|Ticket Number:||20070904_2||Ticket State:||CLOSED|
|Ticket Opened:||2007-09-04 20:44||Ticket Closed:||2007-09-10 10:01|
|Ticket Description:||Router swiEL2.switch.ch hiccup due to DDoS|
Problem Description:Last Saturday (01 September 2007) around 01:51, our router swiEL2.switch.ch suffered a period of CPU overload which caused some routing processes to fail. The overload was due to an intense flood of traffic sent to one of the router's interfaces, probably as part of a denial-of-service attack against a host at EPFL.
Affected:From 2007-09-01 01:51 until 2007-09-01 01:54
Impact: no more redundancy
Sites/Services: EPFL, IMD
Since the issue hasn't surfaced anymore, we close the ticket. We will continue to study methods to protect our routers' "controle-plane" processing against such traffic.
An analysis of the traffic on our border routers during the time of the incident showed a flood of tiny packets against an inactive TCP port of our router, which must have caused extreme overload of the router's CPU.
We are considering ways of protecting the router against this kind of traffic.
EPFL noticed that there had been an outage of their BGP session to swiEL2.switch.ch. It was suspected that this was a reoccurrence of the problems in May, see ticket 20070510_1. Our first analysis showed CPU overload, but the reason wasn't clear.
For all questions about this ticket, please send mail to firstname.lastname@example.org
or call +41 44 268 15 30.