Anyone have insight into the (seemingly) DoS attack on root-servers which
started around 20 UTC and widened to more servers on 20:35 UTC?
Not that it�s causing any serious operational problems but slows down things a
lot.
Pete
You can see pretty graphs of the server performance at
http://www.root-servers.net/
http://www.cymru.com/DNS/dns.html
I don't know if the Fed's early warning system was able to warn anyone
early
http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,75248,00.html
You can see pretty graphs of the server performance at
http://www.root-servers.net/
http://www.cymru.com/DNS/dns.html
I�ve prettier graphs. I sent the mail after the performance started lacking
asking if anyone has an idea what�s going on and where the traffic is
originating.
Pete
Best guess, its a smurf attack. Networks which still have ip
directed-broadcast (or your vendor's equivalent) enabled on interfaces.
Its still amazing how much traffic it can generate.
I don't think so. We saw problems about 15 min before the nsp-sec
list posting, and at that point the volume was turned up..
I don't beleive ICANN received any "advance" warning....
but don't quote me on that. I'll go find out though
in private,
john brown
sean@donelan.com (Sean Donelan) writes:
Best guess, its a smurf attack. Networks which still have ip
directed-broadcast (or your vendor's equivalent) enabled on interfaces.Its still amazing how much traffic it can generate.
however, this attack was icmp request, not icmp reply.