On Friday, February 6, 2009, attackers launched a distributed denial of service (DDoS) attack against several information security-related websites. The attackers used a network consisting of thousands of computers infected with malicious code, also known as a botnet, to flood the domains associated with Immunity, Metasploit, Milw0rm, and Packet Storm.
The DDoS attacks consisted of TCP SYN flood and HTTP GET flood attacks over TCP port 80 and involved hundreds of thousands of IP addresses. At its peak, the attacks consisted of as many as 80,000 connection attempts per second. According to reports, the flooding attacks lasted nearly 12 days on certain domains, with varying traffic rates on each of those days, and subsided February 13, 2009.
These websites provide information about and exploit code for current vulnerabilities. Many information security professionals use information from these sites to assist in securing their networks. The Metasploit website is fully functional now that the attacks have stopped and users should not be experiencing any disruption. The site has released workarounds for users to receive updates for the Metasploit Framework installation if the attacks reoccur.
Metasploit has released a blog post with workaround instructions at the following link: Pathetic DDoS vs Security Sites