Host.us DDOS attack -and- related conversations

Robert Webb rwfireguru at gmail.com
Thu Aug 4 16:03:11 UTC 2016 

Looks like ATL01 is down again hard.

Although, as someone else mentioned earlier, IPv6 seems to be just fine.

Robert

On Wed, Aug 3, 2016 at 12:40 PM, Phil Gardner <phil.gardnerjr at gmail.com>
wrote:

> One of my VPS with them is in Atlanta, and while the IPv4 address is
> unresponsive, the IPv6 address is working without issue.
>
>
> On 08/03/2016 11:08 AM, Soon Keat Neo wrote:
> > Back on topic about HostUS, I've been following a thread on LowEndTalk
> > where seemingly Alexander's been updating (
> > https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998)
> -
> > seems like Atlanta and LA are still down ATM based on latest reports -
> > nearly 10 hours now.
> >
> > Tks.
> >
> > Regards,
> > Neo Soon Keat
> >
> >
> >
> > 2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru at gmail.com>:
> >
> >> Apologies to all as the hostname in my subject is incorrect.
> >>
> >> It should be hostus.us...
> >>
> >>
> >>
> >> On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru at gmail.com>
> wrote:
> >>
> >>> Not sure if it is related to the PokemonGO or not. This started around
> >>> 23:00 EDT last night per my monitoring.
> >>>
> >>> Seems like a pretty big attack at 300Gbps and to also temporarily take
> a
> >>> down a Tier 1 POP in a major city.
> >>>
> >>> I was interested as to if this might be a botnet or some type of
> >>> reflection attack.
> >>>
> >>>
> >>> Robert
> >>>
> >>> On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert at pubnix.net>
> >> wrote:
> >>>
> >>>>     Well,
> >>>>
> >>>>
> >>>>     Could it be related to the last 2 days DDoS of PokemonGO (which
> >>>> failed) and some other gaming sites (Blizzard and Steam)?
> >>>>
> >>>>
> >>>>     And on the subject of CloudFlare, I'm sorry for that CloudFlare
> >>>> person that defended their position earlier this week, but there may
> be
> >>>> more hints (unverified) against your statements:
> >>>>
> >>>>         https://twitter.com/xotehpoodle/status/756850023896322048
> >>>>
> >>>>         That could be explored.
> >>>>
> >>>>
> >>>>     On top of which there is hints (unverified) on which is the real
> bad
> >>>> actor behind that new DDoS service:
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml
> >>>>
> >>>>
> >>>>     And I quote:
> >>>>
> >>>>         "One thing LeakedSource staff spotted was that the first
> payment
> >>>> recorded in the botnet's control panel was of $1, while payments for
> the
> >>>> same package plan were of $19.99."
> >>>>
> >>>>         ( Paypal payments btw )
> >>>>
> >>>>
> >>>>     There is enough information, and damages, imho, to start looking
> for
> >>>> the people responsible from a legal standpoint.  And hopefully the
> >>>> proper authorities are interested.
> >>>>
> >>>>     PS:
> >>>>
> >>>>         I will like to take this time to underline the lack of
> >>>> participation from a vast majority of ISPs into BCP38 and the like.
> We
> >>>> need to keep educating them at every occasion we have.
> >>>>
> >>>>         For those that actually implemented some sort of tech against
> >>>> it, you are a beacon of hope in what is a ridiculous situation that
> has
> >>>> been happening for more than 15 years.
> >>>>
> >>>> -----
> >>>> Alain Hebert                                ahebert at pubnix.net
> >>>> PubNIX Inc.
> >>>> 50 boul. St-Charles
> >>>> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> >>>> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
> >>>>
> >>>> On 08/03/16 09:41, Robert Webb wrote:
> >>>>> Anyone have any additonal info on a DDOS attack hitting host.us?
> >>>>>
> >>>>> Woke up to no email this morning and the following from their web
> >> site:
> >>>>>
> >>>>>
> >>>>>
> >>>>> *Following an extortion attempt, HostUS is currently experiencing
> >>>> sustained
> >>>>> large-scale DDOS attacks against a number of locations. The attacks
> >> were
> >>>>> measured in one location at 300Gbps. In another location the attacks
> >>>>> temporarily knocked out the entire metropolitan POP for a Tier-1
> >>>> provider.
> >>>>> Please be patient. We will return soon. Your understanding is
> >>>> appreciated.
> >>>>>   *
> >>>>>
> >>>>>
> >>>>> >From my monitoring system, looks like my VPS went unavailable around
> >>>> 23:00
> >>>>> EDT last night.
> >>>>>
> >>>>> Robert
> >>>>>
> >>>>
> >>>>
> >>>
> >>
>
> --
> Phil Gardner
> PGP Key ID 0xFECC890C
> OTR Fingerprint 6707E9B8 BD6062D3 5010FE8B 36D614E3 D2F80538
>

More information about the NANOG mailing list