Multi ISP DDOS

Martin Hannigan hannigan at renesys.com
Fri May 5 00:21:04 UTC 2006 

At 07:16 PM 5/4/2006, william(at)elan.net wrote:


>On Thu, 4 May 2006, Martin Hannigan wrote:
>
>>At 11:15 AM 5/3/2006, John Levine wrote:
>>> >Uh. Who let the Frog out?
>>> >
>>> >http://www.wired.com/news/technology/internet/0,70798-0.html?tw=r 
>>> ss .technology
>>>It's all explained here:
>>>http://weblog.johnlevine.com/2006/05/03
>>
>>And this just hit wires with quotes from Renesys and SANS ISC.
>>
>>http://www.infoworld.com/article/06/05/04/78074_HNbluesecurityddos_1.html
>
>I hate to be the bearer of bad news to spammers :) but based on
>bluesecurity's tactics I can make a guess about attitude of their
>people and its such that DoS attack on them will only cause them
>more determination to continue and I suspect to majority of their 
>users as well (and publicity is also likely to bring them more users).
>
>Moving the site to TypePad was incorrect way of dealing with attack
>though; but its actually not the first time I've heard of the site
>using a blog as temporary page while their primary site is down due
>to DoS... - some education on what blogs are good for is in order.
>But as it is looks like bluesecurity is moving to prolexic which
>claim to deal with just such situations.


I hate to be the bearer of bad news to BS' VC's, but BS moving their
DNS to UltraDNS and hosting to Prolexic was likely not part of the business
plan. "They ain't cheap". The spammers can now theoretically force them
to spend all time and all their money responding to attacks.

The killer here is that they asked a lot of people a year ago whether this
was a good idea and everyone said no. Read John Levine's blog and pointer to a
few of his previous articles. He wasn't the only person they asked. There's a
WHOLE lot more to this than is public.

Spammers: 2 Blue Security: 0
NANOG: -2 (vigilante time sink)


-M<








--
Martin Hannigan                                (c) 617-388-2663
Renesys Corporation                            (w) 617-395-8574
Member of Technical Staff                      Network Operations
                                                hannigan at renesys.com

More information about the NANOG mailing list