The distributed denial of service attack on Cool Ideas reached over 300Gbps yesterday and is ongoing, co-founder Paul Butschi has told MyBroadband.
Butschi said the attack traffic statistics came from Cogent and Hurricane Electric in London. Of the total traffic hitting their network, roughly 40Gbps is legitimate.
Cool Ideas confirmed that it was facing a massive distributed denial of service (DDoS) attack on 23 November – the biggest it had ever faced.
The fibre-only ISP issued a notice to subscribers stating that it had limited the Domain Name System servers accessible from its network.
“Due to the issues that we are currently experiencing, please be aware that only Cool Ideas DNS, Google DNS, and Cloudflare DNS will be accessible,” it said.
ISPs under attack
Cool Ideas was not the only ISP under attack yesterday.
Several reports came in from Afrihost, Axxess, and Webafrica subscribers who were also having trouble accessing the Internet. The upstream provider of the ISPs appears to have mitigated the issue. RSAWEB also reported that it was under attack on 22 November.
These attacks come weeks after a series of DDoS attacks crippled South African ISPs.
On 19 October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days.
Afrihost, Axxess, and Webafrica were also hit by a very large DDoS attack on 27 October, which affected DSL and fibre subscribers.
The attack, which affected parts of Liquid Telecom’s network, measured in excess of 100Gbps. The attack was mitigated, but a new attack was launched on the upstream provider the ISPs use the following day.
Cool Ideas has been the target of several attacks over the past few months. The first attack to make headlines was on 11 September, and the second on 21 September over Heritage Day weekend.
The second assault was a type of DDoS attack known as a “carpet bombing” attack, where the Internet service provider’s individual customers were sent large quantities of garbage network traffic.
The traffic was not enough to flood the individual connections of Cool Ideas’ customers. However, the overall traffic on the network eventually added up to the point where the ISP’s core network infrastructure could not cope with the load.
It is a type of attack specifically used against organisations like ISPs with the aim of bringing down their whole network.
Data centre operators, web hosting companies, and large corporate networks – anyone who runs their own pool of IP addresses – are also examples of potential targets of carpet bombing attacks.