On Thu, Sep 10, 2009 at 10:10:38AM -0700, Raymond, Steven wrote:
Anyone in the Las Vegas area notice a BGP outage with Integra Telecom within the last 20 minutes? We lost all routes from them at two different locations in Vegas.
Sorry for the disruption. A router was the victim of a DOS attack and it did cause BGP session resets. Steps have been taken to prevent this result.
I'm curious: in this sort of situation, exactly what do networking engineers do about this situation? Let me clarify my question: as a system administrator, when I'm told someone is DoS/DDoS'ing something, I immediately react in two ways: 1) mitigate impact, and 2) find out why said attack happened. Working for ISPs the majority of my life has taught me that most of the time Netizens don't decide to DoS something without reason, no matter how trivial or childish that reason is. Maybe there's a user who's on IRC causing trouble, maybe someone hosts a web forum that had some remarks someone didn't like, or maybe there's an account which got compromised and it's up to something suspicious. Childish, petty, but reality. Do networking engineers do analysis of these scenarios in attempt to ensure the situation doesn't recur, or do the efforts stop at "we put up some filters, time for lunch"? -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |