Looks like they may be getting DoS'd to me

Tracing route to observedtrials.net [64.191.40.83]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 * * * Request timed out.
3 16 ms 11 ms 10 ms 12.244.27.17
4 17 ms 16 ms 18 ms 12.244.71.78
5 21 ms 18 ms 45 ms 12.244.73.138
6 68 ms 49 ms 40 ms gbr1-p70.dvmco.ip.att.net [12.123.36.74]
7 23 ms 36 ms 25 ms gbr3-p70.dvmco.ip.att.net [12.122.5.17]
8 43 ms 67 ms 55 ms tbr2-p013301.sffca.ip.att.net [12.122.12.133]
9 57 ms 39 ms 45 ms ggr1-p370.sffca.ip.att.net [12.123.13.69]
10 55 ms 45 ms 48 ms p14-0.IR1.PaloAlto-CA.us.xo.net [206.111.12.145]

11 52 ms 43 ms 47 ms p5-0-0.RAR1.SanJose-CA.us.xo.net [65.106.5.173]

12 97 ms 87 ms 91 ms p1-0-0.RAR1.Washington-DC.us.xo.net [65.106.0.37
]
13 107 ms 106 ms 98 ms p4-0-0.MAR1.Philadelphia-PA.us.xo.net [65.106.3.
150]
14 98 ms 98 ms 94 ms p0-0.CHR1.Philadelphia-PA.us.xo.net [207.88.87.4
2]
15 2756 ms * 2802 ms 66-236-204-10.hostnoc.net [66.236.204.10]
16 2516 ms 2751 ms 2841 ms 66.197.191.45
17 2879 ms 2746 ms 2058 ms 64.191.40.83

Anyone else having these problems?

Yep, appears to be the case. No word on their forum yet.

Yes, my access has slowed down too, but the slow down I show isn't on BurstNETs network. I don't have problems until It peers off from of Global Crossing.

1 ge-5-0-border.scr1.hostnoc.net (64.191.0.1) 0.447 ms 0.386 ms 0.352 ms
2 66.197.191.46 (66.197.191.46) 4.326 ms 4.402 ms 4.383 ms
3 pos-4-0-cmbn.rtr0.nyny.hostnoc.net (66.197.191.30) 12.253 ms 446.115 ms 409.194 ms
4 ge-2-1-0.ar1.JFK1.gblx.net (64.215.82.149) 7.735 ms 7.887 ms 6.773 ms
5 pos3-0-2488M.cr2.JFK1.gblx.net (67.17.72.17) 7.191 ms pos3-0-2488M.cr1.JFK1.gblx.net (67.17.72.13) 6.657 ms 6.986 ms
6 pos1-0-2488M.cr2.NYC1.gblx.net (67.17.64.142) 7.301 ms 6.929 ms pos1-0-2488M.cr1.NYC1.gblx.net (67.17.64.134) 6.718 ms
7 so5-0-0-2488M.ar1.NYC1.gblx.net (67.17.64.146) 11.477 ms 7.150 ms 10.685 ms
8 pop1-nye-P10-3.atdn.net (66.185.151.61) 7.389 ms 7.101 ms 6.959 ms
9 bb2-nye-P0-0.atdn.net (66.185.151.50) 7.270 ms 7.003 ms 6.978 ms
10 bb2-vie-P8-0.atdn.net (66.185.152.201) 2640.919 ms 2765.984 ms 2733.233 ms
11 bb1-vie-P11-0.atdn.net (66.185.152.206) 2756.250 ms 2762.801 ms 2718.084 ms
12 bb1-cha-P7-0.atdn.net (66.185.152.28) 2484.762 ms 2457.958 ms 2564.842 ms
13 * bb2-cha-P1-0.atdn.net (66.185.152.135) 2742.044 ms *
14 bb2-atm-P6-0.atdn.net (66.185.152.30) 2681.745 ms 2724.795 ms 2718.169 ms
15 bb1-tby-P7-0.atdn.net (66.185.152.244) 2757.184 ms 2749.958 ms 2738.980 ms
16 pop1-tby-P0-3.atdn.net (66.185.136.165) 2315.873 ms 2475.123 ms 2751.303 ms
17 rr-orlando.atdn.net (66.185.136.174) 2737.993 ms 2741.009 ms 2754.595 ms
18 srp4-0.orldflwrpk-rtr1.cfl.rr.com (24.95.224.13) 2744.864 ms 1250.688 ms 477.710 ms
19 srp3-0.orldflwsbg-rtr1.cfl.rr.com (24.95.224.3) 459.620 ms 500.573 ms 544.963 ms
20 pos1-0.orldflwsbg-ubr2.cfl.rr.com (24.95.226.105) 649.790 ms 772.284 ms 849.749 ms

It looks like a DDOS, concentrated on the XO line. XO is +2500ms compared to normal, the other lines are +100-400ms.

- Matt

5 25 ms 24 ms 24 ms ge-6-0-0.mp1.Detroit1.Level3.net [64.159.0.201]

6 29 ms 29 ms 29 ms so-0-1-0.bbr2.Chicago1.level3.net [64.159.1.34]

7 30 ms 29 ms 30 ms so-7-0-0.edge1.Chicago1.Level3.net [209.244.8.14
]
8 30 ms 29 ms 29 ms xo-level3-oc12.Chicago1.Level3.net [209.0.225.14
]
9 30 ms 29 ms 29 ms p5-0-0.RAR1.Chicago-IL.us.xo.net [65.106.6.133]

10 356 ms 154 ms 172 ms p6-0-0.RAR2.Washington-DC.us.xo.net [65.106.0.46
]
11 52 ms 95 ms 67 ms p4-0-0.MAR2.Philadelphia-PA.us.xo.net [65.106.3.
154]
12 50 ms 154 ms 71 ms p15-0.CHR1.Philadelphia-PA.us.xo.net [207.88.87.
46]
13 * * * Request timed out.
14 1767 ms 1757 ms 1930 ms 66.197.191.45
15 2001 ms 2070 ms 2160 ms 6696192220.hostnoc.net [66.96.192.220]

Trace complete.


Looks to be another DDOS

Originally posted by mainarea
It looks like a DDOS, concentrated on the XO line. XO is +2500ms compared to normal, the other lines are +100-400ms.

- Matt

Shouldn't BGP4 routing correct that?

To get a more accurate idea of where the issue is try doing a tracert from the server instead of from your computer.

traceroute to www.verio.net (192.217.194.37), 30 hops max, 38 byte packets
1 ge-5-0-border.scr1.hostnoc.net (64.191.0.1) 0.258 ms 0.219 ms 0.139 ms
2 66.197.191.46 (66.197.191.46) 236.870 ms * 238.082 ms
3 ge-1-2.a01.phlapa04.us.ra.verio.net (130.94.0.165) 468.971 ms 490.701 ms 474.144 ms
4 ge-1-3-0.a04.phlapa01.us.ra.verio.net (129.250.116.209) 466.870 ms 478.202 ms 472.902 ms


traceroute to www.xo.com (207.155.252.76), 30 hops max, 38 byte packets
1 ge-5-0-border.scr1.hostnoc.net (64.191.0.1) 0.262 ms 0.164 ms 0.121 ms
2 * * 66.197.191.46 (66.197.191.46) 237.401 ms
3 fe12-0.chr1.philadelphia-pa.us.xo.net (66.236.204.9) 1174.231 ms * 630.076 ms
4 p4-3-0.MAR1.Philadelphia-PA.us.xo.net (207.88.87.41) 675.408 ms 787.203 ms 823.842 ms


traceroute to wwwgblx.web.globalcrossing.com (207.218.55.251), 30 hops max, 38 byte packets
1 ge-5-0-border.scr1.hostnoc.net (64.191.0.1) 0.230 ms 0.145 ms 0.137 ms
2 66.197.191.46 (66.197.191.46) 241.618 ms 248.879 ms 240.435 ms
3 pos-4-0-cmbn.rtr0.nyny.hostnoc.net (66.197.191.30) 247.068 ms 243.024 ms 241.924 ms
4 ge-2-1-0.ar1.JFK1.gblx.net (64.215.82.149) 238.359 ms * 242.072 ms

Originally posted by inogenius
Shouldn't BGP4 routing correct that?
BGP does not deal with pings, it deals with the shortest route from point A to point B. BGP won't fix it 100% if the DDOS affects every single line, but it may help.

- Matt

From ThePlanet

5 xe-1-2-0-4.r21.dllstx01.us.bb.verio.net (129.250.28.190) 0.754 ms 0.834 ms 0.690 ms
6 * * *
7 * * *
8 * * *
9 p16-4-0-0.r01.nwrknj01.us.bb.verio.net (129.250.5.12) 38.307 ms 38.301 ms 38.290 ms
10 p4-0-1.a03.phlapa01.us.ra.verio.net (129.250.16.121) 38.065 ms 38.039 ms 38.001 ms
11 fa-1-0-0.a02.phlapa01.us.ra.verio.net (129.250.116.196) 38.414 ms 222.917 ms 202.022 ms
12 ge-1-2.a01.phlapa04.us.ra.verio.net (129.250.116.213) 38.514 ms 38.444 ms 38.390 ms
13 ge-1-2.a01.phlapa04.us.ce.verio.net (130.94.0.166) 276.299 ms 275.120 ms 278.507 ms
14 66.197.191.45 (66.197.191.45) 530.948 ms 520.857 ms 518.469 ms
15 * 6696192220.hostnoc.net (66.96.192.220) 516.452 ms *

Looks like they've stabilized all connections except for XO - everything looks normal now, XO is still +1500ms.

- Matt

Why, why, why, Dilila ???

Do I see a trend growing as of late? I know they can't do anything about all the attacks, but they seem to be the favoured flavour of the month for the script kiddies and I don't know if I can take much more.

Server was slow most of the weekend because a UDP flood on one of the servers on my switch and now this.

EDIT: Seems they have balanced it out a bit now, latency is down to 30% of what is was 5 minutes ago, but still about 9 times what it usually is, for me at least.

Freaking script kiddies, These DoS attacks have upset me to the point that I just ordered a server from SM and will be moving my stuff ASAP. I can't take it anymore, it has become ridiculous

Seeing as I was going to move away at the end of the month, I think I'll accellerate my plans a little and start looking for another home that isn't so prone to DDOS.

I really don't blame Nocster, but this is now the 3rd day in a row my server has somehow been affected by some form of attack.

What kind of clientelle do you think dirt cheap prices attract?

the type of this DDOS attack is impossible to effectively block without denying a large portion of the internet
its a UDP fragmentation flood
apparently anyway

No company on the network that could block effectivetly this kind of attak .

Note: I have heard this explaination from an unknown source.

Dediroof, I realize that these attacks may be impossible to stop, but I don't want my box(s) on a network so prone to attack. Just waiting for my e-mail from SM with IP and login info :D.

Matt