"am in a law library and have to consult a hard copy of the law reports for the first time ever because of the DoS attack on UK Unis"
Ah, bless.
'Last century' skills, so useful at times. :)
Members of UK's academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. Janet first came under a Distributed Denial of Service (DDoS) attack yesterday, and the same attack …
If the perpetrators are planning to demand money to call off this DDOS attack, then they can't be very bright. UK universities are not exactly awash with spare cash, except perhaps for the salaries that some Russell Group institutions pay to their chief executives.
"UK universities are not exactly awash with spare cash"
Bwaahahahahhahahhahaaa! You really believe that? All the ones I know are all busy building like termites to accommodate yet more students, with each student immersing themselves in vast amounts of debt, mostly handed to the university. Maybe you could follow this link and come back and tell us how you still conclude that universities are cash starved, and unable to make ends meet?
http://www.thecompleteuniversityguide.co.uk/news/universities-make-%C2%A330billion-thanks-to-tuition-fees/
UK universities are not exactly awash with spare cash
We have some of the richest unis on the planet - but this isn't that. It's either a state actor or somebody who doesn't like scientific research/education with some obvious candidates.
Also FYI to the tuition fees, it's research grants and licensing that makes packet.
As I spoke to Jisc it was presented as an attack which began shortly after 9am yesterday morning, not last week. We are looking into the possibility that it is connected to an attack last week, but haven't had an opportunity to receive a briefing from any of Janet's network engineers yet - they are of course busy, and may be unwilling to out of a concern of providing intelligence to the attacker, though of course we're quite capable of masking that sensitive information - and I'm uncomfortable with making the assumption myself as following the Manchester to Manchester Core Router outage it does seem this week's attack is discrete from last week's, in severity at least, if not cause.
just had a shed load of TT's through from JANET this one caught my eye
Affected:
Multiple Janet connections
Actions (last updated at 20151208 10:51 UTC by BC):
We acknowledge that there is around a 90 minute delay to these TT notifications. The attack is still on going.
well that's handy!
Bit like a few years ago when my village was in the middle of being flooded. We were all frantically pilling up sand bags, etc (the water was already several feet deep and flowing down the hill like a river) and all our mobiles started to go off with automated calls from SWW telling us to prepare as there was a flood risk in the area. No shit we'd been flooded for about 2 hours!
Invigilating an ICT exam this morning which required students to email their answers, this DDOS kicked in about 20 minutes in to exam time. The only website we could get was Google - we couldn't even reach our own web server which is in the same building. Bizarrely, in the next room, the only website they could get was Bing... how does that work?!
To those who launched this attack: please don't make us use Bing. Anything but that!
"The only website we could get was Google - we couldn't even reach our own web server which is in the same building. Bizarrely, in the next room, the only website they could get was Bing... how does that work?!"
I had a similar problem several years ago on my home web server. If I restarted the server on some other port than 80 it was fine, but restarting it on port 80 brought the problem back. I couldn't even get a connection from the same box.
I was later told it was a SYN flood attack. More recent switches and routers than I had then can protect against this attack.
Our central IT services rebranded themselves as IS some years ago. Then they started handing out dictums... 'Thou shalt not have thine own web server. Thou shalt not have a vLAN. Thou shalt buy all thy kit from Dell. Thou shalt use Microsoft for every-bloody-thing. Thou shalt change thy password every twenty minutes.'
I even hear they pushed somebody off the top of the computing centre building for having a male-male interface, but that might have been rumour.
With a bit of luck this may have unsettled the minds of the great and the good (*ahem*) of Manchester University, which is currently trying to downsize its IT department with an eventual aim of outsourcing as much as possible into the cloud.
Which is all find and dandy, until someone decides to launch a DDOS against your cloud. At that point, you're stuck there looking a bit of a berk, because if you pay then they'll be back for more, but if you don't pay your students don't have any of your nice cloud services.
"Our central IT services rebranded themselves as IS some years ago. Then they started handing out dictums... 'Thou shalt not have thine own web server. Thou shalt not have a vLAN. Thou shalt buy all thy kit from Dell. Thou shalt use Microsoft for every-bloody-thing. Thou shalt change thy password every twenty minutes.'
I even hear they pushed somebody off the top of the computing centre building for having a male-male interface, but that might have been rumour."
Hmmm...are you at the Uni I work for?
It would be a large London one that has a very badly designed website which everyone MUST use, everyone MUST stick to the branding guidelines, has an unhealthy fixation with its position in various rankings, especially the Times Ed., almost completely ignores the needs of researchers (as in the dictum that you MUST buy from Dell, despite the fact that e.g. Dell's motherboard design uses a PCI bridge chip without enough IRQs for some of the more esoteric microscope capture cards), is trying to force everyone to use their snazzy new data centre located in a swamp in Surrey - even the medical imaging research unit which carts multi-terrabyte datasets of NHS-owned patient data back and forth to graphic workstations all day...
I'm not narrowing it down much, am I?
We had ProtonMail getting hammered in a large multi-day attack and now Janet. I'm guessing these need some heavy resources (botnet?) to pull off and keep them going. Is the ProtonMail DDoS still going on? I've not heard anything.
Just seems a bit of coincidence.... heavy attack for multiple days.
They fail then - they're attacking the wrong level. University internal networks were unaffected since the DNS attack only affected requests for stuff outside of the local DNS servers' domain(s). Since any University worth its salt would have their own internal DNS serves handling their domain requests, internal traffic was unaffected. So submitting your assignment from a University's email server to a user on the same server would have worked as normal!