Jump to content


Photo

Icarus Server - Inbound DDoS on 173.248.188.124

Resolved

  • Please log in to reply
3 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 21 April 2013 - 06:21 AM

The IP "173.248.188.124" on the Icarus server has been being hit off and on by decently sized DDoS attacks as of 6:53 AM ET.

The attacks started at around 200 MBPS and have worked their way up to 400 MBPS and they're a combination of TCP SYN floods [HTTP Requests] as well as a DNS Amplification attack on port 53 as well.

Our facility, at this point, has null-routed the IP - we're going to do what we can to restore service to anyone affected.


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 21 April 2013 - 06:40 AM

The IP has been re-routed but I cannot guarantee how long this will be the case. We're working on splitting accounts up across a few IPs to limit the impact of the attack as well as to hopefully identify who is under attack. Due to the nature of the attack, it's hitting the IP itself and isn't clearly making it known which site is being attacked.
  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#3 anup

anup

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 21 April 2013 - 06:42 AM

I just about to open a support ticket. Thanks for the update
  • 0

#4 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 21 April 2013 - 06:44 AM

Absolutely. We'll always do what we can to keep as many people online as possible through attacks but at the end of the day we do have to do what is best for our entire client base and network. When things change, we will update this thread.

These are the graphs from our primary switching gear, bear in mind that our facility has access to more detailed information and will generally be reporting a larger attack flow than we can see.

Posted Image
Posted Image
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users