I've confirmed that this was a DDoS attack. They have a 24x7 NOC and redundant networking systems, but of course redundant only goes so far. All 6 of their name servers are responding normally for me at the moment. I am assuming they have put counter-measures in place. (former rcom employee) Bill On Fri, Nov 12, 2010 at 10:25 AM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
On Fri, Nov 12, 2010 at 03:06:16PM +0000, Graham Freeman wrote:
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR.
Is there any actual evidence or confirmation that this is a DoS/DDoS? Packet loss isn't necessarily an indicator of such, no matter how many alternate paths or peers/routes you have available to you. It could be something as simple as "we have a core router that has gone haywire and 'Bob' hasn't come into the office yet"...
Just sayin'.
-- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages