No subject

Tue Jul 7 16:18:15 IST 2009

resolve (different nameservers for the two domains). Perha=
it was the publically addressible authorative nameservers whic=
were attacked which in turn took down internal lookup for proxies or non =
based routes taking the entire network down.

>> Neither of these were answering my queries (from an eircom customer
>> network) at about 21.00 last night. Queries are trivially spoofed to
>> appear to come from an authorized IP address.
> I'd have thought Eircom have RPF [1] or decent ACLs enabled on their
> border routers though, if not that seems like a big problem.
> [1]

My money is on ddos being the best of a bad bunch of excuses for having t=
rebuild dns servers from scratch, would make the 5 hour fix plausible, ju=
an opinion though.=20

More information about the Sysadmins mailing list