Hacker News new | comments | show | ask | jobs | submit login

We were the lucky targets of China's DNS poisoning on Monday the 19th. Any requests from clients in China to Edgecast's CDN was instead thrown at our public IP. After deducing what was going on, we ended up blacklisting large (class A in some cases) APNIC address blocks assigned to China.

Interestingly, it wasn't our webservers that were overwhelmed but instead the Cisco firewall that sits in front of them. 25K concurrent connections made it decidedly unhappy.




Same here. We received well over 150mbit/s, also on Monday the 19th, also from China. We also saw occassional spikes starting on January 9th. We saw the same BitTorrent /announce traffic, and lots of other random traffic.

We ended up mitigating it by moving our IP address on that host, and blocking all input on the old address.


you are lucky you only got 150mbit/s

Here is what I had to deal with on the 9nth Ramming my server...

http://i.gyazo.com/c2262d41f92bc97f0dd3e5e0152d32ee.png

Yes that is almost 1000mbit/s All coming from china...


My company's web server saw a similar unusual surge in traffic with host headers and URLs of Chinese sites for an 8 hour window a few months ago. All the IPs were from a single Chinese ISP, though the volume of the traffic was a lot lower than what OP observed. Seems like these events aren't uncommon.


asa 5505 with upgraded license?


Yeah, rackspace-provided unit.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: