That was not fun, DDOS attack this week, culminating 12/5/2020

This week we were experiencing a slowly increasing load on our network. Nothing appeared out of the ordinary, no single, or multiple gig customers were going crazy on the downloads. It just looked like a lot of aggregate traffic, which our systems were handling fine.

Until today….

Today, actors outside Washington state launched a Distributed Denial Of Service (DDOS) attack on a single IP address in the Net253 system. The attackers sent over 7,000 mbits of data per second for almost 30 minutes to that single address. Due to networking topology, this represented over 14,000 mbits of traffic on the core links for the KPUD residential network. The KPUD residential network only handles 10,000 mbits for a local community. As you can imagine, texts, emails, and phone calls started rolling in.

The KPUD system, and upstream, NoaNet was overwhelmed; we had circuits going offline all over the county. In a frantic, high stakes race, we identified the IP address and had it routed to a black hole as the bad traffic entered WA state. This killed the attack.

Queue up mission impossible music, and pass me that bottle of Valium; I don’t want to do that again.

We are working on adding the Net253 network blocks to an existing DDOS prevention system that NoaNet uses to protect WA state. This outage took out many services for Kitsap; it disrupted thousands of systems, even non Net253 customers, like government, fire, police.

How was your Saturday? Probably better than ours!