North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Multi ISP DDOS

  • From: Martin Hannigan
  • Date: Wed May 03 13:11:50 2006

At 11:52 AM 5/3/2006, Peter Wohlers wrote:

Martin Hannigan wrote:
> At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
>> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
>> > UL is seeing a large DDOS coming towards a couple of customers of ours.
>> > I know that other ISPs have been affected as well. I will let them
>> > identify them selves.
>> >
>> > Anyone have any scoop on this?
>> A) I don't think anyone knows who UL is by that reference alone (I assume
>> you mean united layer).
>> B) The DoS target is Livejournal.
>> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
>> it. No indications of exactly how big it is by the time it hits them,
>> but at least from my perspective it doesn't seem like a huge attack.
>> Hope it stops soon though, a sustained livejournal outage is probably
>> grounds for at least 4-5 suicides by distraught teenagers who can't blog
>> about their day. :)
> Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> tonight
> keeping them from helping people defend LiveJournal.
> Uh. Who let the Frog out?

Blue Security's solution to their DOS was to point their www to their
Typepad-hosted blog.

apogee:/home/pedro> host is a nickname for has address
apogee:/home/pedro> whois -h

OrgID: SAL-48

How's that for honorable comportment. We're getting slammed so we're
gonna make it someone else's problem(and not give them a heads up).
Like Lycos MLNS, I predict we'll see random infrastructure obfuscation,
route changes, hardware moves, etc. and ultimately the end of BS. If
not today, perhaps soon.

It's interesting to watch the equivalent of the battle of
Omaha Beach between two sets of miscreants, one legitimized by
some on nsp-sec, and one legitimized by a commercial DDoS service.