

Basecamp network attack postmortem - alexobenauer
http://signalvnoise.com/posts/3729-basecamp-network-attack-postmortem

======
mobiplayer
I expected a more in-depth article, but they either still don't really know
the details of the attack or they don't think it is important to share that
information.

In any case, a 20Gbps DDoS is not uncommon these days and I feel a stronger
security culture inside Basecamp could have had measures already in place.

~~~
quesera
Agree with the latter, but disagree with the first.

There's not much to say about a DDOS. You know the protocol (tcp, udp, icmp)
and the src port of the packets, which can suggest the redirected service.

But it's well-nigh impossible to learn where the attacks come from, who is
responsible, or the motivation behind it. It generally takes cooperation, in
the form of bragging by children, to get much further.

And this sort of attack is eminently achievable by children, these days.
20GB/s is nothing, and practically free if you need to borrow someone else's
infrastructure.

So Basecamp grows up, a little. They have the money to pay for proper anti-
DDOS measures, and I'm sure they will do so.

I found the tone amusing though. The anti-enterprise 37s get all corporate-
speak when they realize they have a PR situation on their hands.

"Working with law enforcement to catch these _criminals_ " is the noop of the
security biz. "Paying for basic service protections that we should have
anticipated" sounds far less exculpatory however.

~~~
mobiplayer
The details I was expecting are more in the line of what measures they put in
place to mitigate the issue, more than "Our mitigation strategy included
filtering through a single provider and working with them to remove bogus
traffic." which sounds like "our hosting provider enabled the DDoS mitigation
service they've got in place". Again, that's not what I expect from a post-
mortem but I guess this is me being a geek and not a Basecamp customer :)

Cheers

