On Tue, 22 Oct 2002 20:35:06 EDT, Jeff S Wheeler <jsw@five-elements.com> said:
performance this seems true. However, I did notice that several of the servers which are operated by VeriSign were not responding to at least a large, 50% or greater, fraction of test queries. Even so, VeriSign was good enough to chime in that their root servers were unaffected.
Did I mis-perceive this, or is it another bold-faced lie from VeriSign?
If a server that can handle 500K packets/sec is sitting behind a pipe that maxes out at 400K packets/sec, it won't be affected when the pipe is flooded. Most likely, half your packets were being dropped 2 or 3 hops from the server (where the DDoS starts converging from multiple sources). So we probably can't pin a "bold-faced lie" on VeriSign this time. Dissembling and misleading perhaps, but not a total lie (unless somebody can prove that the pipe still had capacity and wasn't dropping stuff) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech