC servers and your customers' servers both speak IP...

> > It is as real a service provided on the Internet as the Web or anonymous
> > FTP sites.
>
> OK.  If you say so.  (Bwahahahahah!)

Well, I say so too. Of _course_, for each of us, it seems that what matters
is only what we provide and our own networks, it seems (I guess humans'
natural instictive selfishness applies to network operators). Let's see
here: if 66.37.218.192/27 was to vanish, would you care much? would I care
much about 66.35.64.0/19 disappearing? Sadly, probably not, but we both
should care about each other's networks at least somewhat, because whatever
makes 66.37.218.192/27 go byebye may make 66.35.64.0/19 melt the next day.

> Running an IRCd is not any better.  It's BEGGING to be attacked.  I don't
> feel the slightest bit sorry for you.

And what do you propose to do about running ircd being begging to be
attacked? For all we know, in a week from now, it could be running httpd or
a DNS server that could be the target. We've already seen it once when a
whole bunch of major web sites were the target for a week or so, and I'm
fairly sure it could be MUCH worse.

> > If you do not define EFNet as critical, that is one thing.  But
> the attacks
> > on one IRC network could grow to encompass any other IRC
> network, or any other
> > service on the Internet.
>
> I don't define *ANY* IRC network as critical.

I don't define AS13944 as critical, either... As I said above, everyone's
definition of critical seems to revolve around their own network and perhaps
extends to a few hops beyond their borders.

> > I'm reiterating the obvious here, since you do not seem to possess
> > enough clue to get it yourself.  The times, they are a'changin'.
>
> You're funny.

So are you. :) I'm glad all of us here have a good sense of humour.

> I have NEVER gotten a SINGLE complaint from a SINGLE lUSER who couldn't
> get to an IRC network.  I don't anticipate it happening any time soon.

You're lucky, then... Every large ISP that I've seen (usually with an
incompetent abuse department) that gets blocked from $MAJOR_IRC_NETWORK
generally has a number of angry complaining users very soon.

Vivien
--
Vivien M.
vivienm at dyndns.org
Assistant System Administrator
Dynamic DNS Network Services
http://www.dyndns.org/




More information about the NANOG mailing list