DDOS network issue very large DDOS - resolved
- Thread starter Stephen
- Start date
Re: DDOS network issue - checking - Multigig DDOS
We have null routed a range that is important, but it worked, we are working to fine tune to exactly the IPs that are being attacked now, as we were able to get more info once the network started working better.
We have null routed a range that is important, but it worked, we are working to fine tune to exactly the IPs that are being attacked now, as we were able to get more info once the network started working better.
Re: DDOS network issue - checking - Multigig DDOS
All is resolved now and for a while, I was updating on twitter as on the phone and making progress.
We first blocked a large range, then narrowed it down to the point we got the exact destination, all our monitoring was off the charts and killing CPUs to sort, making the task complex to find.
All is resolved now and for a while, I was updating on twitter as on the phone and making progress.
We first blocked a large range, then narrowed it down to the point we got the exact destination, all our monitoring was off the charts and killing CPUs to sort, making the task complex to find.
Re: DDOS network issue - checking - Multigig DDOS
DDOS Followup
Currently there are two targeted IPs still fully null routed for all incoming traffic. One of the two was around 3am Central Daylight Time the recipient of a very large DDOS attack from hundreds of sources. It was a UDP Flood, in and of itself this is not uncommon and has been blocked many times before, but the sheer size of this one simply flooded out switches on multiple levels including some outside of our network or control. Once we were able to find the target IP appropriately, we were able to get just that IP and the other on the server blocked, and filtered out with the help of upstream routers to prevent them from coming in further and causing the issues.
The attack impacted our network as well as some others due to the size of it at the time before filtering took place.
This situation is a bit hard to control fully, but we have some plans in motion to help speed the recovery process should such ever occur again, while we certainly hope it would not, in this age you can never just hope, you must plan for it to happen again.
DDOS Followup
Currently there are two targeted IPs still fully null routed for all incoming traffic. One of the two was around 3am Central Daylight Time the recipient of a very large DDOS attack from hundreds of sources. It was a UDP Flood, in and of itself this is not uncommon and has been blocked many times before, but the sheer size of this one simply flooded out switches on multiple levels including some outside of our network or control. Once we were able to find the target IP appropriately, we were able to get just that IP and the other on the server blocked, and filtered out with the help of upstream routers to prevent them from coming in further and causing the issues.
The attack impacted our network as well as some others due to the size of it at the time before filtering took place.
This situation is a bit hard to control fully, but we have some plans in motion to help speed the recovery process should such ever occur again, while we certainly hope it would not, in this age you can never just hope, you must plan for it to happen again.