DSL Reports under DDoS

By: Jose -

I arrived at work this morning to see that the popular forums DSL reports had been disabled by a DDoS attack. The site was back online within a few hours, with site owner Justin providing some information. No motivations are immediately visible, however DSL reports operates a large, informative pool of forums and helps their community stay secure and online. It’s entirely possible that someone is just upset at their efforts.

Justin has provided the following 24 hour graphic showing the bandwidth consumed by the attack.

eth-day

We have some data on the attacks, and have been actively working with the site owners and ISP operators around the world to help mitigate the attacks. The site admins have provided a list of IP addresses they suspect as being involved in the attacks. However, you can help by blocking TCP port 80 traffic to the IP 79.135.166.122, which is the controller behind the attacks. This is a busy DDoS net which has attacked numerous sites around the world.

Comments

  1. Sam Trappe 03/20/2008, 2:43 pm

    I assume you’ve contacted abuse@sistemnet.com.tr and connectivity@sistemnet.co.uk about 79.135.166.122. Whois now shows:

    inetnum: 79.135.165.0 – 79.135.166.255
    netname: Sistemnet-Telecom-Blackholed-IP
    descr: Sistemnet Telecom Blackholed IP
    descr: Sistemnet Telecom Blackholed IP
    descr: Sistemnet Telecom Blackholed IP
    remarks: Sistemnet Telecom Blackholed IP
    country: TR
    admin-c: SSB1907-RIPE
    tech-c: FED1907-RIPE
    status: ASSIGNED PA
    mnt-by: SISTEM-NET-MNT
    changed: connectivity@sistemnet.co.uk 20071218
    source: RIPE

  2. Sounds like a Turk got mad heh..