Re: Multi ISP DDOS

[Peter Wohlers <pedro () whack org>]

Martin Hannigan wrote:
> At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
>
> > On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
> > > UL is seeing a large DDOS coming towards a couple of customers of ours.
> > >  I know that other ISPs have been affected as well.  I will let them
> > > identify them selves.
> > >
> > > Anyone have any scoop on this?
> >
> > A) I don't think anyone knows who UL is by that reference alone (I assume
> >    you mean united layer).
> >
> > B) The DoS target is Livejournal.
> >
> > C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
> >    it. No indications of exactly how big it is by the time it hits them,
> >    but at least from my perspective it doesn't seem like a huge attack.
> >
> > Hope it stops soon though, a sustained livejournal outage is probably
> > grounds for at least 4-5 suicides by distraught teenagers who can't blog
> > about their day. :)
>
>
> Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> tonight
> keeping them from helping people defend LiveJournal.
>
> Uh. Who let the Frog out?
>
> http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss.technology

Blue Security's solution to their DOS was to point their www to their
Typepad-hosted blog.

apogee:/home/pedro> host www.bluesecurity.com
www.bluesecurity.com is a nickname for bluesecurity.blogs.com
bluesecurity.blogs.com has address 204.9.178.61
apogee:/home/pedro> whois -h whois.arin.net 204.9.178.61

OrgName:    SIX APART LTD
OrgID:      SAL-48
[...]

How's that for honorable comportment. We're getting slammed so we're
gonna make it someone else's problem(and not give them a heads up).

-- 
Peter Wohlers