[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Host.us DDOS attack -and- related conversations

Subject: Host.us DDOS attack -and- related conversations
From: rwfireguru at gmail.com (Robert Webb)
Date: Wed, 3 Aug 2016 12:04:50 -0400
In-reply-to: <CAMQFO[email protected]>
References: <CALapM4Aioh[email protected]> <[email protected]> <CALapM4Amyi[email protected]> <CA[email protected]> <CAMQFO[email protected]>

Thanks for that link. My host is sitting in Atlanta and I believe that
Atlanta hosts their main infrastructure.

I am seeing around a 12 or 13 hour outage at this point.

Robert

On Wed, Aug 3, 2016 at 11:08 AM, Soon Keat Neo <neo at soonke.at> wrote:

> Back on topic about HostUS, I've been following a thread on LowEndTalk
> where seemingly Alexander's been updating (
> https://www.lowendtalk.com/discussion/comment/1791998/#Comment_1791998) -
> seems like Atlanta and LA are still down ATM based on latest reports -
> nearly 10 hours now.
>
> Tks.
>
> Regards,
> Neo Soon Keat
>
>
>
> 2016-08-03 22:28 GMT+08:00 Robert Webb <rwfireguru at gmail.com>:
>
>> Apologies to all as the hostname in my subject is incorrect.
>>
>> It should be hostus.us...
>>
>>
>>
>> On Wed, Aug 3, 2016 at 10:25 AM, Robert Webb <rwfireguru at gmail.com>
>> wrote:
>>
>> > Not sure if it is related to the PokemonGO or not. This started around
>> > 23:00 EDT last night per my monitoring.
>> >
>> > Seems like a pretty big attack at 300Gbps and to also temporarily take a
>> > down a Tier 1 POP in a major city.
>> >
>> > I was interested as to if this might be a botnet or some type of
>> > reflection attack.
>> >
>> >
>> > Robert
>> >
>> > On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <ahebert at pubnix.net>
>> wrote:
>> >
>> >>     Well,
>> >>
>> >>
>> >>     Could it be related to the last 2 days DDoS of PokemonGO (which
>> >> failed) and some other gaming sites (Blizzard and Steam)?
>> >>
>> >>
>> >>     And on the subject of CloudFlare, I'm sorry for that CloudFlare
>> >> person that defended their position earlier this week, but there may be
>> >> more hints (unverified) against your statements:
>> >>
>> >>         https://twitter.com/xotehpoodle/status/756850023896322048
>> >>
>> >>         That could be explored.
>> >>
>> >>
>> >>     On top of which there is hints (unverified) on which is the real
>> bad
>> >> actor behind that new DDoS service:
>> >>
>> >>
>> >>
>> >>
>> http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml
>> >>
>> >>
>> >>     And I quote:
>> >>
>> >>         "One thing LeakedSource staff spotted was that the first
>> payment
>> >> recorded in the botnet's control panel was of $1, while payments for
>> the
>> >> same package plan were of $19.99."
>> >>
>> >>         ( Paypal payments btw )
>> >>
>> >>
>> >>     There is enough information, and damages, imho, to start looking
>> for
>> >> the people responsible from a legal standpoint.  And hopefully the
>> >> proper authorities are interested.
>> >>
>> >>     PS:
>> >>
>> >>         I will like to take this time to underline the lack of
>> >> participation from a vast majority of ISPs into BCP38 and the like.  We
>> >> need to keep educating them at every occasion we have.
>> >>
>> >>         For those that actually implemented some sort of tech against
>> >> it, you are a beacon of hope in what is a ridiculous situation that has
>> >> been happening for more than 15 years.
>> >>
>> >> -----
>> >> Alain Hebert                                ahebert at pubnix.net
>> >> PubNIX Inc.
>> >> 50 boul. St-Charles
>> >> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
>> >> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
>> >>
>> >> On 08/03/16 09:41, Robert Webb wrote:
>> >> > Anyone have any additonal info on a DDOS attack hitting host.us?
>> >> >
>> >> > Woke up to no email this morning and the following from their web
>> site:
>> >> >
>> >> >
>> >> >
>> >> > *Following an extortion attempt, HostUS is currently experiencing
>> >> sustained
>> >> > large-scale DDOS attacks against a number of locations. The attacks
>> were
>> >> > measured in one location at 300Gbps. In another location the attacks
>> >> > temporarily knocked out the entire metropolitan POP for a Tier-1
>> >> provider.
>> >> > Please be patient. We will return soon. Your understanding is
>> >> appreciated.
>> >> >   *
>> >> >
>> >> >
>> >> > >From my monitoring system, looks like my VPS went unavailable around
>> >> 23:00
>> >> > EDT last night.
>> >> >
>> >> > Robert
>> >> >
>> >>
>> >>
>> >
>>
>
>

Follow-Ups:
- Host.us DDOS attack -and- related conversations
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- Host.us DDOS attack
  - From: rwfireguru at gmail.com (Robert Webb)
- Host.us DDOS attack -and- related conversations
  - From: ahebert at pubnix.net (Alain Hebert)
- Host.us DDOS attack -and- related conversations
  - From: rwfireguru at gmail.com (Robert Webb)
- Host.us DDOS attack -and- related conversations
  - From: rwfireguru at gmail.com (Robert Webb)
- Host.us DDOS attack -and- related conversations
  - From: neo at soonke.at (Soon Keat Neo)

Prev by Date: Clueful BGP from TW-Telecom/L3
Next by Date: NFV Solution Evaluation Methodology
Previous by thread: Host.us DDOS attack -and- related conversations
Next by thread: Host.us DDOS attack -and- related conversations
Index(es):
- Date
- Thread