This entry was inspired by a conversation I recently had with someone from DALnet. The basic debate was the user showing concern over the increased difficulty of connecting to DALnet vs DALnet's attempts at not being as affected by the attacks.
The user's view (as I understood it)..
DALnet has made it too difficult for the average user to connect. Loyal, long term users cannot connect anymore due to the limited availability of servers. The few "filtered" servers appear to only be for some areas and there are loyal users who aren't attacking elsewhere who can't connect. They furthered the issue with explaining that they did not understand the answers given as to how to get their ISP to coordinate with DALnet to no longer be affected by the filtering. Additionally, attempts at comming up with alternate solutions submitted by not just this user, but others to DALnet seem to be met with resistance instead of openly accepting the proposals.
My response (not necessarly "DALnet's view")..
DALnet's current response to attacks has made the most progress in reducing their effects, both to the ISPs that are donating the servers and to the servers themselves as well. When DDOS attacks against IRC servers first started, it was simple, the server would get flooded, it would return to normal later when the flood stopped. Later the ISPs figured out to "turn off" the routing for the IRC server to save their network.. the IRC server would go 100% unreachable, however the business would be saved. The new approach to only allowing connections from ISPs that agree to help track floods and to limit the damage by only peering with some ISPs for each server has helped the most. Servers no longer go 100% unreachable and are available to the majority of the population. The evolution of this method came with years of input from network administrators, router gurus and people experiencing the attacks. Unfortunately the average user's suggestion were the same suggestions suggested years ago and for whatever reason, either not used, or tried and failed. It is difficult at this point to hear a new "fresh" idea.. not to mention one that's possible... as was the problem with the last suggestion from the user which suggested that the filtering be undone for certain subnets with loyal users on them.. however that would require the ISP's involvement.. which brings us back to the same problem that the user had to begin with.. their ISP did not understand basic routing and was unable to work with DALnet to come to an understanding.
As with most of these conversations, when I responded that the user's request was unreasonable, they came back with consipracy theories about "cloak and dagger" operations and indicated that it was DALnet's unaccepting attitude that was the cause for all of these problems to begin with... and I responded with explaining that the user's ignorance was just as typical... unfortunately I doubt we will ever see eye to eye.. I do understand the frustration with the connections, however the user fails to see that if we don't take these steps to limit the impact of attacks, ALL servers would be gone and there would be NOTHING left... it comes down to a choice of "limiting damage" or simply being destroyed.
I felt the need to write this mainly so that it's understood that although it may seem that "we" don't care about the user or that "we" don't take other people's suggestions seriously, that there really has been a LOT of research done over the years, people from DALnet have given speeches at some of the largest network conventions about the growing DDOS problem and have written presentations outlining ideas, technology choices and methods at dealing with the issues.. it doesn't mean that the solution will work perfect for everyone, it does mean that there IS EFFORT being made to find the solutions though. ..and no, if I didn't care, I wouldn't have taken the time to write this, nor would I have gotten upset at the idea that DALnet wasn't doing what it could to stay online, reachable and there for the users.
Hopefully someone will get something out of this article and realize that there are 2 sides to every story. Unfortunately we don't always hear the answer we want.. that's life.. sometimes that answer simply isn't possible..
Disclaimer: The views here are those of Aaron, not of DALnet (I never really asked what DALnet's views are nor am I on the routing committee and I don't make the final decisions and I don't have 100% of the facts, but I think I have most) ..and yes, I have several family members who use DALnet and chat to me nightly using the public servers... so my view of DALnet stability etc does not come from a 100% biased view of "can I talk to my oper friends? yes? ok, then it's all fine" .. on an amusing related note, the conversation took place on DALnet while the user had at least 2 clients connected that I'm aware of as did a few others in the same channel. On a side note, DALnet turns 10 this month.
Posted by Aaron at July 10, 2004 09:33 AM"allowing connections from ISPs that agree to help track floods and to limit the damage by only peering with some ISPs for each server has helped the most."
This was never explained. Which explain's to me why my ISP has never peered because they aren't willing to track DDOS or they simply do not understant peer routing.
I still say DALnet should write up a "form" email that any user can copy and forward to there ISP's. It should outline why DALnet has taken the steps and what the ISP need's to do to allow there clients to access DALnet. Whether or not the user understand's it.
It should be something that Network/Routing Admin understand. It doesn't have to be written like its for a 2 year old. But it should outline the basic need of what is needed and why that the user can forward.
Has anyone thought that there might be routing admin that haven't expirenced what is needed to be done? If it's so new I'm pretty sure this is true.
I'm simply saying that if DALnet is forcing users to talk to there ISP about getting on there they should/need to help them.
Posted by: Scott on July 10, 2004 01:07 PMThe form idea may be worth it, however it takes cooperation between the ISP and DALnet, it's not just something that can be forwarded as "here, you need to reconfigure your router using these steps" they need to be willing to actively communicate and work together.
The network/routing admin being able to understand it should be very simple. A real network admin who runs any current multihomed ISP would know about BGP routing and AS numbers. To explain this in a way for even the "more technical", but not "routing" admin to understand would require an advanced routing course included. (I've taken the Cisco ICND and don't fully understand it.. then again I run a local single-homed network, nothing advanced enough to need AS numbers or BGP routing)
The form idea to at least forward to the ISP to allow them to start forwarding it internally within their organization may be an idea worth considering, I'll bring it up.. unfortunately it will probably be something that at the top is a very basic "here's what this means" followed with a piece that says "please forward this to someone who REALLY knows routing and wishes to interact with very basic "here's what this means" followed with a piece that says "please forward this to someone who REALLY knows routing and wishes to interact with DALnet" ..there's really no inbetween.
-----
Unfortunately, sometimes it takes work to keep doing something you enjoy or believe in, it can't be left in the hands of others. I feel justified that I can say that since I pay out of pocket to maintain it and help keep it running... and this doesn't just go for DALnet, I feel the same about all of IRC.. hence why I was one of the founding admins of chatnet, why I still host a server for accessirc as well.. I realize not all users can work for their cause in the same fashon I do (ie: throw money at it), however taking the time to continue to work with their ISP to get them to communicate to DALnet is a small amount of donation in comparison and would be just as important.
With a form email to be able to send to there respective ISP's from DALnet is a better start then telling the users to talk to there ISP's.
The reason is because
1) The usual tech's the normal user call's is just a help tech, they have no clue what your talking about.
2) They can atleast get a email address from the 1st tier tech to send the "form" email from DALnet to get the desired effect needed.
Hey Aaron. Glad to see that DALnet is back on it's feet after the mega-DDOS. Did you guys ever find out whom/where it was originatiing from?
Wish u luck DALnet Team...Nice work aaron
Posted by: sHaDoWsNaTcHeR on July 25, 2004 02:06 AMWish u luck DALnet Team...Nice work aaron
Posted by: sHaDoWsNaTcHeR on July 25, 2004 02:06 AMtoday..August,17th 2004, i think dalnet got ddos attack more..all mirc connection from indonesia has been bloked since yesterday August, 16th.. :)
i hope dalnet will be recorver soon :)
to aaron : have a nick work :)
pokes aaron
Posted by: krupt on August 23, 2004 06:23 PM