WP: Attack On Internet Called Largest Ever

• Previous message (by thread): WP: Attack On Internet Called Largest Ever
• Next message (by thread): WP: Attack On Internet Called Largest Ever
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Let me chime in with some of what I've been telling reporters all day.

> I did notice that Paul was quoted as stating essentially that F was not
> impacted.  From my own experience and numerous folks who monitor DNS
> performance this seems true.  However, I did notice that several of the
> servers which are operated by VeriSign were not responding to at least a
> large, 50% or greater, fraction of test queries.  Even so, VeriSign was
> good enough to chime in that their root servers were unaffected.
> 
> Did I mis-perceive this, or is it another bold-faced lie from VeriSign?

I had congestion-free access to A and J throughout yesterday, so from my
point of view VeriSign's servers were just fine.  (A and J are not in this
building nor even in this state or timezone, so it wasn't a locality issue.)

DDoS attacks often end up hurting intermediate links in the path more than
the destination of the flow.  Determining whether a root name server has
"reachability" requires dozens, or hundreds, of diverse monitors.

Yesterday's attack was only visible to people who monitor root servers or
whose backbones feed root servers -- whereas the average person who just
wanted to use DNS to get their work done didn't seem to notice it at all.
-- 
Paul Vixie

• Previous message (by thread): WP: Attack On Internet Called Largest Ever
• Next message (by thread): WP: Attack On Internet Called Largest Ever
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]