This is the cause of the lag copied from event logs posted by the server administrators. Re: DDoSes in Chicago (Mar 18 2011 02:14:19 PM PT) - We saw another DDoS in Chicago at approximately 4pm CDT today. The attack from yesterday is still blocked, and this one is against a different IP at this location. We are having InterNAP look into this again, but since it is already over (it lasted around 10 minutes), and they weren't able to respond quickly enough (we called them immediately, but a tier 2 did not answer), we may need to wait for the next attack to have enough information to block it or null-route the customer involved.
As always, we'll stay on this and continue to monitor the situation.
Re: DDoSes in Chicago (Mar 17 2011 07:19:22 PM PT) - Another large-scale DDoS (actually, a DRDoS, more specifically) occurred in Chicago at approximately 8:47pm CDT, and continuing through the time of this posting. We were able to catch this one in the act and InterNAP has added a filter for us to block traffic to the affected customer at approximately 10 minutes into the attack. You should not see further effects from this tonight.
Re: DDoSes in Chicago (Mar 17 2011 06:07:50 PM PT) - We saw a brief 3-minute-long DDoS in Chicago again tonight at approximately 7:45pm CDT. It didn't last long enough for us to pin down the sources or destination, but we are monitoring the situation carefully and have InterNAP standing by to help us in immediately applying an ACL or null route if another attack occurs tonight.
DDoSes in Chicago (Mar 16 2011 08:20:54 PM PT) - We've been hit with a couple of very large DDoSes in Chicago tonight that have led to packet loss and higher-than-normal latencies for servers at this location. An attack isn't currently occurring, but we are carefully monitoring the situation and will respond immediately to try to block any further one that we see.
The nature of DDoSes is that they are fundamentally unpredictable and we can only respond after they've started (by having our upstream block the particular attack on their side), but we always do so as quickly as possible, in order to minimize downtime.
So yea that pretty much sums it all up.
|