Re: Host.us DDOS attack -and- related conversations

[Soon Keat Neo <neo () soonke at>]

Back on topic about HostUS, I've been following a thread on LowEndTalk
where seemingly Alexander's been updating (
https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998) -
seems like Atlanta and LA are still down ATM based on latest reports -
nearly 10 hours now.

Tks.

Regards,
Neo Soon Keat



2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru () gmail com>:

> Apologies to all as the hostname in my subject is incorrect.
>
> It should be hostus.us...
>
>
>
> On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru () gmail com> wrote:
>
> > Not sure if it is related to the PokemonGO or not. This started around
> > 23:00 EDT last night per my monitoring.
> >
> > Seems like a pretty big attack at 300Gbps and to also temporarily take a
> > down a Tier 1 POP in a major city.
> >
> > I was interested as to if this might be a botnet or some type of
> > reflection attack.
> >
> >
> > Robert
> >
> > On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert () pubnix net>
> wrote:
> > >     Well,
> > >
> > >
> > >     Could it be related to the last 2 days DDoS of PokemonGO (which
> > > failed) and some other gaming sites (Blizzard and Steam)?
> > >
> > >
> > >     And on the subject of CloudFlare, I'm sorry for that CloudFlare
> > > person that defended their position earlier this week, but there may be
> > > more hints (unverified) against your statements:
> > >
> > >         https://twitter.com/xotehpoodle/status/756850023896322048
> > >
> > >         That could be explored.
> > >
> > >
> > >     On top of which there is hints (unverified) on which is the real bad
> > > actor behind that new DDoS service:
> http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml
> > >     And I quote:
> > >
> > >         "One thing LeakedSource staff spotted was that the first payment
> > > recorded in the botnet's control panel was of $1, while payments for the
> > > same package plan were of $19.99."
> > >
> > >         ( Paypal payments btw )
> > >
> > >
> > >     There is enough information, and damages, imho, to start looking for
> > > the people responsible from a legal standpoint.  And hopefully the
> > > proper authorities are interested.
> > >
> > >     PS:
> > >
> > >         I will like to take this time to underline the lack of
> > > participation from a vast majority of ISPs into BCP38 and the like.  We
> > > need to keep educating them at every occasion we have.
> > >
> > >         For those that actually implemented some sort of tech against
> > > it, you are a beacon of hope in what is a ridiculous situation that has
> > > been happening for more than 15 years.
> > >
> > > -----
> > > Alain Hebert                                ahebert () pubnix net
> > > PubNIX Inc.
> > > 50 boul. St-Charles
> > > P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> > > Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
> > >
> > > On 08/03/16 09:41, Robert Webb wrote:
> > > > Anyone have any additonal info on a DDOS attack hitting host.us?
> > > >
> > > > Woke up to no email this morning and the following from their web
> site:
> > > > *Following an extortion attempt, HostUS is currently experiencing
> > > sustained
> > > > large-scale DDOS attacks against a number of locations. The attacks
> were
> > > > measured in one location at 300Gbps. In another location the attacks
> > > > temporarily knocked out the entire metropolitan POP for a Tier-1
> > > provider.
> > > > Please be patient. We will return soon. Your understanding is
> > > appreciated.
> > > >   *
> > > >
> > > >
> > > > > From my monitoring system, looks like my VPS went unavailable around
> > > 23:00
> > > > EDT last night.
> > > >
> > > > Robert