Since we're on the topic of DoS. What best practice actions can be taken AFTER such an attack?
Subject: Re: he.net down? From: patrick@ianai.net Date: Mon, 3 Oct 2011 19:33:10 -0400 To: nanog@nanog.org
On Oct 3, 2011, at 7:25 PM, Nate Itkin wrote:
On Mon, Oct 03, 2011 at 11:14:03PM +0000, Michael J McCafferty wrote:
Our session with them is up and down at Any2 at OWB.
------Original Message------ From: Aiden Sullivan To: nanog@nanog.org Subject: he.net down? Sent: Oct 3, 2011 3:35 PM
www.he.net seems to be down on both IPv4 and IPv6 -- does anyone know what is going on? -- Aiden Sent from my Verizon Wireless BlackBerry
Blaming DDOS. http://status.linode.com
"The incident was a probable DDOS attack, but its behavior was unusual and difficult to identify. Our network engineers made some adjustments to the DOS countermeasures acquired after last week's incident, and that seems to have stabilized traffic flow. We apologize for the inconvenience. -Ben Larsen Hurricane Electric Internet Services"
Some supporting evidence would be nice.
Exactly what do you expect a network which is attacked to post to NANOG, or a random web page, to "prove" they were attacked? Given the 1000s of network outages over the last decade, I can think of maybe a handful that supplied "supporting evidence".
As I said before, Mike & the gang at HE are stand-up people. If they said it was a DoS, it was a DoS - although I note they did not say it was a DoS, just probably a DoS. But I extend my faith if their lack of prevarication to even statement as well. In fact, it speaks well that they are being equivocal until they are certain themselves.
-- TTFN, patrick