New on LowEndTalk? Please Register and read our Community Rules.
Ddos and considerations
I was only marginally involved in the latest ddos dramas apart the spammed delirant discussion where a lot of you were also added and a little dos (less than 400Mbps). Today we received a ddos of more than 3Gbps, nothing we cannot handle easily, but I was courious to know if this has something to do with the recent issue seen here. If you have some suggestion, pattern ip, you want to share with me please do.
Thanks.
Comments
@prometeus - It's more likely that it's just some random skiddy fucking around. Booters are the new fad within gaming communities such as RO, etc; the recent drama did hilight us providers as high-visibility targets, so I imagine every pissant kid with a 5$ botnet is going to try to get his moment of glory taking potshots at us.
@aldryc maybe you're right, since it was one of the biggest I've seen in a while I had the reaction to relate it to what happened here....
Thanks
S.
My VPS with you didnt notice, congratulations
M
this is our work, we handle a lot of bandwidth so this should be expected. But the target node suffered for half an hour without reason and I don't conceive that we all are at the mercy of these kids (or criminals)...
I noticed, out of my 5 VPSes now, yours has the spring in it's step if you know what I mean
It beats edis hands down and has higher specs regarding bw and space. I never had a VPS in Italy before, I certainly didnt expect this performance
M
Imho. those threads aren't smart. Ddos is not LET phenomenon and assuming that suddenly every ddos originate from this page-community would be just silly. However if hosts from now on post every such occurence at LET (something what we lately see pretty often here), showing graphs, brag about it, etc... it can actually really happen that some kid from here start to take them as target.
@Spirit - pretty much, aye. A handful of providers could've likely avoided these attacks altogether simply by not participating in those threads; until everyone started chiming in, it was only those of us on the original hit list being targeted.
That is correct, so we should all duck down and try to pretend it doesnt happen, maybe they will pass us...
I dont think this is the right approach, the community choses hosts based on their capabilities, if the providers say they can withstand an attack while others say they cancel without refund immediatelly, then we should know about it.
Not personally, I dont expect any attack, but we cant only host our kitteh pictures, right ?
M
P.S. I see the "tough" one is recomending caution... No wonder, he cant handle the advertised BW, not to mention some extra :P
I say ppl with guts should talk about it, share solutions, take precautions, have scripts in place, maybe another route with IPs to manage, etc.
DDoSes WILL happen, as long as ppl dont protect their computers, microsoft doesnt patch even pirated XP for critical flaws, more and more kids and ppl without computer literacy get access to them, etc.
I see your point and apologize for this. As I said, this was one of the biggest I've seen lately and my reaction was to share and get info
@Maounique I am not saying that. What I am saying is that ddos is part of a hosting industry, always was always will be. It has nothing to do with LET and just because some host here and there appear in some discussion at LET it doesn't mean by default that it's ddosed because of LET appearance. Of course some more popular or rather loud LET hosts are more exposed and could anger part of LET population and this could lead into ddos... however assuming that every ddos originate from this page-community because recent occurances can be hardly true. Ddos isn't invented by LET but it's sadly big part of a hosting industry in general.
@prometeus, sure
It's ok. On a side note, my node pm12 connection timed out at 12:15:58 and came back at 12:16:46 (your time) so barely noticed interruption which I think is good under those circumstances. I need to say that so far I really like your service. I am looking forward to your IPv6 deploying which I think is near.
I think that, on the contrary, when kids see their attack did nothing, they take more bots, if still didnt matter, they will probably quit since with the same money can take down 5 other sites. The word will spread and some providers will not put up with this anymore or will have only massive attacks but a lot more rare and expensive for the launchers.
Sure, advertising "we dont buckle under DDoSes" is not the right kind of thing to do as ppl likely to get DDoSed will gather in the same place, but maybe, some provider, would think of that and move all former targets in the same subnet with same routing and tell them disruption may occur even if it is not their fault. If they agree, fine, if not, just keep looking for hosts that wont give them the boot at first attack. And sharing data with the police, find central servers for the botnets, etc, should be as normal as patching the software.
What we basically seem to agree here is that:
1. If you keep a low profile it means you will get less attacks;
2. Attacks are the end of the world, an act of god or a punishment for infuriating the kids (see 1);
3. Customers should also try to keep down, because if they get attacked, they get the boot.
This means the terrorists won, GF.
M
pm12 WAS the node target of the attack and I loose the console for several minutes
@Spirit sorry i read after i posted, I agree the attacks are not necesarily related to LEB/LET, however this does not mean we shouldnt talk about them, even if they are not. Who knows, maybe someone will strike the right balance regarding resources and benefits put into this "fight" and share results. We all hate those kids, maybe we can do something to stop them, no ?
M
@Maounique sometimes I am getting impression that we live in some parallel world and/or we don't discuss about same thing, but that's fine
It's beautiful weather outside so see ya all later 
Added: I also posted before I saw your latest reply @Maounique
Sorry about that, but let it be.. 
I wish good day to everyone.
Here too, however I am at work supervising a huge raid rebuild under big load, so bear with me for a while :P
M
Wow... I want an IperWeb VPS now.
Dude acts like 3Gbps is nothing.
Where do I signup?
Just another attack with a different target. I don't know what to think about....
image
@prometeus check if the target IP is running eggdrop or ircd... we had those in the past, these were the two most common reasons.
@rds100 the target is running apache, sendmail, ssh and camfrogserver
@prometeus then it must be something else
Ours were almost always IRC related.
Somebody asked me how we handle this kind of events. To be honest my position is to protect the most of the clients as possible, so the first thing i did when i found the target on the sflow monitoring was to blackhole the ip to protect the node. For how much time? Until it's solved I think.
We had a 2500Mbps attack on KS2 Yesterday, Overloaded the switch with null packets and eventually caused a network hiccup.
Server was nullrouted for 24 Hours, Back online now though.
After some deliberation, we've considered our options and decided that our response to the DoS shenanigans is: (from a mass email I currently have going out)
Expected availability is early-to-mid next week.
All providers need to do what he just said they're doing because that's awesome.
Thanks to everyone for the kind words and support
You're welcome.
Is it just me or there are signs the community is improving ? Must be the spring
M
My latest rum and водка import just came in
Cheers, mate :P I once said I will never buy a VPS from you, now I am considering this
Good job and keep it up.
M
The nanny of my daughters is from Ukraine, I introduced she and her husband to wine and grappa ( http://en.wikipedia.org/wiki/Grappa ), in exchange they did the same with vodka (I still remember some memorables Sunday with vodka around as it was water
)