Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ddos and considerations
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ddos and considerations

prometeusprometeus Member, Host Rep
edited March 2012 in General

I was only marginally involved in the latest ddos dramas apart the spammed delirant discussion where a lot of you were also added and a little dos (less than 400Mbps). Today we received a ddos of more than 3Gbps, nothing we cannot handle easily, but I was courious to know if this has something to do with the recent issue seen here. If you have some suggestion, pattern ip, you want to share with me please do.

Thanks.

image

«1

Comments

  • @prometeus - It's more likely that it's just some random skiddy fucking around. Booters are the new fad within gaming communities such as RO, etc; the recent drama did hilight us providers as high-visibility targets, so I imagine every pissant kid with a 5$ botnet is going to try to get his moment of glory taking potshots at us.

  • prometeusprometeus Member, Host Rep

    @aldryc maybe you're right, since it was one of the biggest I've seen in a while I had the reaction to relate it to what happened here....

    Thanks

    S.

  • MaouniqueMaounique Host Rep, Veteran

    My VPS with you didnt notice, congratulations :)
    M

    Thanked by 1prometeus
  • prometeusprometeus Member, Host Rep

    @Maounique said: My VPS with you didnt notice

    this is our work, we handle a lot of bandwidth so this should be expected. But the target node suffered for half an hour without reason and I don't conceive that we all are at the mercy of these kids (or criminals)...

  • MaouniqueMaounique Host Rep, Veteran

    I noticed, out of my 5 VPSes now, yours has the spring in it's step if you know what I mean :)
    It beats edis hands down and has higher specs regarding bw and space. I never had a VPS in Italy before, I certainly didnt expect this performance :)
    M

  • Imho. those threads aren't smart. Ddos is not LET phenomenon and assuming that suddenly every ddos originate from this page-community would be just silly. However if hosts from now on post every such occurence at LET (something what we lately see pretty often here), showing graphs, brag about it, etc... it can actually really happen that some kid from here start to take them as target.

  • @Spirit - pretty much, aye. A handful of providers could've likely avoided these attacks altogether simply by not participating in those threads; until everyone started chiming in, it was only those of us on the original hit list being targeted.

  • MaouniqueMaounique Host Rep, Veteran
    edited March 2012

    @Spirit said: it can actually really happen that some kid from here start to take them as target.

    That is correct, so we should all duck down and try to pretend it doesnt happen, maybe they will pass us...
    I dont think this is the right approach, the community choses hosts based on their capabilities, if the providers say they can withstand an attack while others say they cancel without refund immediatelly, then we should know about it.
    Not personally, I dont expect any attack, but we cant only host our kitteh pictures, right ?
    M
    P.S. I see the "tough" one is recomending caution... No wonder, he cant handle the advertised BW, not to mention some extra :P
    I say ppl with guts should talk about it, share solutions, take precautions, have scripts in place, maybe another route with IPs to manage, etc.
    DDoSes WILL happen, as long as ppl dont protect their computers, microsoft doesnt patch even pirated XP for critical flaws, more and more kids and ppl without computer literacy get access to them, etc.

  • prometeusprometeus Member, Host Rep

    @Spirit said: Imho. those threads aren't smart. Ddos is not LET phenomenon and assuming that suddenly every ddos originate from this page-community would be just silly. However if hosts from now on post every such occurence at LET (something what we lately see pretty often here), showing graphs, brag about it, etc... it can actually really happen that some kid from here start to take them as target.

    I see your point and apologize for this. As I said, this was one of the biggest I've seen lately and my reaction was to share and get info

  • SpiritSpirit Member
    edited March 2012

    @Maounique I am not saying that. What I am saying is that ddos is part of a hosting industry, always was always will be. It has nothing to do with LET and just because some host here and there appear in some discussion at LET it doesn't mean by default that it's ddosed because of LET appearance. Of course some more popular or rather loud LET hosts are more exposed and could anger part of LET population and this could lead into ddos... however assuming that every ddos originate from this page-community because recent occurances can be hardly true. Ddos isn't invented by LET but it's sadly big part of a hosting industry in general.

    @prometeus, sure :) It's ok. On a side note, my node pm12 connection timed out at 12:15:58 and came back at 12:16:46 (your time) so barely noticed interruption which I think is good under those circumstances. I need to say that so far I really like your service. I am looking forward to your IPv6 deploying which I think is near.

  • MaouniqueMaounique Host Rep, Veteran
    edited March 2012

    I think that, on the contrary, when kids see their attack did nothing, they take more bots, if still didnt matter, they will probably quit since with the same money can take down 5 other sites. The word will spread and some providers will not put up with this anymore or will have only massive attacks but a lot more rare and expensive for the launchers.
    Sure, advertising "we dont buckle under DDoSes" is not the right kind of thing to do as ppl likely to get DDoSed will gather in the same place, but maybe, some provider, would think of that and move all former targets in the same subnet with same routing and tell them disruption may occur even if it is not their fault. If they agree, fine, if not, just keep looking for hosts that wont give them the boot at first attack. And sharing data with the police, find central servers for the botnets, etc, should be as normal as patching the software.
    What we basically seem to agree here is that:
    1. If you keep a low profile it means you will get less attacks;
    2. Attacks are the end of the world, an act of god or a punishment for infuriating the kids (see 1);
    3. Customers should also try to keep down, because if they get attacked, they get the boot.

    This means the terrorists won, GF.
    M

  • prometeusprometeus Member, Host Rep

    @Spirit said: pm12 connection timed out at 12:15:58 and came back at 12:16:46 (your time) so barely noticed interruption

    pm12 WAS the node target of the attack and I loose the console for several minutes :(

  • MaouniqueMaounique Host Rep, Veteran

    @Spirit sorry i read after i posted, I agree the attacks are not necesarily related to LEB/LET, however this does not mean we shouldnt talk about them, even if they are not. Who knows, maybe someone will strike the right balance regarding resources and benefits put into this "fight" and share results. We all hate those kids, maybe we can do something to stop them, no ?
    M

  • SpiritSpirit Member
    edited March 2012

    @Maounique sometimes I am getting impression that we live in some parallel world and/or we don't discuss about same thing, but that's fine :) It's beautiful weather outside so see ya all later :)

    Added: I also posted before I saw your latest reply @Maounique :) Sorry about that, but let it be.. :) I wish good day to everyone.

  • MaouniqueMaounique Host Rep, Veteran

    @Spirit said: It's beautiful weather outside so see ya all later :)

    Here too, however I am at work supervising a huge raid rebuild under big load, so bear with me for a while :P
    M

  • Wow... I want an IperWeb VPS now.

  • Dude acts like 3Gbps is nothing.

    Where do I signup?

    Thanked by 1prometeus
  • prometeusprometeus Member, Host Rep
    edited March 2012

    Just another attack with a different target. I don't know what to think about....

    image

  • @prometeus check if the target IP is running eggdrop or ircd... we had those in the past, these were the two most common reasons.

  • prometeusprometeus Member, Host Rep

    @rds100 the target is running apache, sendmail, ssh and camfrogserver

  • @prometeus then it must be something else :) Ours were almost always IRC related.

  • prometeusprometeus Member, Host Rep

    Somebody asked me how we handle this kind of events. To be honest my position is to protect the most of the clients as possible, so the first thing i did when i found the target on the sflow monitoring was to blackhole the ip to protect the node. For how much time? Until it's solved I think.

  • JacobJacob Member

    We had a 2500Mbps attack on KS2 Yesterday, Overloaded the switch with null packets and eventually caused a network hiccup.

    Server was nullrouted for 24 Hours, Back online now though.

  • AldryicAldryic Member
    edited March 2012

    After some deliberation, we've considered our options and decided that our response to the DoS shenanigans is: (from a mass email I currently have going out)

    "We've got an exciting week lined up. First off, we're proud to announce our new DDoS Protection. For 3$ a month (per IP), your existing service is assigned a filtered IP managed by a node less than 2ms from our home racks. These filtered IPs can handle up to a 6-10gbit flood before it's considered a potential issue, meaning no more sleepless nights worrying about some kiddy with a forum-bought C&C booter taking down your VPS. All clients are welcome to request filtered IPs for their services; and for anyone that might've been asked to leave our network in the past due to being an unfortunate target... Welcome Back!"

    Expected availability is early-to-mid next week.

  • All providers need to do what he just said they're doing because that's awesome.

  • prometeusprometeus Member, Host Rep

    Thanks to everyone for the kind words and support :)

  • MaouniqueMaounique Host Rep, Veteran

    You're welcome.
    Is it just me or there are signs the community is improving ? Must be the spring :)
    M

  • @Maounique said: Still the same Aldryic ? :o I think the Equinox exorcised the werewolf at least temporarely :P

    @Maounique said: Is it just me or there are signs the community is improving ?

    My latest rum and водка import just came in :3

  • MaouniqueMaounique Host Rep, Veteran

    Cheers, mate :P I once said I will never buy a VPS from you, now I am considering this :)
    Good job and keep it up.
    M

  • prometeusprometeus Member, Host Rep

    @Aldryic said: водка

    The nanny of my daughters is from Ukraine, I introduced she and her husband to wine and grappa ( http://en.wikipedia.org/wiki/Grappa ), in exchange they did the same with vodka (I still remember some memorables Sunday with vodka around as it was water ;) )

    Thanked by 1Steve81
Sign In or Register to comment.