What is going on in the PAC NW (Microsoft Outage)

Steve_Bellovin · January 24, 2001, 8:07pm

In message <OFF5C3FF78.0778E224-ON882569DE.006B3A50@LocalDomain>, "Tony Rall" w
rites:

Is there any information available about Microsoft and MS related

companies

being unavailable

I'm seeing about 50% packet loss to all 4 microsoft.com nameservers. I
can't get any dns responses from them.

As, I think, Greg Woods mentioned, it's a pretting weak setup putting all
of your nameservers on what appears to be the same network.

I am amazed that this has taken so long to fix.

Any chance their nameservers are being DDoSed?

--Steve Bellovin, http://www.research.att.com/~smb

Bill_Fumerola · January 24, 2001, 10:04pm

allow me to channel a few unnamed large national backbones:

"Well if thats the case, then they should just turn off their DNS server,
because that's obviously the cause of the attack."

Vijay_Gill1 · January 25, 2001, 4:46am

Bill, don't make me smack you.

The DDoS problem is endemic to the current state of hardware and software
that comrpises the internet. There are _no_ good answers to DDoS,
especially if the coders get smarter and start doing things like:

introduce jitter into their DDoS source machines. Send out 20k bytes and
then go quiescent for 1000*random()

Putting rate limiting and reactive flow control from the boxes attacking
so they wouldnt be noticed or easily traced.

Random time intervals on which to start and stop attacks would make them
almost impossible to traceback

Launch a DDoS against the peers of a major backbone, targetting
their border routers ....

Weak implementations and non-rate limited route processors on internet
routers leads to flapping... flapping leads to dampening... dampening
leads to suffering

Etc. etc.

/vijay

Clay_Fiske · January 25, 2001, 8:10am

I think this was his point, in reference to several fairly recent
threads about DDoS on IRC networks. The "get rid of IRC and you get
rid of the attacks" opinion has surfaced a number of times here.

-c

Adrian_Chadd · January 25, 2001, 9:15am

<TONGUE LOCATION="CHEEK">
.. you know guys, this might be a reason to run IRC servers.
Give the script kiddies new things to attack, and they won't get
bored and start DDoSing more e-commerce sites, "core" routers, etc.
</TONGUE>

There are good answers to DDoS even in todays internet; there is just
too much inertia to actually get people to implement it.

Adrian