Maxnet weathers SkankyFlat DoS attack

ISP unlucky to be hit by upstream outage at the same time

A disgruntled poster on community website SkankyFlat is thought to be behind a spate of denial of service (DoS) attacks that caused severe outages for Auckland ISP Maxnet.

Maxnet managing director Brett Herkt describes the attack as the “the nastiest one we’ve had for a year”. It started on Monday at 5.40pm and lasted until 11.25pm.

Computerworld understands the DoS attack created around 50Mbit/s of spurious traffic.

Herkt says the miscreant used multiple compromised machines in Taiwan, as well as several high-speed links elsewhere for a sustained attack on one of Maxnet’s co-located customers.

The attack continued despite Maxnet disconnecting SkankyFlat’s server, which Herkt says is unusual. Maxnet’s response to the attack was to null-route traffic to the target server as well as disconnecting it. This, and liasing with Maxnet’s upstream bandwidth providers to filter out unwanted traffic, is the ISP’s standard procedure when it comes to dealing with DoS attacks, Herkt says.

However, the situation was further complicated for Maxnet when the ISP experienced network problems with all three of its upstream providers that same day, Herkt says.

Telecom’s Global-Gateway International router failures at the PAIX peering exchange in Palo Alto, California, which degraded performance for traffic between New Zealand and the US for around fifteen hours. Herkt says TelstraClear also had performance issues within its network.

The result of the DoS attack combined with the backbone provider problems has seriously degraded internet connectivity across Maxnet’s network, Herkt says. Some operational issues stemming out of Monday’s events will be taken up with Maxnet’s bandwidth providers, he adds.

The attacker returned on Tuesday and Wednesday and launched a similar DoS storm, but Herkt says Maxnet’s bandwidth providers resolved the issue promptly.

Join the newsletter!

Error: Please check your email address.

Tags Maxnetskankyflatattack

More about GatewayGatewayTelstraClear

Show Comments
[]