Monday, February 18, 2008
Critical incident.
Yesterdays critical incident has been narrowed down to the activities of one server, and one VPS machine.
An apparent distributed denial of service attack took place, possibly with what also looks like a MAC flood against a connected switch device.
Other devices then shut off connectivity to the flooding switch presenting as a loss of device. Replacement of device did not resolve the issue. Realisation of the intended target and steps taken to minimise the impact reduced the overhead, however removal of the target machine resulted in an immediate return of service.
Fall back service provision will be removed during the course of the morning to return to full primary service. We do not envisage more than a momentary loss of service during this fail back most likely presenting as an error to email clients.
Thank you for resisting the temptation to call in during this period
An apparent distributed denial of service attack took place, possibly with what also looks like a MAC flood against a connected switch device.
Other devices then shut off connectivity to the flooding switch presenting as a loss of device. Replacement of device did not resolve the issue. Realisation of the intended target and steps taken to minimise the impact reduced the overhead, however removal of the target machine resulted in an immediate return of service.
Fall back service provision will be removed during the course of the morning to return to full primary service. We do not envisage more than a momentary loss of service during this fail back most likely presenting as an error to email clients.
Thank you for resisting the temptation to call in during this period
