The presentation is interesting for a number of reasons (interesting uses of RRDTool for one)...&nbsp; I didn&#39;t know that one of the F root servers was in Ottawa.<br><br>Sean<br><br><div><span class="gmail_quote">On 2/16/07, 
<b class="gmail_sendername">John Lange</b> &lt;<a href="mailto:john.lange@open-it.ca">john.lange@open-it.ca</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Some on this list may find the following information interesting.<br><br>Note that the root name servers are protected by &quot;anycast&quot; and they are<br>crediting that with resisting the attack.<br><br>John<br><br>-------- Forwarded Message --------
<br>&gt; From: Sue Graves &lt;<a href="mailto:Sue_Graves@isc.org">Sue_Graves@isc.org</a>&gt;<br>&gt; To: <a href="mailto:bind-announce@isc.org">bind-announce@isc.org</a><br>&gt; Subject: ISC Bulletin #1<br>&gt; Date: Tue, 13 Feb 2007 19:49:41 -0800
<br>&gt;<br>&gt; This communication is intended for anyone interested in more information<br>&gt; on the DDoS attack of last week.<br>&gt;<br>&gt; As you are probably aware, there was an attack on several of the root<br>&gt; nameservers early Tuesday morning of last week.&nbsp;&nbsp;ISC operates
<br>&gt; <a href="http://f.root.servers.net">f.root.servers.net</a> (F-root), one of the 13 root nameservers that was<br>&gt; targeted.&nbsp;&nbsp;The attack was a &#39;distributed denial of service&#39; (DDoS)<br>&gt; attack, in which attackers tried to disable root DNS service by
<br>&gt; overwhelming the network paths to the root servers with malicious<br>&gt; packets meant to pass as legitimate DNS traffic.&nbsp;&nbsp;Overall, root name<br>&gt; service as provided by F-root was not compromised. The distributed
<br>&gt; F-root architecture includes a mix of global and local anycast nodes.<br>&gt; The global nodes and the local Asian nodes showed some degradation<br>&gt; during the first two hours, but others were unaffected. David Knight, of
<br>&gt; ISC&#39;s Operations group, made a brief presentation at the North American<br>&gt; Network Operators&#39; Group (NANOG) conference the next morning. The<br>&gt; slides, which include some technical detail on the attack, can be found
<br>&gt; at: <a href="http://www.nanog.org/mtg-0702/presentations/knight.pdf">http://www.nanog.org/mtg-0702/presentations/knight.pdf</a><br>&gt;<br>&gt; ISC began using anycast in a single location in 1998.&nbsp;&nbsp;Wider deployment
<br>&gt; began in Madrid in 2002.&nbsp;&nbsp;We&#39;re pleased to report that anycast worked<br>&gt; just as expected.&nbsp;&nbsp;Anycast deployment helped counter this attack by<br>&gt; fragmenting it into smaller pieces that were easier to deal with, as
<br>&gt; well as isolating the effects into the area of greatest concentration of<br>&gt; sources of the attack. This left other regions far from the sources with<br>&gt; a completely unaltered service. Overall, the increase in aggregated
<br>&gt; network bandwidth, CPU power and service capacity helped make this<br>&gt; attack non-disruptive for the Internet at large.<br>&gt;<br>&gt; As a customer of ISC, you are well aware of our software development<br>
&gt; skills, however, you may not be aware of our additional expertise in DNS<br>&gt; operations. The F-root nameservers answer over 15,000 queries per second<br>&gt; globally.&nbsp;&nbsp;F is deployed at 40 sites in 32 different countries.&nbsp;&nbsp;Anycast
<br>&gt; makes sense for us, it might make sense for you.&nbsp;&nbsp;You can learn more<br>&gt; about F-root at: <a href="http://www.isc.org/ops/f-root/">http://www.isc.org/ops/f-root/</a>.&nbsp;&nbsp;Specifics about<br>&gt; anycast can be found at: 
<a href="http://www.isc.org/pubs/tn/?tn=isc-tn-2003-1.html">http://www.isc.org/pubs/tn/?tn=isc-tn-2003-1.html</a>.<br>&gt;<br>&gt; You may not be aware that we offer secondary hosting on a best-effort<br>&gt; basis at no charge to many xxTLD&#39;s, ISC customers and non-profits.&nbsp;&nbsp;If
<br>&gt; you&#39;re interested in learning more about whether anycast would be of<br>&gt; benefit in your network, or in our secondary hosting, please contact us<br>&gt; at <a href="mailto:info@isc.org">info@isc.org</a>.<br>
&gt;<br>&gt; If you&#39;d like to learn more about DNS issues on a global<br>&gt; scale, you should consider OARC (<a href="http://public.oarci.net/">http://public.oarci.net/</a>).&nbsp;&nbsp;ISC&#39;s OARC<br>&gt; (Operational Analysis and Research Center) played a key supportive role
<br>&gt; during the attack. OARC facilitated a coordinated response via secure<br>&gt; real-time communications between root and top-level domain server<br>&gt; operators and other OARC members.<br>&gt;<br>&gt; Post-attack, OARC is using its infrastructure and working with members
<br>&gt; to gain understanding of the attack&#39;s source and impact. This includes<br>&gt; uploading data using OARC&#39;s DSC and PCAP tools from affected server<br>&gt; operators to our NSF-funded 4TB data repository. From there it is
<br>&gt; available for analysis by members and the research community, to gain<br>&gt; further understanding of the causes and how to prevent future such attacks.<br>&gt;<br>&gt; OARC membership and resources are open to all large-scale DNS operators,
<br>&gt; implementers, active researchers and law enforcement agencies. OARC also<br>&gt; provides a number of tools and mailing lists open to DNS operators of<br>&gt; all types. Please contact OARC Programme Manager Keith Mitchell
<br>&gt; &lt;<a href="mailto:admin@oarc.isc.org">admin@oarc.isc.org</a>&gt; for more information.<br><br><br>_______________________________________________<br>Roundtable mailing list<br><a href="mailto:Roundtable@muug.mb.ca">
Roundtable@muug.mb.ca</a><br><a href="http://www.muug.mb.ca/mailman/listinfo/roundtable">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Sean Walberg &lt;<a href="mailto:sean@ertw.com">
sean@ertw.com</a>&gt;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://ertw.com/">http://ertw.com/</a>