iDRY Vacuum Kilns

Sponsors:

ddos

Started by Jeff, July 14, 2012, 10:53:31 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jeff

There is nothing wrong with the Forestry Forum today, however the network upon which it resides, is experiencing a distributed denial of service attack. The Network Admin Team is working with Corero and their upstream provider to resolve the issue.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

ellmoe

Soooo, it wasn't me! 8)
Thirty plus years in the sawmill/millwork business. A sore back and arthritic fingers to prove it!

trapper

That is why  I went to  general topics first this morning when i logged in hopeing for an explanition of why I couldnt get on last night.
stihl ms241cm ms261cm  echo 310 400 suzuki  log arch made by stepson several logrite tools woodmizer LT30

Jim_Rogers

My access has timed out many times this morning.

I hope they get it fixed soon....

Jim Rogers
Whatever you do, have fun doing it!
Woodmizer 1994 LT30HDG24 with 6' Bed Extension

Warbird

I can get here by IP address now but DNS still isn't resolving.  Seems odd it would take them this long to have their upstream provider start dropping all traffic to the targeted host(s)?  It is also a bit odd for an attack of this nature to go on so long.

*edit*  DNS is resolving now.  Though everything is still super slow due to the DDoS.  :( 

Jeff

I suspect that queued services will keep things slow for awhile even after things are straightened out.

Two months ago, the network the forum is on was "absorbed" by supposedly a bigger, faster, even more reliable Network.  Yea, okay. :-\
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

Warbird

It is most likely ignorance on the various ISP's part.  Once you know one of your networks is being DDoS'd, there are ways to mitigate it.  If it's an entire network, and not a single host being attacked, they just need to fire up a temporary 'filter router', route all traffic for the targeted network through it, and let it take the load of filtering out the good traffic from the bad.

It's obvious they don't have automated ways of doing this in place but seriously, for an attack of this level and length of time, a human should have been able to mitigate it by now.  It would be interesting to know the specifics of the attack but I doubt they'd share that info with you.

POSTON WIDEHEAD

I've been trying to place a LARGE bid on the axe and can't get through.  :)
The older I get I wish my body could Re-Gen.

Jeff

This is the message I've been tryingto send this morning ( of course my email as well at theirs is part of the network, so it only took an hour to get it sent.)
Quote
Is there any additional info you can provide on the nature of this attack, as well as the status? For curiosity's sake, as well as to extend to my clients who are ringing my phone off the desk...

Thanks guys!

Jeff Brokaw
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

Jeff

QuoteOn 7/15/2012 1:46 PM, Network Operations Center wrote:
> Hi, We are still experiencing a DDoS and continue working diligently with our providers. We have been able to see improvement however packet loss continues to fluctuate between 5 and 20%. Unfortunately I still do not have an eta on full resolution. I apologize for the inconvenience and that I do not have more information to give.
> Best Regards,
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

clww

I thought it was my computer. Best of luck, Jeff. We'll just remain patient.
Many Stihl Saws-16"-60"
"Go Ask The Other Master Chief"
18-Wheeler Driver

scsmith42

Glad to see it them beat back the DDOS - hopefully it will continue.
Peterson 10" WPF with 65' of track
Smith - Gallagher dedicated slabber
Tom's 3638D Baker band mill
and a mix of log handling heavy equipment.

Warbird

Looks like they called in the big boys.  The routes have changed, as I'm now being routed through Black Lotus Communications.  The last 6 hops are no longer resolving to names, either.

http://www.blacklotus.net/

Seems much better now.  As of right now, I'm seeing less than 1% packet loss.  They must be targeted by one of the very large botnets for it to impact them this badly, for this long.  I wonder if the event caused some hardware failures along the way?  An attack of this magnitude should make the news somewhere.

Warbird

Also, I just found this.  Talk about pucker factor!  Someone really wanted them down.

QuoteIt's not attacking a single IP, the DOS is hitting all 5 /16's. It's been escalated to all the highest levels across all of our providers. It seems to be hitting at a rate greater then 2 million packets per second.

http://www.webhostingtalk.com/showthread.php?t=1173321


Warbird

For non-networking types, a "/16" is what used to be called a "Class B network" and it is comprised of 256 "Class C networks".  A Class C network has 256 IP's within it.

In non-technical terms, each /16 has 65,532 useable IP addresses.  What the quote above from Corespace said is that this botnet is impacting all 5 of their /16's, meaning they have 327,660 IP's being affected by this attack.  And it's apparently not just their network being targeted.

In other words, this is a massive assault on our networks.  I'd bet China or another nation is involved.

Jeff

I was over at webhosting talk reading that topic that you provided the link for James. I hate to see guys get so pissy so quickly but I do understand the communications part they are talking about. I suspect after an episode of this scale, they may improve upon that. The lucky thing for me personally, is that this occurred on the weekend. If it had occurred during the week, my web clients that depend on their domain email would be blowing my phone a part. It doesn't matter with a few of them what the problem is, just that they want it fixed and now.

I actually don't feel near as pressed when it is something like this which is outside of my control than I would if it was something that I can get in there and hammer at.  The big problem we were having a while back where we were having the 1:00 AM issue was one of the things that contributed to my health issues this year. I couldn't step back from it until it was fixed, because I knew it was something that I could swing away at.

Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

Warbird

I hear you, Jeff.  Absolutely nothing you can do in this case.  To be very clear, this attack is HUGE and completely out of the hands of anyone here.  I saw discussions elsewhere of streams well over 1 Gbps.  That's insanely huge.

Mooseherder

I hope they find the party who is responsible for this criminal behavior and make a serious example out of them.  smiley_smash

DanG

A little visit by the Navy Seals would be in order.
"I don't feel like an old man.  I feel like a young man who has something wrong with him."  Dick Cavett
"Beat not thy sword into a plowshare, rather beat the sword of thine enemy into a plowshare."

Kansas

I just wanted the powers that be to know that this topic flew so far over my head, well all I can say is, glad there are people here who know how to run this joint.

Norm

Sometimes I wish we could block all traffic from outside the US. 99% of our CC scammers would be gone.

Magicman

At least be able to block a few well known countries,  but there are four countries that instantly come to my mind that are our proven friends.   :)

About the problem, I am content knowing what I don't know about how the internet works.  I leave such technical stuff to Al Gore.   ;D
Knothole Sawmill, LLC     '98 Wood-Mizer LT40SuperHydraulic   WM Million BF Club Member   WM Pro Sawyer Network

It's Weird being the Same Age as Old People

Never allow your "need" to make money to exceed your "desire" to provide quality service.....The Magicman

PC-Urban-Sawyer

Quote from: Magicman on July 16, 2012, 07:35:28 AM
At least be able to block a few well known countries,  but there are four countries that instantly come to my mind that are our proven friends.   :)

About the problem, I am content knowing what I don't know about how the internet works.  I leave such technical stuff to Al Gore.   ;D

I can't think of ANYTHING I'd leave to Al Gore.

Herb

Warbird

But, but....  he invented the Internet!  Surely everything would be safe with him?  ;) LOL

Warbird


For those interested, should this latest DDoS attack catch the attention of certain powers, yes there can be justice; as it was in this case:

http://it.slashdot.org/story/12/06/25/2358252/two-uk-lulzsec-suspects-plead-guilty-to-ddos-charges

In that case, the kids were extremely stupid and blatantly targeted certain gov't assets.  In another story, they had targeted FBI phone bridges and tapped into secure conference calls.

This is also interesting reading, regarding the 'cyberwar' aspect I mentioned in an earlier posting:

http://politics.slashdot.org/story/12/06/02/0240205/legitimized-cyberwar-opens-pandoras-box-of-dirty-tricks

Be advised that a lot of immature people post comments at the /. site and the language can be a bit rough.


Thank You Sponsors!