recent ddos on nyc

[sylar]

Hey guys, sorry to re-ignite the fire here. I appreciate that you guys worked hard over the weekend to deal with these people. but these kinds of attacks are happening too frequently these days and it concerns me/frustrates me. How are they able to take out datacenter offline? (thats what I am assuming since they mention internap in there quite a few times)

[soja]

They overload the links Internap has to the rest of the net. Since this effects other Internap customers, it is in Internaps best interest to limit NFOs bandwdith so that is they do get attacked again, it wont effect other customers.

This limitation means NFO has access to less bandwidth, and is thus more susceptible to the every day attacks that usually DON'T effect you.

[kraze]

Hey guys, sorry to re-ignite the fire here. I appreciate that you guys worked hard over the weekend to deal with these people. but these kinds of attacks are happening too frequently these days and it concerns me/frustrates me. How are they able to take out datacenter offline? (thats what I am assuming since they mention internap in there quite a few times)

Generally when we post that an attack has taken out Internap is means that the attack flooded out their upstream connections, At most data centers this actually somewhat of a feat as you're talking 40Gbps+ attacks.

The unfortunate fact is that it is becoming easier and easier to launch these large attacks while fighting them is becoming very hard and expensive.

We definitely understand your frustration, it definitely frustrates us and we appreciate our customers bearing with us as we work diligently to resolve these issues. Even though we've gotten a good break today, we haven't forgot and will continue processing upgrades on our side along with Internap's side.

Looking on the bright side, these attacks have exposed a weakness, a weakness which is being addressed and once addressed will unlikely become a problem again, at least for a very long time.

I also feel that these attacks showed our customers how well NFO handles. During these attacks we were in continuous communication with our customers via the events log in your control panel, detailing every minute detail and explaining how we're working on resolving everything. Our support staff was here and fielding questions/concerns for and customers while keeping our average response time under 10 minutes(This alone is unheard of in this industry).

[soja]

Yeah I was just discussing that even though it sucks, at least the upgrades happen now, and not when NFO is 2x the size and even more customers are effected. Hope it all works out, and NFO can provide better service as a result of the upgrades

[Madhavok]

The attacks were at other servers today, and to name off some of them, League of Legends (NA, EU, Ocean), DotA2, World of Warcraft (Battle.net NA), Club Penguin, and EA.

There has been a group gaining popularity fast by attacking games that the popular Twitch streamer PhantomL0rd was playing, which cause his streamers to follow the group on Twitter. They are openly making tweets about taking down servers, and during the attacks on the servers here, were even calling out TimeX on the tweets.

They have shown that they can take down almost whatever they want, they even took down a Korean news website, and they claimed that all internet in North Korea was down due to the attack. (Not sure how true this is, I didn't see any proof.)

They take requests to DDoS servers and they target random servers along the way. A gaming community (U Rock) had (I believe) 12 BF4 servers, and they posted a screenshot from their website of all 12 of them offline.

They claim their goal is "for the lulz" and adressed their dislike for money hungry companies.

IGN has an article posted about the whole attack here.

I have been following this closely to see where they are headed next, and what they have been doing.

EDIT:
I would also like to say that the streamer was almost arrested because from I believe one of the Derp members called the streamers' local police department and said that he was holding 5 people hostages. He has a video of the cops and was just streaming what happened after, recapping all the events. He even said that one of them had an automatic rifle pointed at him.

[Edge100x]

Internap is one of the best hosts in terms of capabilities for handling DDoS attacks, as we've seen today. When these guys attacked Blizzard with the same sort of attack they hit us with, the entire AT&T network on the west coast had problems, which tells you something about how big it really was. LoL is also hosted with Internap in LA and Internap did their best for them there.

The upgrades that we and Internap are performing will strengthen our capabilities. Fighting DDoS attacks is always an arms race that neither side really wins, but we should be able to get back to a point where most attacks can be filtered again, instead of requiring null-routes.

[sylar]

Hey John, by upgrades to you mean better connection?

@Kraze, could you explain more about this?
Looking on the bright side, these attacks have exposed a weakness, a weakness which is being addressed and once addressed will unlikely become a problem again, at least for a very long time

[kraze]

Hey John, by upgrades to you mean better connection?

@Kraze, could you explain more about this?
Looking on the bright side, these attacks have exposed a weakness, a weakness which is being addressed and once addressed will unlikely become a problem again, at least for a very long time

By upgrades he means larger connections or fatter pipes if that makes more sense.

The weakness, may not be an actual weakness but I was referring to us nor Internap expecting to receive such large attacks.

[Edge100x]

By upgrades, I mean larger pipes, mostly. We're doubling our connections to Internap at several locations, for instance, and Internap is upgrading NSP links and internal links on their side.

[soja]

Hey John, by upgrades to you mean better connection?

@Kraze, could you explain more about this?
Looking on the bright side, these attacks have exposed a weakness, a weakness which is being addressed and once addressed will unlikely become a problem again, at least for a very long time

I don't like to speak for people, but from my understanding, upgrades mean more bandwidth available(for the dc and NFO(in Chicago)).

As for what Kraze said, I think he means the weakness in the network allowing these attacks to cause issues for all clients in a particular location.

EDIT: John beat me to it xD

[TacTicToe]

Just looked thru that twitter feed for the first time. What a bunch of bastards. Funny how it seems NFO is the only GSP they seem to be trolling in their tweets. I know I had a event posted to me about a DDoS on my machine in Atlanta. Fortunately I wasn't around when it happpened, so I wasnt even aware it happened. NFO was right on it.

Why are they making fun of the null routing not being effective? Do they know something we don't?

[soja]

Null routing is exactly what they want. They don't want to take down NFO(but they don't care if they do), they want to take down the host. A null route means they were sucessfull and they don't even need to continue to DDOS and the server will stay down.