Since we're on the topic of DoS. What best practice actions can be taken AFTER such an attack?
> Subject: Re: he.net down? > From: patr...@ianai.net > Date: Mon, 3 Oct 2011 19:33:10 -0400 > To: nanog@nanog.org > > On Oct 3, 2011, at 7:25 PM, Nate Itkin wrote: > > On Mon, Oct 03, 2011 at 11:14:03PM +0000, Michael J McCafferty wrote: > >> Our session with them is up and down at Any2 at OWB. > >> > >> ------Original Message------ > >> From: Aiden Sullivan > >> To: nanog@nanog.org > >> Subject: he.net down? > >> Sent: Oct 3, 2011 3:35 PM > >> > >> www.he.net seems to be down on both IPv4 and IPv6 -- does anyone know what > >> is > >> going on? > >> -- > >> Aiden > >> Sent from my Verizon Wireless BlackBerry > > > > > > Blaming DDOS. http://status.linode.com > > > > "The incident was a probable DDOS attack, but its behavior was unusual and > > difficult to identify. Our network engineers made some adjustments to the > > DOS countermeasures acquired after last week's incident, and that seems to > > have stabilized traffic flow. We apologize for the inconvenience. -Ben > > Larsen Hurricane Electric Internet Services" > > > > Some supporting evidence would be nice. > > Exactly what do you expect a network which is attacked to post to NANOG, or a > random web page, to "prove" they were attacked? Given the 1000s of network > outages over the last decade, I can think of maybe a handful that supplied > "supporting evidence". > > As I said before, Mike & the gang at HE are stand-up people. If they said it > was a DoS, it was a DoS - although I note they did not say it was a DoS, just > probably a DoS. But I extend my faith if their lack of prevarication to even > statement as well. In fact, it speaks well that they are being equivocal > until they are certain themselves. > > -- > TTFN, > patrick > >
