- Jun 1, 2002
- W168, W169 & S202
Since 27th of December KDA have been under a sustained DOS attack. This attack has been aimed at our main webserver and brought our UK operations to a standstill. Usually a sustained attack will last no more than 8 hours, unfortuently the magnitude of this one has seen it last 30 hours. At 8:30am on the 27th we were alerted to a slow down in access to the server, this was minutes after the attack began, shortly afterwards our monitoring service informed us of a peak of traffic directed at our IP subnet, at this point the traffic was peaking at 200mbit a second, shortly afterwoulds the traffic hit 800mbit a second. This level of traffic in a DDOS attack is unheard of, it was totally over the top it was basically like someone sending us 8gigabytes of data every minute. The traffic was so immense it knocked out claranets dialup, ADSL and leased line customers throughout the UK, the attackers also managed to cause an outage on 2 gigabit transatlantic links. As you can immagine a lot of our upstream provider
s were very annoyed and part of their solution was to put a block on all traffic coming to KDA, unfortuenly this meant loss of access for all our clients. This morning we managed to bring our mail servers online but our web server was still blocked as we still had 32mbit of traffic attempting to hit it from upstream. The people who did this were very sophisticated, they knew what they were doing and it was there aim to keep our server offline for as long as possible. At the moment all blocks have been removed and we are working with several ISPs to block the remaining traffic from hitting out network.
We apologise for this outage and we hope that you understand we are doing our best to restore your normal service.