DDOS attack on network, resolved, back, resolved with null route caveat

Seems like it is a very sudden DDOS, no ramp up just slammed/slamming quickly we are working to find the source and stop.
 
The packetloss is very bad, about 75-80% and I'm on a call now tying to get some upstream blocks in place.
 
They are moving a bit slow today with low staffing seems we will be looking at at least 20 minutes more at this rate, unless the attack stops first.
 
We are seeing some improvement with some blocking in place still some coming, we are working to get all restored fully to normal.
 
We are checking win31, as the IP seems to have gotten null routed by and upstream about 30 min back (sorry I was out at dinner and had to stop and make calls and only posting when able now) due to a large scale attack coming in on it a short time ago. I am working to ID the domain being attacked and get the rest of the nullroute lifted, this is only impacting those on shared IP address for win31.
 
We've found it being a massive wordpress pingback attack, and interestingly even a few of those pingbacks from within our network and being checked to stop this.

We will be disabling the XML-RPC on domains that are attacking from within our control, as they are but a minor fraction of all of them but we must do what we can to stop ours from participating in such against others as well.

If you have a WordPress site you may want to take action as well:
http://www.blogaid.net/disable-xml-rpc-in-wordpress-to-prevent-ddos-attack
 
Ugh, they lifted the null route, and the attacks are still going in a big way, making some network issue we are having to add the null route back again!
 
You must log in or register to reply here.
Back
Top