anycast and ddos

• Previous message (by thread): The Cidr Report
• Next message (by thread): anycast and ddos
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

it seems that anycasting was quite insufficient to protect
netsol's service from being severely damaged (udp dead, tcp
worked) for a considerable length of time by a ddos [0] last
week [1].  it would be very helpful to other folk concerned
with service deployment to understand how the service in
question was/is anycast, and what might be done differently
to mitigate exposure of similar services.  

anyone have clues or is this ostrich city?  maybe a preso at
nanog would be educational.

randy

---

[0] - as it seems that the ddos sources were ip address
      spoofed (which is why the service still worked for
      tcp), i owe paul an apology for downplaying the
      immediacy of the need for source address filtering.

[1] - netsol is not admitting anything happened, of course
      <sigh>.  but we all saw the big splash as it hit the
      water, the bubbles as it sank, and the symptoms made
      the cause pretty clear.

• Previous message (by thread): The Cidr Report
• Next message (by thread): anycast and ddos
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]