Nodedeploy ddos for the last couple of hours?

Ishaq

@Spirit said: Don't be so nervous.

Nervous? why would I be nervous?

Ishaq

Anyway, no hard feelings.. I just don't like when people act the exact same way after they ask someone not to do it.

Spirit

@Ishaq said: Nervous? why would I be nervous?

You seems nervous because some things I posted with taking them out of context. Are you ddosed recently too? By competition maybe? This would explain...
Anyway, I wish you all best.

@Ishaq said: they ask someone not to do it.

Selective reading? Because I am pretty sure that I didn't do that and you took it out of context.

@Spirit said: No, no - I never said neither meant that. Maybe you understood it wrong - or my limited english... I was talking that few little hosts more or less in country doesn't mean much for competition and that I doubt in systematical ruining of competition by killing FEW smaller hosts. (small here isn't used in bad way but globally hosting industry looking)

Ishaq

@Spirit said: You seems nervous because some things I posted with taking them out of context. Are you ddosed recently too? By competition maybe?

Nope. Just merely stating a fact

AnthonySmith

oh dear the thread has turned to mush

exit 0

NHRoel

@AnthonySmith said: exit 0

BradND

Sigh, just once guys keep it on topic... its all about nodedeploy here

I kid, but seriously I think we have what is needed, if the relevant parties want to do something together that'd be swell.

Ash_Hawkridge

EDIT: Never mind

nikc

And again ?

Patrick

@BradND said: @AnthonySmith would you mind pm'ing me your skype? We should all probably crowd source information. @Patrick I think I still have you on skype, will ding you soon.

Messaged you few mins ago.

BradND

@Patrick Unfortunate what has happend to you, if you need anything let me know. We'll help in any way possible.

apollo15

What happened?

antiven

@BradND said: Prehaps with deep packet inspection it's possible to determine the source

How do you determine the source of a forged packet with deep packet inspection?

GordonS

Looks like StormVZ is getting hammered again now

prae5

@GordonS said: Looks like StormVZ is getting hammered again now

Hmmm there goes that plan, I was considering getting something from them as a fallback whilst my nodedeploy node was down.

nikc

A full day pretty much without nodedeploy now for me.

Customers ranting at me !

prae5

@nikc said: A full day pretty much without nodedeploy now for me.

Customers ranting at me !

Me too - http://serverst.at/history.php?uid=4

I know its not their fault, still frustrating for everyone. I appreciate they are working hard to resolve it. I do feel for them, repeated DDOS attacks can be the end of some hosts - through no fault of their own.

GordonS

@Zen

Yes, well, I think that lesson has been rather brutally learned :-/

But I did have a 'backup plan', and have just changed A records for my web and mail servers to point back to my old, shared hosting setup (which I hadn't cancelled yet, as I wanted to see how it went with StormVZ first...). But I still need to think about a better solution.

On another note, StormVZ's current plan to deal with DDoS is to move to a different IP block... but if the attack is targeted, surely the attackers will just start attacking the new range?

BradND

@GordonS Probably. We're not doing the same however.

ShardHostSarah

@BradND said: @GordonS Probably. We're not doing the same however.

How is your upstream treating you?

KuJoe

Why are clients who are not being targeted experiencing downtime? This kind of info would be useful for other hosts.

Patrick

@GordonS said: On another note, StormVZ's current plan to deal with DDoS is to move to a different IP block... but if the attack is targeted, surely the attackers will just start attacking the new range?

Yes, it's only option viable at this time. Attackers started off with our test ip then expanded to any other IP they could find so this kind of confirms someone is not happy about us or the other hosts mentioned here in competition.

According to Neil we received over 10gbps of attack yesterday afternoon, majority of the VPSs which were not null routed remained online until now where we are doing IP change and getting a IPMI setup to help us in the future which should have been setup from the start from our end.

ShardHostSarah

If you are colo at rapidswitch I may have a solution for temporarily.

ShardHostSarah

@Zen said: Pretty sure they are all renting.

Shame, we have a device that needs testing

Patrick

@KuJoe said: Why are clients who are not being targeted experiencing downtime? This kind of info would be useful for other hosts.

This would be case for other hosts here maybe, majority of the VPSs for us have been online for the past ~72 hours even whilst attacks were being carried out to our node. Except the ~20min downtime occurred yesterday afternoon in which the 10gbps attack made the whole server go down but picked up by RapidSwitch after it affected their network.

They are doing there best from what I have been informed regularly by Neil and the network staff and responses to our null route requests have been been completed within 10mins. It seems to be a well coordinated attack regardless.

jar

Time for everyone to start investing in some $30,000 routers?

LEB anti-ddos fund?

ShardHostSarah

@jarland said: Time for everyone to start investing in some $30,000 routers

30,000 Routers aren't going to do anything against DDOS attacks

Ishaq

@jarland said: LEB anti-ddos fund?

All the hosts will be fighting for it :P

jar

@ShardHost said: 30,000 Routers aren't going to do anything against DDOS attacks

They'll do more than iptables. Strong filtering with heavy throughput and powerful dedicated processing power is of high value in these events. I don't know much about DDOS but that much I can string together.

unused

Maybe some 500k+ corero kit