Our ISP responded and confirmed they blocked the attack and turned off all access to our www IP:
Hi, > A DDoS targetting 82.94.226.104 started at 15:30 Amsterdam time. We tried > to contact you but there was no response. When my last colleague went home > at 17:12 we set a discard on all traffic to 82.94.226.104. 21:30 (8 minutes > ago) the DDoS stopped. I have just removed the discard route but will keep > monitoring your traffic. If the DDoS continues I will again place a discard > on the target IP on our edge routers. > The DDoS was about 3-4Gbit in size, enough to fill your 1Gbit uplink. > > Regards, > Team Colocation It's not clear whom/how they tried to contact us, however, nor why they were unable to block access from the particular IP (or even entire attacker netblock) from talking to us, rather than turning off the entire Blender IP, but it is certainly understandable that investigating such incidents can be time consuming and error prone, and are generally not from a single attacker. But, another attack started, and they've yet again blocked the traffic to our www IP, but otherwise we are semi-online. I have sent another email to them to inquire about any more specifics they may have on the attack, as some initial investigations suggest that the attacker wasn't hitting the web server directly, or at least not with any particular requests that stand out in the logs. Most likely it was something like a ping flood, or similar, that targeted our IP address with traffic not destined for a particular service like HTTP. If the situation changes in any particularly important way, I will of course mention it, but otherwise I hate to waste your time with boring details. Just keep an eye on the site, and hope for the best! :) Cheers, Danny McGrath On Thu, Jan 30, 2020 at 10:03 AM Dan McGrath <[email protected]> wrote: > Hi, > > It seems that at, or around 9:25am EST, one of our servers started to > experience a large number of connections. Shortly after the rack appears to > have at least its inbound bandwidth (gigabit) saturated to the point where > almost nothing is making it to the servers, although outbound in some > established connections does at least appear to be making it out here and > there just fine. > > Not much we can do about it atm, other than wait it out. By the time you > receive this email, odds are it was either lucky, or it worked itself out, > and thus is acting as explanation after the fact. > > > Cheers! > > > Dan McGrath > _______________________________________________ Bf-committers mailing list [email protected] https://lists.blender.org/mailman/listinfo/bf-committers
