Results 1 to 6 of 6
  1. #1

    EV1 inbound flood problems - help!

    Let me start by saying I've been with Ev1 for 2 full years and have NEVER had a problem until 6 weeks ago. All of a sudden email for me and all my clients was down for about 2 full days (about 90 domains). After being told it's a Syn-Flood attack and they couldn't do anything about it, I hired a management company to help me fix this and protect my machine. (I actually hired the first company that EV1 recommended). This momentarily fixed the problem, but then I realized that while email was still going through there were serious lags from about 30 minutes, up to 9 hours!
    I hired a second server management company and they made some adjustments as well, but the end result after no help from EV1 and 2 separate reputable management companies - I was told that nothing more could be done from the server end and EV1 would have to do something to make this stop.

    EV1 continues to tell me they are non-managed and it's not their responsibility. Then I got the run-around from one of thier techs telling me my machine showed no sign of attack in the past few weeks. Then they said they installed fireslayer - then they said they removed it once the attack was over (but they told me there was no attack). Silly inconsistencies from EV1 this whole time.

    All the while - the clients (That I have left) and I continue to get lag times from 30 min to 9 hours. Several clients have left and the rest remain faithful because I have provided 2 years of service with NO issues. But they won't last much longer.

    WHAT MORE CAN I DO?? Your assistance is greatly appreciated. Any ideas would be helpful - 3 separate teams of techs can't help me and I don't know what to do.

  2. #2
    Look for a hardware fireware to protect your server if there is high bandwidth Syn-Flood attack,I remember that EV1 have hardward fireware service before.

  3. #3
    Join Date
    May 2006
    Location
    Florida, USA
    Posts
    362
    In my opinion, EV1 with their Fireslayer protection should be able to help you on this. If they can't help, let's start with the basics:

    - Are you Linux or Windows based?
    - Have you attempted to harden the TCP/IP stack against this kind of attack? There are many articles, both Windows and Linux based that can guide you on this.... just Google it or start here: http://www.securityfocus.com/infocus/1729

    There are quite a few methods to help against this although none of them are 100% effective without costing a lot of money and heartache.

    Hopefully, someone here can help you a bit more on this.

    Good luck!
    Host, YES!
    Reselling? Partner for profit instead!

  4. #4
    fitesun: - as I mentioned EV1 says they will offer no more assistance and they are giving me the runaround with fireslayer - telling me I don't have an attack - then turning it off and saying the attack is over. All the while nothing changed with my email lags.

    TCP: it's a linux machine and I'm using plesk. I had two separate server management companies do hardening on the server and I'm told they can do no more from there end.

    This is what ev1 tells me: " It is also important that you remember we are a totally non managed server company. If you are having issues with your server and it does not involve the hardware that we have placed on the server, then there is nothing that we are able to do for you. You would have get a web administrator to work on the type of issues that you are experiencing."

    then I get the web admin who tells me this: "You are receiving and have been for a long time it seems.. a really heavy constant inbound SMTP ddos attack.
    The inbound mail volume was so high that it's actually corrupting the qmail queue. We've done a lot to mitigate the impact of the flood but there's only so much
    you can do from the server end. Our customers at other DCs have this type of problem regularly. The way it's usually dealt with is simple. We call and ask them to enable the flood guard. Instant Results. We've already requested this of ev1. My only guess is that the technology they employ is not as effective as some of the other DCs."

  5. #5
    Join Date
    May 2006
    Location
    Florida, USA
    Posts
    362
    cattivo,

    4 words come to mind then.

    GigeServers, Staminus, Black Lotus, Awknet.
    There are others but it's late and I can't think of them right now.

    These folks deal with this on a daily basis... mitigation of your problem is actually a part of their business model.

    Good luck!
    Host, YES!
    Reselling? Partner for profit instead!

  6. #6
    Quote Originally Posted by fitesun
    Look for a hardware fireware to protect your server if there is high bandwidth Syn-Flood attack,I remember that EV1 have hardward fireware service before.

    An attack like he says he is getting will overwhelm any firewall he can get there. Most firewalls sold by DC's on this board cannot handle by any means an attack the size that they are capable of receiving and in most cases do receive. It would be a waste of money. He needs a DC with true dos protection.
    Jay

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •