Slashdot reader River Tam explains the crash of Australia’s online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics “were offered DDoS prevention services from their upstream provider…and said they didn’t need it.” From an article on CSO:
The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected… Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site’s operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM’s security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site’s operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack…these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site…
Read more of this story at Slashdot.