Unscheduled Outage:: DOS attack

For about 20 minutes this morning users may have noticed that connection speeds / response times from some servers were slower than normal.
This was due to a denial of service attack the details of which are outlined below.
Timeline: 08:15am till 08:38am
Location: DEG, Blacknight Dub1 data centre
Problem and Resolution:
At approx 4am this morning a client machine started spewing data out of our network. At this time the traffic was not significant enough to trigger any alarms or cause any downtime.
At approx 8:15am this morning, a second attack started from the same machine with a significant increase in traffic. This traffic was tiny UDP datagrams aimed at an external host. The sheer volume of packets overloaded the CPU in the primary Firewall and as such it was dropping large numbers of packets.
We disabled the switch port that this machine was attached to and network flow resumed. We took preventative measures on the routers facing the customer machine to filter traffic from hitting the firewalls. We then re-enabled this customer port and logged into the machine to diagnose the issue.
The machine has since been removed from the network and is being examined by our security team.

About the Author: Michele Neylon

Known for his outspoken opinions on technology and the Internet, Michele Neylon is the award winning author of several blogs and co-host of the Technology.ie podcast. A thought leader in the Internet community, Neylon is active within ICANN and an expert on policy, security, domains, ICANN, Nominet and Internet Governance. You can stalk him on various social media networks including Twitter and Instagram

2 Comments

Louie August 7, 2007 at 21:51

gldd you have sorted out quickly and efficiently.
Fair play to you guys.
Michele Neylon August 7, 2007 at 23:37

Louie
We try to keep as close an eye as possible on these things 🙂
Michele