At this time all sites hosted on astro are accessible once again. We thank you for your patience and understanding.

Sites on our 216.* IP assignment are coming back online. We are now waiting for the same on our 63.* range to occur.

Further information, provided by our upstream provider.

Quote:

“AT&T experienced latency issues that have been resolved. However, our issue continues, and does appear to be related to last week’s DOS attack, although the information provided to us initially indicated this was not the case.”

At issue are the filters that were set in place to filter both ICMP and traffic to the old IP address associated with the original target site. While that site is no longer on a server at Peak10, and does not use nameservers attached to Peak10, it appears that there is an attacker still trying to hammer at the old IP or the hostname of the machine where that target site was located. The filtering and the traffic was apparently enough to significantly impact one of AT&T’s core routers (according to what we have been told, and we are not quite ready to believe this fully without more information, given the nature of core routers and their job). Unfortunately, the AT&T engineer was unable to provide the specific information needed to confirm the target by name or IP (no logs). When our routes were readvertised through Qwest and dropped from AT&T, the AT&T issue went away, which verified that it is a targeted attack. We have requested that the NOC get with the Qwest engineer to determine if they have logged anything related to this, since they also saw significant filtering on items related to our advertisement. We are going to change the hostname [on the particular targetted serve] and delete the zones for [the targetted server] itself, in the event it is the hostname itself scripted into whatever is being used for this attack, since we will be able to push authoritative updates out to our upstream.

At this time, we have no further information except that various teams are working on the problem. When we have more information, we will of course pass that along.”

AT&T is experiencing issues with several nodes that are causing significant latency along cer tain routes. We have requested that the NOC contact the AT&T engineers to determine their resolution effforts on th is issue. This will impact clients whose routing falls across certain paths until the problem is resolved or until AT&T routes around the problematic node. We will post more information as it becomes available.

Since AT&T and Qwest announce our routes – what allows a request for an IP in our allocation to reach its destination – when major flapping occurs, as has occured at various times today, the routes degrade, resulting in difficulty reaching sites. Some tickets have arrived asking if this is the start of another DOS attack: it is not, as DOS attacks involve sustained oversaturation. This is the result of an issue upstream, which is currently being addressed.