WP: Attack On Internet Called Largest Ever
Paul Vixie
vixie at vix.com
Wed Oct 23 01:11:04 UTC 2002
Let me chime in with some of what I've been telling reporters all day.
> I did notice that Paul was quoted as stating essentially that F was not
> impacted. From my own experience and numerous folks who monitor DNS
> performance this seems true. However, I did notice that several of the
> servers which are operated by VeriSign were not responding to at least a
> large, 50% or greater, fraction of test queries. Even so, VeriSign was
> good enough to chime in that their root servers were unaffected.
>
> Did I mis-perceive this, or is it another bold-faced lie from VeriSign?
I had congestion-free access to A and J throughout yesterday, so from my
point of view VeriSign's servers were just fine. (A and J are not in this
building nor even in this state or timezone, so it wasn't a locality issue.)
DDoS attacks often end up hurting intermediate links in the path more than
the destination of the flow. Determining whether a root name server has
"reachability" requires dozens, or hundreds, of diverse monitors.
Yesterday's attack was only visible to people who monitor root servers or
whose backbones feed root servers -- whereas the average person who just
wanted to use DNS to get their work done didn't seem to notice it at all.
--
Paul Vixie
More information about the NANOG
mailing list