So we all have heard the breathless news reports of how the recent urinating contest between Spamhaus and a butthurt ISP was the "biggest in history". Where would you guys put it, if measured as "percent of total worldwide available Internet bandwidth/resources"? My gut feeling is that by that metric, it didn't even make the top 20. Think back to the Morris worm, or Blaster/Nachi/etc - *nobody* had any free bandwidth when those happened. And even if you restrict the discussion to intentional targeted attacks, I'm sure we've had worse (Smurf, anybody? :)
It's interesting, this just came up on gizmodo. As I said in another forum, take it for what it's worth: http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie Cheers, Harry On 03/28/2013 09:23 AM, Valdis Kletnieks wrote:
So we all have heard the breathless news reports of how the recent urinating contest between Spamhaus and a butthurt ISP was the "biggest in history".
Where would you guys put it, if measured as "percent of total worldwide available Internet bandwidth/resources"? My gut feeling is that by that metric, it didn't even make the top 20. Think back to the Morris worm, or Blaster/Nachi/etc - *nobody* had any free bandwidth when those happened. And even if you restrict the discussion to intentional targeted attacks, I'm sure we've had worse (Smurf, anybody? :)
On Thu Mar 28, 2013 at 09:29:04AM -0400, Harry Hoffman wrote:
It's interesting, this just came up on gizmodo. As I said in another forum, take it for what it's worth:
http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie
And there's a (semi-)public response from one of Cloudfare's upstreams: http://cluepon.net/ras/gizmodo Simon
----- Original Message -----
From: "Simon Lockhart" <simon@slimey.org>
And there's a (semi-)public response from one of Cloudfare's upstreams:
Money quote: """ In defense of the claims in other articles, there is a huge difference between "taking down the entire Internet" and "causing impact to notable portions of the Internet". My company, most other large Internet carriers, and even the largest Internet exchange points, all deliver traffic at multi-terabits-per-second rates, so in the grand scheme of things 300 Gbps is certainly not going to destroy the Internet, wipe anybody off the map, or even show up as more than a blip on the charts of global traffic levels. That said, there is absolutely NO network on this planet who maintains 300 Gbps of active/lit but unused capacity to every point in their network. This would be incredibly expensive and wasteful, and most of us are trying to run for-profit commercial networks, so when 300 Gbps of NEW traffic suddenly shows up and all wants to go to ONE location, someone is going to have a bad day. """ Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On Thu, Mar 28, 2013 at 10:10 AM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Simon Lockhart" <simon@slimey.org>
And there's a (semi-)public response from one of Cloudfare's upstreams:
Money quote:
""" so when 300 Gbps of NEW traffic suddenly shows up and all wants to go to ONE location, someone is going to have a bad day. """
I am *sooo* reminded of http://xkcd.com/1133/ and http://youwillnotgotospacetoday.tumblr.com/ 'Your internet is having a bad day, and your packets will not be going to their destination' ^_^; Matt
On Sat, 30 Mar 2013 14:57:53 -0700, Matthew Petach said:
I am *sooo* reminded of http://xkcd.com/1133/ and http://youwillnotgotospacetoday.tumblr.com/
'Your internet is having a bad day, and your packets will not be going to their destination'
I heard the failure of a server to boot described as "You will not go to userspace today".
On Mar 28, 2013, at 9:29 AM, Harry Hoffman <hhoffman@ip-solutions.net> wrote:
It's interesting, this just came up on gizmodo. As I said in another forum, take it for what it's worth:
http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie
I can't comment in detail, but there are some "lost in translation" moments with the reporting. If you look at externally observable data, something surely happened at LINX on the 23rd: https://stats.linx.net/cgi-pub/aggregate/week I think it's easy to get fully into a doom-and-gloom scenario, but even if the numerical reporting is correct there wasn't a broad impact observed similar to slammer/blaster where everyone was congested. I will say, please don't treat this as 100% hype and look at unicast-rpf and securing your DNS servers in parallel. That threat certainly is real. With 21,432,212 hosts that respond to dns queries (with the right answerl not including those that send a referral to root which is quite large), an amplification attack would be quite easy. It's somewhere around 1:173 hosts run a service that responds. That is real and clearly measurable. your bind settings to look for are: http://www.zytrax.com/books/dns/ch7/queries.html additional-from-auth yes | no ; additional-from-cache yes | no ; - Jared
On 28/03/2013 13:41, "Jared Mauch" <jared@puck.nether.net> wrote:
If you look at externally observable data, something surely happened at LINX on the 23rd:
From our perspective we observed almost nothing in-terms of impact other
Yes, the polling server couldn't reach one of the networks - remember that there are two networks at LINX. I can tell you as one of the biggest peers at LINX if that much traffic had gone we would have known about it. than not being able to reach cloudflare. We need to act I totally agree. Regards, Neil.
On Mar 28, 2013, at 8:29 PM, Harry Hoffman wrote:
http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie
Yes and no. There's been quite a bit of exaggerated (and unhelpful, IMHO) hype around this entire episode from the outset; by the same token, the attacks did produce non-inconsiderable disruptive collateral effects in EMEA and APAC for various intervals, which would not likely be observed by an American sitting in his home in America watching online American content and accessing American applications and services hosted on American servers located in American IDCs in America. Some folks don't seem to grasp the whole 'global' notion of the Internet, and the facet that not everyone who uses or does something on the Internet resides in America. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Surely the question is what was the impact? If I had just installed 3 new 100G iinks the day before then its going to be a lot bigger than if I didn't haven them. In my view this was a minor blip, but very well sniper rifled at Cloudflare - they have a lot of pissed off customers looking the blog they have. Folks need to fix there infrastructure so this doesn't happen though. On 28/03/2013 13:23, "Valdis Kletnieks" <Valdis.Kletnieks@vt.edu> wrote:
So we all have heard the breathless news reports of how the recent urinating contest between Spamhaus and a butthurt ISP was the "biggest in history".
Where would you guys put it, if measured as "percent of total worldwide available Internet bandwidth/resources"? My gut feeling is that by that metric, it didn't even make the top 20. Think back to the Morris worm, or Blaster/Nachi/etc - *nobody* had any free bandwidth when those happened. And even if you restrict the discussion to intentional targeted attacks, I'm sure we've had worse (Smurf, anybody? :)
participants (9)
-
Dobbins, Roland -
Harry Hoffman -
Jared Mauch -
Jay Ashworth -
Matthew Petach -
Neil J. McRae -
Simon Lockhart -
Valdis Kletnieks -
Valdis.Kletnieks@vt.edu