North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Multi ISP DDOS

  • From: Martin Hannigan
  • Date: Thu May 04 20:22:34 2006

At 07:16 PM 5/4/2006, william(at) wrote:

On Thu, 4 May 2006, Martin Hannigan wrote:

At 11:15 AM 5/3/2006, John Levine wrote:
>Uh. Who let the Frog out?
>,70798-0.html?tw=r ss .technology
It's all explained here:
And this just hit wires with quotes from Renesys and SANS ISC.
I hate to be the bearer of bad news to spammers :) but based on
bluesecurity's tactics I can make a guess about attitude of their
people and its such that DoS attack on them will only cause them
more determination to continue and I suspect to majority of their users as well (and publicity is also likely to bring them more users).

Moving the site to TypePad was incorrect way of dealing with attack
though; but its actually not the first time I've heard of the site
using a blog as temporary page while their primary site is down due
to DoS... - some education on what blogs are good for is in order.
But as it is looks like bluesecurity is moving to prolexic which
claim to deal with just such situations.

I hate to be the bearer of bad news to BS' VC's, but BS moving their
DNS to UltraDNS and hosting to Prolexic was likely not part of the business
plan. "They ain't cheap". The spammers can now theoretically force them
to spend all time and all their money responding to attacks.

The killer here is that they asked a lot of people a year ago whether this
was a good idea and everyone said no. Read John Levine's blog and pointer to a
few of his previous articles. He wasn't the only person they asked. There's a
WHOLE lot more to this than is public.

Spammers: 2 Blue Security: 0
NANOG: -2 (vigilante time sink)


Martin Hannigan (c) 617-388-2663
Renesys Corporation (w) 617-395-8574
Member of Technical Staff Network Operations
[email protected]