Title
There was a DDOS script and i ran it, janet
Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple internet connections, including the Manchester to Manchester Core Router. Janet, effectively the UK's computer network for educational and research institutions, first experienced connectivity problems shortly …
"That's the problem with academic anything though - looks great on paper, but the reality is usually lacking."
Yes, good people don't normally want to work for the crappy pay that most academic institutions (or the public services in general) pay. So you get with the less talented dross. That's why they are always spending so much on consultants / contractors to come in and do the hard stuff.
I would say it's a fair bet they will eventually be paying a network contractor / consultancy to block this attack...
A certain Steve Furber is working on a 1,000,000 ARM core Silicon Brain in Manchester.
Maybe the brain is starting to become self aware? Skynet, anyone?
I is one of them computer engineerz.
Though we were more interested in getting that new fangled Telnet working on our PDP-11 at the time. Janet were but scribblings on a white (possibly even black) board ....
Some interesting historical notes here:
http://www.uknof.com/uknof7/Reid-History.pdf
Though there was internet - just not as we know it.
Must be a huge attack to take out a network with a 100Gbit/s backbone ?
If it is a private network how hard can it be to isolate the points that are being attacked and limit connections in order to protect the rest of the network.
I'm a noob at attacks of this scale.
Would be nice to see an update on the front page.
Must be a huge attack to take out a network with a 100Gbit/s backbone
It's taken out a router. You can either overload the routing logic by sending more traffic than it can handle, or, if you craft your traffic correctly, you can force the packets to go via the CPU rather than being handled by the switching ASICS.
If it is a private network how hard can it be to isolate the points that are being attacked and limit connections in order to protect the rest of the network
JANET doesn't exist just to link UK Universities (& other institutions) together. It also exists to link UK Universities to other institutions. i.e The rest of the world.
If you cut JANET off from the rest of the world, you'll end up with a lot of *very* annoyed researchers. (And admin staff & students)
I can sort of understand why people attack Governments and businesses but why would you attack an academic network? It's like kicking someone puppy.
I think we should drop the leading D in DDoS. Why? Because who launches a DoS attack that isn't distributed now? In fact could you even realistically launch a non-distributed DoS against any target that would make the news? I
This post has been deleted by its author
"Even if your mailboxes are hosted by MS if your connection to the internet is under attack and you cant get to the internet your even more cut off from your mailboxes than normal lol"
Ummm...yes that's exactly what I meant. I was responding to the comment about most organisations have a backup email plan. We don't have a backup email plan because our mailboxes are hosted by MS.
This post has been deleted by its author
The kind people at the university are not only providing the above statement to the students but are also including a detailed description of the actions being taken to counteract it. at the bottom of the message.
I wouldn't normally share but as it has gone to several thousand already
"On Monday 7 December at 9.24 a distributed denial-of-service (DDoS) attack caused unplanned disruption on the Janet network. This resulted in a potentially intermittent service for all customers. Our network and computer security incident response teams are currently working to resolve the problem.
Network Operations Centre (NOC) engineers working closely with CSIRT, our security team, are implementing measures to reduce or stop the impact of these attacks. Each takes time to identify and to apply effective blocks. Once the blocks are applied the attack is brought under control but when this is spotted by the perpetrators the dynamics of the attacks change.
Due to their approach we have stopped putting out detailed Twitter messages since we believe our Twitter feeds were being monitored and the attackers were using this information to change attack vectors.
The reason why these attacks are so disruptive is that Janet infrastructure address space is being targeted. With such high capacity links, the amount of traffic that can be targeted at a core router's internal addresses will cripple such a router which are not designed to cope themselves with service traffic but designed to switch packets through very quickly.
We have now removed visibility to our infrastructure by blocking diagnostic facilities
(Removed sensitive content)
XXXXXXXXXXXX
We would appreciate it if you did not make this information public as that might cause further attacks against the network."
This is what happens when Network guys are put in charge of Security. please discuss!
Here's my part to the discussion.
1. If they've made this information available to anyone other than their IT department and management (and unless you're one of the two it appears they have), your University are stupid and irresponsible for doing so, until we know otherwise one of their students could easily be the source of the attack for whatever motivation.
2. You are at least as stupid and irresponsible for posting it on here.