NANOG list attack
briansupport at hotmail.com
Tue Oct 27 00:12:53 UTC 2015
Thank you Larry and Job for the responses, mitigation steps taken, and work to further resolve these kind of events.
Food for thought for the rest of us out there. Had there been a network attack on Sunday (for example) and several of these lists (multiple received this spam "attack") were switched to require a moderator to filter all emails manually. How quickly would information have gotten out through the networking community? No NANOG and Outages are not the only places I check or subscribe to but I DO check them to see if anyone else is reporting anything. And they are some of the places I would report real network problems to.
For me this didn't kill my weekend or destroy my ability to check my emails. I know for many others it didn't either.
I use my android mail client to group emails with the same subject and after checking multiple of them I didn't worry about those threads anymore. Yes I received several hundred emails about it but I was still able to function and watch for anything that came in that would note a threat to the network as a whole.
Maybe if this event has caused such a stir and inconvenience we should look at what we are doing and how we are doing it. These lists are tools that can be valuable to get information out to a large group of people. Anything that would block that I would consider a threat to the purpose of the list as well. This event caused blockage as well and the NANOG staff are looking into mitigation for that.
> To: nanog at nanog.org
> From: ljb at merit.edu
> Subject: NANOG list attack
> Date: Mon, 26 Oct 2015 15:17:37 -0400
> Just wanted to apologize for the attack over the weekend. The
> posts came from a email address that was subscribed to the list, so
> it was not subjected to moderation. While a filter was added
> to block further posts (which were made in a short time window),
> there were existing message queues that were not cleared in a
> timely basis.
> As Job Snijders (a fellow Communications Committee member) noted
> in an earlier post, we will be implementing some additional protection
> mechanisms to prevent this style of incident from happening again. We
> will be more aggressively moderating posts from addresses who have
> not posted recently, in addition to other filtering mechanisms.
> Larry Blunk
> NANOG Communications Committee
> Admins at nanog.org
More information about the NANOG