Let’s face it – the world tends to be a very hostile environment and the internet is not much different. From viruses and trojans to distruption of service attacks – it happens all day every day and it is only a matter of time before it affects you. I have personally dealt with two DoS attacks in the last two weeks and both for very different reasons although the end result is about the same.
Last week the DDoS, or distributed disruption of service, attack was motivated entirely by financial gain for the attacker. The attacker had previously attacked another hosting company called A Small Orange and had attempted to extort $7,000 from the company to stop the attack. ASO did not bow to the demands of the attacker and simply worked to filter out the attack and return service to their customers. While some of ASO’s customers were not satisfied, many times when a provider is put in this situation there is not much that can be done.
The attacker moved on from ASO to my company and sent a message to our sales department informing us that we were next. The attack began about an hour later and peaked at about 4.5GBPS which is enough to bring down most small data centers in their entirety however our data center SoftLayer Dallas was able to filter out the attack within 10 minutes to restore full service. The attacker subsequently moved on to their next target which was VectorLevel who was hosted with Colo4Dallas at the time. The attack at VectorLevel brought Colo4Dallas to it’s knees until the attack was null-routed at C4D’s upstream provider. At the time of this writing Colo4Dallas’ web site was unreachable and as such I am not directly linking to it.
Fast forward a week and a half and another one of my servers was under a new attack from a new source. This time the attack was not monetary and the goal was simply to take a particular site offline. The target of the attack was a fairly popular forum that centers around firearms manufactured by a particular company. The forum has information such as cleaning and maintenance of the guns and in my looking over the site is nothing apparently negative. My guess is that whoever wanted to bring the site offline was more of a “pro gun control” type of person.
This attack was a bit more difficult to stop as it was smaller and “flew under the radar” of our automatic filtering systems but was still large enough to cause intermittent connection issues over the period of about two hours. We worked to filter out the attack however whoever was administering this particular attack was doing a pretty good job of countering the counter-measures were putting in place to mitigate the attack. Ultimately we were able to fully mitigate the attack after quite a bit of work and effort.
It seems that there are malicious people out there whose only goal is to cause harm and to disrupt the services of others. If you do find yourself in a situation where your web site or hosting service is being disrupted by a DoS attack please do be patient with your provider and understand that there isn’t always something that can be done to fully mitigate the attack. If your provider is able to restore full service to you within a fairly short period of time (less than 2 to 4 hours) you should consider yourself lucky as many DoS and DDoS attacks can last days if not weeks.