30
May
2006
12:35

As promised, here is a more detailed report on yesterday’s DDoS attack. Our network is resilient to most DDoS attacks, and normally rides the traffic surges with no impact on users. Our normal defence is to start giving ICMP errors for the attacked IP address, announcing no route to network, and DDoS attacks normally give up at this stage as they believe they have achieved their aim of knocking out the network.Yesterday’s attack was unusual in that it didn’t stop at this point. This in itself shouldn’t have been a problem. However our main transit provider (AAISP) had installed a new core router on Sunday, and this reacted badly to the prolonged attack, resulting in a BGP flap (BGP is how we announce our routes to the world). This resulted in repeated loss of routing for all Watchfront IP addresses, and our BGP announcements were damped by the rest of the world, slowing the return to normal routing. As always, this has been a learning experience for us, and we hope to avoid similar problems in the future. If anyone would like more information, please call support on 020 7517 4902

Posted by admin

30
May
2006
09:23

We suffered a severe ongoing DDoS attack yesterday afternoon, which resulted in poor to non-existent connectivity for all our customers. Things are back to normal now, and we will post more details when the dust has settled. Apologies for any inconvenience this caused.

Posted by admin

Current Status

    GoodNo current issues

Status Archive