DDoS angreb

Vi har desværre oplevet en del nedetid for websites på nogle af vores servere mellem jul og nytår. Årsagen er en række distribuerede denial of service (DDoS) angreb rettet mod en af vores leverandører, Linode. Her er Linodes egen beskrivelse af situationen nytårsaften:

It has become evident in the past two days that a bad actor is purchasing large amounts of botnet capacity in an attempt to significantly damage Linode’s business. The following is a partial list of attacks we have received in no particular order:

  • Multiple volumetric attacks simultaneously directed toward all of our authoritative nameservers, causing DNS hosting outages
  • Multiple volumetric attacks simultaneously directed toward all of our public-facing websites, causing Linode Manager outages
  • Layer 7 (“400 bad request”) attacks toward our web and application servers, causing Linode Manager outages
  • Large volumetric attacks toward our colocation provider’s upstream interconnection points, overwhelming the router control planes and causing significant congestion/packet loss
  • Large volumetric attacks toward Linode network infrastructure, overwhelming the router control planes and causing significant congestion/packet loss

All of these attacks have occurred multiple times. Over the course of the last week, we have seen over 30 attacks of significant duration and impact. As we have found ways to mitigate these attacks, the vectors used inevitably change.

As of this afternoon, we have mostly hardened ourselves against the above attack vectors, but we expect more to come. We are working extremely closely with all of our technical partners, including our network equipment vendors and our colocation providers, to prevent future attacks.

Vores servere og de websites der kører på dem er ikke i sig selv mål for disse angreb, og de kører da også upåvirket videre mens angrebene står på - der er blot ikke adgang til dem udefra fordi netværksadgangen er overbelastet.

Angreb af denne type er meget vanskelige og kostbare at beskytte sig effektivt imod, og de er lette at udføre - enhver kan købe adgang til den nødvendige kapacitet på minut- eller timebasis, og betalingen sker typisk anonymt, med bitcoins eller lignende.

Linode har lovet at levere en mere uddybende redegørelse for angrebenes karakter på et senere tidspunkt, og vi forventer også at få mere at vide om hvordan de vil beskytte sig bedre mod lignende angreb i fremtiden. I mellemtiden er der desværre ikke så meget andet vi kan gøre end at afvente at angrebene stopper.