Network Outage - Denial of Service - 1/13/2009
At approximately 18:30 EST (GMT-5) we experienced a sustained 350 Megabit denial of service attack. While this type of thing is not typical it is something that caught us by surprise. Stopping a denial of service attack while still providing service to the shard (which was the target) is not an easy thing to do.
In light of the fact that this attack has caused our datacenter issues they are going to be following up with the FBI as their SLA's have been breached for all clients who were on our switch. This attack affected many businesses who are in our shared datacenter and has already had cost implications in the 10's of thousands of dollars for our provider.
We will be watching for any further attacks however our provider has been able to mitigate the current attack at the border and we are hoping this will be the end of the attacks not only for us but for the actual businesses that are in our datacenter.
If you have any information on who is conducting these attacks, even if it's just "internet names" please feel free to provide them to us as we will be passing any and all information we are able to gather to our provider who will in turn be passing it to the authorities.
The offending subnets are as follows:
160.36.178.0/24 -University of Tennessee
220.92.0.0/14 - APNIC
222.255.96.0/19 - APNIC
66.98.146.0/24 - The Planet
During the time these subnets (and others) were attacking us we went ahead and null routed the shard's IP which means that service to the shard was interrupted. The null route is being lifted and normal access should be restored shortly as routes converge.
Thank you for your support of UOGamers and I am sorry for the outage - it's just one of those things that is completely out of our control.
Thanks,
Ryan
At approximately 18:30 EST (GMT-5) we experienced a sustained 350 Megabit denial of service attack. While this type of thing is not typical it is something that caught us by surprise. Stopping a denial of service attack while still providing service to the shard (which was the target) is not an easy thing to do.
In light of the fact that this attack has caused our datacenter issues they are going to be following up with the FBI as their SLA's have been breached for all clients who were on our switch. This attack affected many businesses who are in our shared datacenter and has already had cost implications in the 10's of thousands of dollars for our provider.
We will be watching for any further attacks however our provider has been able to mitigate the current attack at the border and we are hoping this will be the end of the attacks not only for us but for the actual businesses that are in our datacenter.
If you have any information on who is conducting these attacks, even if it's just "internet names" please feel free to provide them to us as we will be passing any and all information we are able to gather to our provider who will in turn be passing it to the authorities.
The offending subnets are as follows:
160.36.178.0/24 -University of Tennessee
220.92.0.0/14 - APNIC
222.255.96.0/19 - APNIC
66.98.146.0/24 - The Planet
During the time these subnets (and others) were attacking us we went ahead and null routed the shard's IP which means that service to the shard was interrupted. The null route is being lifted and normal access should be restored shortly as routes converge.
Thank you for your support of UOGamers and I am sorry for the outage - it's just one of those things that is completely out of our control.
Thanks,
Ryan