The DDoS policy is pretty much standard. You get a network-impacting quantity of traffic thrown at your IP, and it will be null-routed upstream for at least 24 hours. No need to register for a forum account to post a threat; just launch the traffic and it will be handled.

There are providers who specialize in handling this sort of thing with more precision. They aren't inexpensive.

_________________

/* TODO: need to add signature to posts */

If they did launch a 2 Gbps attack earlier as a "test" or whatever, then that was probably enough to trigger a nullroute itself.

The site was still up after the threatening post was made (and so, after the 2Gbps attack), which I know because after the post was made I browsed around the site to see if there was anything that might provoke an attack. The performance (and latency) of the site was nominal, so it's reasonable to assume that there was no attack at that time. Furthermore, if the threat was to be followed, the nullroute happened before any malicious traffic was directed at the site.

In other words, the nullroute was implemented pre-emptively, before there was any actual cause for it. That's the part that worries me. I have no problem with a site being null-routed once it has been attacked. That's common sense. The objection is to null-routing a site purely because somebody made a threatening post.

Not implying anything about this particular case, however we do not preemptively null route unless requested to by the IP address assignee, or until there is an attack which is service affecting.

-Chris

It's also possible that whoever owned that website freaked out after the first attack (if it actually happened) and requested his own IP to be null-routed so that he would not be hit with a hefty bill for traffic overage.

All of that would be pointless if Anonymous (or whoever the OP is) just waits until the site is back up to launch an attack. Or maybe not, if the site owner can find out who's pissed off at him and reach some sort of resolution before restoring the site.

@caker: Was there really a 2Gbps attack at 6:01pm that you successfully thwarted, or is the OP just trolling?

Well, they certainly are polite and respectful what with introducing themselves like that and all. It's good to see young people use nice manners when they DDOS sites these days.

James

2 Gb/s isn't very much, so it's entirely possible it went by unnoticed.

_________________

/* TODO: need to add signature to posts */

Well, by everybody except the direct target. A 2 Gbps attack for even a few minutes could cause some overages.

500 Gbps my ass.

That fast? Mine can barely saturate an OC-768 .

_________________
/ Peter

Wait why were you ddosing WHT and LEB in the first place?
Also what does buyvm and securedragon have to do with this?
I am confused...
I understand if you're ddosing linode for hosting leb but it's kinda not the hosts fault it's going to be leb's fault but I do not see what leb did to cause all of this.
Explain this to me...
But I just need a reason why you're ddosing LowEndBox...

_________________
...

Why does Linode let posts like this exist?

After all the crap that happened this week, they need to bump up the priority for getting a real marketing manager.

The geek squad ain't cutting it.

And the message that's currently being released ain't pretty.

From reading the thread at WHT, it's likely some provider who is known shady, less-then-reliable, provider didn't like the review on LEB.