Hey guys,

I was wondering if anyone else has servers with colopriority. I had a few questions. (Important/Urgent).

We have several boxes there. Whats up?

Is their website working for you?

Nevermind. For some reason, everything was down for a little bit.

Everything is good:)

Thanks for the reply.

Still down here. Also their site is down as well. Something must be going on at DC. Anyone else noticing this.

I have been in contact with Myles at PC. There is a ddos attack in progress. They have filtered most of it.

Keep the faith, he is the best in the business! Things will be back soon.

We're just riding out the after effects now.

Basically there was a massive DDoS attack hitting the network... A small chunk of it went off and hit a few of our servers, and was neutralized almost instantly. The traffic going through TorIX was also neutralized fairly quickly (as our admin Jon owns TorIX). The NAC link, Torix, and Ottix links have been up throughout most of this, but most of the traffic coming in from the states over the Yipes! link has been completely disrupted in this attack.

Stuff is just starting to come back up now, if there was a particular user on our network attracting this, he'd be packing by now, but unfortunatly, the majority of this attack was focused upstream from us, basically right at our front door.

Good Job As Usual....

I am down yet.

Unfortunatly the DDoS flapped back again just as it started to settle down and the link has begun to hiccup (up, down, up down, you know the drill). We've done everything within our means at this point, filtered out every stray bit of data hitting our network segment, and basically can't do anything now but wait for Istop to continue to combat the situation and repair their flatlined routers, etc.

Unfortunatly at this point, unless further attacks go into our segment, we've done all we can, and can't even get out to push.

Well Myles, I'm glad in a way because I just had several registrar changes go through today and I originally thought I must have done something wrong.

Personally, I've been with PriColo for almost a year and everything has been tip-top. Highly recommended.

Damn script kiddies though, they should be beaten with sticks.

Originally posted by Number6
Well Myles, I'm glad in a way because I just had several registrar changes go through today and I originally thought I must have done something wrong.

Personally, I've been with PriColo for almost a year and everything has been tip-top. Highly recommended.

Damn script kiddies though, they should be beaten with sticks.

My vote is on lead pipes, but I agree 100%.

Any news?

Hey porcupine, any update would be most appreciated, especially for your customers in NZ! :)

Myles is at the DC. I just spoke with him. The attack has not stopped.

Sorry I cant give more updates, I just know Myles is at the DC working on things.

thanks for the update TotalChoice. Even bad news (that it hasn't stopped yet) is better than no news.

Yep its ok... Myles is a good person, he will take care of business.

Ok well i'm pretty much camped out in our cage right now, but here's the lowdown:

Basically www5 was being attacked on it's main ip address (which mind you we don't even use for hosting really, they're all resellers with private shared ip's) for reasons unknown. Whichever script kiddie was doing this, was using more then one attack type at a time, and was basically syn flooding the server (connection floods) and doing a udp style broadcast attack at the same time (or so it appears), providing enough packets per second to crash routers and even a switch upstream. Unfortunatly apparently Yipes failed to properly filter the attack further upstream on the first few attempts, letting it get back into the link and simply halt the switch and routers in question. After a few attempts Yipes simply blackholed the IP address, and all was fine for about half an hour until the attacker choose another IP address to attack on the same server (reseller servers are easy targets for this). We took the server in question down, but by that point, it didn't seem to matter (they continued the attacks).

After a bit the attacks subsided, combined with filters on the router and filtering upstream by Yipes it's finally got to a level where it's no longer affecting service. Thankfully during the majority of this time the links to most of Canada (Torix and Ottix) remained unaffected (as they're on a different router/switch), as well as the NAC link passing to certain parts of europe.

I sincerely appologise for the inconvinience this has caused anyone/everyone, and can assure you we've done everything in our power to take care of this. We are implamenting other solutiosn as well to try to reduce the vulnerability of any given segment of the network, but it really comes down to how determined an attacker is. Much like a gun and a bullet proof vest, if you can't penetrate the vest, what do you do? Get a bigger gun. Unfortunatly the same holds true to script kiddies, if your attack can't interfere with a network, get a bigger attack.

Notably I'd also like to direct any of our current customers attention to the news section of our forum where i'll be posting more on this issue (but as for the usefullness of WHT, it's served its purpose for this incident, until the next [and hopefully a long time, we need sleep too ya know!]) :).

Regards,

still down :( damm damm damm :(

Originally posted by Rui
still down :( damm damm damm :(

Thats because you're on the server that was attacked, that ones main ip and a few sub ip addresses are currently being blocked. We're re-routing anyone whose on the main ip to their respective private shared ip addresses, not much else we can do, if we unblock the filtering, the attacks are still going and hit the network again.

I think this is all my fault. :eek:

The one night I decide to kick off early for the evening (9 PM), the one night I don't work until 12-1 AM, is the night our server is attacked.

I think the Internet Gods are trying to tell me I shouldn't even think about having a life... :bawling:

On the serious side, these attacks are going to happen, script kiddies make everyone's lives miserable. But it is certainly reassuring to know that Myles is on our side. As usual, he jumps to action and does whatever it takes to get it under control.

3 cheers for PriorityColo. Good work, Myles... :beer:

Vito

Well after a short chat we managed to get it up to work!

thumbs up for Myles and the way we took care of me and my sites ;)

First major downtime in 5 months. Not too shabby, but all DDoS is bound to happen. ;-)

Everything is ok now.

Originally posted by porcupine
Notably I'd also like to direct any of our current customers attention to the news section of our forum where i'll be posting more on this issue

Hi Myles - I think I've got the basics from the posts here and in the demodemo thread, but for the clients not reading WHT (or should those that do fail to miss a thread they didn't know was related) you might want to post an update.

I hope your world is returning to normal, and that you'll get some well deserved rest.

I'll be posting the updates in our own forums once i get some sleep, i *still* haven't goten any sleep yet. Sleep first, then updates, as we need to get Vito setup on emergency provisions tomorrow, nasty work.

Originally posted by vito
I think this is all my fault. :eek:

The one night I decide to kick off early for the evening (9 PM), the one night I don't work until 12-1 AM, is the night our server is attacked.


It has happened to the best of us. :stickout:

Originally posted by DarktidesNET
First major downtime in 5 months. Not too shabby, but all DDoS is bound to happen. ;-)

Ya... and anyone who want to get a server or more from Myles... my comments... GO FOR IT YOU WON'T REGRET :D

Thanks Myles and his company for their support ;)

Kindest regards,
Choon

Myles :beer:
PriorityColo :beer:
PC :beer:
PriorityColocation :beer:

Take your pick... :D

Vito

Originally posted by vito
Myles :beer:
PriorityColo :beer:
PC :beer:
PriorityColocation :beer:

Take your pick... :D

Vito

What about ColoPriority? :)

Can I opt for the beer instead?