North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Six PCs caused BigPond problems

  • From: Bill Stewart
  • Date: Fri Apr 15 01:52:51 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hvxnhyLwaUR8wMaxKGukBa/w16xHQkQa/XT24NiuraWjK/gGub6dcf4fwgr/HVgvrbbYqzC1EerddXdd6jWfnTN/TmyoSyfqqT3dS0J9T9Ul7WvMMjaaXzZo5f9fWJLwKC/y8e9LuYx71XskFiv/iLgNgCt8DjpqCMTur7UtY5Y=
On 4/14/05, Sean Donelan <[email protected]> wrote:
> http://www.zdnet.com.au/news/security/0,2000061744,39188319,00.htm
> Disconnecting six compromised personal computers on Tuesday evening eased
> the difficulties caused by bogus requests which clogged BigPond's domain
> name servers (DNS), slowing customer e-mail and Web site access, Telstra said.

That's ok.  At least six more Telstra PCs will get compromised tomorrow.
I don't know if they're doing uRPF etc. to stop address spoofing, or
blocking RFC1918,
but if not, that may help keep the load down.  I'm not a fan of using anycast
as opposed to building scalable distributed configurations of DNS servers 
and coordinating them with the DHCP settings that tell customers what
server to use,
(and monitoring them to make sure they keep working :-),
but it can be good for isolating some problems like this.

----
             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.