The DDoS is still going and was/is the biggest the CERT has seen so far.
COLT IP Guardian could not handle this, and 28/07 they recognized this and got help from the Arbor network team.
They started working on it and resolved the DDoS with there mitigation filtering, the attacker saw this and attacked all ip-ranges from DCSTAR which were also mitigated.
It all took time but we are having it under control and the criminal investigation is also underway.
At the moment te mitigation filtering is active and working great, but there are some downsides to this: filtering is very strict due to the attack size and will be less strict when attacks stop after some time
What can you expect:
* ICMP disabled!
* Incomming traffic all filtered and working with an initial slownes to get your source IP to the allow list. A second time connecting can help!
* Bad hosts (and yes some ISP's in belgium have bad hosts/ip's in there network) with installed malware are blocked
* Outgoing traffic from a server is only possible if this has a related incomming connection. The Arbor does only process incomming traffic right now due to size of the attack and if your server sends a reply for this incomming connection it is accepted.
* Some UDP/TCP ports are highly filtered due to attack
* Automated monitoring scripts are recognized as an attack/computer/bot so no allowed or get some results trough
* We can NOT open ports, ip's and/or networks. This is all automated and controlled by Arbor at the moment to get as much running as possible and overtime more and more will be available
29/07/2021 19:39: mails werkten niet correct, dit zou nu terug werken.