Server Down

[Ferok]

Quote:

Originally Posted by Vyal [You must be logged in to view images. Log in or Register.]

Linux can't compete with anything windows can do the windows server are sooo much more trust worthy and the security is better.

Sorry I don't want to get into that with you alot of hard heads out there like linux but i'm not one of them.

ROFL

Wow, that couldn't be more wrong. I work in a windows shop, and I'm generally a windows fan. I love many microsoft products and I there are places where linux simply cannot compete.

Visual Studio, especially with Team Foundation Server, is an absolute beast of a product.

The whole Exchange / Outlook / Communicator suite, and how it integrates with the rest of the office suite, is an undeniable force in the business world.

MS SQL server, and the associated tools, are well worth the premium. Sorry MySQL fans, but the tools suite just make development on MS way easier, and administration is simplistic in comparison. I say this as I watch an oracle database choking on the creation of a massive CSV file, on my other screen.

Security has gotten better with Windows, for damn sure. But at least partially because Microsoft has such a huge target on them, there are way more exploits for Windows. It's much, much easier in general to hack a Windows server, than a Linux server. Believing anything else, boy, you're really just not with the times.

I realize you're a troll, so I realize how futile it is arguing with you. The point of this is to simply announce how completely clueless you are, so others won't possibly think there's something else coming off your fingers that's worth listening to.

[President]

Quote:

Originally Posted by Malrubius [You must be logged in to view images. Log in or Register.]

Isn't there front-end hardware (or I suppose software) that will help block this stuff? In other words, there is the ability to block the stuff (i.e. repeated spam attacks, etc.) *before* it gets to the server, but without having to have the ISP/host/carriers do it - true?

To an extent. It's all about how its set up and how much bandwidth he is being provided. They are moving the server next week to a better hosting company which should *hopefully* deter this, but if the server stays up but through DDoS uses MAD bandwidth the bill is going to be enormous. Even if you toss in a firewall or other hardware between the server and the uplink it still depends on the bandwidth between them. It might help, but even doing discards, blocks, reroutes, etc. still uses resources, and if the DDoS is large enough it will use up all the resources doing discards etc.

The server was already moved once to a place that had some sort of DDoS protection, but thats the problem with DDoS, if its large enough, it's GOING to cause a problem.

[Poww]

Quote:

Originally Posted by Malrubius [You must be logged in to view images. Log in or Register.]

Isn't there front-end hardware (or I suppose software) that will help block this stuff? In other words, there is the ability to block the stuff (i.e. repeated spam attacks, etc.) *before* it gets to the server, but without having to have the ISP/host/carriers do it - true?

What president said is right.. I'm guessing its an issue with going over bandwidth, which usually ends up in costing big bucks. You have a certain commited rate and should you go over that, expect fees.

I actually work for the most expensive datacentre outsourcer in North America, so I'm not sure how the lower budget ones work, but we will not filter traffic on our side of the network.. Your traffic is your traffic. This is seen as good and bad, obviously it's good because you will never have issues with us filtering any legitimate traffic.. but then you have issues with DDoS.. Again though, if you get DDoS you use more bandwidth, which raises your 95th percentile, which means you will most likely be paying. Of course if someone if havign a real bad problem and it goes on for a few days we will intervene, offer assistance, or just offer to shut the port to save them some money.

Getting back to the point, if traffic is getting to your network, you can filter it all you want, but its still using bandwidth which you pay for, if it hits the server or fills the pipe, you of course get the lag we were getting.

[bionicbadger]

Quote:

Originally Posted by Malrubius [You must be logged in to view images. Log in or Register.]

Isn't there front-end hardware (or I suppose software) that will help block this stuff? In other words, there is the ability to block the stuff (i.e. repeated spam attacks, etc.) *before* it gets to the server, but without having to have the ISP/host/carriers do it - true?

An inline Intrusion Prevention System (IPS) does this, as can some firewalls. They detect stuff like Syn floods or excessive traffic and a bunch of other stuff and can automatically drop that traffic. That costs money though. You can get older hardware off ebay semi-cheap, but to licence it for the latest signatures and to licence the server software to manage it costs a bunch of money - several thousand/year.

Wait until they install the new server in the new data center and hopefulyl the new ISP/data center will be able to take care of the DDoS.

[Modal]

Quote:

Originally Posted by Malrubius [You must be logged in to view images. Log in or Register.]

Isn't there front-end hardware (or I suppose software) that will help block this stuff?

According the hosts website, they already employ it. From http://www.nocster.com/network.shtml

"The network is protected from Distributed Denial of Service (DDOS) attacks via Cisco Guard™ protection systems."

This brings to mind 2 points:

1) The CG appliance can run in two distinct modes, one of which requires specific user intervention in order to reroute the traffic when a DoS attack is detected. I've seen companies contract out the configuration of this appliance, then fail to read the post-setup documentation explaining the steps to actually use it when it's needed, essentially turning it into a several thousand dollar bottleneck.

2) How the heck is it not stopping this? I've seen those little machines kill absolutely brutal attacks in no time flat, which leads me to believe that the P1999 server is either outside of a configured zone or Nocster isn't real clear on how to set the machine up.

Oh, and the pictures there are kinda scary too. Looks like a bunch of PCs on aluminum shelving. I've got a couple of empty HP racks in my garage if they need any.

[mitic]

looks like this hacker isnt aware that he isnt ddosing some random low-pop server. if i was him i would stop at once since he WILL get caught sooner or later cause people care (alot) on this server.

[Goobles]

Man, I care alot. I care abunch. I care somuch!

Obviously he's DDoSing it because he doesn't like you, or what you are. Perhaps the same reason that Al Qaeda is a threat to the U.S.......

OH SHIT ITS FUCKING AL QAEDA!