Not sure if it is related to the PokemonGO or not. This started around 23:00 EDT last night per my monitoring.
Seems like a pretty big attack at 300Gbps and to also temporarily take a down a Tier 1 POP in a major city. I was interested as to if this might be a botnet or some type of reflection attack. Robert On Wed, Aug 3, 2016 at 10:16 AM, Alain Hebert <aheb...@pubnix.net> wrote: > Well, > > > Could it be related to the last 2 days DDoS of PokemonGO (which > failed) and some other gaming sites (Blizzard and Steam)? > > > And on the subject of CloudFlare, I'm sorry for that CloudFlare > person that defended their position earlier this week, but there may be > more hints (unverified) against your statements: > > https://twitter.com/xotehpoodle/status/756850023896322048 > > That could be explored. > > > On top of which there is hints (unverified) on which is the real bad > actor behind that new DDoS service: > > > > http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml > > > And I quote: > > "One thing LeakedSource staff spotted was that the first payment > recorded in the botnet's control panel was of $1, while payments for the > same package plan were of $19.99." > > ( Paypal payments btw ) > > > There is enough information, and damages, imho, to start looking for > the people responsible from a legal standpoint. And hopefully the > proper authorities are interested. > > PS: > > I will like to take this time to underline the lack of > participation from a vast majority of ISPs into BCP38 and the like. We > need to keep educating them at every occasion we have. > > For those that actually implemented some sort of tech against > it, you are a beacon of hope in what is a ridiculous situation that has > been happening for more than 15 years. > > ----- > Alain Hebert aheb...@pubnix.net > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 > > On 08/03/16 09:41, Robert Webb wrote: > > Anyone have any additonal info on a DDOS attack hitting host.us? > > > > Woke up to no email this morning and the following from their web site: > > > > > > > > *Following an extortion attempt, HostUS is currently experiencing > sustained > > large-scale DDOS attacks against a number of locations. The attacks were > > measured in one location at 300Gbps. In another location the attacks > > temporarily knocked out the entire metropolitan POP for a Tier-1 > provider. > > Please be patient. We will return soon. Your understanding is > appreciated. > > * > > > > > > >From my monitoring system, looks like my VPS went unavailable around > 23:00 > > EDT last night. > > > > Robert > > > >
