Hey all, Anyone in the Las Vegas area notice a BGP outage with Integra Telecom within the last 20 minutes? We lost all routes from them at two different locations in Vegas. I have a ticket open with their NOC but wanted to see if other saw it. Joseph
Anyone in the Las Vegas area notice a BGP outage with Integra Telecom within the last 20 minutes? We lost all routes from them at two different locations in Vegas.
Sorry for the disruption. A router was the victim of a DOS attack and it did cause BGP session resets. Steps have been taken to prevent this result.
On Thu, Sep 10, 2009 at 10:10:38AM -0700, Raymond, Steven wrote:
Anyone in the Las Vegas area notice a BGP outage with Integra Telecom within the last 20 minutes? We lost all routes from them at two different locations in Vegas.
Sorry for the disruption. A router was the victim of a DOS attack and it did cause BGP session resets. Steps have been taken to prevent this result.
I'm curious: in this sort of situation, exactly what do networking engineers do about this situation? Let me clarify my question: as a system administrator, when I'm told someone is DoS/DDoS'ing something, I immediately react in two ways: 1) mitigate impact, and 2) find out why said attack happened. Working for ISPs the majority of my life has taught me that most of the time Netizens don't decide to DoS something without reason, no matter how trivial or childish that reason is. Maybe there's a user who's on IRC causing trouble, maybe someone hosts a web forum that had some remarks someone didn't like, or maybe there's an account which got compromised and it's up to something suspicious. Childish, petty, but reality. Do networking engineers do analysis of these scenarios in attempt to ensure the situation doesn't recur, or do the efforts stop at "we put up some filters, time for lunch"? -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Jeremy Chadwick wrote:
Let me clarify my question: as a system administrator, when I'm told someone is DoS/DDoS'ing something, I immediately react in two ways: 1) mitigate impact, and 2) find out why said attack happened.
As a sysadmin, I suspect you're a little closer to the 'end' of the path, while netadmins (especially SP netadmins) are more in the middle. I have a customer who's just a magnet for DoS attacks, based on a bunch of history/legacy of ownership and the like. For me/us, we (attempt to) do two things: deflect the attack away from the victim (allowing the rest of the customer's network to come up for air), then (if possible) deflect the source of the attack. If the attack continues longer and/or stronger, we contact upstreams to request investigation and/or deflection upstream.
Do networking engineers do analysis of these scenarios in attempt to ensure the situation doesn't recur, or do the efforts stop at "we put up some filters, time for lunch"?
Given the very rare success of finding ANYTHING out, there's rarely motivation to do much other than filter things. pt
Just wondering but the attack you guys were seeing was it a "normal" DOS attack or was it the DOS attack Cisco announced about IOS on Tuesday?
-----Original Message----- From: Raymond, Steven [mailto:Steven.Raymond@integratelecom.com] Sent: Thursday, September 10, 2009 12:11 PM To: outages@outages.org Cc: Joseph Jackson Subject: RE: BGP outage on Integra
Anyone in the Las Vegas area notice a BGP outage with Integra Telecom within the last 20 minutes? We lost all routes from them at two different locations in Vegas.
Sorry for the disruption. A router was the victim of a DOS attack and it did cause BGP session resets. Steps have been taken to prevent this result.
participants (6)
-
Jeremy Chadwick -
Joseph Jackson -
Larry Sheldon -
Pete Templin -
Raymond, Steven -
Valdis.Kletnieks@vt.edu