Over the years, I’ve noticed that most DoS attacks are actually friendly fire. Many times I’ve gotten calls from our Ops Manager saying the X data center is under heavy attack and we’re rerouting traffic to the Y DC only later to learn that the “attack” was actually a mistake on our end. There is no question that there are bad guys out there sourcing attacks but internal sources of network overrun are far more common.
Yesterday, kdawson posted a wonderful example on Slashdot from Source Forge Chief Network Engineer Uriah Welcome titled “from the disturbances in the fabric department”:http://news.slashdot.org/article.pl?sid=09/02/10/044221.
Excepted from the post: Slashdot.org was unreachable for about 75 minutes this evening. What we had was indeed a DoS, however it was not externally originating. What I saw was a massive amount of traffic going across the core switches; by massive I mean 40 Gbit/sec. Through the process of elimination I was finally able to isolate the problem down to a pair of switches. I fully believe the switches in that cabinet are still sitting there attempting to send 20Gbit/sec of traffic out trying to do something — I just don’t know what yet
As in all things software related, it’s best to start with the assumption that it’s your fault and proceed with diagnosis on that basis until proven otherwise.
Thanks to Patrick Niemeyer for sending this one my way.
1200, 12th Ave. S., Seattle, WA, 98144
W:+1(425)703-9972 | C:+1(206)910-4692 | H:+1(206)201-1859 | james@amazon.com
H:mvdirona.com | W:mvdirona.com/jrh/work | blog:http://perspectives.mvdirona.com
No debate. I’ve seen lots of real DoS attacks. Nothing draws attacks like working for a big company and I’ve worked for a few. Bad guys do attack and it’s a huge problem but I’ve seen more incidence of friendly fire than bad guy attack though. Arguably I’ve just been lucky (or unlucky depending upon your perspective :-) ).
I have no trouble believing that friendly fire is not the common type of attack on DNS services. Thanks for the comment David.
Long-time reader, first time commenter. :-) Usually great stuff James, but I’ll disagree with you here. If you think most DoS attacks are friendly fire, you just haven’t been around enough DoS attacks or in an environment where real DoS attacks occur. Or maybe my view is skewed because I run two large DNS services. :-)