Wed, 16 Nov 2005 10:11:16
SERVER TROUBLE
If you’re looking for Lee’s site...it’s down. Someone is SLAMMING it with traffic. To save the rest of the box, I shut it off. Working on it! Be patient.
If you’re looking for starkcast.com...it’s moving. Go to the libsyn backup for now. New show posted literally moments ago!
Posted by JimK at 10:11 AM on November 16, 2005
Permalink | Trackbacks (0) | Email to a friend |
Categories: Personal, Podcasting, The Blogosphere
Tags:
Technorati: DDoS
Comments:
#2 Posted by JimK 
on 11/16 at 10:09 PM -
It’s literally thousands and thousands of what look like totally random IPs. Every time I bring the domain back up, within 15 minutes the box slows to a crawl. Watching netstat is fun...and I can’t see any pattern to the numbers to put in the IPTables file.
I honestly don’t know what to do this time...the guys at the NOC are stumped too, it’s SO random and all coming in as legit http traffic. There’s nothing to filter.
#3 Posted by Troy on 11/16 at 10:38 PM -
Hey Jim,
I think that you and Lee may be suffering from a DDos attack. This same issue happened to Steve Gibson of Gibson Research. Here is a url to a detailed description of what actually happened to him and if memory serves, there is also a potential remedy.
#4 Posted by miguelito on 11/16 at 10:52 PM -
Yeah.. DDoS.. likely tons of infected windows desktops taken over by yet another trojan/worm/whatever.
Not really that much you can do, but Troy’s right on that grc article. And that’s several years old now IIRC.
#5 Posted by Troy on 11/16 at 10:56 PM -
Jim,
I took the liberty of looking up some potential solutions. Be forwarned, there is a substantial amount of work involved.
#7 Posted by JimK on 11/16 at 11:34 PM -
Thanks guys...we’re loking at some SYN tricks now. Maybe we can make it slow but operational…
#8 Posted by Harley W Daugherty on 11/16 at 11:57 PM -
good luck guys....
I’m already suffering withdrawls.
#9 Posted by JimK on 11/17 at 12:17 AM -
The Powers That Be who sit at the NOC say this is pure brute force. The SYN tricks are already in place and it has zero effect…
#10 Posted by Kilroy on 11/17 at 01:30 AM -
If you’re looking for Lee’s site
No, I dropped by to see what you were up to. I needed to catch up on the podcasts. I am a couple behind; and where did you get the horse + Man video?
I guess Lee will be going back to blogger for awhile.
My bet it’s a rightwing nut job.
RSS (Subscribe)
Tip jars (Donate today!)
Any specific IPs that are doing it, or DDoS?
Just curious.
BTW, appears you actually removed the A record from DNS.. that’ll dork up the DOS unless they’re using IP. :)