Information Sharing on Our Cyber Attacks Today and Last Week

They say that the lack of information sharing is one of the major exacerbating factors behind cyber-insecurity. So I've decided that Lawfare is going to be entirely transparent about the attacks against our system last week and today. Last Wednesday, Lawfare experienced a brief outage, which our tech folks at Blue Water Media quickly got under control. The following day, I received an email informing me that "Last evening, the server hosting lawfareblog.com was subjected to a malicious Distributed Denial of Service attack (DDoS). Our hosting engineers detected the attack, identified the attacking IP addresses, and blocked them at the network level, successfully stopping the attack." The attacking IP addresses, both in the Netherlands, were identified as:

89.248.171.108

94.102.63.246

The Blue Water Media folks stressed---as do I now---that "since most DDoS attacks come from stolen IPs, through malware or injections, this does not provide concrete information." Today, the attacks began anew---again, all from servers in the Netherlands. First from this one:

93.174.93.123

And when that got blocked, from a bunch of others:

62.41.26.0/24
62.41.27.0/24
89.248.160.0/21
89.248.168.0/24
89.248.169.0/24
89.248.170.0/23
89.248.172.0/23
89.248.174.0/24
89.248.175.0/24
93.174.88.0/21
94.102.48.0/20
94.102.49.0/24
94.102.62.0/24

As I say, I have no idea who is behind this, and the people who run the servers associated with these IP addresses may be entirely innocent malware victims. But in the spirit of sharing data about cyber-attacks, this is the information I've got on ours---for any individuals, companies, or law enforcement agencies for whom it might prove useful.