One thing I'm curious about (mostly because I think it's a neat idea, and was wondering if anyone else thought so too).. would it cause problems, and more importantly would it solve potential problems, to put some/most/all of the root servers (and maybe gtld-servers too) into an AS112-like config? It would seem to me like that would give the benefits of being able to spread the load around without making the list of root servers any larger, would make any kind of ddos on the root servers just that much more difficult to do, and might just increase speed/performance (for those 8 times a week when you actually use them) Is it a problem that's even worth looking at? Is it a solution that's worse (for some reason I haven't noticed yet) than the problem? Thoughts? -Joe Patterson
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Greg Pendergrass Sent: Wednesday, October 23, 2002 10:31 AM To: 'Nanog@Merit. Edu' Subject: RE: WP: Attack On Internet Called Largest Ever
It's universally agreed that the articles have mostly been blown out of proportion and dramatized, but that doesn't mean that attacks against the root servers can't be successful. Future attacks will be stronger and more organized. So how do we protect the root servers from future attack?
There has been a lot about what did not happen yesterday, but how about some details about what did happen? Was it a ping flood, syn-flood, smurf, or some combination of types? Were the zombie machines windows, linux, or both? Some of the root servers were affected more than others, why? Was it that there was more ddos traffic directed at them, or that they had less hardware and network resources?
- Greg Pendergrass