Herewith the official communications regarding this weekends incident.
bit.ly
And PDF format for those that prefer the direct download:
http://bit.ly/65dayspdf
This will be sent via SMS, Social and email shortly.
Damn....
I hope you don't mind me reposting the technical bits here - makes for some reading
Timeline
October 2016 - first significant DDOS attacks against Cool Ideas
• Attack: Volumetric - DNS and fragmented UDP
December 2016 - Cool Ideas implements its own UK POP in order to manage DDOS
attacks before traffic reaches South Africa.
• Hurricane Electric as the first transit carrier.
• Peering established at LINX
January 2017 - Implement first UK based DDOS detection system, with automatic
mitigation.
• Remote Triggered Blackholing
• Netflow based
February 2019 - Added additional carrier in the UK - Cogent
• Attacked blocks are mitigated via secondary carrier
March 2019 - New DDOS detection tool implemented
• Automatic RTBH based mitigation on HE and Cogent
• Netflow based
11th Sept - First Major Attack ~20-40 Gbps
• Attack: Volumetric - DNS/LDAP/Memcached and fragmented UDP
• Detected, and mitigated by internal systems
• Blackhole routing of attacked IPS
16 Sept - Implement more traffic inspection points
• Later release of DDOS detection tools.
• Netflow based
Sat-Sun - 21st and 22nd Sept - Second Major Attack ~60-80 Gbps
• Attack: Volumetric - DNS/LDAP and fragmented UDP
• Attack: SYN/ACK and family floods.
Oct 8th - Construction of scrubbing centre in UK POP
• Upgrade transit capacity to 14 times original
• Implement scrubbing devices for attacked /24ʼs
• Implement scrubbing devices for attacked /32ʼs
• Faster attack detection using SFlow
• Instead of blackholing, CISP scrubs attacked IPʼs.
Oct 14th - Nov 22nd
• Daily multi-gigabit (~20Gbps) attacks mitigated automatically with no customer impact.
Sat-Sun - 23rd Nov and 24th Nov - Third Major Attack ~320-500Gbps
• Attack spread over multiple upstreams
• Attack: Volumetric - DNS/LDAP - fragmented UDP
• Attack: Volumetric - Various SYN related attacks
• Scrubbing capacity overrun
• Hurricane Electric announces ineffective
• Revert to RTBH based mitigation
Mon 25th Nov
• Implementing specialized scrubbing facility for overflow capacity.
• Implementing NAPAfrica Cape Town port upgrades and filtering.
• Implementing NAPAfrica Johannesburg port upgrades and filtering.