Results 1 to 8 of 8

Thread: Eleven2 Outage

  1. #1
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505

    Eleven2 Outage

    We have a small site with these guys.... but it appears to be down... and we cannot get to them.

    On eleven2.com, Alerta gives:
    11/13/2006 17:22:29 Atlanta USA Error N/A 30.00 N/A
    11/13/2006 17:22:29 Orlando USA Error N/A 30.00 N/A
    11/13/2006 17:22:29 Frankfurt GERMANY Error N/A 30.00 N/A
    11/13/2006 17:22:29 Chicago USA Error N/A 29.99 N/A
    11/13/2006 17:22:29 London UK Error N/A 29.99 N/A
    11/13/2006 17:22:29 Oklahoma City USA Error N/A 30.07 N/A

    A traceroute gives:
    Hop T1 T2 T3 Best Graph IP Hostname Dist TTL Ctry Time
    1 0 0 0 0.7 ms
    66.36.240.2 AS14361
    HOPONE-DCA c-vl102-d1.acc.dca2.hopone.net. 255 US Unix: 22:24:46.658
    2 0 0 1 0.8 ms [+0ms]
    66.36.224.249 AS0
    IANA-RSVD-0 gec3.core2.dca2.hopone.net. 0 miles [+0] 254 US Unix: 21:54:26.675
    3 3 5 2 2.6 ms [+1ms]
    66.36.224.169 AS0
    IANA-RSVD-0 gi1-0-0.ar2.wdc2.gblx.net. 0 miles [+0] 252 US Unix: 22:24:18.390
    4 45 32 32 32 ms [+29ms]
    67.17.70.30 AS3549
    GBLX pos1-0-0-155m.ar1.hou1.gblx.net. 0 miles [+0] 252 US Unix: 22:24:18.400
    5 42 38 38 37 ms [+5ms]
    67.17.211.130 AS3549
    GBLX internap-ken-schmid.pos10-0-0.ar1.hou1.gblx.net. 0 miles [+0] 242 US Unix: 22:24:18.478
    6 44 37 37 37 ms [+0ms]
    216.52.168.81 AS13791
    INTERNAP-BLK3 border8.ge3-0-bbnet2.hou.pnap.net. 0 miles [+0] 242 US Unix: 22:24:18.532
    7 46 38 39 38 ms [+0ms]
    216.52.170.50 AS13791
    INTERNAP-BLK3 vericenter-2.border8.hou.pnap.net. 0 miles [+0] 241 US Unix: 22:24:18.565
    8 80 40 41 40 ms [+1ms]
    65.38.110.84 AS20183
    VERICENTER ip-65-38-110-84.hou.vericenter.com. 0 miles [+0] 240 US Unknown: 831ebfe8
    9 * 40 40 40 ms [+0ms]
    65.38.104.252 AS20183
    VERICENTER hou1-edge1.eleven2.com. 0 miles [+0] 47 US [Router did not respond]
    10 59 41 40 40 ms [+0ms]
    65.38.104.126 AS20183
    VERICENTER nfrwy1-core2.eleven2.com. 0 miles [+0] 13 US [Router did not respond]
    11 * * * 40 ms [+0ms]
    [Unknown] [Unknown - Firewall did not respond] 0 miles [+0]
    12 * * 40 40 ms [+0ms]
    65.38.105.10 AS20183
    VERICENTER
    [Reached Destination][Timeout] 0 miles [+0] 46 US [Router did not respond


    Has anyone had any better luck getting in touch with them?

    Any idea what is going on there?

  2. #2
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505
    I have managed to get broken access to their status page before it went again.

    It says the following:

    --------------------------
    Update - 4:25PM - We had the attack fully fixed for about 2 hours, it is now back, we are working to get this fixed with our upstream providers and should have a update for you shortly.

    Update - 11:09Am - The attack is still going, its very small, but still coming, we went ahead and blocked the IP ranges of 80.0.0.0-89.0.0.0 which is part of Europe and Israel where the attacks are coming from. Our upstream providers are still working to get things mitigated here.

    About 30 min ago we started suffering a DDOS attack on our network. This attack is too large for us just to blokc a single or a few IPs, so our upstream providers, Internet and MCI are working to mitigate the attack as we speak.
    -------------------------------

    It has the 12th on there as the date.... although today is the 13th.... so who knows. This certainly feels like a DDOS attack in terms of getting through only now and again.


    Jenni

  3. #3
    maybe "your mom's" site was the one being attacked.

    http://img222.imageshack.us/img222/8659/yourmomwj0.png

  4. #4
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505
    Oh dear... it looks like it's happening again.

    Hop T1 T2 T3 Best Graph IP Hostname Dist TTL Ctry Time
    1 0 0 0 0.6 ms
    66.36.240.2 AS14361
    HOPONE-DCA c-vl102-d1.acc.dca2.hopone.net. 255 US Unix: 21:36:12.136
    2 1 3 0 0.8 ms [+0ms]
    66.36.224.249 AS0
    IANA-RSVD-0 gec3.core2.dca2.hopone.net. 0 miles [+0] 254 US Unix: 21:05:51. 6
    3 2 1 2 1.9 ms [+1ms]
    66.36.224.169 AS0
    IANA-RSVD-0 gi1-0-0.ar2.wdc2.gblx.net. 0 miles [+0] 252 US Unix: 21:35:44.954
    4 44 32 32 32 ms [+30ms]
    67.17.70.30 AS3549
    GBLX pos1-0-0-155m.ar1.hou1.gblx.net. 0 miles [+0] 252 US Unix: 21:35:45. 1
    5 55 45 38 37 ms [+5ms]
    67.17.211.130 AS3549
    GBLX internap-ken-schmid.pos10-0-0.ar1.hou1.gblx.net. -1 miles [+0] 0 miles [+0] 242 US Unix: 21:35:45. 71
    6 45 39 37 37 ms [+0ms]
    216.52.168.81 AS13791
    INTERNAP-BLK3 border8.ge3-0-bbnet2.hou.pnap.net. -1 miles [+0] 0 miles [+0] 242 US Unix: 21:35:45.103
    7 45 37 38 37 ms [+0ms]
    216.52.170.50 AS13791
    INTERNAP-BLK3 vericenter-2.border8.hou.pnap.net. -1 miles [+0] 0 miles [+0] 241 US Unix: 21:35:45.154
    8 46 40 39 39 ms [+2ms]
    65.38.110.84 AS20183
    VERICENTER ip-65-38-110-84.hou.vericenter.com. -1 miles [+0] 0 miles [+0] 240 US [Router did not respond]
    9 * 40 * 40 ms [+0ms]
    65.38.104.252 AS20183
    VERICENTER [Timeout] 0 miles [+0] 47 US [Router did not respond]
    10 45 43 * 42 ms [+2ms]
    65.38.104.126 AS20183
    VERICENTER [Timeout] 0 miles [+0] 13 US [Router did not respond]
    11 * * 42 42 ms [+0ms]
    65.38.105.10 AS20183
    VERICENTER
    [Reached Destination][Timeout] 0 miles [+0] 46 US [Router did not respond]


    And out time outs bear all the hallmarks of another DDOS.


  5. #5
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by JenniH
    Oh dear... it looks like it's happening again.

    Hop T1 T2 T3 Best Graph IP Hostname Dist TTL Ctry Time
    1 0 0 0 0.6 ms
    66.36.240.2 AS14361
    HOPONE-DCA c-vl102-d1.acc.dca2.hopone.net. 255 US Unix: 21:36:12.136
    2 1 3 0 0.8 ms [+0ms]
    66.36.224.249 AS0
    IANA-RSVD-0 gec3.core2.dca2.hopone.net. 0 miles [+0] 254 US Unix: 21:05:51. 6
    3 2 1 2 1.9 ms [+1ms]
    66.36.224.169 AS0
    IANA-RSVD-0 gi1-0-0.ar2.wdc2.gblx.net. 0 miles [+0] 252 US Unix: 21:35:44.954
    4 44 32 32 32 ms [+30ms]
    67.17.70.30 AS3549
    GBLX pos1-0-0-155m.ar1.hou1.gblx.net. 0 miles [+0] 252 US Unix: 21:35:45. 1
    5 55 45 38 37 ms [+5ms]
    67.17.211.130 AS3549
    GBLX internap-ken-schmid.pos10-0-0.ar1.hou1.gblx.net. -1 miles [+0] 0 miles [+0] 242 US Unix: 21:35:45. 71
    6 45 39 37 37 ms [+0ms]
    216.52.168.81 AS13791
    INTERNAP-BLK3 border8.ge3-0-bbnet2.hou.pnap.net. -1 miles [+0] 0 miles [+0] 242 US Unix: 21:35:45.103
    7 45 37 38 37 ms [+0ms]
    216.52.170.50 AS13791
    INTERNAP-BLK3 vericenter-2.border8.hou.pnap.net. -1 miles [+0] 0 miles [+0] 241 US Unix: 21:35:45.154
    8 46 40 39 39 ms [+2ms]
    65.38.110.84 AS20183
    VERICENTER ip-65-38-110-84.hou.vericenter.com. -1 miles [+0] 0 miles [+0] 240 US [Router did not respond]
    9 * 40 * 40 ms [+0ms]
    65.38.104.252 AS20183
    VERICENTER [Timeout] 0 miles [+0] 47 US [Router did not respond]
    10 45 43 * 42 ms [+2ms]
    65.38.104.126 AS20183
    VERICENTER [Timeout] 0 miles [+0] 13 US [Router did not respond]
    11 * * 42 42 ms [+0ms]
    65.38.105.10 AS20183
    VERICENTER
    [Reached Destination][Timeout] 0 miles [+0] 46 US [Router did not respond]


    And out time outs bear all the hallmarks of another DDOS.

    You cannot derive that the problem is a (D)DoS from that traceroute. The box itself appears offline, doesn't mean it's (D)DoS.

  6. #6
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505
    Alerta gave down from every location, as did proxies we tried.

    The sites loaded sometimes.... very very slowly, and then not at all. Then occasionally normally.

    These from my experience are hallmarks of such an attack.

    Regardless of the cause, access to our sites, and eleven2 is limited.

  7. #7
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505
    We seem to be back again now.... I hope we do get an explanation from them. There is nothing posted on their status board yet.

  8. #8
    Join Date
    Sep 2002
    Location
    UK
    Posts
    505
    It was apparently a "congested pipe". Right...

    The bad news: down again today:
    11/21/2006 17:08:13 Atlanta USA Error N/A 29.99 N/A
    11/21/2006 17:08:13 Orlando USA Error N/A 30.00 N/A
    11/21/2006 17:08:13 Chicago USA Error N/A 29.99 N/A
    11/21/2006 17:08:13 London UK Error N/A 30.00 N/A
    11/21/2006 17:08:13 Frankfurt GERMANY Error N/A 29.99 N/A
    11/21/2006 17:08:13 Oklahoma City USA Error N/A 30.01 N/A

    Yes, I think we have just about had enough of this now. Far too bumpy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •