nanog mailing list archives
Re: Multi ISP DDOS
From: Martin Hannigan <hannigan () renesys com>
Date: Wed, 03 May 2006 13:10:22 -0400
At 11:52 AM 5/3/2006, Peter Wohlers wrote:
Martin Hannigan wrote: > > At 10:11 PM 5/2/2006, Richard A Steenbergen wrote: > >> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote: >> > UL is seeing a large DDOS coming towards a couple of customers of ours. >> > I know that other ISPs have been affected as well. I will let them >> > identify them selves. >> > >> > Anyone have any scoop on this? >> >> A) I don't think anyone knows who UL is by that reference alone (I assume >> you mean united layer). >> >> B) The DoS target is Livejournal. >> >> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of >> it. No indications of exactly how big it is by the time it hits them, >> but at least from my perspective it doesn't seem like a huge attack. >> >> Hope it stops soon though, a sustained livejournal outage is probably >> grounds for at least 4-5 suicides by distraught teenagers who can't blog >> about their day. :) > > > Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers > tonight > keeping them from helping people defend LiveJournal. > > Uh. Who let the Frog out? >> http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss.technology> Blue Security's solution to their DOS was to point their www to their Typepad-hosted blog. apogee:/home/pedro> host www.bluesecurity.com www.bluesecurity.com is a nickname for bluesecurity.blogs.com bluesecurity.blogs.com has address 204.9.178.61 apogee:/home/pedro> whois -h whois.arin.net 204.9.178.61 OrgName: SIX APART LTD OrgID: SAL-48 [...] How's that for honorable comportment. We're getting slammed so we're gonna make it someone else's problem(and not give them a heads up).
Like Lycos MLNS, I predict we'll see random infrastructure obfuscation, route changes, hardware moves, etc. and ultimately the end of BS. If not today, perhaps soon. It's interesting to watch the equivalent of the battle of Omaha Beach between two sets of miscreants, one legitimized by some on nsp-sec, and one legitimized by a commercial DDoS service. -M<
Current thread:
- Colo in UK and Austraila. Robert Sherrard (May 01)
- Re: Colo in UK and Austraila. Peter Cohen (May 01)
- Multi ISP DDOS Tim Pozar (May 02)
- Re: Multi ISP DDOS Richard A Steenbergen (May 02)
- Re: Multi ISP DDOS Tim Pozar (May 02)
- Re: Multi ISP DDOS Martin Hannigan (May 02)
- Re: Multi ISP DDOS Peter Wohlers (May 03)
- Re: Multi ISP DDOS Martin Hannigan (May 03)
- Message not available
- Re: Multi ISP DDOS Martin Hannigan (May 04)
- Re: Multi ISP DDOS william(at)elan.net (May 04)
- Re: Multi ISP DDOS Martin Hannigan (May 04)
- Re: Multi ISP DDOS Rich Kulawiec (May 04)
- Re: Multi ISP DDOS william(at)elan.net (May 05)
- Multi ISP DDOS Tim Pozar (May 02)
- Re: Colo in UK and Austraila. Peter Cohen (May 01)