Page 1 of 1

Elevated Easter attack activity

PostPosted: Wed Apr 24, 2019 04:59 UTC
by dyn
This is from service provider, they are experiencing more-than-usual amount of attacks. Normally they mitigate most of those, we got attacked a few hundred times already over the past years and ~99.9% of those are mitigated. This time others are experiencing problems and it may affect connectivity here and there, until they resolve it.

Elevated Easter attack activity
Apr 21 2019 08:18:00 AM PT

We are observing particularly frequent and large attacks today at most locations, including NYC. When an attack is occurring that saturates one of our upstream links, our system instantly null-routes the target to minimize damage, but a small burst of packet loss is seen by a segment of clients (those whose inbound traffic came over a saturated upstream link).

The primary source of these attacks continues to be Amazon, as they still do not have systems in place to effectively mitigate outbound attack traffic. Some other cloud providers that do not proactively notice abuse and do not quickly handle abuse notifications are also involved, including Oracle, Microsoft, and DO.

We will continue to mitigate these attacks as they are seen. We have been in contact with a couple of these other cloud providers in the past about improvements that need to be implemented on their end to help, and we have been assured by some that improvements are on the way. In locations that can receive upgrades, such as Chicago, we are also in the process of those upgrades, to help on our end with attacks that may occur later on.

Attacks activity typically comes in bursts, and holidays are a favorite time for attackers to launch attacks.

Update @ 7:32pm PDT on 4/23: Nearly all of the impactful attacks over the last 5 days (and in fact, the last several months) have used a provider called Digital Ocean (DO), which is experiencing difficulties with abuse and fraud right now. Attackers are launching attacks directly from their services.

We have asked DO to block traffic to our Chicago location as an emergency stopgap measure while they work on improving their internal systems. We will likely do the same for other locations, including NYC, on Wednesday.

As a test, we have blocked traffic from DO this evening. We expect little collateral damage from this based on our testing, but if you experience problems, it could indicate that you have a service which is connecting to DO infrastructure and will need to be migrated to other hosting. Please contact us with your feedback.

NFO-Elevated Easter attack activity.png

Re: Elevated Easter attack activity

PostPosted: Wed Apr 24, 2019 08:10 UTC
by dyn
For some reason above post was #33333, check viewtopic.php?p=33333#p33333. :)