SWITCHlan Trouble Tickets

Transparency is very important to us. We therefore publish all trouble tickets about issues that have an impact on our customers. We show both currently open tickets as well as all closed tickets.

Ticket 20070904_2

Ticket Number: 20070904_2Ticket State: CLOSED
Ticket Opened: 2007-09-04 20:44Ticket Closed: 2007-09-10 10:01
Ticket Description: Router swiEL2.switch.ch hiccup due to DDoS

Problem Description:

Last Saturday (01 September 2007) around 01:51, our router swiEL2.switch.ch suffered a period of CPU overload which caused some routing processes to fail. The overload was due to an intense flood of traffic sent to one of the router's interfaces, probably as part of a denial-of-service attack against a host at EPFL.


From 2007-09-01 01:51 until 2007-09-01 01:54
Impact: no more redundancy
Sites/Services: EPFL, IMD


2007-09-10 10:01
Since the issue hasn't surfaced anymore, we close the ticket. We will continue to study methods to protect our routers' "controle-plane" processing against such traffic.

2007-09-04 16:00
An analysis of the traffic on our border routers during the time of the incident showed a flood of tiny packets against an inactive TCP port of our router, which must have caused extreme overload of the router's CPU.
We are considering ways of protecting the router against this kind of traffic.

2007-09-03 12:49
EPFL noticed that there had been an outage of their BGP session to swiEL2.switch.ch. It was suspected that this was a reoccurrence of the problems in May, see ticket 20070510_1. Our first analysis showed CPU overload, but the reason wasn't clear.

For all questions about this ticket, please send mail to noc@switch.ch
or call +41 44 268 15 30.