TCH-Ryan Posted February 3, 2011 Share Posted February 3, 2011 This afternoon at roughly 4:00PM EST the TCH network began receiving an inbound DDoS attack that measured in the order of 600mbit, the larger factor of this attack was not so much the amount of traffic as the amount of packets, upward of 700,000 packets per second. The traffic combined with excessively high rate of packet flow created a crippling situation on our network edge that required considerable effort to source the target of the attack, isolate the attackers/target and then mitigate the attack off our network. At the moment the attack is currently still ongoing however it is being successfully filtered at our network edge and should present no further issues. It is important that we make clear the DDoS attack of Jan. 26th and this attack are in no way related. The distinction being that the attack on Jan. 26th was targeted at our carriers, not us directly, as part of a larger string of Internet attacks that occurred on that day which took down many sites across the Internet. This attack however was directly targeted at us which allowed us the ability to immediately take action and filter it out as promptly as possible. We regret the downtime this situation has caused and understand that in light of the recent network outage on Jan. 26th along with this afternoons outage, this may naturally cause some concerns to our customers. Let me again assure you these are isolated and unrelated incidents, however we are not one to hide from issues and we will take away any lessons we can learn from today's event that could help us restore service more promptly in future situations like this. Here at TCH, network attacks are not new to us, we have dealt with them in many shapes and sizes for years and most of the time when we receive a (D)DoS attack, it is stopped at our network edge and filtered without it ever becoming visible to any customers. We have in place at our network edge advanced firewall, intrusion prevention and bypass hardware that detects an array of malicious attacks, we are constantly tuning these systems to provide better results but sometimes even the best infrastructure will still fall victim to large and concerted network attacks. We will undertake a full review of our network protections and if need be, perform upgrades or revisions to better handle attacks of this magnitude in the future. We apologize for the clear inconvenience this situation has caused and if there are any further updates, we will immediately post them. Link to comment
Guest Brian Bartel Posted February 3, 2011 Share Posted February 3, 2011 My site is still down (ReaperList.com on Ambria server). Still having trouble? Link to comment
StevenTing Posted February 3, 2011 Share Posted February 3, 2011 In the Jan 26th attack, it was stated that the attack was at 3gbps+. How much bandwidth does TCH have access to? If this one was 600mbps, I would think that it wouldn't have been as big of a problem as the 26th. I don't know the answer and haven't done much research, but how does TCH compare to other hosting companies with regard to access to bandwidth? I read one host that claims a 10gbps line. Link to comment
Head Guru Posted February 3, 2011 Share Posted February 3, 2011 Steven, As Ryan stated in the first paragraph of his post. the larger factor of this attack was not so much the amount of traffic as the amount of packets, upward of 700,000 packets per second. The traffic combined with excessively high rate of packet flow created a crippling situation on our network edge that required considerable effort to source the target of the attack, isolate the attackers/target and then mitigate the attack off our network. Link to comment
Guest rjbsec Posted February 3, 2011 Share Posted February 3, 2011 Thanks for sorting it Link to comment
Recommended Posts