You’d think with all the money they collect, they’d have permanent DDOS mitigation in place. Time for them to call BlackLotus :)
-mel > On Mar 25, 2016, at 9:46 PM, David Conrad <d...@virtualized.org> wrote: > > Yep, they're under another DDoS attack: > >> Begin forwarded message: >> >> From: ARIN <i...@arin.net> >> Subject: [arin-announce] ARIN DDoS Attack >> Date: March 25, 2016 at 1:31:34 PM PDT >> To: arin-annou...@arin.net >> >> Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against >> ARIN. This was and continues to be a sustained attack against our >> provisioning services, email, and website. We initiated our DDoS mitigation >> plan and are in the process of mitigating various types of attack traffic >> patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, >> IRR, and RPKI repository services) are not affected by this attack and are >> operating normally. >> >> We will announce an all clear 24 hours after the attacks have stopped. >> >> Regards, >> >> Mark Kosters >> Chief Technology Officer >> American Registry for Internet Numbers (ARIN) >> _______________________________________________ > > > Regards, > -drc > >> On Mar 25, 2016, at 9:43 PM, Mel Beckman <m...@beckman.org> wrote: >> >> I haven’t been able to connect to http://arin.net for several hours, but was >> able to open a ticket this morning. I’ve tried from several different >> networks, all roads seem to lead to the same place, with packets dropping at >> the NTT interface 129.250.196.154. e.g.: >> >> $ traceroute arin.net<http://arin.net> >> traceroute: Warning: arin.net<http://arin.net> has multiple addresses; using >> 199.43.0.44 >> traceroute to arin.net<http://arin.net> (199.43.0.44), 64 hops max, 52 byte >> packets >> 1 >> l100.lsanca-vfttp-106.verizon-gni.net<http://l100.lsanca-vfttp-106.verizon-gni.net> >> (98.112.74.1) 5.992 ms 4.865 ms 4.943 ms >> 2 172.102.106.24 (172.102.106.24) 9.962 ms 9.723 ms 12.242 ms >> 3 >> ae2-0.lax01-bb-rtr2.verizon-gni.net<http://ae2-0.lax01-bb-rtr2.verizon-gni.net> >> (130.81.22.238) 29.982 ms * >> >> so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net<http://so-4-1-0-0.lax01-bb-rtr2.verizon-gni.net> >> (130.81.151.248) 9.428 ms >> 4 0.ae6.br1.lax15.alter.net<http://ae6.br1.lax15.alter.net> >> (140.222.225.137) 9.806 ms * * >> 5 ae-7.r01.lsanca20.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.8.85) 10.409 ms >> 0.ae6.br1.lax15.alter.net<http://ae6.br1.lax15.alter.net> >> (140.222.225.137) 19.783 ms 9.757 ms >> 6 ae-7.r01.lsanca20.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.8.85) 10.292 ms 9.357 ms 12.291 ms >> 7 ae-17.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.4.207) 22.541 ms >> ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.196.153) 72.412 ms >> ae-17.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.4.207) 22.167 ms >> 8 ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.196.153) 72.510 ms 74.590 ms 72.258 ms >> 9 ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net<http://us.ce.gin.ntt.net> >> (129.250.196.154) 69.960 ms * 70.930 ms >> 10 * * * >> 11 * * * >> >> $ traceroute www.arin.net<http://www.arin.net> >> traceroute: Warning: www.arin.net<http://www.arin.net> has multiple >> addresses; using 199.43.0.43 >> traceroute to www.arin.net<http://www.arin.net> (199.43.0.43), 64 hops max, >> 40 byte packets >> 1 router1.sb.becknet.com<http://router1.sb.becknet.com> (206.83.0.1) 1.010 >> ms 0.420 ms 0.536 ms >> 2 >> 206-190-77-9.static.twtelecom.net<http://206-190-77-9.static.twtelecom.net> >> (206.190.77.9) 3.983 ms 0.732 ms 0.686 ms >> 3 >> 64-129-238-182.static.twtelecom.net<http://64-129-238-182.static.twtelecom.net> >> (64.129.238.182) 2.760 ms >> lax2-pr2-xe-1-3-0-0.us.twtelecom.net<http://lax2-pr2-xe-1-3-0-0.us.twtelecom.net> >> (66.192.241.218) 2.816 ms >> 64-129-238-186.static.twtelecom.net<http://64-129-238-186.static.twtelecom.net> >> (64.129.238.186) 18.203 ms >> 4 4.68.71.137 (4.68.71.137) 3.245 ms 2.877 ms 2.889 ms >> 5 * * * >> 6 ae-28.r00.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.9.93) 3.731 ms 3.483 ms 3.850 ms >> 7 ae-3.r01.lsanca07.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.5.29) 3.517 ms 3.433 ms 3.458 ms >> 8 ge-101-0-0-3.r06.asbnva02.us.bb.gin.ntt.net<http://us.bb.gin.ntt.net> >> (129.250.196.153) 69.503 ms 68.021 ms 68.072 ms >> 9 ge-101-0-0-3.r06.asbnva02.us.ce.gin.ntt.net<http://us.ce.gin.ntt.net> >> (129.250.196.154) 67.075 ms 67.102 ms 67.122 ms >> 10 * * * >> 11 * * * >> >> I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this >> is a recurrence? >> >> -mel >
