The presentation is interesting for a number of reasons (interesting uses of RRDTool for one)... I didn't know that one of the F root servers was in Ottawa.<br><br>Sean<br><br><div><span class="gmail_quote">On 2/16/07,
<b class="gmail_sendername">John Lange</b> <<a href="mailto:john.lange@open-it.ca">john.lange@open-it.ca</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Some on this list may find the following information interesting.<br><br>Note that the root name servers are protected by "anycast" and they are<br>crediting that with resisting the attack.<br><br>John<br><br>-------- Forwarded Message --------
<br>> From: Sue Graves <<a href="mailto:Sue_Graves@isc.org">Sue_Graves@isc.org</a>><br>> To: <a href="mailto:bind-announce@isc.org">bind-announce@isc.org</a><br>> Subject: ISC Bulletin #1<br>> Date: Tue, 13 Feb 2007 19:49:41 -0800
<br>><br>> This communication is intended for anyone interested in more information<br>> on the DDoS attack of last week.<br>><br>> As you are probably aware, there was an attack on several of the root<br>> nameservers early Tuesday morning of last week. ISC operates
<br>> <a href="http://f.root.servers.net">f.root.servers.net</a> (F-root), one of the 13 root nameservers that was<br>> targeted. The attack was a 'distributed denial of service' (DDoS)<br>> attack, in which attackers tried to disable root DNS service by
<br>> overwhelming the network paths to the root servers with malicious<br>> packets meant to pass as legitimate DNS traffic. Overall, root name<br>> service as provided by F-root was not compromised. The distributed
<br>> F-root architecture includes a mix of global and local anycast nodes.<br>> The global nodes and the local Asian nodes showed some degradation<br>> during the first two hours, but others were unaffected. David Knight, of
<br>> ISC's Operations group, made a brief presentation at the North American<br>> Network Operators' Group (NANOG) conference the next morning. The<br>> slides, which include some technical detail on the attack, can be found
<br>> at: <a href="http://www.nanog.org/mtg-0702/presentations/knight.pdf">http://www.nanog.org/mtg-0702/presentations/knight.pdf</a><br>><br>> ISC began using anycast in a single location in 1998. Wider deployment
<br>> began in Madrid in 2002. We're pleased to report that anycast worked<br>> just as expected. Anycast deployment helped counter this attack by<br>> fragmenting it into smaller pieces that were easier to deal with, as
<br>> well as isolating the effects into the area of greatest concentration of<br>> sources of the attack. This left other regions far from the sources with<br>> a completely unaltered service. Overall, the increase in aggregated
<br>> network bandwidth, CPU power and service capacity helped make this<br>> attack non-disruptive for the Internet at large.<br>><br>> As a customer of ISC, you are well aware of our software development<br>
> skills, however, you may not be aware of our additional expertise in DNS<br>> operations. The F-root nameservers answer over 15,000 queries per second<br>> globally. F is deployed at 40 sites in 32 different countries. Anycast
<br>> makes sense for us, it might make sense for you. You can learn more<br>> about F-root at: <a href="http://www.isc.org/ops/f-root/">http://www.isc.org/ops/f-root/</a>. Specifics about<br>> anycast can be found at:
<a href="http://www.isc.org/pubs/tn/?tn=isc-tn-2003-1.html">http://www.isc.org/pubs/tn/?tn=isc-tn-2003-1.html</a>.<br>><br>> You may not be aware that we offer secondary hosting on a best-effort<br>> basis at no charge to many xxTLD's, ISC customers and non-profits. If
<br>> you're interested in learning more about whether anycast would be of<br>> benefit in your network, or in our secondary hosting, please contact us<br>> at <a href="mailto:info@isc.org">info@isc.org</a>.<br>
><br>> If you'd like to learn more about DNS issues on a global<br>> scale, you should consider OARC (<a href="http://public.oarci.net/">http://public.oarci.net/</a>). ISC's OARC<br>> (Operational Analysis and Research Center) played a key supportive role
<br>> during the attack. OARC facilitated a coordinated response via secure<br>> real-time communications between root and top-level domain server<br>> operators and other OARC members.<br>><br>> Post-attack, OARC is using its infrastructure and working with members
<br>> to gain understanding of the attack's source and impact. This includes<br>> uploading data using OARC's DSC and PCAP tools from affected server<br>> operators to our NSF-funded 4TB data repository. From there it is
<br>> available for analysis by members and the research community, to gain<br>> further understanding of the causes and how to prevent future such attacks.<br>><br>> OARC membership and resources are open to all large-scale DNS operators,
<br>> implementers, active researchers and law enforcement agencies. OARC also<br>> provides a number of tools and mailing lists open to DNS operators of<br>> all types. Please contact OARC Programme Manager Keith Mitchell
<br>> <<a href="mailto:admin@oarc.isc.org">admin@oarc.isc.org</a>> for more information.<br><br><br>_______________________________________________<br>Roundtable mailing list<br><a href="mailto:Roundtable@muug.mb.ca">
Roundtable@muug.mb.ca</a><br><a href="http://www.muug.mb.ca/mailman/listinfo/roundtable">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Sean Walberg <<a href="mailto:sean@ertw.com">
sean@ertw.com</a>> <a href="http://ertw.com/">http://ertw.com/</a>