Multi ISP DDOS
pedro at whack.org
Wed May 3 15:52:19 UTC 2006
Martin Hannigan wrote:
> At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
>> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
>> > UL is seeing a large DDOS coming towards a couple of customers of ours.
>> > I know that other ISPs have been affected as well. I will let them
>> > identify them selves.
>> > Anyone have any scoop on this?
>> A) I don't think anyone knows who UL is by that reference alone (I assume
>> you mean united layer).
>> B) The DoS target is Livejournal.
>> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
>> it. No indications of exactly how big it is by the time it hits them,
>> but at least from my perspective it doesn't seem like a huge attack.
>> Hope it stops soon though, a sustained livejournal outage is probably
>> grounds for at least 4-5 suicides by distraught teenagers who can't blog
>> about their day. :)
> Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> keeping them from helping people defend LiveJournal.
> Uh. Who let the Frog out?
Blue Security's solution to their DOS was to point their www to their
apogee:/home/pedro> host www.bluesecurity.com
www.bluesecurity.com is a nickname for bluesecurity.blogs.com
bluesecurity.blogs.com has address 126.96.36.199
apogee:/home/pedro> whois -h whois.arin.net 188.8.131.52
OrgName: SIX APART LTD
How's that for honorable comportment. We're getting slammed so we're
gonna make it someone else's problem(and not give them a heads up).
More information about the NANOG