View Single Post
Old 2016-12-19, 22:55   #1176
Serpentine Vermin Jar
Madpoo's Avatar
Jul 2014

29·113 Posts

Originally Posted by Prime95 View Post
Warning: may be offline some during the next few days.

Our ISP sent us an automated warning that we had triggered too much data traffic to a specific target over a period of time. In other words, we looked like we were part of a ddos attack. When this happened three times, we were knocked offline for 45 minutes.

Unfortunately, madpoo is unavailable until Sunday to do a deep dive into our logs, run anti-virus scans, etc. So if it happens again, we may suffer more 45 minute outages.

I looked at the logs briefly, did a whois on the target, and learned little.
I did finally look into it. The bulk of the traffic came from some IP in Switzerland, of all places.

Unfortunately the colocation provider only said it was TCP traffic, but no port or anything.

Getting blackholed as a target of a DDOS definitely sucks (if that's what it was... I wasn't so sure based on the info they sent). My day job had that happen a few weeks back where, for whatever reason, a DDOS hit our primary website... absolutely no reason whatsoever. I just imagine some script kiddie in mommy's basement saying something about "I did it 4 the lulz".

EDIT: In case you didn't know, an ISP will frequently blackhole (null route) the target of a DDOS in order to protect the rest of their customers. I don't blame them for that, Akamai even had to do that after that *massive* DDOS recently. It just sucks.

Last fiddled with by Madpoo on 2016-12-19 at 22:57
Madpoo is offline   Reply With Quote