As may have been noticed, PoliBlog, OTB, Blogmaster InstaP, VodkaPundit, and others were all down today. Apparently, Hosting Matters is still have denial of service attack problems:
OK, here's the latest.The attacker is still going after the old clotho IP, even though that is no longer bound anywhere. Since it is still routed, however, the traffic still tries to get to the location where it is advertised (i.e., the Jacksonville facility). None of the upstreams appear to be equipped to deal with the attack, for whatever reason, and we'll reserve our commentary on that).
This is what we're going to do: since the attacked is still going after that old IP, we are requesting that Peak10 (via AT&T and Qwest, who advertise our routes) break out our /20 and start advertising the individual /24s instead, and then drop the /24 containing the target IP. What this means is that instead of advertising all of our IPs, from the first one to the last, they will advertise each block on its own, from 0 through 255.
What this also means is that we have to change the IPs on every server that is bound to an IP within the same block as the IP the attacker has targeted. This will involve about 25 servers, and at least one of our own nameserver IPs. We are headed to the NOC to do this right now. Peak10 is working with Qwest and AT&T to get the individual /24s readvertised with the exception of the affected block.
We will update from the offfice when this procedure is complete, and post any further information from the upstreams.
Oh, what fun.
Posted by Steven at October 21, 2024 07:32 PM | TrackBack