Massive DDoS attack affects Afrihost, other networks

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,771
Reaction score
5,000
Location
Johannesburg
Massive DDoS attack affects Afrihost

A large distributed denial of service attack (DDoS) is impacting Afrihost and other Internet service providers in South Africa.

Afrihost alerted its subscribers on Sunday that its network is experiencing intermittent connectivity issues.
 
We sincerely apologise to anyone affected by this today. We know it's been a rough one.

Please rest assured that we're doing everything humanly possible to minimise the impact to our clients. We hope things will be back to normal shortly.
 
So 1st Jhb city and now ISPs.. seems like they working their way thru SA network points
 
So 1st Jhb city and now ISPs.. seems like they working their way thru SA network points

It's difficult to speculate whether they are connected or not. But sadly DDOS attacks are a reality of the internet. We do everything possible to plan for a possible attack, but it's pretty difficult as there are so many variables.

We're pretty lucky to have a very experienced team, and they have managed to minimise the impact as much as possible.

They will most likely be working through the night - so will be sending them good vibes (and red bull).
 
It's difficult to speculate whether they are connected or not. But sadly DDOS attacks are a reality of the internet. We do everything possible to plan for a possible attack, but it's pretty difficult as there are so many variables.

We're pretty lucky to have a very experienced team, and they have managed to minimise the impact as much as possible.

They will most likely be working through the night - so will be sending them good vibes (and red bull).
“We are measuring the attack in excess of 100Gbps,” said Andrew Alston, the group head of IP strategy at Liquid Telecom.

I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
 
I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
I think the problem there would be posting information that would be extremely valuable to hackers to bypass whatever we have in place :(
 
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.
 
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.
ISP should inform customers, why should customers have to go and figure it out...
 
I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
The packets are spoofed so it is not possible to determine the source of the C&C via the attack. Best is no leave a mikrotik open on the internet. Determine the C&C IP then...
BTW: Switches have TCAMs that operate at line speed. Some routers also do that like the MX40. So that can work at 100Gbps.
 
My ISP (ISPAfrika) pissed me right off. We had no service for over an hour. No warning SMS, nothing on their FB page or their home page. Phoning them...."you are caller no 9 in the queue...".
Only AFTER the service came up they sent a SMS about the DDOS attack. WTF use is that?
 
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.

How do you find out if you have no internet?
 
Still something funky going on. Random international sites not accessible from my Afrihost ADSL account.
 
Looks like the attacks have resumed - we're already seeing some degradation in international performance.

Our team are busy working on managing the impact to network services as much as we can :(
 
Top
Sign up to the MyBroadband newsletter