Between 06:12 till 06:23, we have noticed a large carpet bombing ddos attack against ours and customer infrastructure, which impacted our Core-Backbone uplink for around 7 minutes. We have already deployed proactive measures to mitigate the attack on upstream level, unfortunately we have seen some packetloss during that time affecting a portion of routes.
We have made further analysis and found a 160G router interconnection at Interxion Frankfurt got overhelmed during the attack. The first wave didnt have any impact on our uplink capacity, second wave was targeting our transfer networks which filled some of our uplinks for around 3 minutes, causing congestion. We're implementing measures to shift the traffic and avoid further disturbance if another attack happens.
We have contacted the upstream partner's NOC, as we believe there was probably a capacity issue before our network after a flowspec rule destined to mitigate the attack was automatically announced.
The attack was widespread across multiple countries and internet service providers, mainly originating from Chinanet, China Unicom, Liberty Global and Comcast.