Frequently Asked Questions about DDoS indident in North Korea
Was it a DDoS attack? — probably
What kind of DDoS attack was it? — volumetric network layer attack
Was it a large attack? — not really as their backbone is 2.5 Gbps, according to public records
Who is responsible for the attack?
– Speculation is that the U.S. government ?
– Hacktivist group Lizard Squad ?
▻http://www.networkworld.com/article/2863172/network-security/frequently-asked-questions-about-the-north-korean-internet-incident.ht
While only investigation of logs and network traffic can prove a DDoS attack, we can say from our experience observing and stopping hundreds of attacks that this attack fits the pattern of DDoS.
The picture below shows North Korea’s ISP - STAR-KP - slowly losing connection to the world (BGP routers dropping connections):
Attack victims often reroute, or “null route,” traffic when under attack, trying to thwart the attacker. We can speculate that this is why you see a slow failure, one router at a time, in the replay. With STAR-KP being North Korea’s single point of failure, and not a strong one, all it took was for STAR-KP to crash for everything to tumble.
BGPMon.net: