58 comments

[ 5.6 ms ] story [ 115 ms ] thread
Is this the result of some kind of organized DDoS (Anonymous or some other hacktivist group), or merely a coincidence given their recent exposure re: aaronsw?
It's back up now, so if it was a DDoS it was a pretty ineffectual one (time between post and this comment is 20 minutes).
(comment deleted)
(comment deleted)
Still down for me. (I can't access the website, my MIT email, or my box sitting on campus.) http://3down.mit.edu/ works but reports nothing.
All .mit.edu domains I've tried appear down (stellar, my fraternity, etc)
(comment deleted)
its still down and so is w3.org
Still down here (accessing from the UK in case that matters).
Still down, from Asia (Taiwan) DNS resolution issue
(comment deleted)
Nope, all the tweets have come after the sites were already down.

Typical Anonymous/Lulzsec DDoS operations doesn't work like that, they need thousands of participants before it'll have any effect. If it was a public DDoS like the operations that took down DoJ about a year ago you would expect to see thousands of tweets about it and a lot of IRC activity.

It's also known that Anonymous can either use their own botnets or purchase access to botnets by the hour to conduct DDoS.

http://jesterscourt.mil.nf/2012/09/27/anonymousqassam-pay-pe...

> So what is Multiboot.me? Well it’s a Pay-Per-Minute DDoS system that has been used by Anons (and others) to down US and other sites since LOIC got rumbled and DHN got pwned.

In addition, not all DDoS involve LOIC style attacks. It can use other types of exploits.

Looks like a DNS attack? Lack of name resolution vs. server response?
Lack of both --- the nameservers are unreachable, but so is everything else. (MIT apparently hosts its own DNS, but attempting to ping internal servers by IP address, bypassing DNS, also fails.)
Traceroute to web.mit.edu (previously 18.9.22.69) dies after a Level 3 router in Boston. This isn't just DNS, although both MIT.edu and DoJ.gov are returning NXDOMAIN right now.

Justice.gov and USDoJ.gov are functioning normally, though.

I can't even ping them. MIT has huge pipes to the Internet. Someone has to be throwing a lot of bandwidth at them from very very close to choke them off, or has specifically attacked their routers.
MIT's been having serious intermittent network problems over the past two weeks, although usually not a complete outage from all parts of the Internet (there were several points last week where it was reachable from Internet2 but not from a handful of residential ISPs). I have no knowledge here, but at this point I'd be more likely to credit some router somewhere sucking than Anonymous with doing anything.
MIT's name servers are all on their own network? Seriously?

  ;; AUTHORITY SECTION:
  mit.edu.              172800  IN      NS      bitsy.mit.edu.
  mit.edu.              172800  IN      NS      strawb.mit.edu.
  mit.edu.              172800  IN      NS      w20ns.mit.edu.
  
  ;; ADDITIONAL SECTION:
  bitsy.mit.edu.                172800  IN      A       18.72.0.3
  strawb.mit.edu.               172800  IN      A       18.71.0.151
  w20ns.mit.edu.                172800  IN      A       18.70.0.160
It's not that uncommon if they're multi-homed. Of course, I'm not saying that an additional external DNS won't be nice.
From here in the Midwest USA, here's the last few lines of "mtr mit.edu --report":

  16.|-- ae-1-8.bar2.Boston1.Level 90.0%  10  83.3  83.3  83.3  83.3  0.0
  17.|-- ae-0-11.bar1.Boston1.Leve  0.0%  10  84.5  84.0  82.5  85.0  0.7
  18.|-- ae-7-7.car1.Boston1.Level  0.0%  10  83.1  83.9  81.8  92.9  3.2
  19.|-- MASSACHUSET.car1.Boston1.  0.0%  10  85.1  83.7  82.3  85.1  0.9
  20.|-- DMZ-RTR-2-EXTERNAL-RTR-1.  0.0%  10  89.9  88.8  86.1  94.2  2.9
  21.|-- ???                       100.0  10   0.0   0.0   0.0   0.0  0.0
(the full name for the last listed host is "DMZ-RTR-2-EXTERNAL-RTR-1.MIT.EDU")
Very disappointed if it's DDoS. This doesn't feel like the time for it.
Hi there! We know MITnet is down, and we're pretty sure its an issue with BGP. We've been having issues periodically over the past few weeks, and this is almost certainly not the result of an attack, just network misconfiguration.

-- Luke from MIT SIPB

Is there a particular reason why Google servers are still accessible from within MIT despite MITnet being down?
Google peers directly with MIT, so connections there do not have to go to the public internet.
> Is there a particular reason why Google servers are still accessible from within MIT despite MITnet being down?

Google and MIT have a network peering arrangement.

You have blood on your hands.
(comment deleted)
Choke on your own vomit. Subhuman murderer.
I hope that God shows you no mercy in his punishment, murderer.
It's understandable that you're angry, but spamming a random site with a "random" guy from MIT that didn't have anything to do with Aaron's case isn't going to solve anything.
They're harassing an innocent person for their own righteous cause. Isn't that what they believe they're speaking out against to begin with? Baffling.
it's sad, because first reading that I thought it was a bad joke.
How long do you estimate until the Internet will be back up? Thank you.
Some things are back now. Still not mit.edu
Not to worry, they'll probably begin the actual attack as soon as you get everything fixed :)
3down needs an update. it is borderline useless in situations like these.
Even now, when service is back, the most recent entry on 3down is from December 31.
MIT should have a twitter, right?
To be clear, MIT SIPB maintains services at MIT, but does not maintain MIT's network. Further details as to the root cause are forthcoming.

It is not clear whether this was an attack or not.

I was very surprised to see that when mit.edu went away, we also lost emergency.mit.net.