On Wed, 09 February 2000, Declan McCullagh wrote:
From my perspective, corporations are filtering information through clueless PR flacks to a (relatively clueless) media. I can't buy that sites hit by an attack 48 hours ago "have no idea what is going on." If that's the case, some people need to be fired real quick.
I'm not too concerned about clueless media and PR flacks. But at NANOG I spoke with several people I thought would know, who didn't. I didn't talk to any GlobalCenter folks because I couldn't find any. They disappeared on Monday. But I did speak with several security people with other providers, and they hadn't heard any confirmed technical details. Just speculation about what had happened. In particular, everyone was wondering what made the attack so hard to detect as a DoS. Ok, I know, I don't work at an ISP anymore, so I'm not a member of the club. I think several departments at WorldCom are under orders not to speak to me. But instead I found the security folks at other providers were happy to talk about it, but didn't know any more than me. This worries me.
On 9 Feb 2000, Sean Donelan wrote:
But at NANOG I spoke with several people I thought would know, who didn't. I didn't talk to any GlobalCenter folks because I couldn't find any. They disappeared on Monday. But I did speak with several security people with other providers, and they hadn't heard any confirmed technical details. Just speculation about what had happened. In particular, everyone was wondering what made the attack so hard to detect as a DoS.
I don't get the impression that the attacks are hard to detect from what I've heard. What I have heard is that it's been hard to get people to react and do so in a timely and proper manner.
Ok, I know, I don't work at an ISP anymore, so I'm not a member of the club. I think several departments at WorldCom are under orders not to speak to me. But instead I found the security folks at other providers were happy to talk about it, but didn't know any more than me. This worries me.
I'd be worried if they didn't have theories or know about the known DDoS attacks, but not if they didn't have specifics. Tier1 NSP's seem to be very tight lipped about these sorts of things when they are the victim. I'm sure there are GC employees on this list, but none have come forward to give any details. Could be a gag order, which wouldn't shock me at all. Hopefully we'll know something eventually, but for now we're all mushrooms when it comes to official information. -- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate - "I hack, therefore I am."
On Wed, 09 February 2000, Declan McCullagh wrote:
From my perspective, corporations are filtering information through clueless PR flacks to a (relatively clueless) media. I can't buy that sites hit by an attack 48 hours ago "have no idea what is going on." If that's the case, some people need to be fired real quick.
I'm not too concerned about clueless media and PR flacks.
But at NANOG I spoke with several people I thought would know, who didn't. I didn't talk to any GlobalCenter folks because I couldn't find any. They disappeared on Monday. But I did speak with several security people with other providers, and they hadn't heard any confirmed technical details. Just speculation about what had happened. In particular, everyone was wondering what made the attack so hard to detect as a DoS.
I ran into half a dozen GC folks while I was there both Monday and Tuesday. On Monday, of course, most of them get paged back to the office to deal with the problem and later spent time writing up incident reports. However, as expected so soon after such an event, they did not desire very much information to be let loose since they had not yet finished correlating everything and had not yet finished their discussions with yahoo on what occured. As for now, well, I too would be interested in learning exactly what happened (which attack, roughly how many relays, secondary effects, etc) but the chances of learning that are slim just because of the fear of PR problems it might create. ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------
participants (3)
-
Joe Shaw
-
Sean Donelan
-
Wayne Bouchard