No subject


Tue Jul 7 16:18:15 IST 2009


n't=20
resolve www.eircom.net (different nameservers for the two domains). Perha=
ps=20
it was the publically addressible authorative eircom.net nameservers whic=
h=20
were attacked which in turn took down internal lookup for proxies or non =
ip=20
based routes taking the entire network down.

>> Neither of these were answering my queries (from an eircom customer
>> network) at about 21.00 last night. Queries are trivially spoofed to
>> appear to come from an authorized IP address.
>
> I'd have thought Eircom have RPF [1] or decent ACLs enabled on their
> border routers though, if not that seems like a big problem.
>
> [1] http://en.wikipedia.org/wiki/Reverse_path_forwarding

My money is on ddos being the best of a bad bunch of excuses for having t=
o=20
rebuild dns servers from scratch, would make the 5 hour fix plausible, ju=
st=20
an opinion though.=20




More information about the Sysadmins mailing list