Уважаемые владельцы сайтов.
С 29 апреля 2015 года ориентировочно с 19:30 наш киевский сервер подвергася непрерывной DDoS атаке. Сайты на протяжении пяти часов практически не работали. Атака блокирована была только на 30 апреля в 0 часов 30 минут. Вся информация на сайтах и их настройки не пострадали.
Информация о атакующей стороне:
inetnum: 92.47.224.0 - 92.47.231.255
netname: ALMATYTELECOM
descr: JSC Kazakhtelecom, Almaty Affiliate
country: KZ
admin-c: KNIC1-RIPE
tech-c: KNIC1-RIPE
status: ASSIGNED PA
mnt-by: KNIC-MNT
source: RIPE # Filtered
role: Kazakhtelecom Network Information Center
address: Kazakhtelecom Corporate sales administration
address: 129 Panfilov
address: Almaty 050000
address: Kazakhstan
phone: +7 727 2588254
phone: +7 727 2587977
fax-no: +7 727 2585855
abuse-mailbox: abuse@telecom.kz
remarks: trouble:Questions and bug reports ... mailto: nic@online.kz
admin-c: NP1725-RIPE
tech-c: RK4588-RIPE
tech-c: DZ810-RIPE
nic-hdl: KNIC1-RIPE
remarks: Please call us 09:00 - 12:00 UTC only
% Information related to '92.47.224.0/22AS9198'
route: 92.47.224.0/22
descr: Kazakhtelecom Megaline Almaty Network
origin: AS9198
Пример атаки по поратм:
tcp4 0 0 s01.http 92.47.224.147.me.62940 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62939 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62938 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62937 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62936 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62935 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62934 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62933 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62932 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62931 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62930 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62929 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62928 LAST_ACK
tcp4 0 0 s01.http 92.47.224.147.me.62927 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62926 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62925 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62924 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62923 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62922 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62921 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62920 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62919 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62918 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62917 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62916 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62915 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62914 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62913 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62912 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62911 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62910 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62909 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62908 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62907 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62906 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62905 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62904 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62903 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62902 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62901 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62900 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62899 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62898 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62897 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62896 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62895 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62894 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62893 FIN_WAIT_1
tcp4 0 0 s01.http 92.47.224.147.me.62892 FIN_WAIT_1