Incedent report - web hosting - core network

Here we will post network problems, Planned & Unplanned downtime as well as restoration times and other network issues.

Incedent report - web hosting - core network

Postby matt » Thu May 09, 2013 11:22 am

At approximately 9:25pm on 8th of May 2012 a Distributed Denial of Service attack (DDOS) was detected directed toward on of our customers. The attack overwhelmed the ability of the firewall "colo1" to switch packets causing sites hosted behind the "colo1" firewall to become unavailable.

General packet loss was also detect on internet connections due to the flooding of the transit points however Internet connections were operating at reduced capacity.

At 9:32pm the IP address of the target of the DDOS was identified and the traffic was dropped at the transit peers. At that time normal operation traffic rates were restored.

At 9:55pm the router "colo1" became unstable due to a buffer over run condition and rebooted. The overrun was cause by the proceeding DDOS attack. After the reboot of "colo1" at 10:00pm completed all network operations were returned to normal. Investigations of the reboot have resulted in a change to the buffer allocation size on colo1 which we expect will protect it from a future reboot in the case of a DDOS.

Spectrum are undertaking a further review of DDOS protection procedures with our peers.
User avatar
matt
Site Admin
 
Posts: 325
Joined: Thu Apr 09, 2009 11:44 am
Location: George Street Sydney

Return to Service Availability & Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron