ARIN down?

• Previous message (by thread): ARIN down?
• Next message (by thread): ARIN down?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You’d think with all the money they collect, they’d have permanent DDOS mitigation in place. Time for them to call BlackLotus :)

 -mel

> On Mar 25, 2016, at 9:46 PM, David Conrad <drc at virtualized.org> wrote:
> 
> Yep, they're under another DDoS attack:
> 
>> Begin forwarded message:
>> 
>> From: ARIN <info at arin.net>
>> Subject: [arin-announce] ARIN DDoS Attack
>> Date: March 25, 2016 at 1:31:34 PM PDT
>> To: arin-announce at arin.net
>> 
>> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against ARIN. This was and continues to be a sustained attack against our provisioning services, email, and website. We initiated our DDoS mitigation plan and are in the process of mitigating various types of attack traffic patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, IRR, and RPKI repository services) are not affected by this attack and are operating normally.
>> 
>> We will announce an all clear 24 hours after the attacks have stopped.
>> 
>> Regards,
>> 
>> Mark Kosters
>> Chief Technology Officer
>> American Registry for Internet Numbers (ARIN)
>> _______________________________________________
> 
> 
> Regards,
> -drc
> 
>> On Mar 25, 2016, at 9:43 PM, Mel Beckman <mel at beckman.org> wrote:
>> 
>> I haven’t been able to connect to http://arin.net for several hours, but was able to open a ticket this morning. I’ve tried from several different networks, all roads seem to lead to the same place, with packets dropping at the NTT interface 129.250.196.154. e.g.:
>> 
>> $ traceroute arin.net<http://arin.net>
>> traceroute: Warning: arin.net<http://arin.net> has multiple addresses; using 199.43.0.44
>> traceroute to arin.net<http://arin.net> (199.43.0.44), 64 hops max, 52 byte packets
>> 1  l100.lsanca-vfttp-106.verizon-gni.net<http://l100.lsanca-vfttp-106.verizon-gni.net> (98.112.74.1)  5.992 ms  4.865 ms  4.943 ms
>> 2  172.102.106.24 (172.102.106.24)  9.962 ms  9.723 ms  12.242 ms
>> 3  ae2-0.lax01-bb-rtr2.verizon-gni.net<http://ae2-0.lax01-bb-rtr2.verizon-gni.net> (130.81.22.238)  29.982 ms *
>>   so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net<http://so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net> (130.81.151.248)  9.428 ms
>> 4  0.ae6.br1.lax15.alter.net<http://ae6.br1.lax15.alter.net> (140.222.225.137)  9.806 ms * *
>> 5  ae-7.r01.lsanca20.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.8.85)  10.409 ms
>>   0.ae6.br1.lax15.alter.net<http://ae6.br1.lax15.alter.net> (140.222.225.137)  19.783 ms  9.757 ms
>> 6  ae-7.r01.lsanca20.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.8.85)  10.292 ms  9.357 ms  12.291 ms
>> 7  ae-17.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.4.207)  22.541 ms
>>   ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.196.153)  72.412 ms
>>   ae-17.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.4.207)  22.167 ms
>> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.196.153)  72.510 ms  74.590 ms  72.258 ms
>> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net<http://us.ce.gin.ntt.net> (129.250.196.154)  69.960 ms *  70.930 ms
>> 10  * * *
>> 11  * * *
>> 
>> $ traceroute www.arin.net<http://www.arin.net>
>> traceroute: Warning: www.arin.net<http://www.arin.net> has multiple addresses; using 199.43.0.43
>> traceroute to www.arin.net<http://www.arin.net> (199.43.0.43), 64 hops max, 40 byte packets
>> 1  router1.sb.becknet.com<http://router1.sb.becknet.com> (206.83.0.1)  1.010 ms  0.420 ms  0.536 ms
>> 2  206-190-77-9.static.twtelecom.net<http://206-190-77-9.static.twtelecom.net> (206.190.77.9)  3.983 ms  0.732 ms  0.686 ms
>> 3  64-129-238-182.static.twtelecom.net<http://64-129-238-182.static.twtelecom.net> (64.129.238.182)  2.760 ms lax2-pr2-xe-1-3-0-0.us.twtelecom.net<http://lax2-pr2-xe-1-3-0-0.us.twtelecom.net> (66.192.241.218)  2.816 ms 64-129-238-186.static.twtelecom.net<http://64-129-238-186.static.twtelecom.net> (64.129.238.186)  18.203 ms
>> 4  4.68.71.137 (4.68.71.137)  3.245 ms  2.877 ms  2.889 ms
>> 5  * * *
>> 6  ae-28.r00.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.9.93)  3.731 ms  3.483 ms  3.850 ms
>> 7  ae-3.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.5.29)  3.517 ms  3.433 ms  3.458 ms
>> 8  ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> (129.250.196.153)  69.503 ms  68.021 ms  68.072 ms
>> 9  ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net<http://us.ce.gin.ntt.net> (129.250.196.154)  67.075 ms  67.102 ms  67.122 ms
>> 10  * * *
>> 11  * * *
>> 
>> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this is a recurrence?
>> 
>> -mel
> 

• Previous message (by thread): ARIN down?
• Next message (by thread): ARIN down?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]