Scott Posted March 31, 2016 Report Share Posted March 31, 2016 In the last hour, we experienced two periods of degraded service due to two different DDoS attacks targeting other clients in our data center. In both cases, all servers remained online, however some connections were dropped at the network level, or delayed longer than usual. In both cases, the attack was mitigated within moments and full connectivity was restored and confirmed at Pingdom in less than 10 minutes. Attack 1:At 5:23pm EST our monitoring detected increased packet loss to multiple servers. Our administrators believed this to be a DDoS attack and confirmed this fact with our data center.At 5:30pm EST full connectivity appeared restored after our data center mitigated the DDoS attack by null routing the targets of the attack. Attack 2:At 5:43pm EST we noticed packet loss and connectivity issues to all servers again.At 5:47pm EST full connectivity was restored. As we were not the target of the attacks, we don't have many other details. We will continue to monitor connectivity and report any issues or news here. As always, feel free to ask general questions below. Questions specific to your account, or if you think your account may still be impacted by this, should be directed to technical support. For more information regarding DDoS (Distributed Denial of Service) attacks, please see:https://en.wikipedia.org/wiki/Denial-of-service_attack Quote Link to comment Share on other sites More sharing options...
Scott Posted March 31, 2016 Author Report Share Posted March 31, 2016 We have two new pieces of info regarding the attacks:They were in the range of 25gbps The target(s) were unrelated to previous attacks and each other. Quote Link to comment Share on other sites More sharing options...
HoustonBrooke Posted March 31, 2016 Report Share Posted March 31, 2016 Good to know, thanks. I noticed the sites go down when it happened and wondered why. Quote Link to comment Share on other sites More sharing options...
SarisIsop Posted April 1, 2016 Report Share Posted April 1, 2016 Thank you for keeping us informed Scott Quote Link to comment Share on other sites More sharing options...
Scott Posted April 4, 2016 Author Report Share Posted April 4, 2016 We did have another DDoS incident today. This time, 60gpbp. While all servers remained online, they were largely unreachable due to high latency and approximately 75% packet loss. The timeline is as follows: 7:52PM EST: External monitoring high levels of packet loss and dropped connections.8:18PM EST: External monitoring showed all services back online with no packet loss or abnormal latency. Once again, the target of the DDoS was located in our datacenter, but is not a client or server we control. Quote Link to comment Share on other sites More sharing options...
PhilD13 Posted April 6, 2016 Report Share Posted April 6, 2016 Looks like the data center needs to upstream the issue of blocking to their carriers and also move the client(s) that have the issue recurring out of the main datacenter. Quote Link to comment Share on other sites More sharing options...
Scott Posted April 6, 2016 Author Report Share Posted April 6, 2016 Looks like the data center needs to upstream the issue of blocking to their carriers and also move the client(s) that have the issue recurring out of the main datacenter. They've already taken proactive measures to reduce the chance (and effect) of this recurring with the same clients. Unfortunately, when it rains, it pours... which is to say that there seems to have been some bad luck in this same type of issue recurring a few times recently. We've gone for very long stretches of time without DC level issues like this from them. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.