Starting at 12:05PM and continuing until 12:50PM - there was a denial
of service attack.
This attack was using the DNS port for the destination attack vector
and was destined for what we think was a single customer.
The reason we don't know more is that the router went from a normal
operation of 12-15Mbps to 80Mbps but before we could get into the
router to see what was happening, the router was already having issues
and we could not get any reports from it.
The only packet per second measurement we got from the router for this
traffic was 67,000pps for port 53 UDP. (this is the port that DNS
queries operate on)
We have an idea to mitigate this going forward.
We are considering the separation of some of our customers onto other
routers so that we can reduce the number of potential destinations
allowing us to figure out what IP address, specifically, these random
attacks are pointing to. This will also reduce the # of customers
affected during an attack.
Support can be reached Monday thru Friday from 8:00am until 8:00pm,
Saturdays from 11:00am until 4:00pm via phone at 612-337-6340, or via
email at [log in to unmask]
--
Mike Horwath [log in to unmask]
ipHouse - Welcome home!
