Jump to content


Photo

DDoS Attack on Echo / 173.248.188.110

Resolved

  • Please log in to reply
25 replies to this topic

#21 bluemartian

bluemartian

    Newbie

  • Members
  • Pip
  • 5 posts
  • Gender:Male
  • Location:Cumberland, Maryland, USA

Posted 20 February 2014 - 02:08 PM

If you set your domain to our nameservers there is nothing for you to do but to wait for your IP to be changed and DNS propagation to happen.

Again - if you are not using our nameservers and you are using third party DNS - you would know this and, as such, wouldn't have any questions. If you don't know - then you're most likely not using third party DNS because third party DNS is a technical process that requires a good understanding of DNS.

 

 

Thanks for the info, Mike. I am familiar with what I call "third party DNS" - Google Public DNS and OpenDNS, both of which I have used in the past, although now I am currently using Level3 as I discovered that OpenDNS takes forever to update. My sites have been back up for a good while now, so I'm assuming you are talking about something else when you refer to "third party DNS." Whatever it is, I much appreciate all your hard work! Thanks.


  • 0

#22 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 20 February 2014 - 06:39 PM

Thanks for the info, Mike. I am familiar with what I call "third party DNS" - Google Public DNS and OpenDNS, both of which I have used in the past, although now I am currently using Level3 as I discovered that OpenDNS takes forever to update.

Not what I meant - I am not talking about for your resolvers. I am talking about for your domains.

It's one of two things:
1. You updated your nameservers at your domain registrar to point to our nameservers. [Likely]
2. You are using your registrar's nameservers or a third party DNS service like DNSMadeEasy and have configured all of your DNS zones manually. [Unlikely] <- If you did this, you would know.

My sites have been back up for a good while now, so I'm assuming you are talking about something else when you refer to "third party DNS." Whatever it is, I much appreciate all your hard work! Thanks.

Aye, sorry I'm running on no sleep so what I have in my head isn't necessarily making it to the forums the way I intended it.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#23 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 20 February 2014 - 10:14 PM

The attack has shifted to the IP '173.248.187.21'.

Some customers will be offline - we're working on it.
Correction - it shifted to '173.248.188.167'
 
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#24 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 20 February 2014 - 10:35 PM

I've gotten with our facility and they believe they can filter this attack completely but it may take ~60 minutes to get the filtration in place. Until this happens the sites on '173.248.188.167' will remain offline to maintain server and network stability. If we bring this IP back online prior to the filtration it will take the entire server [and likely our entire network] offline.

Understand if this attack grows substantially the filtration will not be sufficient [i.e. at some point it will begin to degrade the entire network] - if this happens those on the affected IP would remain offline but we're hoping not to get to that point.
  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#25 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 20 February 2014 - 11:32 PM

The filtration is almost in place, ETA ~10 minutes.

 

We're changing some of our routing as well to route our traffic exclusively through the 10GBPS links so that, with luck, it won't overwhelm any links and we can keep everybody online through the attack.


  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#26 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 20 February 2014 - 11:40 PM

The filtration is in place, all sites are now back online.

 

If this attack mutates or grows substantially there is a possibility we will not be able to keep it filtered but we will obviously do our absolute best.


  • 1
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users