We wish to confirm that TR Emeritus (TRE) was the victim of a DNS (DDoS) amplification attack, which resulted in the website being inaccessible for about 2 days.
According to our provider (based on information provided by the Data Center), the attack was “extremely large” which could not be mitigated by “normal means”. Normally, a “small DDoS attack” (less than 5 Gbps or 500,000 PPS) can be mitigated at the router level, but that was not the case in the attack on TRE.
Currently, thanks to the fully-managed service arrangement with our dedicated server provider, our website is temporarily re-routed through a more resilient network protected by hardware firewall with advanced filtering capabilities.
However, as the attacks are still ongoing albeit intermittently, our provider has advised that we permanently procure the paid add-on advanced filtering service, which can handle all types of TCP, UDP, and ICMP attacks up to 10 Gbps or 1,000,000 PPS. Currently the add-on advanced filtering service is extended to us in the interim by our provider out of goodwill.
Our provider has also suggested that we revert to our original 4 servers setup which is more robust with different servers handling different aspects of the website.
After carefully weighing the options, we have decided to adopt the recommendations and proceed with the implementation of advanced filtering capabilities and deployment of an additional server. Considering that the next general election may be called in the next 12 months or so, it is vital for TRE to be prepared for the worst and to remain online when much needed.
The new server setup and add-on advanced filtering capabilities will add an approximately US$1000 per month or US$12,000 a year to our existing operating expenses, which is beyond our budget.
Although the [email protected] is prepared to fork out and share the additional expenses to the best of our abilities, we would greatly appreciate it if willing and able readers are able to help us defray part of the cost by making a donation.
We are hoping that our kind readers will help us cover at least 50% of the cost if possible, as US$12,000 a year is a huge amount for the team considering most of us are retired.
Meanwhile, our provider has been instructed to proceed with the implementation and deployment of an additional server as suggested.
The entire process is expected to be completed within this week and some readers may have accessibility problems due to propogation.
Thank you for your continued support.
[email protected] Emeritus
DNS Amplification Attack: A DNS Amplification Attack is a Distributed Denial of Service (DDOS) tactic that belongs to the class of reflectionattacks — attacks in which an attacker delivers traffic to the victim of their attack by reflecting it off of a third party so that the origin of the attack is concealed from the victim.
It combines reflection with amplification: that is, the byte count of traffic received by the victim is substantially greater than the byte count of traffic sent by the attacker, in practice amplifying or multiplying the sending power of the attacker.