ISP Status


Node4 - DDos Attack
2008/Apr/09 09:02 UTC
Type of Announcement: Unplanned Downtime
Description:
At approximately 3:50pm on Tuesday 8th April, one of our customer’s IP addresses was subjected to a  distributed Denial of Service (DDoS) attack.
 
This resulted in intermittent internet access for many customers over a period of approximately 1-2 hours (mainly 2 or 3 short bursts of intermittant performance in this period)
 
Node4's monitoring systems alerted our engineers immediately and we quickly identified the target of the attack and began steps to mitigate the effect on other users. Traffic to the affected site was blocked upstream and our upstream transit providers were instructed to "blackhole" the traffic so that our ingress pipes were not saturated.
 
Timescale of Events
3:50pm: Attack begins
4:00pm: Node4 identify type of attack and begin remedial action
4:15pm: Traffic blocked inbound to Node4 (on our ingress transit links). Requests submitted to upstream providers to blackhole traffic and prevent saturation of ingress links
4:30pm: DDoS attack switched to second IP address. traffic blocked by node4 and request made to upstream providers to block this traffic as well
4:45pm: Upstream providers confirmed traffic was blocked
5:00pm: DDoS moves to 3rd IP address and steps above repeated. Some problems remain with routes from some providers.
5:30pm: Remaining problems with BGP to some providers rectified, network returned to normal.
 
This DDoS attack was a relatively large scale event and sent gigabytes of UDP traffic into our network in a very short space of time
 
DDoS attacks are rare, but when they do happen they are very difficult to protect against without some disruption to service because the traffic (usually UDP) comes from thousands of sources and saturates the inbound connections.
 
Node4 have measures in place to deal with this type of event
as quickly and effectively as possible. We are satisfied that
these procedures were followed properly yesterday and that network downtime was kept to an absolute minimum.
 
We are continuing to work with our upstream providers to further improve our response times to these types of incident and minimise the effect that they have on our network.
 
Node4 Tech Support
Service(s) affected: Internet Access for all users

Feeds: RSS RSS2 Atom Contact