Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai: How They Fought Recent DDoS Attacks

Posted by timothy on from the malice-is-unbounded dept.

yootje writes "Infoworld is running an interesting article about Akamai and the DDoS attack that hit the network of Akamai Tuesday. According to this article one of the defenses of Akamai is the big diversity of their hardware: 'We deliberately use different operating systems, different name server implementations, different kinds of routers, different kinds of switches, different kinds of CPUs, and especially, different operational procedures.' So says Paul Vixie, architect of BIND and president of the ITC." Yootje points to another article on this subject as well, this one at Internetnews.com. Update: 07/07 19:38 GMT by T : Note that Vixie's quote here is actually presented out of context; he was commenting by way of contrast on the diversity of the root DNS servers, not Akamai's content-serving system.

10 of 231 comments (clear)

  1. Speeking of... by after · · Score: 1, Interesting

    I don't know how related these two things are, but the AfterNET IRC network has been ^H^H^H^H^H^H^H is being flooded with SYN packets and is -down-.

    Is this related to these DDoS attacks?

  2. They never mention percentage of users impacted by pornaholic · · Score: 5, Interesting

    Akamai claims over 1,100 customers and indicated that only 2 percent of them were noticeably impacted by the attack, such as not being available for about an hour.
    Theo only statistic they ofer is the percentage of customers that were impacted. To me this hints of trying to play down the severity of the situation. When only 2 percent of your customers comprise (following is is a made up statistic since they didn't give me one) 80 percent of your traffic, you're lying by omission by only giving customer statistics.

  3. Re:Lack of diversity by phasm42 · · Score: 3, Interesting

    Also, Paul Vixie is the founder of ISC, not ITC. What a shoddy article write-up -- two blatantly obvious mistakes I caught by skimming the articles got front-paged.

    --
    "No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
  4. Re:Trade-Off by lambent · · Score: 3, Interesting


    Basically, it works like this ... they make it up. Kindof. In the mitnick case, they took the product he stole (software), deemed it now unusuable because it was leaked, and said 'we could have sold 80$million to users ... now we can't.'

    Also, man hours get factored in, sometimes two or three times over, including the man hours that were used to create the product in the first place, as well as to re-create the product again.

    It's all very stupid, and nobody believes a word of it except the courts.

    Cause they're dumb.

    (shrug)

  5. Re:Trade-Off by Anonymous Coward · · Score: 2, Interesting

    but, no single point of failure. A knock on one weakness in Akamai's network does not bring the whole thing down. That is probably a critical factor in Akamai's business plan.

  6. Re:MacOS classic? by rpbailey1642 · · Score: 4, Interesting

    I remember reading an article about the US Army using classic Mac for their webservers for just that reason. Hey, an URL: http://www.wired.com/news/politics/0,1283,21725,00 .html

  7. Ummm.. by Sheepdot · · Score: 5, Interesting
    RTFA.

    In the case of the Akamai incident, the vulnerable service was DNS. Paul Vixie, architect of BIND (Berkeley Internet Name Domain) and president of the Internet Systems Consortium, charged that Akamai's proprietary approach to DNS makes it a single point of failure. He added that the 13 DNS root servers, which weathered a vicious DDoS attack in 2002, are even more defensible today than they were back then. The root servers are resilient, Vixie said, because their operators embrace diversity. "We deliberately use different operating systems, different name server implementations, different kinds of routers, different kinds of switches, different kinds of CPUs, and especially, different operational procedures," Vixie told Internetnews.com.

    He's not talking about how great Akamai is. He's talking about how great everyone else is.

    On another note: What the heck does this story have to do with Akamai operators fighting DDoS attacks? They more than likely sat with their thumbs up their rears contemplating how having such a structured and inflexible DNS system could possibly be in err.

  8. Re:Attacking Akamai with a DDoS... by pjt33 · · Score: 3, Interesting

    So why did I go a few hours unable to get to Google a week ago?

  9. Re:Quote misattributed by johnnyb · · Score: 2, Interesting

    The problem is not really the costs, its the accounting. When you have a large enough company to have an accounting department, a lot of wierd things start happening. Not all of it is bad, it's just that managing large amounts of money and equipment is a lot different than handling small amounts of money and equipment.

    Accounting has to be able to cost-justify purchases, otherwise they would be open to easy abuse. Therefore, you have to show that they need sufficient load on the servers to justify the expenditure. On top of that, the expenditure has to be written off periodically across 3 years for tax purposes. Therefore, it is going to come off the bottom line a little at a time for the next 3 years.

    Anyway, dealing with accounting is a funny process, and reason does not always win out.

    --
    Engineering and the Ultimate
  10. Re:Trade-Off by OneArmedMan · · Score: 2, Interesting

    Over specialize and you breed in weakness..

    Its Slow death.