Anyone have insight into the (seemingly) DoS attack on root-servers which started around 20 UTC and widened to more servers on 20:35 UTC? Not that it´s causing any serious operational problems but slows down things a lot. Pete
On Tue, 22 Oct 2002, Petri Helenius wrote:
Anyone have insight into the (seemingly) DoS attack on root-servers which started around 20 UTC and widened to more servers on 20:35 UTC?
Not that it�s causing any serious operational problems but slows down things a lot.
You can see pretty graphs of the server performance at http://www.root-servers.net/ http://www.cymru.com/DNS/dns.html I don't know if the Fed's early warning system was able to warn anyone early http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,7...
You can see pretty graphs of the server performance at
http://www.root-servers.net/ http://www.cymru.com/DNS/dns.html
I´ve prettier graphs. I sent the mail after the performance started lacking asking if anyone has an idea what´s going on and where the traffic is originating. Pete
On Tue, 22 Oct 2002, Petri Helenius wrote:
I�ve prettier graphs. I sent the mail after the performance started lacking asking if anyone has an idea what�s going on and where the traffic is originating.
Best guess, its a smurf attack. Networks which still have ip directed-broadcast (or your vendor's equivalent) enabled on interfaces. Its still amazing how much traffic it can generate.
sean@donelan.com (Sean Donelan) writes:
Best guess, its a smurf attack. Networks which still have ip directed-broadcast (or your vendor's equivalent) enabled on interfaces.
Its still amazing how much traffic it can generate.
however, this attack was icmp request, not icmp reply. -- Paul Vixie
I don't think so. We saw problems about 15 min before the nsp-sec list posting, and at that point the volume was turned up.. I don't beleive ICANN received any "advance" warning.... but don't quote me on that. I'll go find out though in private, john brown On Mon, Oct 21, 2002 at 05:38:32PM -0400, Sean Donelan wrote:
On Tue, 22 Oct 2002, Petri Helenius wrote:
Anyone have insight into the (seemingly) DoS attack on root-servers which started around 20 UTC and widened to more servers on 20:35 UTC?
Not that it´s causing any serious operational problems but slows down things a lot.
You can see pretty graphs of the server performance at
http://www.root-servers.net/ http://www.cymru.com/DNS/dns.html
I don't know if the Fed's early warning system was able to warn anyone early http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,7...
participants (5)
-
John M. Brown
-
Paul Vixie
-
Peter Salus
-
Petri Helenius
-
Sean Donelan