Internet service provider (ISP) Cool Ideas was hit by a second distributed denial of service (DDoS) attack in as many weeks on Saturday.
The first attack took place on 11 September and knocked the provider out for more than eight hours.
Cool Ideas then put a number of measures in place to mitigate these attacks; however, the second attack, on 21 September, was more than four times the size.
Below are highlights of the events that took place:
- Cool Ideas posted a notice to its website at 14:00 on Saturday to inform clients that it was being hit with another distributed denial of service attack (DDoS)
- It seemed that the cybercriminals were watching for announcements from the ISP, as the attack then increased in intensity
- DDoS attacks work by using “zombie” devices, which fake or “spoof” the amount of traffic on a given network
- DDos attacks do not have a specific target – the idea is merely to do reputational damage
- The attack occurred across the whole IP space, changing over time to use different ports and protocols
- One aspect of the attack was DNS amplification or DNS reflection attacks. A poorly configured Domain Name System (DNS) is used to flood computers with network traffic. The high volume of fake traffic prevents the computer from being able to carry out legitimate commands and the website appears to be offline
- The sheer size and distribution of the attack made it as effective as it was
- It is not known who attacked the ISP nor what the motivation for doing so was