Im not a sales guy, I’m the head of networks for a UK operator to start. Maybe we should ban people that object to an open exchange of ideas or who can’t tolerate an alternative point of view?
You comment is small minded. Graham On 10/12/2015, 14:05, "Simon Palmer" <[email protected]> wrote: >Could we ban sales folk from this list please? > >>>> On 10/12/2015 at 13:58, in message ><[email protected]>, "Graham L. >Stewart" ><[email protected]> wrote: >> You are also forgetting they were Tweeting exact mitigations and >giving the >> attackers their mitigation steps for a while, prolonging the attack. >I >> understand you are from a Uni and are grateful to have had your >service >> restored but you should look carefully at if you have just ‘bought >the bull’? >> >> Your point regarding DDoS testing and Arbour goes to show you don’t >fully >> understand the product or methods used to mitigate as these are >testable and >> should be on a regular basis. Remember as network operators we >actually have >> a responsibility to use industry best practise otherwise there is a >question >> of liability that arrises regardless of terms and conditions (bet you >didn’t >> know that). >> >> Arbour is applied at various points in a network and would protect a >whole >> network IE Janets not just individual sites, this would be for the >good of >> the network. Also your comments regarding DDoS testing, although you >can’t >> test against a real world DDoS you can test monthly mitigation >techniques. We >> do this regularly after forming our mitigation plan a few months ago. >What >> this does is ensure you RTBH services from Tier 1/2’s work and are >accessible >> and gives you the opportunity to remind upstreams you may rely on for >this >> that the service has stopped functioning so you know before you need >it. You >> can then also select a small set of your IP space and launch attacks >and >> exploits from rented servers, AWS, Azure etc just to name a few and >test your >> mitigation for various types of attack. Pair that with reading up on >emerging >> attack vectors and you will be able to produce a pretty good test >plan. You >> should then run a test emergency almost like a fire drill on a quiet >day of >> over a holiday period. >> >> What you have to realise is DDoS is an attack on the increase daily I >hear >> of more and more networks being attacked this way (well mostly >customers of >> networks). To wait until you are attacked to work out your mitigation >methods >> don’t work or tweeting mitigation steps may alert the attacker / >attackers to >> the steps you are taking is not acceptable as an operator. You should >be one >> step ahead of the attackers not 10 paces behind. >> >> >> >> Graham >> >> >> >> On 10/12/2015, 13:01, "Scott Armitage" <[email protected]> >wrote: >> >> > >> >> On 10 Dec 2015, at 12:48, Graham L. Stewart ><[email protected]> >> wrote: >> >> >> >> If they were releasing information to the wider community I >wouldn’t have >> to speculate ………… >> >> >> >> >> > >> > >> >I agree Jisc have left a void which has been filled with rumour and > >> speculation (to the point the Express are claiming some ISIS >terrorist attack >> is behind everything). However, it is not unusual for any company to >be less >> than forthcoming with information regarding network operation >(particularly >> security related). I expect once the froth has died down there will >be a >> Networkshop presentation and/or UKNOF presentation about the events >of this >> week. >> > >> > >> >> >> >> >> >> On 10/12/2015, 12:34, "Scott Armitage" <[email protected]> >wrote: >> >> >> >>> >> >>>> On 10 Dec 2015, at 12:06, Graham L. Stewart ><[email protected]> >> wrote: >> >>>> >> >>>> Got to say though if you have a sustained DDoS you can’t >mitigate in over >> 24 hours you should probably have bought in to Arbour or similar a >while ago. >> Everyone is being very nice around the situation but its really not >> acceptable to have had the downtime. I know my commercial customers >wouldn’t >> accept that. I know of networks able to mitigate even large DDoS >attacks in >> an hour. Sounds like they didn’t have a plan or if they did it >wasn’t tested >> well. >> >>>> >> >>> >> >>> >> >>> Sounds like you are taking guesses about how Jisc are dealing >with the >> situation. The network guys at Jisc are very professional and know >how to >> operate networks. Jisc have been keeping their customers (i.e. >Universities) >> informed and gave an explanation of the events of Tuesday but asked >that >> information isn’t more widely distributed (which we are >respecting). Other >> than for a short period (a few hours on Tuesday) there has been very >little >> disruption. In my personal opinion the service we as University >receive from >> Jisc (in terms of Internet provision) is exemplary and I doubt a >commercial >> offering could compete. Universities are free to go to the market >and get >> commercial provision if they want but I don’t think any do (other >than for >> non-academic related activities). >> >>> >> >>> (Note: These are personal views) >> >>> >> >>> Regards >> >>> >> >>> >> >>> Scott Armitage >> >>> >> > > > Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at >sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd >unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni >chynrychiolant o anghenraid farn Coleg Sir Gâr. >Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r >gweinyddwr ar y cyfeiriad canlynol: >[email protected] > >Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn? > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to >whom they are addressed. Any views or opinions expressed are solely >those of the author and do not necessarily represent those of Coleg Sir >Gâr. If you have received this email in error please notify the >administrator on the following address: >[email protected] > >Please consider the environment - do you really need to print this >email?. >
