North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WP: Attack On Internet Called Largest Ever
Let me chime in with some of what I've been telling reporters all day. > I did notice that Paul was quoted as stating essentially that F was not > impacted. From my own experience and numerous folks who monitor DNS > performance this seems true. However, I did notice that several of the > servers which are operated by VeriSign were not responding to at least a > large, 50% or greater, fraction of test queries. Even so, VeriSign was > good enough to chime in that their root servers were unaffected. > > Did I mis-perceive this, or is it another bold-faced lie from VeriSign? I had congestion-free access to A and J throughout yesterday, so from my point of view VeriSign's servers were just fine. (A and J are not in this building nor even in this state or timezone, so it wasn't a locality issue.) DDoS attacks often end up hurting intermediate links in the path more than the destination of the flow. Determining whether a root name server has "reachability" requires dozens, or hundreds, of diverse monitors. Yesterday's attack was only visible to people who monitor root servers or whose backbones feed root servers -- whereas the average person who just wanted to use DNS to get their work done didn't seem to notice it at all. -- Paul Vixie
|