ANC website attack: how did IS react?

A distributed denial-of-service (DDoS) attack, such as the one that took offline the website of the African National Congress (ANC), has the potential to negatively affect other parts of the network it is hosted on, chief client officer at Internet Solutions (IS), Costa Koutakis, recently told MyBroadband.

It all depends on the architecture of the network, Koutakis said, who went on to explain that the ANC website had to be taken down to ensure that other customers behind the same firewall were not affected by the DDoS attack.

Afrihost CEO Gian Visser previously confirmed that the ANC website is hosted on a dedicated server on its network. Internet Solutions, in turn, provides hosting services to Afrihost.

Based on a notice on the ANC website itself, and the whois record for the domain, the server appears to be managed by Unwembi Communications. A list of clients on the Unwembi website confirms this.

Before explaining how they responded to the DDoS attack on the ANC website, Koutakis highlighted that such attacks are difficult to guard against, and before acting the destination of the attack has to be determined first.

In this case it was evident that the ANC website was being directly targeted.

A hacker-activist going by the name Anonymous Africa, or @zim4thewin on Twitter, announced almost an hour before the attack started that they intended to DDoS the website of the ANC.

The reason for the attack, according to Zim’s Twitter feed, was because the ANC is “one of the biggest enablers of the mass murdering Mugabe”.

Once IS had determined the destination of the attack, Koutakis said, they could make the site unavailable.

He added that the advantage of this response is that the rest of the sites hosted by their partners, such as Afrihost, are unaffected by the attack.

Asked whether removing the site is the only step necessary to protect the rest of their network from a DDoS attack, Koutakis said that they do take steps to ensure that their routers and switches aren’t overloaded either.

“We have the ability – from a network intelligence perspective – to route the traffic for [the site under attack] into a black hole,” Koutakis said.

Costa Koutakis
Costa Koutakis

Guarding against denial-of-service

When asked whether more could be done to protect against DoS and DDoS attacks, Koutakis said that they do have the ability to block such activity on their network, but added that DDoS attacks are “really not fair play from a technical perspective”.

It is possible for an attacker to make it incredibly difficult to detect and automatically respond to a DDoS attack no matter what measures you put in place, Koutakis said.

He added that they block such attacks on their network on a daily basis, as do other Internet service providers (ISPs).

“If a site is available to the outside world, it will be susceptible to these kinds of attacks,” Koutakis said.

“We are in the process of investigating options to be even more pro-active than we currently are,” he added.

ANC website attack: Afrihost responds

ANC website going down: Anonymous

IOL hit by DoS attack

SAPS website hacker interviewed

Spyware servers in South Africa: the plot thickens

Original ANCYL website hacker speaks out

Latest news

Partner Content

Show comments

Recommended

Share this article
ANC website attack: how did IS react?