Linode Under DDoS Since Christmas

hol writes: Linode has been getting hit with DDoS attacks since Christmas Day, and it looks like their pain is set to continue. The attackers are rotating DDoS traffic through various regions of Linode's service. They say, "All of these attacks have occurred multiple times. Over the course of the last week, we have seen over 30 attacks of significant duration and impact. As we have found ways to mitigate these attacks, the vectors used inevitably change. As of this afternoon, we have mostly hardened ourselves against the above attack vectors, but we expect more to come. ... Once these attacks stop, we plan to share a complete technical explanation about what has been happening." See their status page for updates.

Oh no!

WTF is "Linode"?

Re:Oh no!

[Snotnose]

Exactly. I've never heard of Linode and I run Linux on one of my machines. Is it too much to ask that you give a 1-2 sentence description of why I should care?

And no, I don't care enough to check wikipedia, nor google. Never heard of 'em, don't care, the summary gives me no reason to change my mind on either.

Maybe I'm a jerk...

[devilspgd]

Okay, I'm probably a jerk, but I don't care and I hope their upstream(s) isn't/aren't helpful.

I'm a happy Linode customer, but when one of my customers was being targeted by a DDoS extortion scheme which was using a very specific, very blockable attack, Linode's only solution/suggestion was to boot the customer, or wait it out, and in the meantime, they nullrouted my IP. Now I get that nullrouting my IP keeps the rest of the customers in that subnet/node/etc online, but it frustrated me that they wouldn't even attempt to block selectively, and as such, I can't get a ton of sympathy when they're victims of similar attacks.

And for the record, my customer didn't pay, eventually the DDoS group got bored and moved on.

Re:Maybe I'm a jerk...

Well, hopefully you won't mind me sounding like a jerk too, but I'm going to outright call you out as a liar on that one plain and straight.

As a Linode customer for over a decade now with a good number of nodes still running, and who has previously been the target of DDoS attacks, I have never seen caker or any of their staff respond in such a way to one of their customers.
They have been nothing but above and beyond helpful with blocking attacks and working with me to keep my (and their own) services up, including custom layer 3 filtering at their upstream providers specifically to address the types of attacks directed at me.

Yes they null route the specific IPs being attacked during the peek of the attacks to keep services up for their other customers first, and you expecting anything different is not only foolish but demonstrates unrealistic expectations and a failure to grasp how network routing works at the backbone level.

But to claim they threatened either you or your customer must go has no president, and does not mesh with how they have always handled such things in the past.

Did you go about threatening them with lawsuits like an entitled prick or something? Maybe then I could see such a response (and not really blame anyone for it)
But you imply trying to work with them on the problem so I doubt that to be the case, which is why I doubt your explanation of what happened is at all the full story.

All of that aside however, how fucking petty and low to wish such DDoS attacks on them for no other reason than you being a little frustrated at being offline for a few minutes expecting god like powers from those who clearly don't have them.
Especially when their entire staff has worked around the clock over the holidays to keep services of entitled pricks like you running instead of being with their friends and families, all over a petty exaggerated grudge.

Re:Maybe I'm a jerk...

[devilspgd]

I see why you're posting as A/C. Try reading again: Linode didn't threaten me or the customer or anyone else, we (my customer, and me as a host) were threatened by a DDoS extortion scheme -- A "Nice web site you host there, it would be a shame if someone were to keep up a sustained DDoS against it"

And no, I didn't threaten a lawsuit or anything else, I just asked them for information on the type of attack, and later once I identified the type of attack, help filtering rather than a complete nullroute.

They were polite, but completely unhelpful in terms of even providing any information about the particulars of the attack (one source or multiple, port numbers, type of traffic, etc) "Luckily" the DDoS hit servers I run on another network too, and the network operator there was able to provide me with said details, which helped to mitigate the attacks.

Re:Haven't noticed a thing...

[devilspgd]

I've got several Linodes, I've probably seen about 10-15 minutes of downtime total (per node, and not at the same time), so in my case this translated into approximately 8 minutes of customer-facing outage due to my internal redundancy.

However, my redundancy is within a Linode network, if an entire Linode data-center goes down, so do I, I don't attempt to replicate outside of an individual DC, outside of off-site backups (which I store outside the Linode environment). We do have core infrastructure (DNS, our own mail and system status pages) distributed across multiple providers so that losing a single provider won't take us down, although this is mainly to prevent a situation such as where my Linode account itself is suspended.

All in all, I'm quite impressed at how well they've handled it.