Last updated at Wed, 07 Feb 2024 21:32:47 GMT
The good news is that the DDoS against the Metasploit web servers has stopped, the bad is that I won't have time to go into the details of the attack and the mitigation methods until next week. All Metasploit services should be operational again, please let me know if you find something broken. I would like to thank everyone who offered us assistance during the attack, without their help this would have been much more frustrating.
The bandwidth graph for the affected period can be seen below. The green represents packets coming out of our server, the blue represents the incoming . The thin line of blue is the DDoS stream (full connection attempts against port 80); we swapped DNS records around to redirect the stream elsewhere during the majority of the attack. From Monday night until Thursday afternoon, there was a 15Mbps flood of SYN requests pointed at our A records for www.metasploit.com and metasploit.com.