Dear Swinog,
I would like just to precise what type of problem we encountered in the evening of Friday, I will not answer to all suggestions made by the comunity as I thing that for that, it would be nicer discuss it behind a beer at the next Swinog meeting :-).
So, friday, there was a *HUGE* DDOS attack towards Bundesamt fur Informatik, when I was taken into the problem I could saw that the peak of traffic reached 800Mbps, stabilising then to about 400Mbps. (here just a hint for multihoming: please buy a lot of bandwidth anyway ;-) ).
This big amount of bandwidth can then explain why other customer connected "in the path" of the DDos were impacted as well. We usually oversubscribe our lines, ok, but not of x (10 < x < 100) times what it is needed :-).
Of course, (if someone lived such DDOSs can probably confirm) it tooked me some time before I could find THE /32 that was attacked and blackhole it at our borders.
Hopefully this e-mail will clearify at least the technical aspects of the problem.
Have a nice day
Regards
Mic
-- Michele Marazza / IP-Plus Engineering / www.ip-plus.net / Swisscom Enterprise Solutions _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
