At around 9:40AM EST we received alerts of some network connectivity issues. Upon investigation it appears the attack was an inbound flood of 254k packets per second against a client (the attack shifted between target IPs for some unknown reason, the IPs are not related except the last number was different so we're assuming a typo on the attacker's part because they were only targetting the 2nd IP for a brief moment).
We confirmed that some people were experiencing up to a 50% packet loss and increased load times for websites.
We are working with E Solutions and a 3rd party to prevent this from happening in the future. We hope to have an automated solution in place by next week (pending response from Cisco due to an issue on the DC side of things).
-The Secure Dragon Staff
Saturday, May 5, 2012
