DOS, DDOS and ADDOS for dummies

If the article earlier today was too tricky, then this video will make it simple


One for the nerds: DDOS attacks, Cloudflare and Whaleoil

Ever since our Distributed Denial of Service attack, Whaleoil is using Cloudflare to protect itself from the majority of large scale attacks. ?Cloudflare recently wrote an article about an attack that is exactly like the problems we are enduring.

On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We’ve seen a handful of other attacks at this scale, but this is the largest attack we’ve seen that uses NTP amplification. This style of attacks has grown dramatically over the last six months and poses a significant new threat to the web. Monday’s attack serves as a good case study to examine how these attacks work.

Before diving into the particular details of this attack, it’s important to understand the basic mechanics of how NTP amplification attacks work.

An NTP amplification attack begins with a server controlled by an attacker on a network that allows source IP address spoofing (e.g., it does not follow?BCP38). The attacker generates a large number of UDP packets spoofing the source IP address to make it appear the packets are coming from the intended target. These UDP packets are sent to Network Time Protocol servers (port 123) that support the MONLIST command.

In English: ?You are at home sending out and email to a few thousand companies with a request for more information for their products and services. ?But because of “address spoofing” it looks like the email comes from the person you are targeting. ?All those companies respond and your target’s email system is now filling up quickly.? Read more »


On DOS attacks


It was hugely frustrating to have the web site brought down by the denial of service (DOS) attack.

But I’ve been sitting here wondering what it actually achieved. ?Was it a win for the attacker?

Was it a loss to Whaleoil?

Let’s war game this for a second, and let’s pretend that it was Dotcon behind the attack. ?(Our lawyers say we need to add a clear disclaimer: ?We’re not saying it was Dotcom, we’re just using him as a villain for this “what-if” ?story).

Did Dotcon damage us? ? Read more »


BREAKING: Telecom Broadband problems [UPDATED]

Some Telecom customers are experiencing ?problems where web page and Internet services are failing to respond this morning.

It appears the Telecom DNS servers are affected.

This is affecting both Broadband and XT customers.

If you want to get around the issue, set your name servers to Google’s at


If you do it on the router, you probably don’t have to go round all the devices and change them individually.