Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Scottish ISP floored as DDoS attacks escalate

From: InfoSec News <isn () c4i org>
Date: Wed, 10 Apr 2002 03:49:51 -0500 (CDT)
http://www.theregister.co.uk/content/6/24773.html

By John Leyden
Posted: 09/04/2002 at 15:22 GMT

Most of the customers of Edinburg business ISP edNET were left without
Internet services yesterday after it experienced a serious denial of
service (DDoS) attack.

edNET began to experience what it described in an email to users as a
"catastrophic network failure" at around 8am yesterday. This resulted
in most of edNET's users experiencing difficulties sending email or
browsing the Internet throughout yesterday.

Engineers confirmed that the problem was a result of a DDoS attack on
its network, and were able to restore services after applying filters
to its network nodes, and asking upstream service providers to do the
same thing.

Emails from Register readers report that an attack on edNET's ADSL
subnets resulted in around 12 hours downtime for some customers (edNET
said services were up and running yesterday afternoon). At the height
of the attack two of edNET's 45Mbps links were saturated with attack
traffic.

Mussy Kurt-Elli, a business development manager at edNET, said the
attacks against the ISP were part of a wider assault, which he told us
also affected other service providers.

The assault, whose source remains unclear, focused on Telnet ports and
was blocked by setting up "draconian" filtering rules, he told us.

We understand from edNET that BT's backbone ADSL routers had to be
reset because of the attack, but the telco is yet to get back to us
for comment on this.

edNET, which has a redundant network, will review its procedures to
see what changes it can make to defend against any future attacks.  
DDoS attacks are notoriously difficult to prevent, but some tools are
available which mitigate their effects.

Earlier this year Basingstoke ISP Cloud Nine and Tiscali UK both
became subject to DDoS attacks. Both the motive and source of all
these attacks remains unclear but their increasing prevalence this
year is becoming a source of concern.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: