Results 1 to 25 of 65
Thread: serveroutsource.net DOWN again
-
09-29-2003, 04:45 PM #1Newbie
- Join Date
- Aug 2002
- Posts
- 28
serveroutsource.net DOWN again
serveroutsource.net DOWN again
0
-
09-29-2003, 04:51 PM #2Junior Guru Wannabe
- Join Date
- Mar 2003
- Posts
- 56
Yes it is. I think this is the 2nd time this has happened in about 48 hrs?
0
-
09-29-2003, 04:58 PM #3Aspiring Evangelist
- Join Date
- Jul 2001
- Location
- UK
- Posts
- 350
Ping results for serveroutsource.net
Highest Response: 0 ms.
Lowest Response: 0 ms.
Average Response: 0 ms.
Total Number of Packets Sent: 4
Lost Packets: 4
Lost Packets: 100 %0
-
09-29-2003, 05:01 PM #4Newbie
- Join Date
- Aug 2002
- Posts
- 28
it is 2nd time last 12h
it is 2nd time last 12h
traceroute to serveroutsource.net (65.87.5.2), 30 hops max, 38 byte packets
1 10.1.9.3 (10.1.9.3) 0.671 ms 0.474 ms 0.443 ms
2 216.87.0.46 (216.87.0.46) 0.482 ms 0.443 ms 0.471 ms
3 66.234.14.54 (66.234.14.54) 0.545 ms 0.528 ms 0.463 ms
4 66.234.14.42 (66.234.14.42) 1.293 ms 0.576 ms 0.440 ms
5 miamfl6lce2-gige7-0-0.wcg.net (64.200.118.241) 1.195 ms 1.009 ms 1.035 ms
6 miamfl2wcx3-pos5-0.wcg.net (64.200.119.89) 1.143 ms 1.242 ms 1.096 ms
7 miamfl2wcx3-cuttingedgetech.gige.wcg.net (64.200.118.210) 1.228 ms 1.132 ms 1.196 ms
8 157.238.182.242 (157.238.182.242) 1.308 ms 1.313 ms 1.336 ms
9 * * *
10 * Awebhosting.demarc.cogentco.com (38.112.5.134) 525.459 ms *
11 * * *
12 * * *0
-
09-29-2003, 05:14 PM #5Junior Guru Wannabe
- Join Date
- Mar 2003
- Posts
- 56
That's just weird. I've had a server with them for about 9 months now and never had any down time like this before. No worries though. I am sure it will be up and running pretty soon.
0
-
09-29-2003, 05:27 PM #6Junior Guru Wannabe
- Join Date
- Oct 2002
- Location
- UK
- Posts
- 51
Luckily we only have one server with them, use it as a backup dump., but i hope it returns soon
0
-
09-29-2003, 05:31 PM #7Newbie
- Join Date
- Aug 2002
- Posts
- 28
>pretty soon
hmm....0
-
09-29-2003, 05:37 PM #8Junior Guru Wannabe
- Join Date
- Dec 2002
- Posts
- 72
Yep, it's down.
At first I thought it was something I did to my server since I was uploading something and then my computer froze, and when I rebooted, I couldn't connect anymore. But when I tried to submit a reboot request, I realized that the whole network was down.
Anyway, it's pretty good for a $49 box.
Hope it returns soon because I didn't finish my upload!0
-
09-29-2003, 06:18 PM #9Junior Guru Wannabe
- Join Date
- Dec 2002
- Posts
- 72
It was up for awhile, then when I tried to ftp again it went down. It can't possibly be my fault, can it?
0
-
09-29-2003, 07:32 PM #10Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 311
just for the record were @ 3 so far since i signed up for the monitoring. i did this because last night my server went down twice for a couple of minutes. so i just wanted to take a look. these stats are from 12:30pm EST - 7:30pm EST
Uptime (Availability): 89.29% (Down 3 times out of 28 checks)
09-29-2003 19:24:27 OK 15.180
09-29-2003 19:08:50 OK 9.879
09-29-2003 18:52:06 OK 11.351
09-29-2003 18:36:16 Error 15.064
09-29-2003 18:20:15 OK 15.645
09-29-2003 18:04:12 OK 13.490
09-29-2003 17:48:15 OK 10.064
09-29-2003 17:31:58 OK 15.197
09-29-2003 17:16:33 Error 15.300
09-29-2003 17:00:12 Error 15.149
09-29-2003 16:44:10 OK 15.262
09-29-2003 16:28:15 OK 13.397
09-29-2003 16:13:12 OK 2.607
09-29-2003 16:13:11 OK 2.302
09-29-2003 15:56:10 OK 0.857
09-29-2003 15:40:57 OK 4.010
09-29-2003 15:23:51 OK 1.146
09-29-2003 15:07:52 OK 1.002
09-29-2003 14:52:05 OK 0.904
09-29-2003 14:36:36 OK 0.920
09-29-2003 14:20:32 OK 1.034
09-29-2003 14:03:51 OK 0.788
09-29-2003 13:47:49 OK 0.778
09-29-2003 13:31:41 OK 1.020
09-29-2003 13:15:55 OK 0.270
09-29-2003 12:59:51 OK 0.296
09-29-2003 12:43:52 OK 0.533
09-29-2003 12:29:08 OK 0.9940
-
09-29-2003, 07:48 PM #11Newbie
- Join Date
- Aug 2002
- Posts
- 28
good work
7 drvlga1wcx2-oc48.wcg.net (64.200.127.30) 25.681 ms 25.551 ms 25.583 ms
8 hrndva1wcx3-pos11-0.wcg.net (64.200.232.126) 25.992 ms 26.396 ms 26.269 ms
9 washdc5lce1-oc48.wcg.net (64.200.95.118) 25.936 ms 25.670 ms 25.812 ms
10 Ash-Equinix-GigE.aleron.net (206.223.115.45) 25.385 ms 25.321 ms 25.336 ms
11 ge3-2.as.la1miafl.aleron.net (205.198.4.78) 105.710 ms 57.542 ms 57.901 ms
12 miabw.as.la1miafl.aleron.net (205.198.4.134) 57.795 ms 57.596 ms 57.698 ms
13 miabw.as.la1miafl.aleron.net (205.198.4.134) 58.165 ms !H 60.918 ms !H 57.846 ms !H0
-
09-29-2003, 09:25 PM #12Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Our clients should know what has going on, as we have been posting in our forums clients area since last Friday.
We have had 13 DDoS attacks since last Friday.
From this number of attacks, someone is personally out to try to shut us down.
They started out as UDP Floods on Port 53, but they changed to TCP Floods on Port 53 tonight.
Here are just some of the attackers IP's:
202.156.173.92
202.156.228.93
62.150.0.103
208.61.176.178
81.48.165.83
81.218.179.62
166.70.3.28
4.41.45.164
NOTE: The network should have returned to normal awhile ago.
Before this, you might have experienced high latency or packet loss during the attack.0
-
09-29-2003, 09:28 PM #13Web Hosting Master
- Join Date
- Apr 2003
- Posts
- 553
Great - now that you have IP's, do something other than filtering. Having an Abuse team is usually a good idea to follow up on attacks with ISP's - sometimes it gets somewhere, sometimes you need to push harder.
0
-
09-29-2003, 09:32 PM #14Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Originally posted by AKavanaugh
Great - now that you have IP's, do something other than filtering. Having an Abuse team is usually a good idea to follow up on attacks with ISP's - sometimes it gets somewhere, sometimes you need to push harder.
The US ones are usually better.
But as with all DDoS attacks, these IP's only belong to slave computers that have been infected, and are not the true attacker.0
-
09-29-2003, 10:47 PM #15Web Hosting Master
- Join Date
- Jul 2001
- Location
- /dev/null
- Posts
- 1,219
That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN!
0
-
09-30-2003, 12:29 AM #16Away
- Join Date
- Jun 2002
- Posts
- 5,278
Why don't you rate limit UDP and TCP to port 53?
0
-
09-30-2003, 12:56 AM #17Web Hosting Master
- Join Date
- Apr 2003
- Posts
- 553
Originally posted by dk2
Why don't you rate limit UDP and TCP to port 53?0
-
09-30-2003, 01:19 AM #18Away
- Join Date
- Jun 2002
- Posts
- 5,278
Ohh sorry, I forgot I was talking to hosts just out to make money.
0
-
09-30-2003, 01:56 AM #19Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Originally posted by AKavanaugh
Who's got time for rational solutions in today's busy world of overselling?
And the router froze due to the 8.3M pps hitting it.
2. We actually don't oversell our bandwidth.0
-
09-30-2003, 01:57 AM #20Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Originally posted by microsol
That happens when all connectivity goes through one router even if there are different providers it brings EVERYTHING DOWN!
We have 2 extra routers, and are planning it.0
-
09-30-2003, 02:20 AM #21Newbie
- Join Date
- Aug 2003
- Posts
- 17
Wow
I return to this forum after a few months and low and behold, SrvOutsource is still in the frying pan.
Maybe you should work on improving your honesty and customer relations a bit? I wouldn't be suprised if this attacker is another customer you tried to swindle.
Thankfully for me, I got word from Visa card services yesterday that they have completed their investigations, and all Server Outsouce charges have been refunded on my card. The thread on this forum was actually instrumental to proving my case.
I can't say I really care, but whoever is attacking this ISP should just go the legal route if they have a complaint. They are already being investigated by a few different agencies. Don't risk getting yourself in trouble or sink to this company's level with underhanded tactics.0
-
09-30-2003, 02:21 AM #22Away
- Join Date
- Jun 2002
- Posts
- 5,278
Originally posted by SrvOutsource
1. If the network person could have accessed the router from remote he could have done this.
And the router froze due to the 8.3M pps hitting it.
2. We actually don't oversell our bandwidth.
Your using a riverstone router I'm guessing, what kind? I'm guessing the 1000/3000? Maybe I'm totally off.0
-
09-30-2003, 03:56 AM #23Web Hosting Master
- Join Date
- Dec 2001
- Location
- Toronto, Ontario, Canada
- Posts
- 6,896
8.3M packets/sec? Thats a pretty big number. Not to question or anything, but if your router choked and died, where'd you get that number? 8.3 Million PPS should have taken out a fair chunk of routers upstream if you ask me, anything over 500,000 packets/sec is liable to cause major outages, let alone 8,300,000......
0
-
09-30-2003, 08:33 AM #24Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Originally posted by dk2
Guess you should have people at the noc eh?
Your using a riverstone router I'm guessing, what kind? I'm guessing the 1000/3000? Maybe I'm totally off.
You where close.
We are using a Riverstone, but a model RS 8000.0
-
09-30-2003, 08:38 AM #25Web Hosting Guru
- Join Date
- Mar 2002
- Posts
- 346
Originally posted by porcupine
8.3M packets/sec? Thats a pretty big number. Not to question or anything, but if your router choked and died, where'd you get that number? 8.3 Million PPS should have taken out a fair chunk of routers upstream if you ask me, anything over 500,000 packets/sec is liable to cause major outages, let alone 8,300,000......
And it did, it flooded all of our network connections, as they did an attack over all of them yesterday.
The attacker keeps changing their tactics.
First it was UDP Flood attacks on port 53 to our PRI DNS.
Then started flooding the main router on misc. ports.
Then switched to TCP Flood attacks on Port 53 to all.
And now this morning has switched to TCP Flood attacks on Port 80 to our main server.
It is also funny the firewall has been cataching just certain IP's that belongs to a local Miami, FL BellSouth DSL connection.0