Could we ban sales folk from this list please? >>> On 10/12/2015 at 13:58, in message <[email protected]>, "Graham L. Stewart" <[email protected]> wrote: > You are also forgetting they were Tweeting exact mitigations and giving the > attackers their mitigation steps for a while, prolonging the attack. I > understand you are from a Uni and are grateful to have had your service > restored but you should look carefully at if you have just ‘bought the bull’? > > Your point regarding DDoS testing and Arbour goes to show you don’t fully > understand the product or methods used to mitigate as these are testable and > should be on a regular basis. Remember as network operators we actually have > a responsibility to use industry best practise otherwise there is a question > of liability that arrises regardless of terms and conditions (bet you didn’t > know that). > > Arbour is applied at various points in a network and would protect a whole > network IE Janets not just individual sites, this would be for the good of > the network. Also your comments regarding DDoS testing, although you can’t > test against a real world DDoS you can test monthly mitigation techniques. We > do this regularly after forming our mitigation plan a few months ago. What > this does is ensure you RTBH services from Tier 1/2’s work and are accessible > and gives you the opportunity to remind upstreams you may rely on for this > that the service has stopped functioning so you know before you need it. You > can then also select a small set of your IP space and launch attacks and > exploits from rented servers, AWS, Azure etc just to name a few and test your > mitigation for various types of attack. Pair that with reading up on emerging > attack vectors and you will be able to produce a pretty good test plan. You > should then run a test emergency almost like a fire drill on a quiet day of > over a holiday period. > > What you have to realise is DDoS is an attack on the increase daily I hear > of more and more networks being attacked this way (well mostly customers of > networks). To wait until you are attacked to work out your mitigation methods > don’t work or tweeting mitigation steps may alert the attacker / attackers to > the steps you are taking is not acceptable as an operator. You should be one > step ahead of the attackers not 10 paces behind. > > > > Graham > > > > On 10/12/2015, 13:01, "Scott Armitage" <[email protected]> wrote: > > > > >> On 10 Dec 2015, at 12:48, Graham L. Stewart <[email protected]> > wrote: > >> > >> If they were releasing information to the wider community I wouldn’t have > to speculate ………… > >> > >> > > > > > >I agree Jisc have left a void which has been filled with rumour and
> speculation (to the point the Express are claiming some ISIS terrorist attack > is behind everything). However, it is not unusual for any company to be less > than forthcoming with information regarding network operation (particularly > security related). I expect once the froth has died down there will be a > Networkshop presentation and/or UKNOF presentation about the events of this > week. > > > > > >> > >> > >> On 10/12/2015, 12:34, "Scott Armitage" <[email protected]> wrote: > >> > >>> > >>>> On 10 Dec 2015, at 12:06, Graham L. Stewart <[email protected]> > wrote: > >>>> > >>>> Got to say though if you have a sustained DDoS you can’t mitigate in over > 24 hours you should probably have bought in to Arbour or similar a while ago. > Everyone is being very nice around the situation but its really not > acceptable to have had the downtime. I know my commercial customers wouldn’t > accept that. I know of networks able to mitigate even large DDoS attacks in > an hour. Sounds like they didn’t have a plan or if they did it wasn’t tested > well. > >>>> > >>> > >>> > >>> Sounds like you are taking guesses about how Jisc are dealing with the > situation. The network guys at Jisc are very professional and know how to > operate networks. Jisc have been keeping their customers (i.e. Universities) > informed and gave an explanation of the events of Tuesday but asked that > information isn’t more widely distributed (which we are respecting). Other > than for a short period (a few hours on Tuesday) there has been very little > disruption. In my personal opinion the service we as University receive from > Jisc (in terms of Internet provision) is exemplary and I doubt a commercial > offering could compete. Universities are free to go to the market and get > commercial provision if they want but I don’t think any do (other than for > non-academic related activities). > >>> > >>> (Note: These are personal views) > >>> > >>> Regards > >>> > >>> > >>> Scott Armitage > >>> > > Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o anghenraid farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol: [email protected] Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn? This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Coleg Sir Gâr. If you have received this email in error please notify the administrator on the following address: [email protected] Please consider the environment - do you really need to print this email?.
