Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : EV1: ongoing ddos attack

[rusko]

several machines at ev1 are currently generating inbound ddos traffic to a machine we help manage. this is a commercial ddos attack - in other words, an e-commerce competitor is ddosing the client in order to hurt his business.

numerous emails have been sent to abuse@ev1 - got one auto-reply, the rest were ignored. noc says to email abuse@.

same goes for managed.com.

as a network operator, such behaviour is irresponsible and inexcusable. time to nullroute their netblocks at the edge?

paul

[Steven]

now that just sucks

[Nessun]

I have to agree that would really suck. Maybe try calling?

[eBoundary]

Null route then do the abuse@ thing, then you can provide all the info you need to in an email that isnt being rushed.

[rusko]

Quote:

Originally posted by Nessun
I have to agree that would really suck. Maybe try calling?

if you read my post, the calls have already been made. we were instructed to email abuse@, so they can proceed to ignore the email.

paul

[rusko]

Quote:

Originally posted by eBoundary
Null route then do the abuse@ thing, then you can provide all the info you need to in an email that isnt being rushed.

the ddos has already been handled; all the necessary info was provided, they just chose to ignore it. i am not asking for assistance at this point, since everything is under control and service is not affected. this is more of a 'name and shame' deal.

on several occasions in the past some higher-ups from ev1 read threads similar to this one, became clued in to some internal problems and moved to resolve them. i am (somewhat) hoping the same will happen this time, though their whole operation has taken a huge nosedive lately what with all the monkeys they've hired, so im not too optimistic.

paul

[BizB]

another reason for me to love SM
i would expect more dos attacks from people as long there getting free setup + no punishment from EV1 staff
spcialy from kids

[rusko]

no attacks from SM/TP space (yet). the thing that amuses me the most is that the attacker is going to spend the whole night trying to ddos the box, while it took me all of 5-10 minutes to write a script to block the attack so i could move on to {bigger,better} things =]

paul

[amusive.com]

Optonline did this to me too. A guy was doing an amateuer DOS on my server, I just firewalled him out but contacted his ISP's abuse desk anyway. He was doing it for 8 days straight. I emailed them day #2, and they didn't care. He was still doing it -- I could see the firewall logs 10-50 rejected connections a second -- but they didn't see anything wrong with that, apparently.

Ugh.

Things like this should be top priority, especially if they're something you can take 5 seconds and SEE is still actively happening.

[ndctech]

Rusko.....

It was funny to see this thread. We are dealing with the exact same thing right now (attacks from EV1 servers). Same thing for us, no response from EV1.

I am very appalled at what an irresponsable company they are.

[Knogle]

rusko's case in an inbound DDoS attack to a machine at EV1

[UH-Matt]

Rusko, ive sent you some contacts in a PM who can help you.

[rusko]

Quote:

Originally posted by Knogle
rusko's case in an inbound DDoS attack to a machine at EV1

seems you cant read. it is an inbound attack that is *coming from* ev1.

paul

[rusko]

Quote:

Originally posted by UH-Matt
Rusko, ive sent you some contacts in a PM who can help you.

matt,

thanks. techiesurfer made contact.

paul

[rusko]

techiesurfer helped out with the situation, thank you techie =]

with that said, i think you should look into your abuse team operations. most providers whose security people dont know about wht would have been SOL in this situation.

paul