Good point. UKNOF is a great place to host a discussion where the balance lies I think.
Observationally - DOS affects more than the networks targeted as it often appears to be targeted at a user on a network rather than the network itself. Maybe I should add a "Discuss" to that bald statement? ;-) If so it is useful for applications services, electronic markets and others to become sussed on this to try to build defences in depth over time. One ISP I use in UK recently had a serious DoS outage and they handled the real time communication really brilliantly as well as provide a report after the event. One proviso that I and their sites had to be "online" to see their notices which with so much of their services offline for a time was a challenge. Having alternative lines of communication may be something to consider? Christian Tim Chown wrote: >> On 9 Dec 2015, at 17:44, Keith Mitchell <[email protected]> wrote: >> >> On 12/09/2015 07:37 AM, Pete Stevens wrote: >>> Either way, it's a gentle push to suggest that if some accurate and >>> helpful information could be released to the community / public, it >>> might be helpful to do so sooner rather than later to counter >>> misinformation that is already out in the public domain. >> Indeed, in the absence of detailed public statements, analyzable data >> would be a good thing. What's baffling me about these attacks is the >> motivation - it's very much the season for online shopping extortion >> attacks, and what happened to the root last week suggests there's a lot >> of DDoS generally going on right now, but its not clear what's to be >> gained from taking out academic infrastructure. I hope it's not some >> deadline-shy undergrad using a booter site to avoid their assessments >> ("the DoS ate my homework"...), but sadly such things are not >> inconceivable these days. > > It seems very likely to me that in cases such as this there are sensitivities > around the disclosure of any specifics around the attack, esp. when the > attack may still be considered ongoing, mitigations are being deployed, or > there is a non-negligible risk of the attack resuming. > > Being at a university, I know that university IT dept contacts have been kept > in the loop with periodic updates, which is very welcome. > > So it may be that some details are published in due course, but I fully > understand why that is not the case yet. The only problem then of course is, > as Pete implies, the age old issue of nature abhorring a vacuum, and junk > rumours / stories emerging and being published in various press outlets. It’s > a tricky balance. > > Tim -- Christian de Larrinaga FBCS, CITP, ------------------------- @ FirstHand ------------------------- +44 7989 386778 [email protected] -------------------------
