On January 7th, the following email was sent to BYU Computer Support personnel. We are re-posting it here as this attack impacted Learning Suite along with every other BYU Operations supported system...
On Wednesday January 6 from roughly 2:45 p.m. to 4:00 p.m. the university was hit by a DDOS attack. We saw spikes as high as 9.5 Gbps (our Internet connection is 10 Gbps). The attack mechanism was DNS and NTP reflection. After about 10 minutes the campus firewall was able to mitigate the effects, an ACL was also added to the border router to prevent the majority of the bad traffic from even reaching the firewall. The attack abated sometime between 4 and 5 p.m.
We’re glad the firewall performed its function well, however the attack mitigation should not have taken as long as it did. We are working with the vendor to find out why it took so long for the firewall to “catch up.” We appreciate everyone’s assistance in resolving issues. Service desk tickets and reports in ops chat when problems occur are extremely helpful in our response to these types of issues. If you suspect something is occurring, whether it’s affecting one individual or the whole campus, we encourage you to call the Operations and Support Center to report what you’re seeing. The more calls we get, the more information we have, and the quicker we can respond to problems affecting the campus.
Thank you for all you do and thank you for your patience as we worked through this attack yesterday.
Network Business Analyst
Brigham Young University