William, How did you determine that ARIN is accessible for “most of the rest of the Internet”?
I’ve tried accessing the web site from nine different networks: Cox, Comcast, Level3, Verizon, AT&T, CenturyLink, Frontier, Sprint and Cogent. None of them can reach it. I’ve used non-firewalled network monitors, as well as NAT’d devices. The DDoS attack seems to be blocking access from a large subset of U.S. ISPs. I am an ISP and we follow standard anti-IP spoofing practices, so at least my networks aren’t DDOS spoof sources. -mel > On Mar 25, 2016, at 10:09 PM, William Herrin <b...@herrin.us> wrote: > > On Sat, Mar 26, 2016 at 12:51 AM, Mel Beckman <m...@beckman.org> wrote: >> You’d think with all the money they collect, they’d have permanent DDOS >> mitigation in place. Time for them to call BlackLotus :) > > Hi Mel, > > They do. www.arin.net is accessible for me and most of the rest of the > Internet. Your traceroute didn't work because the UDP to random ports > that traceroute generates is likely among the packets the DDOS > mitigator filters out. > > If you can't get to the web page with a browser, some things to consider: > > 1. Are you behind a NAT with anybody else? Anybody who might, say, be > unknowingly participating in a botnet? > > 2. How good a job does your ISP do scrubbing spoofed source addresses > originated by its clients? > > Regards, > Bill Herrin > > -- > William Herrin ................ her...@dirtside.com b...@herrin.us > Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> > On Mar 25, 2016, at 10:08 PM, Mel Beckman <m...@beckman.org> wrote: > > I’m sure we all sympathize with the workload a DDOS attack imposes, as most > of us have been there. But I can’t understand why there is so little > broadcast communication of the attack through multiple channels. > lists.arin.net<http://lists.arin.net> is rather esoteric. Facebook and > Twitter are obvious alternative channels that are hard to attack, yet both > are silent on the subject: > > https://www.facebook.com/TeamARIN/ > https://twitter.com/teamarin > > Google shows only four hits for “arin dos attack march 25 2016”, and those > are only fragments of the lists.arin.net<http://lists.arin.net> announcement, > all of which dead end at arin.net<http://arin.net> right now. > > It’s creepy that a major chunk of Internet infrastructure can be down for so > long with so little public notice. > > -mel > > On Mar 25, 2016, at 9:57 PM, Bill Woodcock > <wo...@pch.net<mailto:wo...@pch.net>> wrote: > > > On Mar 25, 2016, at 9:43 PM, Mel Beckman > <m...@beckman.org<mailto:m...@beckman.org>> wrote: > > I haven’t been able to connect to http://arin.net for several hours > I recall ARIN had a DDoS attack a week or so ago. Does anybody know if this > is a recurrence? > > Yes, it is. I attach Mark’s notice about it from this afternoon. > > -Bill > > > > Begin forwarded message: > > From: ARIN <i...@arin.net<mailto:i...@arin.net>> > Subject: [arin-announce] ARIN DDoS Attack > Date: March 25, 2016 at 1:31:34 PM PDT > To: arin-annou...@arin.net<mailto:arin-annou...@arin.net> > > Starting at 3:55 PM EDT on Friday, 25 March, a DDoS attack began against > ARIN. This was and continues to be a sustained attack against our > provisioning services, email, and website. We initiated our DDoS mitigation > plan and are in the process of mitigating various types of attack traffic > patterns. All our other public-facing services (Whois, Whois-RWS, RDAP, DNS, > IRR, and RPKI repository services) are not affected by this attack and are > operating normally. > > We will announce an all clear 24 hours after the attacks have stopped. > > Regards, > > Mark Kosters > Chief Technology Officer > American Registry for Internet Numbers (ARIN) >
