BACK UP

OTB–and most of the other blogs on HostingMatters–was down starting early yesterday evening until some time this morning. All appears well now.

Update (0904): HM has the explanation:

On October 16 beginning at 1950 Eastern we suffered a denial of service attack. On October 17 at 0042 traffic was returned after work by the Peak10 security and abuse teams and assistance from AT&T network engineers.

The particulars of the attack:

The attack appears to have been directed at a site hosted on clotho. A graphical representation of the attack itself can be seen here:

http://www.hostmatters.com/images/dos_oct162003.jpg

This is just before the inbound traffic became severe enough that the data collector was unable to retrieve further data. Total saturation at the highest inbound rate was 150 Mps; sustained inbound saturation was 85 Mps.

At this time, and until further notice, ICMP has been filtered to our network. This means that pings to any site within our network will not receive a response. This is not indicative of a site or server being inaccessible.

As clotho was the target of the directed attack, we instructed the NOC team to filter all traffic bound for the clotho IP. At this time, we are changing the IPs on clotho and all sites on that server EXCEPT for the site we believe to have been the target of this attack. That site will be moved to another network entirely, away from our main presence at Peak10. Clients with sites on clotho will be notified to the best of our ability regarding the IP changes. Zone file changes will be done locally by us and no action is required on the part of any client unless self-managed DNS settings are in use.

Fun, fun, fun.

FILED UNDER: OTB History
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. 5r1p7 k1dd135 d0n7 g3t n0 g1rl5
    Sorry, couldn’t resist. I’m sure that I’m the last one to note this, but even this little blog was affected…

  2. Hosting Matters Attacked
    James Joyner has more information on the Denial of Service attack on Hosting Matters Thursday night-Friday morning. This was the reason my blog was down (among others including Instapundit.) The attack was apparently political in nature. An Israeli sit…