Server Down

Macroz · #1 04-07-2010, 02:13 AM

Its prolly someone that SOE has employed doing it.

Sponge · #2 04-07-2010, 02:18 AM

It would be really clever to attack a server in order to force them to spend money at your business for a solution.

So, whoever has Rogean's ear for solutions that cost money is likely the attacker. Ever watch 24? The threat is always from within.

Intricus · #3 04-07-2010, 02:33 AM

Well I suppose if we get an announcement from Rogaine sometime soon explaining that SoE 'bought' his server after discovering his project in that article, that will answer alot of theories.
...Perhaps the PJ '99 staff are negotiating with corporate SoE employees right now as I speak?

TheDudeAbides · #4 04-07-2010, 02:58 AM

Quote:

Originally Posted by Sponge [You must be logged in to view images. Log in or Register.]

It would be really clever to attack a server in order to force them to spend money at your business for a solution.

So, whoever has Rogean's ear for solutions that cost money is likely the attacker. Ever watch 24? The threat is always from within.

I was thinking the same thing with my CT cap on earlier

ROGEAN LIED ABOUT WMD IMO

stormlord · #5 04-07-2010, 07:57 AM

Quote:

Originally Posted by Sponge [You must be logged in to view images. Log in or Register.]

It would be really clever to attack a server in order to force them to spend money at your business for a solution.

So, whoever has Rogean's ear for solutions that cost money is likely the attacker. Ever watch 24? The threat is always from within.

I think the butler did it.

cadiz · #6 04-07-2010, 08:34 AM

Rogean, get us some IP addresses from a packet trace and I am sure some of us would be happy to address the threat(s) in other ways. Can the colo also not block some of them at the core/edge as it's obviously abuse?

Sponge · #7 04-07-2010, 09:06 AM

Wouldn't you just get the IP(s) of a zombie computer? Gonna go attack some innocents?

cadiz · #8 04-07-2010, 01:34 PM

Quote:

Originally Posted by Sponge [You must be logged in to view images. Log in or Register.]

Wouldn't you just get the IP(s) of a zombie computer? Gonna go attack some innocents?

In this case probably not, I'd wager that it was a few people with personal issues. Botnet or not I'd imagine they could at least rate limit UDP to some acceptable level either at the core/dist switch of the colo or the trunk/vlan where the stuff is hosted from, a fairly standard practice in routing and switching.

Most co-location providers will cooperate with you on this if you have packet traces and a list of offenders.

According to Rogean most of the abuse traffic is UDP which makes it tricky, otherwise you could just dedicate a cheap machine to proxy your TCP connections for you, discarding illegitimate traffic.

stormlord · #9 04-07-2010, 07:55 AM

Quote:

Originally Posted by Macroz [You must be logged in to view images. Log in or Register.]

Its prolly someone that SOE has employed doing it.

Like a hit man? I doubt it. But hilarious [You must be logged in to view images. Log in or Register.] I don't understand why someone would do this. If it was nerd rage, why would they keep doing it? How can you stay angry for so long? They need to figure out how to get the right protection or how to nail the person or persons that're doing this.

This reminds me of when they say website addresses on radio talk shows. The web sites almost always get shutdown because of massive traffic. I remember this on Art Bell.