On Sat, 27 January 2001, Simon Lyall wrote:
Considering the small number of servers and their value I'm surprised nobody has gone for a sustained DDOS against them all at once. This could get pretty messy if they managed it.
In nearly a century of international telecommunications, the number of deliberate attacks on the infrastructure itself is amazingly small. Historically, network engineers have been more dangerous to the infrastructure than malicious actors. The telephone system, credit card system, electric grid and so forth all have significant infrastructure vulnerabilities.
Obviously it's pretty hard to add additional servers but has the option of splitting the current group into multiple distributed machines with the same ip (like how these other DNS organisations are doing) been looked at?
I haven't physically seen all the root servers, but the volunteers operating the servers take their task seriously. There are a lot more than 13 physical machines. Of course, Murphy is always on the prowl, and there isn't a real effective way to protect against a DDOS. If there was a way to protect your server, I think the IRC people would have already implemented it.
On Sat, Jan 27, 2001 at 09:10:43PM -0800, Sean Donelan wrote:
In nearly a century of international telecommunications, the number of deliberate attacks on the infrastructure itself is amazingly small. Historically, network engineers have been more dangerous to the infrastructure than malicious actors. The telephone system, credit card system, electric grid and so forth all have significant infrastructure vulnerabilities.
You should work for NIPC. :-)
Obviously it's pretty hard to add additional servers but has the option of splitting the current group into multiple distributed machines with the same ip (like how these other DNS organisations are doing) been looked at?
I haven't physically seen all the root servers, but the volunteers operating the servers take their task seriously. There are a lot more than 13 physical machines. Of course, Murphy is always on the prowl, and there isn't a real effective way to protect against a DDOS. If there was a way to protect your server, I think the IRC people would have already implemented it.
IRC isn't all bad. There's a few good users. Maybe four. -- i am jamie at arpa dot com .. and this is my .sig. core1.dns.microsoft.com# sho access-list 101 Extended IP access list 101 deny udp any any eq domain (874572345872345 matches)
participants (2)
-
jamie rishaw -
Sean Donelan