Multi ISP DDOS

Martin Hannigan hannigan at renesys.com
Wed May 3 17:10:22 UTC 2006


At 11:52 AM 5/3/2006, Peter Wohlers wrote:

>Martin Hannigan wrote:
> >
> > At 10:11 PM 5/2/2006, Richard A Steenbergen wrote:
> >
> >> On Tue, May 02, 2006 at 06:40:43PM -0700, Tim Pozar wrote:
> >> > UL is seeing a large DDOS coming towards a couple of customers of ours.
> >> >  I know that other ISPs have been affected as well.  I will let them
> >> > identify them selves.
> >> >
> >> > Anyone have any scoop on this?
> >>
> >> A) I don't think anyone knows who UL is by that reference alone (I assume
> >>    you mean united layer).
> >>
> >> B) The DoS target is Livejournal.
> >>
> >> C) As an upstream of an upstream of LJ I'm barely seeing 150Mbps or so of
> >>    it. No indications of exactly how big it is by the time it hits them,
> >>    but at least from my perspective it doesn't seem like a huge attack.
> >>
> >> Hope it stops soon though, a sustained livejournal outage is probably
> >> grounds for at least 4-5 suicides by distraught teenagers who can't blog
> >> about their day. :)
> >
> >
> > Add in the Blue Security DDOS. NSP-SEC must be busy defending DDoS'ers
> > tonight
> > keeping them from helping people defend LiveJournal.
> >
> > Uh. Who let the Frog out?
> >
> > 
> http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss.technology
> >
>
>Blue Security's solution to their DOS was to point their www to their
>Typepad-hosted blog.
>
>apogee:/home/pedro> host www.bluesecurity.com
>www.bluesecurity.com is a nickname for bluesecurity.blogs.com
>bluesecurity.blogs.com has address 204.9.178.61
>apogee:/home/pedro> whois -h whois.arin.net 204.9.178.61
>
>OrgName:    SIX APART LTD
>OrgID:      SAL-48
>[...]
>
>How's that for honorable comportment. We're getting slammed so we're
>gonna make it someone else's problem(and not give them a heads up).


Like Lycos MLNS, I predict we'll see random infrastructure obfuscation,
route changes, hardware moves, etc. and ultimately the end of BS. If
not today, perhaps soon.

It's interesting to watch the equivalent of the battle of
Omaha Beach between two sets of miscreants, one legitimized by
some on nsp-sec, and one legitimized by a commercial DDoS service.


-M<












More information about the NANOG mailing list