Tue Jul 7 16:18:15 IST 2009
resolve www.eircom.net (different nameservers for the two domains). Perha=
it was the publically addressible authorative eircom.net nameservers whic=
were attacked which in turn took down internal lookup for proxies or non =
based routes taking the entire network down.
>> Neither of these were answering my queries (from an eircom customer
>> network) at about 21.00 last night. Queries are trivially spoofed to
>> appear to come from an authorized IP address.
> I'd have thought Eircom have RPF  or decent ACLs enabled on their
> border routers though, if not that seems like a big problem.
>  http://en.wikipedia.org/wiki/Reverse_path_forwarding
My money is on ddos being the best of a bad bunch of excuses for having t=
rebuild dns servers from scratch, would make the 5 hour fix plausible, ju=
an opinion though.=20
More information about the Sysadmins