On March 7, 2013 at approximately 3:20PM our network monitoring detected a large amount of inbound traffic to several segments of our public facing network. This large inbound traffic tripped our alerting system and we started to investigate.
Within just a few moments we watched a large Distributed Denial of Service attack unfold upon our network. The attack was a targeted UDP attack at our edge. Typically we can quickly identify and null route these types of attacks, however this attack was very large and coming from thousands of sources.
The above network graph represents just one port on a switch that was targeted. As you can see the 100mbps port was 100% saturated. You can also see when the attack was stopped by our network admin team.
During the attack, I grabbed the above graph from one of our gigE switch fiber feeds, as I wanted to show the family just how large of an attack this was. It was a very short sampling but shows how much inbound we were taking. At one point the attack was pushing over 1.5Gbps of traffic into our network. This combined with such a large amount of packets per second simply overwhelmed our routers.
The actions we were taking against the DDOS starting showing progress at around 4:15:20PM EST and complete network stability was returned at 5:39:10 EST.
While we never like to endure such events, every provider on the internet faces these issues and it is just part of doing business online.
I am sorry for the network instability from yesterday.
Thank you for your business.