![]() |
|
#21
|
||||
|
Anycast will not work for P1999 because we cannot replicate our service across multiple data centers (that would result in 10 copies of the server). Turp the problem with your diagram is that somehow your router is magically detecting which traffic is 'bad' and sending it elsewhere, and unfortunately that is not possible.
I think Rogean could actually do a lot more against these attacks then he has, probably because he has a job and such. Some interesting things:
The corollary to all of this is that I'm making the assumption they are sending Everquest packets because they have found some vulnerability in the server code. If they are just flooding the datacenter with DNS packets or whatnot, there is nothing Rogean can do other than pay for more bandwidth.
__________________
Raev | Loraen | Sakuragi <The A-Team> | Solo Artist Challenge | Farmer's Market
Quote:
| |||
|
Last edited by Splorf22; 07-27-2013 at 04:29 PM..
|
|
|||
|
#22
|
||||
|
Quote:
I have a full time job that gets increasingly busy in the summer. I have commitments all this weekend. I have a trip coming up that I leave for very soon that will put me away for a week. The timing of all of this shit happening is the worst it could possibly be. Look up DNS Amplification attack, and you guys will see just how little there is that I can do about it myself. No amount of equipment I put on my side of our data center drop will help line saturation. It's up to our data center. I'm seeing what they are willing to do, as well as their upstream providers (Level3). We used to have DDoS protection. It's one of the reasons that we moved to the data center we're at now. But then they decomissioned the device and decided to not replace it, so now we're stuck in the data center without mitigation. If there's nothing they can do to stop this then we're looking at literally a month or two for us to find and move to a data center that can.
__________________
| |||
|
|
||||
|
#23
|
|||
|
As far as I am know, this is the most common and effective response to combating DDoS attacks. Often your internet service provider will do this sort of stuff as well since it clogs up their network to a degree. I think this is the best option.
There may be something to be done with the login server - EQEmu has been getting pummeled simultaneously and I suspect there is some bug being exploited with the login server. Various eqemu cheat sites (ie: RedGuides) have alluded to this very recently. | ||
|
|
|||
|
#24
|
||||
|
Quote:
Rogean, it sounds like this attack is affecting other hosted customers at your ISP? If so maybe they will actually do something about it. | |||
|
|
||||
|
#25
|
|||
|
I'm sure there are plenty of network security specialists here, which given the right information, could easily put a stop to it.
| ||
|
|
|||
|
#26
|
||||
|
Quote:
And no, other customers are not getting affected. The attack would need to be over 10 GBit for that to occur.
__________________
| |||
|
Last edited by Rogean; 07-27-2013 at 04:54 PM..
|
|
|||
|
#27
|
||||
|
Quote:
On the other hand, I am a computer security specialist that has worked in many job sectors, defense and private alike. Get at me Rogain i can help you out. Edit: take an ip address that is sending verified ddos attack, gain root, recover the bot from that computer,debug,see where it connects, join as zombie, see what login commands owner is using, use them to gain control to his net and add it to mine, i mean destroy it. | |||
|
Last edited by Agatha; 07-27-2013 at 04:59 PM..
|
|
|||
|
#28
|
||||
|
Quote:
My experience with problems like this is they are not really worried about it unless you are a large customer or if it affects many customers. However, it sounds like it is only affecting project1999's link to the ISPs network. Even if Rogean installed a tricked out firewall with IPS capabilities it wouldn't matter cause the attacker is sending so much traffic it is saturating his pipe. If Rogean paid for a bigger pipe it would likely get saturated, it would just take that many more DNS responses to do it. | |||
|
Last edited by Glorindale; 07-27-2013 at 05:00 PM..
|
|
|||
|
#30
|
|||
|
Rogean, any chance of throwing up a new temporary red for us to play on. It would be cool to see how well it does. Just a thought, no idea if it would be possible to setup a server in less than an hour or so but it would be pretty fun. Fresh pvp servers are the best.
__________________
Current Games:
Naw | ||
|
|
|||
![]() |
|
|