Business 2 DDoS
-
Wednesday, 20th May, 2015
-
16:53pm
20 May 2015: 5.15pm
We have managed to narrow down the source of the attack to one IP belonging to one account on the server that is routed through cloudlfare. We have null routed the IP so at this time all websites bar one are on line.
We are notifying this one client and will work with this client to bring his site back when we feel it is safe to do so.
We are also working with the networking team to analyse the attack to see why our DDoS scrubbing devices did not scrub the attack in this instance before it reached the switch. Whatever form this attack took we will update our Arbor templates accordingly to protect in future.
=====================================================
20 May 2015: 4.53pm
We are currently working to mitigate an attack directed against Business 2 that our Arbor networks DDoS appliances are not scrubbing. The port is saturated with traffic and the server is unstable.
We are waiting for a remote hands technician to connect up a KVM session so we can analyse the traffic and make relevant changes to our DDoS Scrubbing to compensate.
The KVM has a 25 minute connect time and we will work with absolute priority on this the moment we have it connected.
Unfortuantely DDoS attacks are common in the industry and in this instance the mitigation we have in place is not scrubbing this particular attack.
