amuck-landowner

DDoS on RamNode NL ips

wlanboy

wlanboy

Content Contributer
 https://twitter.com/RamNode/status/399709107021963266

RamNull is mitigating a bunch of attacks in the NL right now. NLSVZ2 had to be rebooted after CPU lock up.
Click to expand...
https://twitter.com/NodeStatus/status/399846748719284224

The sequential DDoS attacks on our NL location are still ongoing.
Click to expand...
Got one notification too:

Hello,

RamNull, our automated DDoS mitigation system, has detected an attack against your IP 176.XX.XXX.XXX, assigned to "yourvps". Your IP will be nullrouted for XX minutes. If the attack continues after this time, your IP will be nullrouted again.

Please DO NOT reply to this automated email. You can open a support ticket in the Client Area if you have any questions.

Thanks,

RamNode
Click to expand...
So someone is DDoSing all RamNode NL ips one by one.

Shame on them to attack customers.
 
Nick_A

Nick_A

Provider of the year (2014)
Yeah it has been annoying to say the least, but we believe we have it under control now. RamNull has been a huge help in this type of situation since it minimizes the impact to specific IPs rather than us having to nullroute large blocks at a time.
 
Last edited by a moderator:
C

ComputerTrophy

New Member
fisle said:
There is special place in hell for people who do these attacks.
Click to expand...
I can imagine an overweight fourty year old not caring about his personal hygeine and stuffing his face with Doritos while smiling at the fact he managed to find out how to execute a DNS amplification attack against an IP range in sequential order.

Special place in hell indeed.
 
splitice

splitice

Just a little bit crazy...
Verified Provider
Unfortunately sequential attacks are getting more and more common, until a few months ago we were aware of two such incidents. Now I've seen three this month.

Unfortunately for providers like Ramnode there is little that can be done with these attacks other than nullrouting the affected IP. Hopefully the attacker gets bored and / or gives up.
 
Last edited by a moderator:
peterw

peterw

New Member
Every provider should kill all accounts that run open relay DNS servers. This ddos game will only end if it is not so dirty cheap to do a ddos.
 
You must log in or register to reply here.
Top
amuck-landowner