(Resolved) Resumed/ongoing DDoS attacks targeting Linode infrastructure causing service interruptions

Update 14 January 2016: The attacks seem to have finally subsided and this issue is now resolved.  Linode has not reported any signs of the attack for a few days now, and they to have declared the incident to be over.  They’ll be publishing a full report on the attacks soon, and I’ll update this post when that becomes available.

All LizardNet services should now be operating normally, which no further risk of downtime or interruptions caused by the attacks.  Thanks for your patience!


Update 6 January 2016: The attacks against Linode are, unfortunately, still ongoing, though it seems that the network engineers have made good headway in mitigating and hardening against the attacks.  No significant service disruptions have occurred for over a week now; the most that has been seen is occasional slow performance due to increased latency or packet loss.  Besides, that, though, everything seems to be operating mostly smoothly.  Of course, until the attacks either cease or are completely mitigated against (which will still take some time yet), the chance remains still of occasional slow/degraded performance, along with a slight chance of temporary outages (though, based on the pattern, no further outages are expected as of this update).

In other words, expect perhaps some occasional slowness and nothing more, though don’t be too surprised if outages start occurring again if the attacks shift.


Original post: Unfortunately, the DDoS attacks targeting service provider Linode’s infrastructure have resumed and are ongoing.  According to a preliminary report released by Linode, since Christmas Day, Linode has received over 30 attacks “of significant duration and impact”.  Linode’s network engineers are working around the clock to mitigate the attacks, however, it is inevitable that the attacks will cause service interruptions ranging from degraded performance to full outages of LizardNet and LizardNet-hosted sites and services.  Hopefully, as attack vectors are mitigated, the interruptions will become less frequent and severe, but until the attacks cease, it’s worth noting that service interruptions may occur, though hopefully not as often or as severely now that network protective measures are in place.

Fortunately, it seems that the Fremont datacenter, which houses LizardNet’s servers, has been spared the brunt of the attacks, or for some reason has been better able to cope with them than some other datacenters.  This morning there was a period of an hour or two of increased latency and packet loss, but otherwise all LizardNet services were still available.  That doesn’t rule out future service interruptions, though, so if you start having trouble accessing LizardNet services, it’s almost certainly due to a shift in the ongoing attacks.

As before, this is out of my hands and there’s nothing that can be done except to wish Linode and the other upstream service providers luck in defending against these attacks.  It’s worth noting that this is an extremely massive attack, targeting networking infrastructure both at Linode’s datacenters and at upstream interconnection points; indeed, I would even hazard to call these attacks unprecedented in severity, coordination, persistence, and duration.

Linode has indicated that they plan to publish a detailed report once the attacks are fully mitigated and/or cease, which will allow for a more detailed analysis of the attacks.  Until then, though, thank you for bearing with me.

Best of luck to the Linode network engineering teams!

(Note: LizardIRC has servers outside of the Fremont datacenter and with other non-Linode providers; for more information specific to LizardIRC, please visit LizardIRC’s social networking pages: TwitterFacebookGoogle+.)

Advertisements
(Resolved) Resumed/ongoing DDoS attacks targeting Linode infrastructure causing service interruptions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s