# DDoS on RamNode NL ips



## wlanboy (Nov 11, 2013)

https://twitter.com/RamNode/status/399709107021963266



> RamNull is mitigating a bunch of attacks in the NL right now. NLSVZ2 had to be rebooted after CPU lock up.


https://twitter.com/NodeStatus/status/399846748719284224



> The sequential DDoS attacks on our NL location are still ongoing.


Got one notification too:



> Hello,
> 
> RamNull, our automated DDoS mitigation system, has detected an attack against your IP 176.XX.XXX.XXX, assigned to "yourvps". Your IP will be nullrouted for XX minutes. If the attack continues after this time, your IP will be nullrouted again.
> 
> ...


So someone is DDoSing all RamNode NL ips one by one.

Shame on them to attack customers.


----------



## fisle (Nov 11, 2013)

There is special place in hell for people who do these attacks.


----------



## Nick_A (Nov 11, 2013)

Yeah it has been annoying to say the least, but we believe we have it under control now. RamNull has been a huge help in this type of situation since it minimizes the impact to specific IPs rather than us having to nullroute large blocks at a time.


----------



## ComputerTrophy (Nov 11, 2013)

fisle said:


> There is special place in hell for people who do these attacks.


I can imagine an overweight fourty year old not caring about his personal hygeine and stuffing his face with Doritos while smiling at the fact he managed to find out how to execute a DNS amplification attack against an IP range in sequential order. 

Special place in hell indeed.


----------



## splitice (Nov 11, 2013)

Unfortunately sequential attacks are getting more and more common, until a few months ago we were aware of two such incidents. Now I've seen three this month.

Unfortunately for providers like Ramnode there is little that can be done with these attacks other than nullrouting the affected IP. Hopefully the attacker gets bored and / or gives up.


----------



## budi1413 (Nov 11, 2013)

The not good thing about popular provider is that they'll always get ddosed.


----------



## johnlth93 (Nov 11, 2013)

Mine seem to be fine, KVM


----------



## peterw (Nov 12, 2013)

Every provider should kill all accounts that run open relay DNS servers. This ddos game will only end if it is not so dirty cheap to do a ddos.


----------



## Joodle (Nov 12, 2013)

I have 3 VPS's in NL with them, 2 of them were nullrouted at around 6am in the morning (CET)


----------

