infosec-news August 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Datacenter power outage and DDoS attack crip

[ISN] Datacenter power outage and DDoS attack cripples VoIP vendor

From: InfoSec News <alerts_at_nospam>
Date: Fri Aug 19 2011 - 09:30:52 GMT
To: isn@infosecnews.org

http://www.zdnet.com/blog/datacenter/datacenter-power-outage-and-ddos-attack-cripples-voip-vendor/974

[Pointed out in the comments is the nugget that Ooma had a very similar
outage in 2009 and what steps they planned to mitigate a future outage
from happening again. Oops... - WK]

By David Chernicoff
Five Nines: The Next Gen Datacenter
ZDNet
August 18, 2011

How many cloud failures have to happen before consumers take notice?

Ooma, a VoIP provider had the dual inconveniences of what they described
as a “rare” partial power failure at their unnamed datacenter provider
and what appeared to be asimultaneous DDoS attack on their corporate
website, which left their customers unable to use their service, or even
check on the status of their accounts while Ooma rushed to recover from
the problems.

The service was only down for three hours, starting at 5:40 AM Pacific
Time, which means that the issue was resolved by the time West Coast
customers got to their offices, but anyone further east would have found
their business impacted by the outage. Given that Ooma’s primary
marketing approach is for their free home phone service it is likely
that their customers, who are home users, would have been somewhat in
the dark about what was going on and tried to connect to the company
website. According to the Ooma corporate blog, it was the sudden rush
of customers, that no longer had phone services, trying to access the
corporate home page that caused what appeared to be a DDoS attack.

Of course, the explanation is of little value to customers who found
themselves without service. This is true of any cloud-based outage;
customers won’t care why it happened, they just don’t want it to happen
again. And it is the primary Achilles Heel of cloud based services;
anything that can cause a service interruption eventually will, and it
is next to impossible to prevent every potential failure.

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/