Network Attacked.

[Bob Hubbard]

Our sites appeared down this morning, and some of you may have noticed sever lag last night. I contacted out admin and got the below reply:

Hi Bob,

we had a DOS attack last night that affected the whole network. None of the servers went down (you can check that with the command 'uptime'). They just weren't accessible due to the network being flooded.
eric 09-Jan-2002 14:07:03

A Denial of Services attack basically drowns a network in crap, preventing legitimate use from going on.

Hopefully, we don't get his again.
:asian:

 

[Cthulhu]

Are they trying to find the culprit? If they do, will you post the culprit's address on the board so the member affected can have a 'discussion' with him?

Cthulhu

 

[Bob Hubbard]

Its a bit bigger than that. Basically, our site sits on a server (with about 100+ other sites). That server is currently inside of 1 of Verios datacenters. The datacenter got hit, which cut off access to our server (and hense our sites). Finding the culprit is a tad challenging. If I find out though, I'll be sure to post more info.

 

[Carbon]

Hehe I guess this is where networking skills would come in handy.

DOS attacks are very common and not very hard to pull off.

There are very common ones I have forgotten the names, but the basic Idea is they mask their I.P to look like a servers and simotaneously send out pings to tons of other servers who in return ping the same server back at the very same time, now trying to respond to 100k+ pings is very memory affecting.

It eats up bandwidth and is very impossible to trace if the person is smart enough to go through wingates, or something of this sort

I doubt they will find it and these go on all the time, I am not sure if there is a method to prevent this, it just happens.

I think you can drop a ping though if the size exceeds a certain amount which will prevent some lag.

 

[Bob Hubbard]

heh. In my spare time I do NT/Win2k network admin work.

Thats basically it. The NOC got flooded with crap packets and pings. Thankfully, we've moved out of Verio's NOC into a different one, and the network has been alot smoother (with the exception of the occational apache crashes due to our neighbors on this server running buggy code )

:asian:

 

[KumaSan]

Originally posted by Carbon

I think you can drop a ping though if the size exceeds a certain amount which will prevent some lag.

Yep, you should have the option to drop all ICMP packets, some ICMP packets based on type (pings, traceroutes, timestamps, etc...), or based on size. YMMV depending on which firewall/router you are using.

The best way to prevent DOS's would be to get all System Administrator's to patch their systems. This won't get rid of them all, but it would cut down on a lot of them.

Yep, I'm another network monkey. I'm currently working the security side of things (so if you get any particularly troublesome IP's in your logs, let me know ).

 

[Kirk]

Originally posted by KumaSan



Yep, you should have the option to drop all ICMP packets, some ICMP packets based on type (pings, traceroutes, timestamps, etc...), or based on size. YMMV depending on which firewall/router you are using.

The best way to prevent DOS's would be to get all System Administrator's to patch their systems. This won't get rid of them all, but it would cut down on a lot of them.

Yep, I'm another network monkey. I'm currently working the security side of things (so if you get any particularly troublesome IP's in your logs, let me know ).

I'm a programming monkey, former networking monkey. Hello
my fellow monkeys! We're too busy pingin', to put anybody
down

Anyways, ping attacks aren't as common as they used to be
(although I've written a program that does it back when the
systems manager asked me to see if I could bring the server
down). Most servers have ping attack counters these days.
My favorite being an attack itself. I.P. emulators aren't as
popular these days either, since most server software has
better detection built in.

 

[RCastillo]

Originally posted by Kaith Rustaz

Our sites appeared down this morning, and some of you may have noticed sever lag last night. I contacted out admin and got the below reply:


A Denial of Services attack basically drowns a network in crap, preventing legitimate use from going on.

Hopefully, we don't get his again.
:asian:

It's those IKKO people. They do anything to get attention!

 

[tunetigress]

No it wasn't! It was that Tracy's bunch. I saw that Tracy's brainwashed daughter of mine sneaking around. I bet she's got some alliance going with some crazy people in Texas, trying to pretend they got the IKKO surrounded!!! LMAO!!! :rofl:

 

[RCastillo]

Originally posted by tunetigress

No it wasn't! It was that Tracy's bunch. I saw that Tracy's brainwashed daughter of mine sneaking around. I bet she's got some alliance going with some crazy people in Texas, trying to pretend they got the IKKO surrounded!!! LMAO!!! :rofl:

It's good to realize the TRUTH!It's been said that children are most perceptive. She's a smart one you've got there. I'll bet Dennis Conatser is shaking in his Nike's!:boing2: