« April 2010 · October 2010 »
|
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 15.08.2010: Spam using RU domains - Who's your nameserver?
- 13.08.2010: Binary Whitelisting Service
- 02.08.2010: Of Opinions and Anti-Virus Testing
- 05.07.2010: Lies, Damn Lies, and Botnet Size
- 09.06.2010: Shadowserver Sinkholing domain associated with SQLi attacks on IIS/ASP web servers
Thursday, 10 April 2008
DSL Reports under DDoS Attack Again
It was only a few weeks ago on March 19 that Arbor Networks reported that the popular website www.dslreports.com was disabled by a distributed denial of service (DDoS) attack. During this attack the DSL Reports website was rendered unavailable for a few hours.
We're not sure who they've angered, but we have since detected a new attack that appears to have started close to 9:00 AM EDT. It seems their website is still down at this time due to the flood of web traffic they are being hit with. The current command and control (C&C) server that we are aware of that's directing this traffic to them is located in Malaysia. We have since notified MyCERT of this host for them to deal with. It's also worth noting this appears to be a different DDoS network than the one responsible for the last attack. However, it could be the same people behind it.
Update (1:12 PM EDT): It looks like DSL Reports is starting to come back online, but it's very slow and redirecting to another page.
Update (2:20 PM EDT): Seems they are now mixing in ICMP attacks against their IP address now as well.
=>Posted April 10, 2008, at 10:07 AM by Steven Adair
