Is SOTAWatch website down?

If anyone is interested, here is an update from Linode which is the hosting company we currently use for SOTAwatch. It is currently posted on http://status.linode.com/

In progress - An update from Linode about the recent DDoS attacks
Dec 31, 22:45 UTC
Scheduled - I’d like to share some updates about the recent DDoS attacks.

I am one of several network engineers at Linode who have been
working around the clock on DDoS mitigation. While things are stable, I
would like to take a moment to publicly address the large and frequent
DDoS attacks that we have been receiving since Christmas Day.

It has become evident in the past two days that a bad actor is
purchasing large amounts of botnet capacity in an attempt to
significantly damage Linode’s business. The following is a partial list
of attacks we have received in no particular order:

  • Multiple volumetric attacks simultaneously directed toward all of our authoritative nameservers, causing DNS hosting outages

  • Multiple volumetric attacks simultaneously directed toward all of our public-facing websites, causing Linode Manager outages

  • Layer 7 (“400 bad request”) attacks toward our web and application servers, causing Linode Manager outages

  • Large volumetric attacks toward our colocation provider’s upstream
    interconnection points, overwhelming the router control planes and
    causing significant congestion/packet loss

  • Large volumetric attacks toward Linode network infrastructure,
    overwhelming the router control planes and causing significant
    congestion/packet loss

All of these attacks have occurred multiple times. Over the course
of the last week, we have seen over 30 attacks of significant duration
and impact. As we have found ways to mitigate these attacks, the vectors
used inevitably change.

As of this afternoon, we have mostly hardened ourselves against the
above attack vectors, but we expect more to come. We are working
extremely closely with all of our technical partners, including our
network equipment vendors and our colocation providers, to prevent
future attacks.

Once these attacks stop, we plan to share a complete technical
explanation about what has been happening. Additionally, we will be
announcing the details of an ongoing project to significantly improve
our internet connectivity and resiliency.

We would like to apologize for the lack of detail in some of our
recent status-page updates. Please know that we are dedicating all
resources from multiple departments to stopping these attacks. We
acknowledge the amount of downtime we’ve been experiencing is completely
unacceptable, and we appreciate the understanding and support we have
received over the past several days. We will share more information as
our investigation continues.

Alex Forster

Network Engineer at Linode

Hi Jon,
That is a nasty and bitter attack sequence! Someone must really hate Linode or stand to make a lot of money out of their collapse (if achieved). I would normally be thinking a company has been lapse with updates and good practice security actions when they fail due to a DDoS attack, but this level of agression would test the best of companies systems.

I find it very positive that Linode intend to document and publish the details of the incidents to help others in the industry protect themselves.

I had thought it was most likely one of Linodes’s hosted clients that was the target of the attacks however as described here by Alex, it does appear to be Linode themselves who are being attacked not a specific client.

Good luck to Linode, lets hope they can get evrything locked down to a level where it is no longer economically reasonable to attack their infrastructure and thanks to all the engineers at Linode who have lost their Christmas and New Year break to help protect the company and its clients.

73 Ed.