Robert Clarke DDoS'd Brings the Internet Down...

Discussion in 'Industry News' started by drmike, Jan 6, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Good ole' Robert Clarke is at it again.  Making news this time as being the recipient of a massive DDoS attack.

    The attack, estimated at 100gbit was enough to make CNServers experience issues earlier this morning.

    GTT / Tinet was taking the attack squarely on the nose in Dallas:

    https://puck.nether.net/pipermail/outages/2014-January/006397.html
     
    Last edited by a moderator: Jan 6, 2014
  2. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Pretty sure Tinet dumped Avante/ChrisK because of this.

    What is the back story? What was Robert hosting on their network that was targeted?
     
    drmike likes this.
  3. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    What he was hosting probably wasn't even the issue.  Kid probably either ran his mouth, or tried to run a 0day on someone again, and got smacked for it.
     
    Melon likes this.
  4. Patrick

    Patrick INIZ.COM Verified Provider

    263
    85
    May 16, 2013
    They had a pretty good blend of bandwidth before they switched to GTT/Tinet single homed.

    http://bgp.he.net/AS36137


    From IRC last night, all his IPs were getting attacked. 
     
    Last edited by a moderator: Jan 6, 2014
  5. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Robert Clarke needs some parents that take the internet away and instead send him outside to dig ditches and befriend the squirrels.

    From Twitter (blech!)

     
  6. mnpeep

    mnpeep New Member Verified Provider

    58
    0
    May 14, 2013
    Edit: nevermind.
     
    Last edited by a moderator: Jan 6, 2014
  7. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    With Avante being single homed to Tinet that means Avante should be offline now.

    Clarke's servers seem offline.

    mtr output showing some high latency to their neighborhood.  Still getting attacked I'd say.
     
  8. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Why can't the internet bullies stick to swat teaming him :) ?



    Crashing the 'net all over the place with these attacks. Kudos to whoever is swinging such a big botnet.   Impressive.
     
  9. Wintereise

    Wintereise New Member

    241
    159
    May 16, 2013
    Avante/Centarra is actually not single homed as of a day or so, most of what hit him was taken up with Atrato -- Tinet only saw very little of it.

    That BGP graph of HE's is VERY slow updating.
     
    GIANT_CRAB and drmike like this.
  10. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    bad parenting, parental failure, (or to use the new trendy explanation invented last month by a Texas judge, it's not Robert's fault, he's a victim of  "affluenza")
     
    MCH-Phil, nunim, SrsX and 4 others like this.
  11. SrsX

    SrsX Banned

    224
    64
    Nov 21, 2013
    Well, I could of saw this coming. One search of his network showed he's running OpenSSH 5.3 which is vulnerable to a 0day.
    You go on and see the Apache, it was also vulnerable.

    He pissed of some pretty powerful people.
     
    drmike likes this.
  12. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
     FTFY
     
    HalfEatenPie and SrsX like this.
  13. Kruno

    Kruno New Member Verified Provider

    90
    15
    Jun 18, 2013
    Last edited by a moderator: Jan 6, 2014
    drmike likes this.
  14. yolo

    yolo New Member

    83
    43
    May 24, 2013
    They are on their new brand name so their ASN has changed too:

    http://bgp.he.net/AS40440

    They are no longer using the avante brand
     
    drmike likes this.
  15. SrsX

    SrsX Banned

    224
    64
    Nov 21, 2013
  16. Kruno

    Kruno New Member Verified Provider

    90
    15
    Jun 18, 2013
    I doubt, but ok. Cheers.
     
    Last edited by a moderator: Jan 6, 2014
  17. RyanC

    RyanC New Member

    6
    0
    Jan 6, 2014
    I really wonder how much money robbie is spending on BW. Word on the street is that he managed to get a plenty of overage on cnservers.
     
    Last edited by a moderator: Jan 6, 2014
  18. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    Well that probably explains a couple of occurrences today.
     
    SrsX likes this.
  19. SrsX

    SrsX Banned

    224
    64
    Nov 21, 2013
    Don't doubt it. What I'm trying figure out if you're who I think you are, or just some other kid.
     
  20. RyanC

    RyanC New Member

    6
    0
    Jan 6, 2014
    Who knows, I'm on #lowendbox IRC if you're interested.
     
    Last edited by a moderator: Jan 6, 2014