Analysis of a HTTP-based DDoS.
-7,000 different attacking IP addresses.
-20,000+ requests per second.
Similar to what hit us a few years back. Very simple, very hard to mediate except by blackholing participants, almost all of which were cloud services rented with stolen credit cards. $40 a day apparently.
@amerika do you still have the logs by chance? Would love to see if the attacking IPs are the same if you don't mind sharing.
Sounds like the server was protected. I assume you have some insight into the noc.org logs?
Curious if you've noticed an increase in general scans, number of log entries, since the Russia invasion of Ukraine? I didn't do any analysis but just doing maintenances regularly the spam level seemed to increase significantly for us.
No, sadly. It was clear that these were temporary sites, either cloud storage or unsecured home machines.
Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.