posted on Apr, 3 2013 @ 08:11 PM
I would be VERY interested in finding out where the packets originated from and what information was contained in the requests or headers... I first
thought it was a bad connection or that there was an interstate network segment that was down, but when I read it was an attack, I was really
surprised, especially knowing how many attacks there have been on ATS in the past that were unsuccessful.
It's very likely that IF it was a professional denial of service attack (done by a government), that none of that information would be available, OR
that it would be spoofed and point to the wrong culprit to shift blame.
If it originated in the US, it is a punishable offense, so it's important to try and get some forensics on the tcp packets (or whichever protocol was
used). If it originated from somewhere like North Korea or China, it is unfortunately not punishable. (lack of extradition treaty)
Being that it was distributed, it likely was a botnet attack, bouncing traffic off of many different host computers all over the world, so it may be
impossible to trace it back to any one source, but it can be done. The "null" domain entry is so that all traffic gets bounced from the servers
around the internet that have DNS entries so that the traffic never even hits the service provider. That can sometimes take hours to propagate back
out to all of the DNS servers out there, so it will probably be a while before everyone can gain access back to the site. The only thing users can do
is try to flush their local DNS caches every so often to see if they can get the updated version that isn't null and points back to the ATS servers.
End users can also manually add entries to their HOSTS file and point directly to the IP for now.
As they say... an ounce of prevention is worth a pound of cure. This type of attack CAN be prevented, but you have to be prepared for it. I hope this
isn't the beginning of something worse, because whoever did this now knows that they can probably do it again, and I would expect them to do so, but