China is doing a mass arrestment*1 of 100+ human right lawyers last weekend, in the same times as DDoS start and end, and there's a news from China's official news agent indicate that Telegram is the main secret contacting tool that human right lawyers used.<p>Some people think it's China who attack Telegram, to avoid the lawyers to warning each other for the arrestment.<p>1) <a href="https://www.facebook.com/chrlcg/photos/a.1571958406350448.1073741828.1571955643017391/1634700570076231/?type=1" rel="nofollow">https://www.facebook.com/chrlcg/photos/a.1571958406350448.10...</a><p>2) <a href="http://news.xinhuanet.com/politics/2015-07/11/c_128010249.htm" rel="nofollow">http://news.xinhuanet.com/politics/2015-07/11/c_128010249.ht...</a>
According to the founder [1], Telegram was even removed from Play Store for a few hours at the request of a South Korean competitor.<p>For whatever reason, somebody in South Korea is seriously pissed off with Telegram.<p>[1] <a href="https://twitter.com/durov/status/619486763032182784" rel="nofollow">https://twitter.com/durov/status/619486763032182784</a>
I <i>knew</i> it would be S.Korea. The company I used to work for, at the time I left, was dealing with some particularly spiteful individuals from S.Korea who have been DDoSing their gaming platform and their separate video host. This was happening off and on for about 12 months. Interestingly enough, each attack was committed by completely different individual and were unrelated. In one attack where the guy was caught (I think they caught all but 2 of the attackers), he claimed he ran the DDoS because he didn't like the fact that there was a Japanese pop music video being hosted on the video site. This wasn't a young kid either, the guy was 33 and had a full time job at some advertising company.
I got hit by two of these (1/27 to Feb 4th and 6/4 to 6/22), and they were relentless. It was difficult to know where the attack originated because many proxies were involved - most inside the USA). We only managed a 62% uptime during the whole affair, many customers were upset, and it really hurt business. We ended up refunding everyone for the month and sending out a huge apology, for which many customers were understanding. Still, it hurt our business dramatically.
This is most interesting...<p><pre><code> The garbage traffic came from about a hundred thousand
infected servers, most noticeably, in LeaseWeb B.V.,
Hetzner Online AG, PlusServer AG, NFOrce Entertainment
BV, Amazon and Comcast networks. That said, the attack
was distributed evenly across thousands of hosts and none
contributed more than 5% of the total volume.
</code></pre>
I used to host a lot with Hetzner, and while quite expensive, they mostly responded to these kinds of things very quickly and with a certain level of technical competence (which definitely cannot be said of every hoster). Also, I'm quite surprised to not see OVH in there, as their network has a kind of "reputation" for these things...<p><pre><code> Fighting back would‘ve been a little easier, if the abuse
departments in most of the mentioned companies didn’t
process requests 9-5, Mon-Fri only. (Hours more befitting
a scuba-diving shop in Vatican.)
</code></pre>
Business as usual I would say...although I don't scuba-dive...<p>Edit: formatting
Question: Is this possible because they are using Linux servers? The Linux kernel adopted TCP Fast Open?<p><a href="https://www.ietf.org/mail-archive/web/tcpm/current/msg08204.html" rel="nofollow">https://www.ietf.org/mail-archive/web/tcpm/current/msg08204....</a>
Simple solution: move to OVH. Although they don't have servers in SE Asia, perhaps 100% uptime is more important than shaving 100ms off the ping time. (As far as I can tell they don't have real-time audio or video anyway).