Multi ISP DDOS
Peter Wohlers
pedro at whack.org
Wed May 3 15:52:19 UTC 2006
Martin Hannigan wrote:
>
> At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
>
>> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
>> > UL is seeing a large DDOS coming towards a couple of customers of ours.
>> > I know that other ISPs have been affected as well. I will let them
>> > identify them selves.
>> >
>> > Anyone have any scoop on this?
>>
>> A) I don't think anyone knows who UL is by that reference alone (I assume
>> you mean united layer).
>>
>> B) The DoS target is Livejournal.
>>
>> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
>> it. No indications of exactly how big it is by the time it hits them,
>> but at least from my perspective it doesn't seem like a huge attack.
>>
>> Hope it stops soon though, a sustained livejournal outage is probably
>> grounds for at least 4-5 suicides by distraught teenagers who can't blog
>> about their day. :)
>
>
> Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> tonight
> keeping them from helping people defend LiveJournal.
>
> Uh. Who let the Frog out?
>
> http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss.technology
>
Blue Security's solution to their DOS was to point their www to their
Typepad-hosted blog.
apogee:/home/pedro> host www.bluesecurity.com
www.bluesecurity.com is a nickname for bluesecurity.blogs.com
bluesecurity.blogs.com has address 204.9.178.61
apogee:/home/pedro> whois -h whois.arin.net 204.9.178.61
OrgName: SIX APART LTD
OrgID: SAL-48
[...]
How's that for honorable comportment. We're getting slammed so we're
gonna make it someone else's problem(and not give them a heads up).
--
Peter Wohlers
More information about the NANOG
mailing list