Host.us DDOS attack -and- related conversations

Thu Aug 4 17:35:29 UTC 2016

"it's good that there aren't any easy solutions to this sort of problem..."

On Thu, Aug 4, 2016 at 12:03 PM, Robert Webb <rwfireguru at gmail.com> wrote:

> Looks like ATL01 is down again hard.
>
> Although, as someone else mentioned earlier, IPv6 seems to be just fine.
>
> Robert
>
> On Wed, Aug 3, 2016 at 12:40 PM, Phil Gardner <phil.gardnerjr at gmail.com>
> wrote:
>
> > One of my VPS with them is in Atlanta, and while the IPv4 address is
> > unresponsive, the IPv6 address is working without issue.
> >
> >
> > On 08/03/2016 11:08 AM, Soon Keat Neo wrote:
> > > Back on topic about HostUS, I've been following a thread on LowEndTalk
> > > where seemingly Alexander's been updating (
> > > https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998
> )
> > -
> > > seems like Atlanta and LA are still down ATM based on latest reports -
> > > nearly 10 hours now.
> > >
> > > Tks.
> > >
> > > Regards,
> > > Neo Soon Keat
> > >
> > >
> > >
> > > 2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru at gmail.com>:
> > >
> > >> Apologies to all as the hostname in my subject is incorrect.
> > >>
> > >> It should be hostus.us...
> > >>
> > >>
> > >>
> > >> On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru at gmail.com>
> > wrote:
> > >>
> > >>> Not sure if it is related to the PokemonGO or not. This started
> around
> > >>> 23:00 EDT last night per my monitoring.
> > >>>
> > >>> Seems like a pretty big attack at 300Gbps and to also temporarily
> take
> > a
> > >>> down a Tier 1 POP in a major city.
> > >>>
> > >>> I was interested as to if this might be a botnet or some type of
> > >>> reflection attack.
> > >>>
> > >>>
> > >>> Robert
> > >>>
> > >>> On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert at pubnix.net>
> > >> wrote:
> > >>>
> > >>>>     Well,
> > >>>>
> > >>>>
> > >>>>     Could it be related to the last 2 days DDoS of PokemonGO (which
> > >>>> failed) and some other gaming sites (Blizzard and Steam)?
> > >>>>
> > >>>>
> > >>>>     And on the subject of CloudFlare, I'm sorry for that CloudFlare
> > >>>> person that defended their position earlier this week, but there may
> > be
> > >>>> more hints (unverified) against your statements:
> > >>>>
> > >>>>         https://twitter.com/xotehpoodle/status/756850023896322048
> > >>>>
> > >>>>         That could be explored.
> > >>>>
> > >>>>
> > >>>>     On top of which there is hints (unverified) on which is the real
> > bad
> > >>>> actor behind that new DDoS service:
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>
> > http://news.softpedia.com/news/pokemon-go-ddos-attacks-
> postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml
> > >>>>
> > >>>>
> > >>>>     And I quote:
> > >>>>
> > >>>>         "One thing LeakedSource staff spotted was that the first
> > payment
> > >>>> recorded in the botnet's control panel was of $1, while payments for
> > the
> > >>>> same package plan were of $19.99."
> > >>>>
> > >>>>         ( Paypal payments btw )
> > >>>>
> > >>>>
> > >>>>     There is enough information, and damages, imho, to start looking
> > for
> > >>>> the people responsible from a legal standpoint.  And hopefully the
> > >>>> proper authorities are interested.
> > >>>>
> > >>>>     PS:
> > >>>>
> > >>>>         I will like to take this time to underline the lack of
> > >>>> participation from a vast majority of ISPs into BCP38 and the like.
> > We
> > >>>> need to keep educating them at every occasion we have.
> > >>>>
> > >>>>         For those that actually implemented some sort of tech
> against
> > >>>> it, you are a beacon of hope in what is a ridiculous situation that
> > has
> > >>>> been happening for more than 15 years.
> > >>>>
> > >>>> -----
> > >>>> Alain Hebert                                ahebert at pubnix.net
> > >>>> PubNIX Inc.
> > >>>> 50 boul. St-Charles
> > >>>> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> > >>>> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
> > >>>>
> > >>>> On 08/03/16 09:41, Robert Webb wrote:
> > >>>>> Anyone have any additonal info on a DDOS attack hitting host.us?
> > >>>>>
> > >>>>> Woke up to no email this morning and the following from their web
> > >> site:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *Following an extortion attempt, HostUS is currently experiencing
> > >>>> sustained
> > >>>>> large-scale DDOS attacks against a number of locations. The attacks
> > >> were
> > >>>>> measured in one location at 300Gbps. In another location the
> attacks
> > >>>>> temporarily knocked out the entire metropolitan POP for a Tier-1
> > >>>> provider.
> > >>>>> Please be patient. We will return soon. Your understanding is
> > >>>> appreciated.
> > >>>>>   *
> > >>>>>
> > >>>>>
> > >>>>> >From my monitoring system, looks like my VPS went unavailable
> around
> > >>>> 23:00
> > >>>>> EDT last night.
> > >>>>>
> > >>>>> Robert
> > >>>>>
> > >>>>
> > >>>>
> > >>>
> > >>
> >
> > --
> > Phil Gardner
> > PGP Key ID 0xFECC890C
> > OTR Fingerprint 6707E9B8 BD6062D3 5010FE8B 36D614E3 D2F80538
> >
>