China-related DoS attack takes down Codero-hosted Web sites

Hosting provider says at least 5,000 sites were affected by a denial-of-service attack that appeared to come from China and to be related to a Chinese site critical of communism.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
An attempt to get to the

A distributed denial-of-service attack that affected thousands of customers at Codero and other hosting providers appeared to come from within China and to be launched at a Chinese site that is critical of communism or its Domain Name System provider, Codero said today.

The disruptions that took Codero's customers offline for most of the morning were collateral damage in the attack, Ryan Elledge, chief operating officer at Codero, told CNET.

Directly in the path of the attack was a Codero customer that hosts DNS records for sites on the Internet, including a Web site critical of communism that appeared to be the ultimate end target, he said. At least three other hosting providers for that Web site were also affected by the attack, he said. Elledge declined to name any of the companies involved or the Web site.

Meanwhile, all of Codero's customers were back up by 1 p.m. PT, according to Elledge.

About 5,000 servers in its Phoenix data center were affected, which meant slowdowns or outages for at least that many customers, Elledge said. He could not say how many customers had been affected in total.

Initially, Codero thought the problem was due to issues with one of its upstream providers, but that turned out not to be the case, he said. "We were receiving more than 1.5 million packets per second in the attack. It paralyzed our core routers, and our upstream providers were unable to pinpoint where the target IPs were," he said.

The company reported problems beginning about 7:30 a.m. PT. "We are experiencing network issues affecting part of our PHX data center," the company posted on its Twitter page. "Engineers are working with upstream providers."

"Another attempt is now under way at routing traffic to specific segments of our network," Codero tweeted around 9:30 a.m. PT.

Codero, which has points of presence in Irvine, Calif.; Denver; Chicago; and Ashburn, Va., is migrating a data center from San Diego to Phoenix. Only the Phoenix location was affected by the attack, Elledge said.

Updated 10:49 a.m. PT with more details from Codero COO.

Update 1:05 p.m. PT: with details on DNS provider customer of Codero and its own customer being targets.