[ISN] Scottish ISP floored as DDoS attacks escalate

From: InfoSec News (isnat_private)
Date: Wed Apr 10 2002 - 01:49:51 PDT

  • Next message: InfoSec News: "[ISN] Denial-of-Service Attacks Still a Threat"

    By John Leyden
    Posted: 09/04/2002 at 15:22 GMT
    Most of the customers of Edinburg business ISP edNET were left without
    Internet services yesterday after it experienced a serious denial of
    service (DDoS) attack.
    edNET began to experience what it described in an email to users as a
    "catastrophic network failure" at around 8am yesterday. This resulted
    in most of edNET's users experiencing difficulties sending email or
    browsing the Internet throughout yesterday.
    Engineers confirmed that the problem was a result of a DDoS attack on
    its network, and were able to restore services after applying filters
    to its network nodes, and asking upstream service providers to do the
    same thing.
    Emails from Register readers report that an attack on edNET's ADSL
    subnets resulted in around 12 hours downtime for some customers (edNET
    said services were up and running yesterday afternoon). At the height
    of the attack two of edNET's 45Mbps links were saturated with attack
    Mussy Kurt-Elli, a business development manager at edNET, said the
    attacks against the ISP were part of a wider assault, which he told us
    also affected other service providers.
    The assault, whose source remains unclear, focused on Telnet ports and
    was blocked by setting up "draconian" filtering rules, he told us.
    We understand from edNET that BT's backbone ADSL routers had to be
    reset because of the attack, but the telco is yet to get back to us
    for comment on this.
    edNET, which has a redundant network, will review its procedures to
    see what changes it can make to defend against any future attacks.  
    DDoS attacks are notoriously difficult to prevent, but some tools are
    available which mitigate their effects.
    Earlier this year Basingstoke ISP Cloud Nine and Tiscali UK both
    became subject to DDoS attacks. Both the motive and source of all
    these attacks remains unclear but their increasing prevalence this
    year is becoming a source of concern.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 04:41:38 PDT