More on the DDOS Attack

The DigiWorldz Grid is back online and we are sorting through the data collected from the attack.

Many know that Digiworldz also takes care of the Great Canadian Grid’s servers and OpenSim processes as well. In my earlier post I indicated that the DDOS attack started with the Great Canadian Grid’s Core server. After this targeted server was taken offline, the attack was then directed at the DigiWorldz Core server.

We have both grids back online and are now sifting through our data to try to better understand the attack so that we can try to protect ourselves better in the future.
Currently, we do not yet know the source of the attack and one might tend to think it was directed at a specific datacenter and since both Digiworldz and the Great Canadian Grid share the same datacenter, it was just “Dumb Luck” that our servers were hit with this attack as in reality, these types of attacks are very common and targets are sometimes simply chosen at random.
I personally do not feel this attack was a random act simply because the attackers seemed to direct the attack only at our core servers, even though our other servers have similar ip addresses and many are numbered in order, one after the other. It would seem very “odd” that only our core servers had been chosen randomly, one might have a better chance at winning the lottery than randomly choosing the core servers of 2 very well known grids.

Additionally, I have since learned that on the very same day, yrgrid was also targeted and that grid does not use the same datacenter.
I’ve also “heard”, although this is simply a rumor, Second Life was also hit by a similar attack the previous day.

I dislike Drama as much as the next person, and I’m not very quick to jump to conclusions, but this seems very strange to me, SL on Friday, DigiWorldz, Great Canadian Grid and YrGrid on Saturday, and the fact the attacks seemed immediately directed at only our core servers. These facts seem to point at a direct attack targeting specific servers on specific grids.

As I had indicated in my previous post, the amount of data we need to sort through is enormous as the attacks came from many different machines in rapid succession and continued for some time. Several users have asked me what the data/logs look like, well you can see what we are looking at below.
Notice the times… the first set of data is from the start of the attack on the Great Canadian Grid, while the 2nd set of data is the beginning of the attack on the DigiWorldz servers.. as you can see, the attacks came from many different machines, targeting many different ports.
These attacks continued on both machines far longer than the posted data below shows, so much in fact that we have an enormous amount of data to sift through, this will be fun to write a php program to sift through all of this and maybe we can find some clues.. here’s what the data looks like, the attacking ip addresses are on the left, while the targeted ip address/port is on the right.

It is also very important to understand that the “attacking” ip addresses shown below may be and probably are owned/used by innocent people whose systems have been compromised in some way as to allow the real attacker(s) to direct these machines to carry out the attacks, so as you read this data, please understand that it would be very unwise to accuse or attempt to harass the owners/users of these ip addresses as they probably weren’t even aware they were part of this attack.

Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte
2016-05-07 11:09:43.742 IGNORE Ignore UDP 217.17.163.80:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 975 0
2016-05-07 11:09:43.742 IGNORE Ignore UDP 94.73.199.225:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.759 IGNORE Ignore UDP 216.245.205.75:13671 -> 38.130.194.246:7037 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.759 IGNORE Ignore UDP 72.67.6.250:60458 -> 38.130.194.246:38556 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.759 IGNORE Ignore UDP 5.2.221.251:56269 -> 38.130.194.246:5749 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.763 IGNORE Ignore UDP 186.16.203.154:14952 -> 38.130.194.246:26917 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:42.380 IGNORE Ignore UDP 212.115.238.191:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4428 0
2016-05-07 11:09:20.678 IGNORE Ignore UDP 82.200.146.107:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 11:09:43.763 IGNORE Ignore UDP 191.102.66.83:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 197 0
2016-05-07 11:09:43.763 IGNORE Ignore UDP 81.29.194.21:12339 -> 38.130.194.246:17564 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.772 IGNORE Ignore UDP 81.167.245.14:3192 -> 38.130.194.246:64835 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.772 IGNORE Ignore UDP 195.16.99.177:0 -> 38.130.194.246:1750 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.770 IGNORE Ignore UDP 27.121.108.11:57532 -> 38.130.194.246:14263 0.0.0.0:0 -> 0.0.0.0:0 2278 0
2016-05-07 11:09:43.770 IGNORE Ignore UDP 77.236.62.3:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1494 0
2016-05-07 11:09:43.770 IGNORE Ignore UDP 93.123.101.225:35198 -> 38.130.194.246:64298 0.0.0.0:0 -> 0.0.0.0:0 549 0
2016-05-07 11:09:43.779 IGNORE Ignore UDP 5.164.25.45:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1476 0
2016-05-07 11:09:43.779 IGNORE Ignore UDP 118.163.253.100:47137 -> 38.130.194.246:55300 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.779 IGNORE Ignore UDP 77.37.223.226:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:25.258 IGNORE Ignore UDP 83.171.104.85:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 6000 0
2016-05-07 11:09:41.347 IGNORE Ignore UDP 210.93.112.2:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 2278 0
2016-05-07 11:09:38.818 IGNORE Ignore UDP 72.51.50.116:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.779 IGNORE Ignore UDP 82.78.235.66:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:36.066 IGNORE Ignore UDP 80.82.238.130:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 154.118.242.6:256 -> 38.130.194.246:49 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 88.148.118.4:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 176.101.146.46:42331 -> 38.130.194.246:13555 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 81.21.85.156:63009 -> 38.130.194.246:17276 0.0.0.0:0 -> 0.0.0.0:0 964 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 89.29.153.48:34732 -> 38.130.194.246:41790 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 95.154.99.159:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.788 IGNORE Ignore UDP 213.165.169.55:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 594 0
2016-05-07 11:09:33.498 IGNORE Ignore UDP 84.10.62.118:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4188 0
2016-05-07 11:09:36.860 IGNORE Ignore UDP 213.184.130.158:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 2278 0
2016-05-07 11:09:33.492 IGNORE Ignore UDP 213.184.130.158:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.798 IGNORE Ignore UDP 180.166.167.218:8047 -> 38.130.194.246:35002 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.798 IGNORE Ignore UDP 51.255.138.209:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 56 0
2016-05-07 11:09:43.798 IGNORE Ignore UDP 77.40.143.58:52576 -> 38.130.194.246:17859 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.798 IGNORE Ignore UDP 77.74.28.244:21069 -> 38.130.194.246:25223 0.0.0.0:0 -> 0.0.0.0:0 241 0
2016-05-07 11:09:43.807 IGNORE Ignore UDP 193.254.233.230:28534 -> 38.130.194.246:32 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.816 IGNORE Ignore UDP 91.229.59.191:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.816 IGNORE Ignore UDP 192.3.147.131:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.825 IGNORE Ignore UDP 89.37.56.48:36755 -> 38.130.194.246:15380 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.825 IGNORE Ignore UDP 193.93.217.178:479 -> 38.130.194.246:59772 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:30.320 IGNORE Ignore UDP 202.113.80.9:13671 -> 38.130.194.246:7037 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.825 IGNORE Ignore UDP 211.101.155.126:1025 -> 38.130.194.246:27584 0.0.0.0:0 -> 0.0.0.0:0 209 0
2016-05-07 11:09:30.797 IGNORE Ignore UDP 212.40.96.52:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 11:09:43.834 IGNORE Ignore UDP 41.231.47.134:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.834 IGNORE Ignore UDP 95.172.34.154:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.059 IGNORE Ignore UDP 213.180.98.179:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 11:09:43.834 IGNORE Ignore UDP 88.87.78.214:32977 -> 38.130.194.246:34911 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.834 IGNORE Ignore UDP 77.108.70.2:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.834 IGNORE Ignore UDP 82.117.197.206:37795 -> 38.130.194.246:4898 0.0.0.0:0 -> 0.0.0.0:0 726 0
2016-05-07 11:09:43.841 IGNORE Ignore UDP 96.255.139.157:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.841 IGNORE Ignore UDP 87.249.208.39:256 -> 38.130.194.246:256 0.0.0.0:0 -> 0.0.0.0:0 385 0
2016-05-07 11:09:43.841 IGNORE Ignore UDP 178.18.21.14:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.848 IGNORE Ignore UDP 210.33.6.6:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.848 IGNORE Ignore UDP 210.33.6.6:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.848 IGNORE Ignore UDP 213.81.197.230:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.848 IGNORE Ignore UDP 112.140.161.1:40060 -> 38.130.194.246:51986 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.854 IGNORE Ignore UDP 92.255.188.64:54835 -> 38.130.194.246:61678 0.0.0.0:0 -> 0.0.0.0:0 1476 0
2016-05-07 11:09:43.854 IGNORE Ignore UDP 69.9.125.78:28091 -> 38.130.194.246:5166 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.854 IGNORE Ignore UDP 221.186.105.98:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1452 0
2016-05-07 11:09:43.859 IGNORE Ignore UDP 201.194.87.62:52576 -> 38.130.194.246:17859 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.859 IGNORE Ignore UDP 78.38.47.165:47664 -> 38.130.194.246:34935 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.858 IGNORE Ignore UDP 213.233.1.30:55300 -> 38.130.194.246:9953 0.0.0.0:0 -> 0.0.0.0:0 1187 0
2016-05-07 11:09:43.858 IGNORE Ignore UDP 131.255.31.18:1025 -> 38.130.194.246:27073 0.0.0.0:0 -> 0.0.0.0:0 209 0
2016-05-07 11:09:43.870 IGNORE Ignore UDP 200.69.192.13:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.870 IGNORE Ignore UDP 213.180.98.179:20287 -> 38.130.194.246:56742 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.870 IGNORE Ignore UDP 202.29.239.68:13671 -> 38.130.194.246:7037 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.875 IGNORE Ignore UDP 41.231.47.134:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.875 IGNORE Ignore UDP 200.35.181.194:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.875 IGNORE Ignore UDP 2.229.63.254:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 952 0
2016-05-07 11:09:43.874 IGNORE Ignore UDP 216.194.129.9:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 195 0
2016-05-07 11:09:43.880 IGNORE Ignore UDP 101.109.143.65:19254 -> 38.130.194.246:58547 0.0.0.0:0 -> 0.0.0.0:0 965 0
2016-05-07 11:09:43.880 IGNORE Ignore UDP 62.181.46.42:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 65 0
2016-05-07 11:09:43.880 IGNORE Ignore UDP 217.14.87.146:12339 -> 38.130.194.246:17564 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.880 IGNORE Ignore UDP 217.12.62.38:28787 -> 38.130.194.246:25347 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.883 IGNORE Ignore UDP 63.246.237.5:63733 -> 38.130.194.246:20230 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.882 IGNORE Ignore UDP 123.30.137.93:13671 -> 38.130.194.246:7037 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.882 IGNORE Ignore UDP 194.206.229.121:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.888 IGNORE Ignore UDP 94.247.17.2:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.888 IGNORE Ignore UDP 123.132.224.56:52576 -> 38.130.194.246:17859 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.888 IGNORE Ignore UDP 91.149.172.1:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.891 IGNORE Ignore UDP 208.24.22.203:33378 -> 38.130.194.246:40191 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.891 IGNORE Ignore UDP 71.40.219.142:37126 -> 38.130.194.246:39846 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:40.108 IGNORE Ignore UDP 109.72.241.59:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 2657 0
2016-05-07 11:09:43.891 IGNORE Ignore UDP 208.24.22.203:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.894 IGNORE Ignore UDP 82.151.228.48:10132 -> 38.130.194.246:4852 0.0.0.0:0 -> 0.0.0.0:0 1143 0
2016-05-07 11:09:43.894 IGNORE Ignore UDP 185.119.59.252:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 425 0
2016-05-07 11:09:43.894 IGNORE Ignore UDP 222.45.195.33:53082 -> 38.130.194.246:25211 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.897 IGNORE Ignore ICMP 134.19.214.67:0 -> 38.130.194.246:3.3 0.0.0.0:0 -> 0.0.0.0:0 93 0
2016-05-07 11:09:43.897 IGNORE Ignore UDP 210.193.3.125:23720 -> 38.130.194.246:57796 0.0.0.0:0 -> 0.0.0.0:0 1139 0
2016-05-07 11:09:43.903 IGNORE Ignore UDP 190.151.134.250:62604 -> 38.130.194.246:53738 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.903 IGNORE Ignore UDP 80.71.115.110:62759 -> 38.130.194.246:48534 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.903 IGNORE Ignore UDP 181.48.104.108:36755 -> 38.130.194.246:15380 0.0.0.0:0 -> 0.0.0.0:0 1163 0
2016-05-07 11:09:43.909 IGNORE Ignore UDP 78.97.92.176:64875 -> 38.130.194.246:6241 0.0.0.0:0 -> 0.0.0.0:0 2278 0
2016-05-07 11:09:43.909 IGNORE Ignore UDP 89.140.69.49:13110 -> 38.130.194.246:6905 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:43.912 IGNORE Ignore UDP 46.146.240.91:4696 -> 38.130.194.246:1123 0.0.0.0:0 -> 0.0.0.0:0 1211 0
2016-05-07 11:09:43.915 IGNORE Ignore UDP 202.83.30.6:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 11:09:43.915 IGNORE Ignore UDP 202.83.30.6:13671 -> 38.130.194.246:7037 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 11:09:17.400 IGNORE Ignore UDP 211.115.70.161:53 -> 38.130.194.246:4444 0.0.0.0:0 -> 0.0.0.0:0 6000 0

Here’s the beginning of the attack on the DigiWorldz Servers:

Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte
2016-05-07 13:14:42.681 IGNORE Ignore TCP 216.82.8.48:80 -> 38.130.194.196:63690 0.0.0.0:0 -> 0.0.0.0:0 45 0
2016-05-07 13:14:50.568 IGNORE Ignore TCP 149.202.50.175:80 -> 38.130.194.196:63554 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:31.498 IGNORE Ignore TCP 93.43.188.206:2989 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:36.663 IGNORE Ignore TCP 93.43.188.206:2050 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:47.567 IGNORE Ignore TCP 93.43.188.206:2248 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:52.773 IGNORE Ignore TCP 93.43.188.206:2340 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:53.221 IGNORE Ignore UDP 38.81.148.34:52737 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 36 0
2016-05-07 13:15:56.555 IGNORE Ignore TCP 38.81.148.34:54351 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:58.841 IGNORE Ignore UDP 94.229.89.10:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:58.853 IGNORE Ignore UDP 61.37.71.133:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 559 0
2016-05-07 13:15:58.853 IGNORE Ignore UDP 92.50.134.6:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:58.856 IGNORE Ignore UDP 116.236.111.66:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:58.889 IGNORE Ignore UDP 88.87.85.57:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1020 0
2016-05-07 13:15:59.002 IGNORE Ignore UDP 182.92.166.58:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.014 IGNORE Ignore UDP 121.14.117.57:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1406 0
2016-05-07 13:15:59.023 IGNORE Ignore ICMP 111.40.214.77:0 -> 38.130.194.196:3.3 0.0.0.0:0 -> 0.0.0.0:0 57 0
2016-05-07 13:15:59.023 IGNORE Ignore UDP 202.103.252.87:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.065 IGNORE Ignore UDP 119.36.139.106:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.077 IGNORE Ignore UDP 221.194.121.40:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 972 0
2016-05-07 13:15:59.083 IGNORE Ignore UDP 123.232.96.134:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.083 IGNORE Ignore UDP 217.128.231.177:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1484 0
2016-05-07 13:15:59.083 IGNORE Ignore UDP 93.43.188.206:2884 -> 38.130.194.196:40184 0.0.0.0:0 -> 0.0.0.0:0 40 0
2016-05-07 13:15:59.086 IGNORE Ignore UDP 69.162.49.96:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1281 0
2016-05-07 13:15:59.092 IGNORE Ignore UDP 115.254.98.205:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1187 0
2016-05-07 13:15:59.101 IGNORE Ignore UDP 183.6.175.205:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 818 0
2016-05-07 13:15:59.137 IGNORE Ignore UDP 122.192.167.85:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.149 IGNORE Ignore ICMP 221.239.87.214:0 -> 38.130.194.196:3.3 0.0.0.0:0 -> 0.0.0.0:0 57 0
2016-05-07 13:15:59.167 IGNORE Ignore UDP 211.103.185.20:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 1492 0
2016-05-07 13:15:59.175 IGNORE Ignore UDP 194.135.64.210:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.211 IGNORE Ignore UDP 112.163.56.171:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 72 0
2016-05-07 13:15:59.217 IGNORE Ignore UDP 123.56.118.213:19 -> 38.130.194.196:31432 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.314 IGNORE Ignore UDP 61.143.160.85:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 74 0
2016-05-07 13:15:59.338 IGNORE Ignore UDP 74.219.18.187:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.371 IGNORE Ignore UDP 125.39.33.104:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.374 IGNORE Ignore UDP 219.144.130.168:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.380 IGNORE Ignore UDP 112.167.56.241:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.378 IGNORE Ignore UDP 60.191.40.154:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.381 IGNORE Ignore UDP 94.72.3.61:19 -> 38.130.194.196:31432 0.0.0.0:0 -> 0.0.0.0:0 589 0
2016-05-07 13:15:59.404 IGNORE Ignore UDP 69.40.249.247:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.431 IGNORE Ignore UDP 111.160.160.215:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.437 IGNORE Ignore UDP 218.28.15.103:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.437 IGNORE Ignore UDP 221.194.121.40:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.482 IGNORE Ignore UDP 211.223.87.151:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.503 IGNORE Ignore UDP 112.185.185.103:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.518 IGNORE Ignore UDP 112.74.90.213:19 -> 38.130.194.196:31432 0.0.0.0:0 -> 0.0.0.0:0 269 0
2016-05-07 13:15:59.527 IGNORE Ignore UDP 124.238.218.225:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.557 IGNORE Ignore UDP 175.19.209.151:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.572 IGNORE Ignore UDP 222.240.201.131:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 906 0
2016-05-07 13:15:59.578 IGNORE Ignore UDP 113.240.250.13:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.590 IGNORE Ignore UDP 200.42.174.194:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 357 0
2016-05-07 13:15:59.590 IGNORE Ignore UDP 218.56.46.101:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 849 0
2016-05-07 13:15:59.595 IGNORE Ignore UDP 211.137.239.52:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.619 IGNORE Ignore UDP 111.198.134.240:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 190 0
2016-05-07 13:15:59.619 IGNORE Ignore UDP 112.74.133.161:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 350 0
2016-05-07 13:15:59.625 IGNORE Ignore UDP 219.159.73.227:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 596 0
2016-05-07 13:15:59.628 IGNORE Ignore UDP 218.11.142.254:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.695 IGNORE Ignore UDP 109.126.0.60:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 2696 0
2016-05-07 13:15:59.656 IGNORE Ignore UDP 200.42.174.194:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 806 0
2016-05-07 13:15:59.548 IGNORE Ignore UDP 40.130.8.164:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 13:15:59.665 IGNORE Ignore UDP 121.149.187.65:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.683 IGNORE Ignore UDP 101.201.148.248:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 1075 0
2016-05-07 13:15:58.968 IGNORE Ignore UDP 78.38.157.19:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 6000 0
2016-05-07 13:15:59.683 IGNORE Ignore UDP 117.36.157.90:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 13:15:59.692 IGNORE Ignore UDP 220.169.63.94:19 -> 38.130.194.196:65305 0.0.0.0:0 -> 0.0.0.0:0 3099 0
2016-05-07 13:15:59.692 IGNORE Ignore UDP 219.144.130.168:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.693 IGNORE Ignore UDP 200.150.102.250:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 813 0
2016-05-07 13:15:59.703 IGNORE Ignore UDP 112.165.168.243:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.703 IGNORE Ignore UDP 218.31.113.166:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1514 0
2016-05-07 13:15:59.703 IGNORE Ignore UDP 124.31.219.248:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 2617 0
2016-05-07 13:15:59.712 IGNORE Ignore UDP 80.248.8.218:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 13:15:59.721 IGNORE Ignore UDP 121.128.59.30:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 2409 0
2016-05-07 13:15:59.721 IGNORE Ignore UDP 5.42.244.41:19 -> 38.130.194.196:31432 0.0.0.0:0 -> 0.0.0.0:0 1408 0
2016-05-07 13:15:59.261 IGNORE Ignore UDP 124.31.255.172:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 8331 0
2016-05-07 13:15:59.725 IGNORE Ignore UDP 186.103.163.83:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.735 IGNORE Ignore UDP 178.54.143.219:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 2123 0
2016-05-07 13:15:59.140 IGNORE Ignore UDP 124.192.123.241:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 5102 0
2016-05-07 13:15:59.745 IGNORE Ignore UDP 223.72.173.167:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.745 IGNORE Ignore UDP 112.163.17.204:11052 -> 38.130.194.196:11566 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 13:15:59.755 IGNORE Ignore UDP 128.204.194.15:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 4313 0
2016-05-07 13:15:59.755 IGNORE Ignore UDP 202.118.26.95:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 4227 0
2016-05-07 13:15:59.765 IGNORE Ignore UDP 192.186.88.18:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.773 IGNORE Ignore UDP 24.73.134.166:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.773 IGNORE Ignore UDP 111.113.16.169:21332 -> 38.130.194.196:21846 0.0.0.0:0 -> 0.0.0.0:0 572 0
2016-05-07 13:15:59.773 IGNORE Ignore UDP 80.248.8.218:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.774 IGNORE Ignore UDP 58.162.15.132:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 3583 0
2016-05-07 13:15:59.044 IGNORE Ignore UDP 218.205.207.243:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 8893 0
2016-05-07 13:15:59.780 IGNORE Ignore UDP 218.205.207.243:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 4500 0
2016-05-07 13:15:59.798 IGNORE Ignore ICMP 112.74.40.66:0 -> 38.130.194.196:3.3 0.0.0.0:0 -> 0.0.0.0:0 57 0
2016-05-07 13:15:59.805 IGNORE Ignore UDP 221.203.3.89:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.817 IGNORE Ignore UDP 125.39.33.104:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 1471 0
2016-05-07 13:15:59.823 IGNORE Ignore UDP 60.164.97.165:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 7257 0
2016-05-07 13:15:59.831 IGNORE Ignore UDP 61.143.160.85:16192 -> 38.130.194.196:16706 0.0.0.0:0 -> 0.0.0.0:0 2483 0
2016-05-07 13:15:59.840 IGNORE Ignore UDP 59.12.162.213:19 -> 38.130.194.196:30578 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.843 IGNORE Ignore UDP 124.133.15.173:19 -> 38.130.194.196:5537 0.0.0.0:0 -> 0.0.0.0:0 460 0
2016-05-07 13:15:59.203 IGNORE Ignore UDP 80.12.88.54:25958 -> 38.130.194.196:26472 0.0.0.0:0 -> 0.0.0.0:0 11451 0
2016-05-07 13:15:59.861 IGNORE Ignore UDP 221.234.44.59:30070 -> 38.130.194.196:30584 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 13:15:59.870 IGNORE Ignore UDP 222.46.21.218:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 1500 0
2016-05-07 13:15:59.894 IGNORE Ignore UDP 178.238.92.161:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 3000 0
2016-05-07 13:15:59.893 IGNORE Ignore UDP 89.31.111.106:19 -> 38.130.194.196:56648 0.0.0.0:0 -> 0.0.0.0:0 4646 0
2016-05-07 13:15:59.896 IGNORE Ignore UDP 92.126.209.200:19 -> 38.130.194.196:4027 0.0.0.0:0 -> 0.0.0.0:0 353 0

Remember, this is just a small sampling of the data collected in the very beginning of each attack.
Notice the times.. (all of these times are EST).. Once the Great Canadian’s Core server was taken offline, the attack moved to the DigiWorldz servers.
I am not sure what time the attack began on the YrGrid, but to me this looks very shady.. not even one of our other servers was even “Probed”.. they were completely left alone. What are the chances that 2 randomly chosen “targeted” machines at the same datacenter were in fact very important servers for both grids?
What do you think the chances are that out of the many servers located at this datacenter, only these 2 servers were randomly targeted?
What do you think the chances are that DigiWorldz, Great Canadian Grid, and YrGrid were all randomly targeted on the same day, in the same way?

I don’t like to think that someone is specifically targeting grids and I have no clue if they are, for what reasons.

Hopefully, making sure the community and other grid owners know about this, people can keep their ears open for something.. if you hear anything, i would be most interested in knowing anything you might hear.
If you are a grid owner, be warned, you could be next.

Get Alchemy Viewer

Get Singularity Viewer

Get Firestorm Viewer

Dayturn macOS

Get Alchemy Viewer

Get Singularity Viewer

Get Firestorm Viewer

Dayturn macOS

Cookie and Privacy Settings