RE: NANOG list attack

[Brian R <briansupport () hotmail com>]

Thank you Larry and Job for the responses, mitigation steps taken, and work to further resolve these kind of events.
 
Food for thought for the rest of us out there.  Had there been a network attack on Sunday (for example) and several of 
these lists (multiple received this spam "attack") were switched to require a moderator to filter all emails manually.  
How quickly would information have gotten out through the networking community?  No NANOG and Outages are not the only 
places I check or subscribe to but I DO check them to see if anyone else is reporting anything.  And they are some of 
the places I would report real network problems to.
 
For me this didn't kill my weekend or destroy my ability to check my emails.  I know for many others it didn't either.  
I use my android mail client to group emails with the same subject and after checking multiple of them I didn't worry 
about those threads anymore.  Yes I received several hundred emails about it but I was still able to function and watch 
for anything that came in that would note a threat to the network as a whole.
 
Maybe if this event has caused such a stir and inconvenience we should look at what we are doing and how we are doing 
it.  These lists are tools that can be valuable to get information out to a large group of people.  Anything that would 
block that I would consider a threat to the purpose of the list as well.  This event caused blockage as well and the 
NANOG staff are looking into mitigation for that.
 
Thank you
Brian
 
> To: nanog () nanog org
> From: ljb () merit edu
> Subject: NANOG list attack
> Date: Mon, 26 Oct 2015 15:17:37 -0400
>
>
>  All,
>    Just wanted to apologize for the attack over the weekend.  The
> posts came from a email address that was subscribed to the list, so
> it was not subjected to moderation.  While a filter was added
> to block further posts (which were made in a short time window),
> there were existing message queues that were not cleared in a
> timely basis.
>
>   As Job Snijders (a fellow Communications Committee member) noted
> in an earlier post, we will be implementing some additional protection
> mechanisms to prevent this style of incident from happening again. We
> will be more aggressively moderating posts from addresses who have
> not posted recently, in addition to other filtering mechanisms.
>
>  Regards,
>    Larry Blunk
>    NANOG Communications Committee
>    Admins () nanog org