[LINK] Storm Worm Botnet More Powerful Than Top Supercomputers

Karl Auer kauer at biplane.com.au
Wed Sep 12 16:42:02 AEST 2007


On Wed, 2007-09-12 at 14:27 +0800, Adrian Chadd wrote:
> Well, if you're talking about an ADSL or similarly-"reliable" service
> you definitely don't want to have your route announcement dependant
> on the state of your interface. All it'd take is ten minutes of bouncing
> up and down for your subnet to be relatively unreachable, thanks to the
> power of BGP dampening.

Well, true - but a half hour out of service (let alone 2, 4, 10, 20...
and counting) should probably have been sufficient to trigger even the
most reluctant of routing protocols. I'd be perfectly happy with a
quarter or half an hour.

> Of course there are ways around it, but I bet the bulk of your ISPs'
> clientbase aren't people with PI space on *DSL tails.

Also true - which should have made it easier, not harder. Cable, by the
way, and TransACT, so even *less* reliable. We have had no ADSL outages
out here in the boondocks, almost at the physical limit for ADSL, and
we've had it for nearly a year now. We have had power outages, but no
connectivity outages as such.

> I'd just bite it as a cost for having a PI /24 and include calling
> your ISP to remove the announcement during downtime part of your
> daily operations.

Hm. That's one way to look at it. Another way would be to say that when
an ISP knows that the bum has fallen off large chunks of the ACT, the
network has been out for many tens of minutes and the carrier is saying
"repair time unknown, maybe 6am tomorrow(!)", they might like to
consider being just a teensy weensy bit proactive if they want to call
themselves a quality outfit.

That said, this ISP has been (and still is!) excellent in all other
respects, so I'm really just being bitter and twisted :-)

I suppose my point was just that you don't need a DoS to get your
traffic up - we got 500Mb just in retries and script-kiddy knock-knocks.

There is almost never a good reason to accept a plan with open ended
traffic costs.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)




More information about the Link mailing list