nanog mailing list archives
Re: Host.us DDOS attack -and- related conversations
From: Soon Keat Neo <neo () soonke at>
Date: Wed, 3 Aug 2016 23:08:53 +0800
Back on topic about HostUS, I've been following a thread on LowEndTalk where seemingly Alexander's been updating ( https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998) - seems like Atlanta and LA are still down ATM based on latest reports - nearly 10 hours now. Tks. Regards, Neo Soon Keat 2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru () gmail com>:
Apologies to all as the hostname in my subject is incorrect. It should be hostus.us... On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru () gmail com> wrote:Not sure if it is related to the PokemonGO or not. This started around 23:00 EDT last night per my monitoring. Seems like a pretty big attack at 300Gbps and to also temporarily take a down a Tier 1 POP in a major city. I was interested as to if this might be a botnet or some type of reflection attack. Robert On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert () pubnix net>wrote:Well, Could it be related to the last 2 days DDoS of PokemonGO (which failed) and some other gaming sites (Blizzard and Steam)? And on the subject of CloudFlare, I'm sorry for that CloudFlare person that defended their position earlier this week, but there may be more hints (unverified) against your statements: https://twitter.com/xotehpoodle/status/756850023896322048 That could be explored. On top of which there is hints (unverified) on which is the real bad actor behind that new DDoS service:http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtmlAnd I quote: "One thing LeakedSource staff spotted was that the first payment recorded in the botnet's control panel was of $1, while payments for the same package plan were of $19.99." ( Paypal payments btw ) There is enough information, and damages, imho, to start looking for the people responsible from a legal standpoint. And hopefully the proper authorities are interested. PS: I will like to take this time to underline the lack of participation from a vast majority of ISPs into BCP38 and the like. We need to keep educating them at every occasion we have. For those that actually implemented some sort of tech against it, you are a beacon of hope in what is a ridiculous situation that has been happening for more than 15 years. ----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 08/03/16 09:41, Robert Webb wrote:Anyone have any additonal info on a DDOS attack hitting host.us? Woke up to no email this morning and the following from their website:*Following an extortion attempt, HostUS is currently experiencingsustainedlarge-scale DDOS attacks against a number of locations. The attacksweremeasured in one location at 300Gbps. In another location the attacks temporarily knocked out the entire metropolitan POP for a Tier-1provider.Please be patient. We will return soon. Your understanding isappreciated.*From my monitoring system, looks like my VPS went unavailable around23:00EDT last night. Robert
Current thread:
- Host.us DDOS attack Robert Webb (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Alain Hebert (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Robert Webb (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Robert Webb (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Soon Keat Neo (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Robert Webb (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Christopher Morrow (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Phil Gardner (Aug 04)
- Re: Host.us DDOS attack -and- related conversations Robert Webb (Aug 04)
- Re: Host.us DDOS attack -and- related conversations Christopher Morrow (Aug 04)
- Re: Host.us DDOS attack -and- related conversations Robert Webb (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Alain Hebert (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Alain Hebert (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Ca By (Aug 03)
- Re: Host.us DDOS attack -and- related conversations Mike Hammett (Aug 03)