For about 20 minutes this morning users may have noticed that connection speeds / response times from some servers were slower than normal.
This was due to a denial of service attack the details of which are outlined below.
Timeline: 08:15am till 08:38am
Location: DEG, Blacknight Dub1 data centre
Problem and Resolution:
At approx 4am this morning a client machine started spewing data out of our network. At this time the traffic was not significant enough to trigger any alarms or cause any downtime.
At approx 8:15am this morning, a second attack started from the same machine with a significant increase in traffic. This traffic was tiny UDP datagrams aimed at an external host. The sheer volume of packets overloaded the CPU in the primary Firewall and as such it was dropping large numbers of packets.
We disabled the switch port that this machine was attached to and network flow resumed. We took preventative measures on the routers facing the customer machine to filter traffic from hitting the firewalls. We then re-enabled this customer port and logged into the machine to diagnose the issue.
The machine has since been removed from the network and is being examined by our security team.
gldd you have sorted out quickly and efficiently.
Fair play to you guys.
Louie
We try to keep as close an eye as possible on these things :)
Michele