Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Email from Guy Rosen at Blue Security InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Email from Guy Rosen at Blue Security

Published: 2006-05-05
Last Updated: 2006-05-05 11:46:45 UTC
by Deborah Hale (Version: 1)
0 comment(s)
We just received an email from Guy Rosen at BlueSecurity outlining what they have been dealing with all week.  Here is the email in it's entirety:

Hi handlers,

In the midst of us working to restore our service after the major attacks on our service, I noticed the second mention of us in the handlers' diary and thought I might give you guys an update of what's going on back here. As you can see I'm writing from my personal email since much of our access is still limited.

So, what have we seen this week?
Monday:
 - Spam-based threats and accusations
Tuesday:
 - Our website www.bluesecurity.com is cut off from outside of Israel by a mysterious routing change
 - Later on, huge DDoSes lash out at our service's servers (but NOT the www, note!), with adverse effects to several different hosting facilities in which they were located.
 - To restore access to our inaccessible www site and keep our users informed, we restore an old blog we had and point www there.
 - Within about an hour, a DDoS attacks the blog site on which that blog was located.
Wednesday:
 - A massive DDoS goes out at our domain's DNS provider, causing a service outage that affected their customers.
Thursday:
 - DDoSes continue as we relocate our service to bring it back up. One estimate was of something of the order of 10 million packets/sec coming in.
Friday:
 - Today we are slowly coming back up and hope to see the service working soon.

I have to say that the great lengths the spammers have gone to in order to bring us down are worrying, not only in the specific context in which they took place in this last week, but I think given the general idea that so much power is available to people of this nature and that they are willing to use it in order to see things go their way. Seeing us as a threat, they did not seem to care who they brought down on the way.

I'm looking forward to seeing the ideas people bring up in response to your call for anti-DDoS suggestions.

Thanks,

Guy Rosen
Blue Security


We wish Blue Security a full and successful return to the net.


Deb Hale
Handler On Duty
Keywords:
0 comment(s)
Diary Archives