[RndTbl] [Fwd: ISC Bulletin #1]

Sean Walberg sean at ertw.com
Fri Feb 16 14:00:26 CST 2007


The presentation is interesting for a number of reasons (interesting uses of
RRDTool for one)...  I didn't know that one of the F root servers was in
Ottawa.

Sean

On 2/16/07, John Lange <john.lange at open-it.ca> wrote:
>
> Some on this list may find the following information interesting.
>
> Note that the root name servers are protected by "anycast" and they are
> crediting that with resisting the attack.
>
> John
>
> -------- Forwarded Message --------
> > From: Sue Graves <Sue_Graves at isc.org>
> > To: bind-announce at isc.org
> > Subject: ISC Bulletin #1
> > Date: Tue, 13 Feb 2007 19:49:41 -0800
> >
> > This communication is intended for anyone interested in more information
> > on the DDoS attack of last week.
> >
> > As you are probably aware, there was an attack on several of the root
> > nameservers early Tuesday morning of last week.  ISC operates
> > f.root.servers.net (F-root), one of the 13 root nameservers that was
> > targeted.  The attack was a 'distributed denial of service' (DDoS)
> > attack, in which attackers tried to disable root DNS service by
> > overwhelming the network paths to the root servers with malicious
> > packets meant to pass as legitimate DNS traffic.  Overall, root name
> > service as provided by F-root was not compromised. The distributed
> > F-root architecture includes a mix of global and local anycast nodes.
> > The global nodes and the local Asian nodes showed some degradation
> > during the first two hours, but others were unaffected. David Knight, of
> > ISC's Operations group, made a brief presentation at the North American
> > Network Operators' Group (NANOG) conference the next morning. The
> > slides, which include some technical detail on the attack, can be found
> > at: http://www.nanog.org/mtg-0702/presentations/knight.pdf
> >
> > ISC began using anycast in a single location in 1998.  Wider deployment
> > began in Madrid in 2002.  We're pleased to report that anycast worked
> > just as expected.  Anycast deployment helped counter this attack by
> > fragmenting it into smaller pieces that were easier to deal with, as
> > well as isolating the effects into the area of greatest concentration of
> > sources of the attack. This left other regions far from the sources with
> > a completely unaltered service. Overall, the increase in aggregated
> > network bandwidth, CPU power and service capacity helped make this
> > attack non-disruptive for the Internet at large.
> >
> > As a customer of ISC, you are well aware of our software development
> > skills, however, you may not be aware of our additional expertise in DNS
> > operations. The F-root nameservers answer over 15,000 queries per second
> > globally.  F is deployed at 40 sites in 32 different countries.  Anycast
> > makes sense for us, it might make sense for you.  You can learn more
> > about F-root at: http://www.isc.org/ops/f-root/.  Specifics about
> > anycast can be found at:
> http://www.isc.org/pubs/tn/?tn=isc-tn-2003-1.html.
> >
> > You may not be aware that we offer secondary hosting on a best-effort
> > basis at no charge to many xxTLD's, ISC customers and non-profits.  If
> > you're interested in learning more about whether anycast would be of
> > benefit in your network, or in our secondary hosting, please contact us
> > at info at isc.org.
> >
> > If you'd like to learn more about DNS issues on a global
> > scale, you should consider OARC (http://public.oarci.net/).  ISC's OARC
> > (Operational Analysis and Research Center) played a key supportive role
> > during the attack. OARC facilitated a coordinated response via secure
> > real-time communications between root and top-level domain server
> > operators and other OARC members.
> >
> > Post-attack, OARC is using its infrastructure and working with members
> > to gain understanding of the attack's source and impact. This includes
> > uploading data using OARC's DSC and PCAP tools from affected server
> > operators to our NSF-funded 4TB data repository. From there it is
> > available for analysis by members and the research community, to gain
> > further understanding of the causes and how to prevent future such
> attacks.
> >
> > OARC membership and resources are open to all large-scale DNS operators,
> > implementers, active researchers and law enforcement agencies. OARC also
> > provides a number of tools and mailing lists open to DNS operators of
> > all types. Please contact OARC Programme Manager Keith Mitchell
> > <admin at oarc.isc.org> for more information.
>
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>
>


-- 
Sean Walberg <sean at ertw.com>    http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.muug.mb.ca/pipermail/roundtable/attachments/20070216/187a77b4/attachment.html


More information about the Roundtable mailing list