[IP] more on Blackout hits major Web sites|ZDNet Must-Read News

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on Blackout hits major Web sites|ZDNet Must-Read News
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 17 Jun 2004 06:23:39 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Dug Song <dugsong@xxxxxxxxxx>
Date: June 16, 2004 11:38:01 PM EDT
To: dave@xxxxxxxxxx
Cc: "Patrick W.Gilmore" <patrick@xxxxxxxxx>
Subject: Re: [IP] Blackout hits major Web sites|ZDNet Must-Read News

On Wed, June 16, 2004 at 1:38:20AM -0400, Patrick W.Gilmore wrote:

DISCLAIMER: I work for Akamai Technologies.

Which is also why I know Mr. Song is showing himself to be an idiot,
making sweeping accusations on assumptions which do not correlate to
reality.


i am baffled, honestly, by this curious response.

what part of "it was some sort of Akamai issue", and "their name
service stopped working" is inconsistent with the following:

Did Mr. Song consider the possibility that the DoS attack was
pointed at the name servers?  Especially since both Keynote and
Akamai mention that there was an attack on Akamai's name service.


we considered the possibility of a DoS attack, surely, but made no
such claim (as others did), as there was no direct evidence of this
from the view of Arbor's commercially-deployed systems at tier-1
service provider backbones around the world. we also did not see
evidence of DDoS attacks directed at the affected sites.

what we did see was Akamai server traffic dropping quite sharply -
for instance, the view from a large regional service provider:

        http://monkey.org/~dugsong/tmp/akamai.png

how (or why) such a simple observation might be labelled an
"accusation" or "assumption" is beyond me.

And if so, wouldn't that have the effect of lowering "Web-wide
traffic"?  He himself admits that users cannot get to web sites if
the name resolution is not working.

Not sure I would want to purchase products from a security company
whose "security architect" does not understand the interaction between
DNS and HTTP....


i thought this point was rather clear, especially after noting how web
service was restored when the affected sites switched over to their
own nameservers (demonstrating that the sites themselves were not
under attack, and that it was indeed an Akamai nameserver failure).

of course, it isn't easy to explain such things to people sometimes -
either to writers looking for detailed explanations of these technical
issues, or to readers misunderstanding the simplified/distorted results
("numeric Internet Protocol code" ???)...

-d.

---
http://monkey.org/~dugsong/


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Blackout hits major Web sites|ZDNet Must-Read News Alerts
Next by Date: [IP] Los Angeles Times: Broadband Market Is About to Heat Up
Previous by thread: [IP] more on Blackout hits major Web sites|ZDNet Must-Read News Alerts
Next by thread: [IP] Los Angeles Times: Broadband Market Is About to Heat Up
Index(es):
- Date
- Thread