Host.us DDOS attack -and- related conversations

Phil Gardner phil.gardnerjr at gmail.com
Wed Aug 3 16:40:11 UTC 2016


One of my VPS with them is in Atlanta, and while the IPv4 address is
unresponsive, the IPv6 address is working without issue.


On 08/03/2016 11:08 AM, Soon Keat Neo wrote:
> Back on topic about HostUS, I've been following a thread on LowEndTalk
> where seemingly Alexander's been updating (
> https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998) -
> seems like Atlanta and LA are still down ATM based on latest reports -
> nearly 10 hours now.
> 
> Tks.
> 
> Regards,
> Neo Soon Keat
> 
> 
> 
> 2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru at gmail.com>:
> 
>> Apologies to all as the hostname in my subject is incorrect.
>>
>> It should be hostus.us...
>>
>>
>>
>> On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru at gmail.com> wrote:
>>
>>> Not sure if it is related to the PokemonGO or not. This started around
>>> 23:00 EDT last night per my monitoring.
>>>
>>> Seems like a pretty big attack at 300Gbps and to also temporarily take a
>>> down a Tier 1 POP in a major city.
>>>
>>> I was interested as to if this might be a botnet or some type of
>>> reflection attack.
>>>
>>>
>>> Robert
>>>
>>> On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert at pubnix.net>
>> wrote:
>>>
>>>>     Well,
>>>>
>>>>
>>>>     Could it be related to the last 2 days DDoS of PokemonGO (which
>>>> failed) and some other gaming sites (Blizzard and Steam)?
>>>>
>>>>
>>>>     And on the subject of CloudFlare, I'm sorry for that CloudFlare
>>>> person that defended their position earlier this week, but there may be
>>>> more hints (unverified) against your statements:
>>>>
>>>>         https://twitter.com/xotehpoodle/status/756850023896322048
>>>>
>>>>         That could be explored.
>>>>
>>>>
>>>>     On top of which there is hints (unverified) on which is the real bad
>>>> actor behind that new DDoS service:
>>>>
>>>>
>>>>
>>>>
>> http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml
>>>>
>>>>
>>>>     And I quote:
>>>>
>>>>         "One thing LeakedSource staff spotted was that the first payment
>>>> recorded in the botnet's control panel was of $1, while payments for the
>>>> same package plan were of $19.99."
>>>>
>>>>         ( Paypal payments btw )
>>>>
>>>>
>>>>     There is enough information, and damages, imho, to start looking for
>>>> the people responsible from a legal standpoint.  And hopefully the
>>>> proper authorities are interested.
>>>>
>>>>     PS:
>>>>
>>>>         I will like to take this time to underline the lack of
>>>> participation from a vast majority of ISPs into BCP38 and the like.  We
>>>> need to keep educating them at every occasion we have.
>>>>
>>>>         For those that actually implemented some sort of tech against
>>>> it, you are a beacon of hope in what is a ridiculous situation that has
>>>> been happening for more than 15 years.
>>>>
>>>> -----
>>>> Alain Hebert                                ahebert at pubnix.net
>>>> PubNIX Inc.
>>>> 50 boul. St-Charles
>>>> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
>>>> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
>>>>
>>>> On 08/03/16 09:41, Robert Webb wrote:
>>>>> Anyone have any additonal info on a DDOS attack hitting host.us?
>>>>>
>>>>> Woke up to no email this morning and the following from their web
>> site:
>>>>>
>>>>>
>>>>>
>>>>> *Following an extortion attempt, HostUS is currently experiencing
>>>> sustained
>>>>> large-scale DDOS attacks against a number of locations. The attacks
>> were
>>>>> measured in one location at 300Gbps. In another location the attacks
>>>>> temporarily knocked out the entire metropolitan POP for a Tier-1
>>>> provider.
>>>>> Please be patient. We will return soon. Your understanding is
>>>> appreciated.
>>>>>   *
>>>>>
>>>>>
>>>>> >From my monitoring system, looks like my VPS went unavailable around
>>>> 23:00
>>>>> EDT last night.
>>>>>
>>>>> Robert
>>>>>
>>>>
>>>>
>>>
>>

-- 
Phil Gardner
PGP Key ID 0xFECC890C
OTR Fingerprint 6707E9B8 BD6062D3 5010FE8B 36D614E3 D2F80538



More information about the NANOG mailing list