Page 1 of 3 123 LastLast
Results 1 to 25 of 65
  1. #1

    serveroutsource.net DOWN again

    serveroutsource.net DOWN again
      0 Not allowed!

  2. #2
    Join Date
    Mar 2003
    Posts
    56
    Yes it is. I think this is the 2nd time this has happened in about 48 hrs?
      0 Not allowed!

  3. #3
    Join Date
    Jul 2001
    Location
    UK
    Posts
    350
    Ping results for serveroutsource.net
    Highest Response: 0 ms.
    Lowest Response: 0 ms.
    Average Response: 0 ms.

    Total Number of Packets Sent: 4

    Lost Packets: 4
    Lost Packets: 100 %
      0 Not allowed!

  4. #4

    * it is 2nd time last 12h

    it is 2nd time last 12h

    traceroute to serveroutsource.net (65.87.5.2), 30 hops max, 38 byte packets
    1 10.1.9.3 (10.1.9.3) 0.671 ms 0.474 ms 0.443 ms
    2 216.87.0.46 (216.87.0.46) 0.482 ms 0.443 ms 0.471 ms
    3 66.234.14.54 (66.234.14.54) 0.545 ms 0.528 ms 0.463 ms
    4 66.234.14.42 (66.234.14.42) 1.293 ms 0.576 ms 0.440 ms
    5 miamfl6lce2-gige7-0-0.wcg.net (64.200.118.241) 1.195 ms 1.009 ms 1.035 ms
    6 miamfl2wcx3-pos5-0.wcg.net (64.200.119.89) 1.143 ms 1.242 ms 1.096 ms
    7 miamfl2wcx3-cuttingedgetech.gige.wcg.net (64.200.118.210) 1.228 ms 1.132 ms 1.196 ms
    8 157.238.182.242 (157.238.182.242) 1.308 ms 1.313 ms 1.336 ms
    9 * * *
    10 * Awebhosting.demarc.cogentco.com (38.112.5.134) 525.459 ms *
    11 * * *
    12 * * *
      0 Not allowed!

  5. #5
    Join Date
    Mar 2003
    Posts
    56
    That's just weird. I've had a server with them for about 9 months now and never had any down time like this before. No worries though. I am sure it will be up and running pretty soon.
      0 Not allowed!

  6. #6
    Join Date
    Oct 2002
    Location
    UK
    Posts
    51
    Luckily we only have one server with them, use it as a backup dump., but i hope it returns soon
      0 Not allowed!

  7. #7
    >pretty soon
    hmm....
      0 Not allowed!

  8. #8
    Join Date
    Dec 2002
    Posts
    72
    Yep, it's down.

    At first I thought it was something I did to my server since I was uploading something and then my computer froze, and when I rebooted, I couldn't connect anymore. But when I tried to submit a reboot request, I realized that the whole network was down.

    Anyway, it's pretty good for a $49 box.

    Hope it returns soon because I didn't finish my upload!
      0 Not allowed!

  9. #9
    Join Date
    Dec 2002
    Posts
    72
    It was up for awhile, then when I tried to ftp again it went down. It can't possibly be my fault, can it?
      0 Not allowed!

  10. #10
    Join Date
    Apr 2003
    Posts
    311
    just for the record were @ 3 so far since i signed up for the monitoring. i did this because last night my server went down twice for a couple of minutes. so i just wanted to take a look. these stats are from 12:30pm EST - 7:30pm EST

    Uptime (Availability): 89.29% (Down 3 times out of 28 checks)


    09-29-2003 19:24:27 OK 15.180
    09-29-2003 19:08:50 OK 9.879
    09-29-2003 18:52:06 OK 11.351
    09-29-2003 18:36:16 Error 15.064
    09-29-2003 18:20:15 OK 15.645
    09-29-2003 18:04:12 OK 13.490
    09-29-2003 17:48:15 OK 10.064
    09-29-2003 17:31:58 OK 15.197
    09-29-2003 17:16:33 Error 15.300
    09-29-2003 17:00:12 Error 15.149
    09-29-2003 16:44:10 OK 15.262
    09-29-2003 16:28:15 OK 13.397
    09-29-2003 16:13:12 OK 2.607
    09-29-2003 16:13:11 OK 2.302
    09-29-2003 15:56:10 OK 0.857
    09-29-2003 15:40:57 OK 4.010
    09-29-2003 15:23:51 OK 1.146
    09-29-2003 15:07:52 OK 1.002
    09-29-2003 14:52:05 OK 0.904
    09-29-2003 14:36:36 OK 0.920
    09-29-2003 14:20:32 OK 1.034
    09-29-2003 14:03:51 OK 0.788
    09-29-2003 13:47:49 OK 0.778
    09-29-2003 13:31:41 OK 1.020
    09-29-2003 13:15:55 OK 0.270
    09-29-2003 12:59:51 OK 0.296
    09-29-2003 12:43:52 OK 0.533
    09-29-2003 12:29:08 OK 0.994
      0 Not allowed!

  11. #11

    good work

    7 drvlga1wcx2-oc48.wcg.net (64.200.127.30) 25.681 ms 25.551 ms 25.583 ms
    8 hrndva1wcx3-pos11-0.wcg.net (64.200.232.126) 25.992 ms 26.396 ms 26.269 ms
    9 washdc5lce1-oc48.wcg.net (64.200.95.118) 25.936 ms 25.670 ms 25.812 ms
    10 Ash-Equinix-GigE.aleron.net (206.223.115.45) 25.385 ms 25.321 ms 25.336 ms
    11 ge3-2.as.la1miafl.aleron.net (205.198.4.78) 105.710 ms 57.542 ms 57.901 ms
    12 miabw.as.la1miafl.aleron.net (205.198.4.134) 57.795 ms 57.596 ms 57.698 ms
    13 miabw.as.la1miafl.aleron.net (205.198.4.134) 58.165 ms !H 60.918 ms !H 57.846 ms !H
      0 Not allowed!

  12. #12
    Join Date
    Mar 2002
    Posts
    346

    Arrow

    Our clients should know what has going on, as we have been posting in our forums clients area since last Friday.

    We have had 13 DDoS attacks since last Friday.
    From this number of attacks, someone is personally out to try to shut us down.


    They started out as UDP Floods on Port 53, but they changed to TCP Floods on Port 53 tonight.


    Here are just some of the attackers IP's:

    202.156.173.92
    202.156.228.93
    62.150.0.103
    208.61.176.178
    81.48.165.83
    81.218.179.62
    166.70.3.28
    4.41.45.164


    NOTE: The network should have returned to normal awhile ago.
    Before this, you might have experienced high latency or packet loss during the attack.
      0 Not allowed!

  13. #13
    Join Date
    Apr 2003
    Posts
    553
    Great - now that you have IP's, do something other than filtering. Having an Abuse team is usually a good idea to follow up on attacks with ISP's - sometimes it gets somewhere, sometimes you need to push harder.
      0 Not allowed!

  14. #14
    Join Date
    Mar 2002
    Posts
    346
    Originally posted by AKavanaugh
    Great - now that you have IP's, do something other than filtering. Having an Abuse team is usually a good idea to follow up on attacks with ISP's - sometimes it gets somewhere, sometimes you need to push harder.
    We will be, but most of the IP's are from overseas, and usually don't repsond when notices are sent to them.

    The US ones are usually better.

    But as with all DDoS attacks, these IP's only belong to slave computers that have been infected, and are not the true attacker.
      0 Not allowed!

  15. #15
    Join Date
    Jul 2001
    Location
    /dev/null
    Posts
    1,219
    That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN!
      0 Not allowed!

  16. #16
    Why don't you rate limit UDP and TCP to port 53?
      0 Not allowed!

  17. #17
    Join Date
    Apr 2003
    Posts
    553
    Originally posted by dk2
    Why don't you rate limit UDP and TCP to port 53?
    Who's got time for rational solutions in today's busy world of overselling?
      0 Not allowed!

  18. #18
    Ohh sorry, I forgot I was talking to hosts just out to make money.
      0 Not allowed!

  19. #19
    Join Date
    Mar 2002
    Posts
    346
    Originally posted by AKavanaugh
    Who's got time for rational solutions in today's busy world of overselling?
    1. If the network person could have accessed the router from remote he could have done this.

    And the router froze due to the 8.3M pps hitting it.

    2. We actually don't oversell our bandwidth.
      0 Not allowed!

  20. #20
    Join Date
    Mar 2002
    Posts
    346
    Originally posted by microsol
    That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN!
    We are working on that issue now.

    We have 2 extra routers, and are planning it.
      0 Not allowed!

  21. #21

    Wow

    I return to this forum after a few months and low and behold, SrvOutsource is still in the frying pan.

    Maybe you should work on improving your honesty and customer relations a bit? I wouldn't be suprised if this attacker is another customer you tried to swindle.

    Thankfully for me, I got word from Visa card services yesterday that they have completed their investigations, and all Server Outsouce charges have been refunded on my card. The thread on this forum was actually instrumental to proving my case.

    I can't say I really care, but whoever is attacking this ISP should just go the legal route if they have a complaint. They are already being investigated by a few different agencies. Don't risk getting yourself in trouble or sink to this company's level with underhanded tactics.
      0 Not allowed!

  22. #22
    Originally posted by SrvOutsource
    1. If the network person could have accessed the router from remote he could have done this.

    And the router froze due to the 8.3M pps hitting it.

    2. We actually don't oversell our bandwidth.
    Guess you should have people at the noc eh?

    Your using a riverstone router I'm guessing, what kind? I'm guessing the 1000/3000? Maybe I'm totally off.
      0 Not allowed!

  23. #23
    Join Date
    Dec 2001
    Location
    Toronto, Ontario, Canada
    Posts
    6,896
    8.3M packets/sec? Thats a pretty big number. Not to question or anything, but if your router choked and died, where'd you get that number? 8.3 Million PPS should have taken out a fair chunk of routers upstream if you ask me, anything over 500,000 packets/sec is liable to cause major outages, let alone 8,300,000......
      0 Not allowed!

  24. #24
    Join Date
    Mar 2002
    Posts
    346
    Originally posted by dk2
    Guess you should have people at the noc eh?

    Your using a riverstone router I'm guessing, what kind? I'm guessing the 1000/3000? Maybe I'm totally off.
    Ross,

    You where close.

    We are using a Riverstone, but a model RS 8000.
      0 Not allowed!

  25. #25
    Join Date
    Mar 2002
    Posts
    346
    Originally posted by porcupine
    8.3M packets/sec? Thats a pretty big number. Not to question or anything, but if your router choked and died, where'd you get that number? 8.3 Million PPS should have taken out a fair chunk of routers upstream if you ask me, anything over 500,000 packets/sec is liable to cause major outages, let alone 8,300,000......
    It came from the firewall before it crashed.
    And it did, it flooded all of our network connections, as they did an attack over all of them yesterday.

    The attacker keeps changing their tactics.

    First it was UDP Flood attacks on port 53 to our PRI DNS.
    Then started flooding the main router on misc. ports.
    Then switched to TCP Flood attacks on Port 53 to all.

    And now this morning has switched to TCP Flood attacks on Port 80 to our main server.

    It is also funny the firewall has been cataching just certain IP's that belongs to a local Miami, FL BellSouth DSL connection.
      0 Not allowed!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •