Massive DDoS attack affects Afrihost, other networks

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,128
Massive DDoS attack affects Afrihost

A large distributed denial of service attack (DDoS) is impacting Afrihost and other Internet service providers in South Africa.

Afrihost alerted its subscribers on Sunday that its network is experiencing intermittent connectivity issues.
 

AfriMan

Afrihost Representative
Company Rep
Joined
May 24, 2012
Messages
17,240
We sincerely apologise to anyone affected by this today. We know it's been a rough one.

Please rest assured that we're doing everything humanly possible to minimise the impact to our clients. We hope things will be back to normal shortly.
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
17,296
So 1st Jhb city and now ISPs.. seems like they working their way thru SA network points
 

AfriMan

Afrihost Representative
Company Rep
Joined
May 24, 2012
Messages
17,240
So 1st Jhb city and now ISPs.. seems like they working their way thru SA network points

It's difficult to speculate whether they are connected or not. But sadly DDOS attacks are a reality of the internet. We do everything possible to plan for a possible attack, but it's pretty difficult as there are so many variables.

We're pretty lucky to have a very experienced team, and they have managed to minimise the impact as much as possible.

They will most likely be working through the night - so will be sending them good vibes (and red bull).
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
28,606
It's difficult to speculate whether they are connected or not. But sadly DDOS attacks are a reality of the internet. We do everything possible to plan for a possible attack, but it's pretty difficult as there are so many variables.

We're pretty lucky to have a very experienced team, and they have managed to minimise the impact as much as possible.

They will most likely be working through the night - so will be sending them good vibes (and red bull).
“We are measuring the attack in excess of 100Gbps,” said Andrew Alston, the group head of IP strategy at Liquid Telecom.

I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
 

AfriMan

Afrihost Representative
Company Rep
Joined
May 24, 2012
Messages
17,240
I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
I think the problem there would be posting information that would be extremely valuable to hackers to bypass whatever we have in place :(
 

Elarwen

Member
Joined
Jul 27, 2014
Messages
29
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.
 

r00igev@@r

Executive Member
Joined
Dec 14, 2009
Messages
6,753
I'd be interested if you could ask your team to write an article about how to mitigate a 100Gbps attack, wouldn't your switches be overloaded before they can even check where the packets are coming from?
The packets are spoofed so it is not possible to determine the source of the C&C via the attack. Best is no leave a mikrotik open on the internet. Determine the C&C IP then...
BTW: Switches have TCAMs that operate at line speed. Some routers also do that like the MX40. So that can work at 100Gbps.
 

MightyQuin

Honorary Master
Joined
Oct 6, 2010
Messages
21,999
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.
731187
 

satanboy

Psychonaut seven
Joined
Sep 13, 2007
Messages
98,804
My ISP (ISPAfrika) pissed me right off. We had no service for over an hour. No warning SMS, nothing on their FB page or their home page. Phoning them...."you are caller no 9 in the queue...".
Only AFTER the service came up they sent a SMS about the DDOS attack. WTF use is that?
 

satanboy

Psychonaut seven
Joined
Sep 13, 2007
Messages
98,804
What annoys me, is the people that start ranting and raving at their isp. It took me less than 5 minutes to look and see other ISPs were affected and that it probably wasn't going to be a quick and easy fix.

How do you find out if you have no internet?
 

deweyzeph

Executive Member
Joined
Apr 17, 2009
Messages
8,397
Still something funky going on. Random international sites not accessible from my Afrihost ADSL account.
 

AfriMan

Afrihost Representative
Company Rep
Joined
May 24, 2012
Messages
17,240
Looks like the attacks have resumed - we're already seeing some degradation in international performance.

Our team are busy working on managing the impact to network services as much as we can :(
 
Top