back to article UK2.NET smashed offline by '10-million-strong' botnet

British web hosting outfit UK2.NET was on the business end of a distributed denial-of-service attack last night that took down customers' websites. The company's chief operating officer, Martin Baker, told The Register that UK2 had never seen a DDOS attack on this scale before. "There was a botnet attack last night on our DNS …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Facepalm

    > apologise for the downtime

  2. GettinSadda
    WTF?

    Huge attack!

    "We saw around 10 million apparently unique IPs attack us."

    Wow! - If this is true then that means about 0.25% of all possible IP addresses were taking part in that attack. That is one serious botnet.

    1. Anonymous Coward
      Anonymous Coward

      Re: Huge attack!

      Attacks against the DNS server was probably UDP DNS requests.... which of course are possible to fake source addresses on, unlike TCP ones.

      1. Lee Dowling Silver badge

        Re: Huge attack!

        Would you please tell us exactly what makes a UDP address any easier to fake than a TCP one, where denial of service is concerned?

        You don't know that it tried to legitimately form connections, just that it send enough data to tie up their lines, or hang up their servers. An identical TCP packet could have done that WITHOUT waiting for an ACK packet in return (which, yes, wouldn't necessarily be able to find its way back to origin).

        However, more scary in either case would be that UK2 have links to the Internet through people who don't remove spoofed addresses. 10m bots isn't impossible, but it sounds like someone, somewhere wasn't filtering out spoofed addresses they were putting onto the Internet.

        1. fatchap

          Re: Huge attack!

          "However, more scary in either case would be that UK2 have links to the Internet through people who don't remove spoofed addresses." That is the Internet isn't it?

          How would you know that an address was spoofed? As long as it was not RGC1918 or from an unassigned block it could be legitimate.

        2. Anonymous Coward
          Anonymous Coward

          Re: Huge attack!

          Because syn floods are easy to detect and drop perhaps... they also said it was just their DNS servers, so likely to be something munging their CPU *and* unlikely to be a 10 million botnet.

          Thats how.

  3. Anonymous Coward
    Anonymous Coward

    Who gains?

    Can't see the logic in attacking the sites unless it was part of an extortion attempt which otherwise ought to have been reported to Police

    Is it just an excuse for service outage?

    1. This post has been deleted by its author

    2. Piloti
      Pint

      Re: Who gains?

      I have to say, I was going to ask / say something similar ?

      Just what is the point of DDOS ? Where is the benefit to the attacker? Or is it "just because they can" ?

      I remember about a year ago some stories about Autotrader being hit for [what I recall] was the best part of a week. That probably cost them a lot of money in lost revenue.

      A lot of the time it just seems to me to be childishness, caused by a [very small] minority of idiots who should probably go out, have a beer and get themselves laid…… at least once.

    3. Captain Scarlet Silver badge

      Re: Who gains?

      Ex customers (e.g SimpleCDN, other UK2 customers are available) or competitors (LowEndBox received some nasty attacks from a serial fraud claiming to be Anonymous).

      Can't tell without seeings the logs (Which they wouldn't release)

  4. Anonymous Coward
    Anonymous Coward

    UK2 status page

    Their status page is not the most reliable thing. Lots of things seem to happen that never make it that far, or only do so after the problem has existed for a couple of days.

    As for no updates on Twitter? Probably the first they knew of the problem was when someone said "Hey you know that's the 1000th complaint I've heard today that someone's site is down. Maybe they were right after all"

  5. Andrew Jones 2
    Devil

    Whilst there is no gain for anywhere - I must admit to a tiny amount of Glee after the shoddy service I had with them.

    Yes, you can cancel you services online in the dashboard - except it doesn't really cancel them - it just stops them being auto renewed - you MUST cancel in writing - which we did 4 times over the course of a year - but it never made it a difference - so when they started saying we owed them £300 we transferred the domains elsewhere - and they can just keep screaming at us - via a no longer active email address....

  6. Skrrp
    Stop

    Re: the twatters

    They were fending off a massive DDOS attack and you were worried about a status page?

    I'd rather they were putting in all their resource to fending off an attack.

    /Happy UK2 customer for many years

    //Other hosts are available

  7. Anonymous Coward
    Anonymous Coward

    Uuurgghhhh

    As someone who has in the past had to deal with the farce that is UK2.NET, taking it off the net isn't necessarily a "bad thing".

    I'm sure they'll sort it out though. Oh hang on though... duh! Of course... I forgot about their utter lack of technical competency, complete lack of understanding of DNS, inability to deal with simple requests and questions that my cat could understand, and general uselessness. How silly of me! So, if we're lucky, it could be a while yet :-)

  8. Paul Taylor 1

    Headache...

    This nearly drove me freaking nuts yesterday.

    Our domain was offline for almost 6 hours in total, no website, and no NS records. We completely dispeared off the map....

    Spoke to the same support guy about 5 times during the outage, each time they could not say what the issue was, or how long it was going take.

    just glad its over now..

  9. Mark 75

    Isn't this a good example of why not to put all your eggs in one basket..?

  10. Jacqui

    UK2 and spam

    I have seen a number of Uk2 hosted spammers but yet to see one I have reported taken down.

    I wonder if this segments of thier customer base has finally irked the wrong sort of peeps.

  11. Anonymous Coward
    Anonymous Coward

    Makes a change

    Usually UK2's customers DDoS'ing other people or otherwise up-to no good via their VPN services...

  12. Tazzzie

    UK2 DDOS Protection

    From their page posted sometime when (its not dated): http://www.uk2.net/glossary/ddos_protection/

    QUOTE: We will null route any DDoS attacks coming into or from our network, and have technology in place to prevent any overloading of our network.

    END QUOTE:

    We're hosted with them (and not affiliated in any way apart from paying hosting costs) and we were unaffected but the outage.

This topic is closed for new posts.