The attack began at 6pm yesterday, and continued to cause disruption until 11am today. It is not yet known if Australian Uecomm links were targeted exclusively, however global monitoring centres are yet to raise their alert status. The SANS institute's Internet storm centre makes no mention of the attack, nor does Internet Security System's global threat operation centre.
Managing director of Imagineering Technologies in Melbourne, Matthew Proctor, says that the attack started at around 6pm. His Uecomm network link dropped off dramatically at that time, and stayed down for almost two hours.
"It was certainly a huge attack considering it rendered one of our providers' links unuseable," he said.
When it came back up it was patchy at best and was still fluctuating until 11am, he said.
According to Connect's director of networks, John Greenhough, 600,000 packets per second were passing through Connect's international border router to Uecomm, whose network is hosted behind Connect's.
Greenhough says that the malicious packets came mostly from one upstream provider and came from "several thousand" separate machines.
A spokesperson for Uecomm said that the attack did not exclusively target their network.
"Just from speaking to the NOC we don't believe we were the only company affected by the outage... [but] it certainly affected the Uecomm network," they said.
Security analyst with Australian computer security analysis body AusCERT, Jamie Gillespie, says that the attack may have come from home broadband user's systems.
"It doesn't take a lot of cable modems to saturate the bandwidth on even a 100mbps link," he said.
This comes less than a week after US based security body CERT released an advisory warning of the possibility of huge denial of service attacks. Recent worms such as deloder have loaded up many home user systems with DDoS "agents" which can be controlled from a central location.
It is unknown at this stage as to whether the attack came from machines infected with the deloder worm or through similar manual hacking techniques.
Some Uecomm customers were spared from the attack. Ben Holko, operations manager for the GlobalCenter data centre in Melbourne, says that their Uecomm links didn't skip a beat. They operate dark fibre links through Uecomm though, so it's possible that the attacks targeted different routers altogether.
He said that although there was a decrease in traffic on the links at 6pm yesterday, it was "in line with standard 6pm after office behaviour".
ddos-ca.org is trying to wrangle some responsiblity out of vendors who release products that enable these sorts of attacks to happen