North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Yahoo offline because of attack (was: Yahoo network outage)
- From: Jim Williams
- Date: Thu Feb 10 00:13:07 2000
Anyone find it interesting that all the big name sites are getting hit
except AOL? Makes you wonder....
Jim Williams Ntrnet Systems, Inc.
President/CEO Research Triangle Park, NC
firstname.lastname@example.org (919)484-0504 fax(919)484-0782
On Thu, 10 Feb 2000, Christopher B. Zydel wrote:
> On Wed, Feb 09, 2000 at 03:51:45PM -0500, Travis Pugh wrote:
> > Host-by-host prevention, during an attack, should be very easy
> > ... assuming a minimal amount of cooperation between upstream provider and
> > compromised network, if link utilization is tracked and the spike is
> > noticible. Perhaps we should be notifying operations staff to be on the
> > lookout for suddenly saturated circuits, and to be prepared to help out
> > owners of compromised hosts with filter configuration?
> This sort of alarming is fairly trivial. Just about any network management
> system can be configured to poll interface counters on a regular basis and
> alarm when some threshold is reached. The difficult question to answer is
> "How long should the link be saturated before sending an alarm". With high
> speed links this is a lot easier. It's relatively easy to saturate a T1
> with a file transfer, however the same would not be true for an OC-3c.
> This type of alarming should be based upon deviation from the established
> mean as well. (For example, if a circuit sees around 50mbit/sec worth of
> usage on a regular basis, and then spikes to 130mbit/sec and stays there,
> something is clearly wrong)