PoP: Sydney, NSW, Australia (SYD)

Network Interruptions (SYD)

Resolved

Thank you for your patience as we’ve monitored our platforms and network for stability.

We’ve seen the DDoS attacks subside as our new DDoS mitigation blend upstream remains in-place and working to good effect. This means that we’re now happy to declare the issue resolved. The attackers were rotating their attacks between different vectors continuously, and were using different source and target IP prefixes (much of the attack came from Australian networks, likely compromised and controlled off-shore - ie. botnets).

Eventually, the attackers started to attack the main networking partner who were able to assist with helping us through the attacks (GSL Networks) which had scaled up as high as 175Gbit/s+. F5 Networks and Equinix were of no use with helping our upstream carrier through the DDoS attacks so they’ve been removed and replaced. Further improvements are being made to the network blend, keeping this series of attacks in mind as an example of the criminal dedication that cannot be underestimated in these modern times in which we live.

Please note that you’ll likely see a new path in to our network at the moment:
09 sy5.gslnetworks.com.au (103.137.13.159)
10 scrub.sy5.gslnetworks.com.au (103.137.13.175)
11 132680.cust.gslnetworks.com (103.137.13.57)
12 Your target address within LEOPARD.host

If you’re experiencing an outage, problems or minor interruptions, please get in touch with our Support team - it’s likely that you’ll be required to provide us with your IPv4 address/es and traceroutes in to different parts of our network, so please be prepared to assist us so that we can raise the issue further up the network for you.

All attacks are a learning experience, and this one is no different. Again, we’d like to thank you for your patience as our team worked with our upstream carrier to resolve the attacks’ impacts for you. We’re looking forward to moving data centre (2-4 October 2020) and further improving your experience with LEOPARD.host.

Thank you,
LEOPARD.host

Monitoring

DDoS attacks continue, with the scale having ramped up considerably. Our upstream carrier’s new mitigation approach is proving successful, and network stability has been consistent since our last update yesterday.

We’re receiving some scattered reports about slow performance, and expect these minor issues to be resolved shortly. Thank you again for your patience throughout these interruptions.

If you’re offline or have any questions about this on-going situation, please get in touch with us.

Cheers,
LEOPARD.host

Monitoring

Service is mostly back to normal, despite the DDoS attack persisting.

There are now 3 separate companies involved in the effort to mitigate this on-going attack - so far, that effort is working fairly successfully. We’re still seeing interruptions, however they’re quite minimal and specific at the moment. Our Sydney presence is being marked as Operational again, however we’re still monitoring the situation closely in-case the situation changes again.

We thank you sincerely for your patience today. This kind of outage is not everyday material for LEOPARD.host and we’re going to continue working with our upstream networking carrier to ensure that the network is further bolstered to ensure that this kind of impact is avoided in the future.

Very shortly, our major technical overhaul will be complete, and shortly afterwards we’ll be relocating to a more advanced and secure data centre. At that stage, the network was already due to be further improved, however the timing of these attacks has forced the hand of our upstream carrier to a degree.

Should you still be experiencing interruptions, please contact our team ASAP.

We apologise for the impact that this has had on our customers.

Thank you,
LEOPARD.host

Opened

Our upstream carrier is currently the victim of a sophisticated DDoS attack from an established off-shore group. This has proven difficult for our upstream carrier and their DDoS mitigation partner (F5 Networks) to mitigate due to the complexity of the attacks. The attack vectors are evolving, as are the IP addresses (netblocks) facilitating the attacks. Changes were made to the mitigation systems yesterday after a smaller-scale attack, however this wasn’t sufficient to adequately protect the network as today’s attack has proven.

The attack has recently spread to more directly target both our upstream provider as well as LEOPARD.host by association. Attack volume remains in excess of 10Gbit/s, and has been peaking over 50Gbit/s. Mitigation filters are being added to and improved, however interruptions remain and the attack continues to evolve. Please note that as the attack continues, your services may roll through online > offline > online while filtering improves.

Management are considering options at the moment, and as there are noteworthy updates we’ll be sure to share them with you here. Please make sure that a non-LEOPARD email address is subscribed here.

We thank you for your patience during these prolonged interruptions.

Yours,
LEOPARD.host

The Network Crew Pty Ltd

« LEOPARD.host website