Re: Multi ISP DDOS

North American Network Operators Group

Re: Multi ISP DDOS

From: Martin Hannigan
Date: Wed May 03 13:11:50 2006

At 11:52 AM 5/3/2006, Peter Wohlers wrote:

Martin Hannigan wrote:
>
> At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
>
>> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
>> > UL is seeing a large DDOS coming towards a couple of customers of ours.
>> > I know that other ISPs have been affected as well. I will let them
>> > identify them selves.
>> >
>> > Anyone have any scoop on this?
>>
>> A) I don't think anyone knows who UL is by that reference alone (I assume
>> you mean united layer).
>>
>> B) The DoS target is Livejournal.
>>
>> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
>> it. No indications of exactly how big it is by the time it hits them,
>> but at least from my perspective it doesn't seem like a huge attack.
>>
>> Hope it stops soon though, a sustained livejournal outage is probably
>> grounds for at least 4-5 suicides by distraught teenagers who can't blog
>> about their day. :)
>
>
> Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> tonight
> keeping them from helping people defend LiveJournal.
>
> Uh. Who let the Frog out?
>
> http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss.technology
>

Blue Security's solution to their DOS was to point their www to their
Typepad-hosted blog.

apogee:/home/pedro> host www.bluesecurity.com
www.bluesecurity.com is a nickname for bluesecurity.blogs.com
bluesecurity.blogs.com has address 204.9.178.61
apogee:/home/pedro> whois -h whois.arin.net 204.9.178.61

OrgName: SIX APART LTD
OrgID: SAL-48
[...]

How's that for honorable comportment. We're getting slammed so we're
gonna make it someone else's problem(and not give them a heads up).

Like Lycos MLNS, I predict we'll see random infrastructure obfuscation,
route changes, hardware moves, etc. and ultimately the end of BS. If
not today, perhaps soon.

It's interesting to watch the equivalent of the battle of
Omaha Beach between two sets of miscreants, one legitimized by
some on nsp-sec, and one legitimized by a commercial DDoS service.


-M<

References:
- Colo in UK and Austraila. Robert Sherrard
- Re: Colo in UK and Austraila. Peter Cohen
- Multi ISP DDOS Tim Pozar
- Re: Multi ISP DDOS Richard A Steenbergen
- Re: Multi ISP DDOS Martin Hannigan
- Re: Multi ISP DDOS Peter Wohlers

Prev by Date: Re: Tier 2 - Lease?
Next by Date: CALEA Watch: ISP's Get to Pick Up the Tab
Date Index
Thread Index
Author Index
Historical