Announcement

Collapse
No announcement yet.

Huge DDOS Attacks over the internet

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Huge DDOS Attacks over the internet

    If your web site or hosting is having connectivity issues please read it could be due to massive DDOS Attacks on root nameservers


    http://webhostingtalk.com/showthread...hreadid=107128

    quoting that thread
    We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight starting at around 11:30 PM CST. As many as 5 of the 13 root nameserver have been down, up to 10 with massive packet loss (xx%):

    Internet Status to Root Name Servers
    Date: Fri Jan 24 21:37:00 PST 2003

    Place Address Packet Loss Time: Min/Avg/Max
    Root b.root-servers.net 53% 25/40/48
    Root c.root-servers.net 0% 82/82/82
    Root e.root-servers.net 20% 16/29/33
    Root f.root-servers.net 26% 17/27/32
    Root h.root-servers.net 20% 91/101/108
    Root i.root-servers.net 26% 190/199/205
    Root j.root-servers.net 26% 81/91/96
    Root k.root-servers.net 64% 172/188/201
    Root l.root-servers.net 0% 5/5/6
    Root m.root-servers.net 33% 160/171/205
    GTLD b.gtld-servers.net 26% 52/63/67
    GTLD c.gtld-servers.net 31% 85/93/95
    GTLD d.gtld-servers.net 13% 88/100/103
    GTLD f.gtld-servers.net 22% 38/50/57
    GTLD i.gtld-servers.net 0% 198/200/203
    GTLD k.gtld-servers.net 24% 90/100/105
    GTLD l.gtld-servers.net 33% 128/138/171


    All backbone providers are suffering major packet loss (XX%):

    Place Address Packet Loss Time: Min/Avg/Max
    AboveNet ns.above.net 28% 53/64/66
    AGIS ns1.agis.net 26% 62/74/78
    AlohaNet nuhou.aloha.net 35% 84/94/98
    ANS ns.ans.net 26% 83/97/100
    BBN-NearNet nic.near.net 28% 91/114/572
    BBN-BARRnet ns1.barrnet.net 26% 16/26/32
    Best ns.best.com 35% 79/89/95
    Concentric nameserver.concentric.net 35% 18/31/56
    CW ns.cw.net 28% 88/98/105
    DIGEX ns.digex.net 31% 78/86/91
    ENTER.NET dns.enter.net 28% 91/104/108
    Epoch Internet ns1.hlc.net 33% 37/48/52
    Flash net ns1.flash.net 17% 80/92/94
    GetNet ns1.getnet.com 20% 40/52/56
    GlobalCrossing name.roc.gblx.net 24% 85/97/104
    GoodNet ns1.good.net 31% 83/92/97
    GridNet grid.net 20% 80/92/101
    IDT Net ns.idt.net 20% 91/104/121
    Internex nic1.internex.net 26% 18/31/35
    MCI ns.mci.net 22% 91/103/107
    MindSpring itchy.mindspring.net 15% 75/88/106
    NAP.NET ns2.nap.net 20% 73/85/94
    PacBell ns1.pbi.net 0% 89/89/90
    Primenet dns1.primenet.net 20% 31/41/45
    PSI ns.psi.net 0% 82/84/160
    RAINet ns.rain.net 31% 40/49/53
    SAVVIS ns1.savvis.net 31% 88/99/102
    SprintLink ns1.sprintlink.net 11% 15/27/35
    UUNet,AlterNet auth00.ns.uu.net 26% 89/98/103
    Verio-West ns0.verio.net 22% 31/42/47
    Verio-East ns1.verio.net 22% 86/96/101
    VISInet ceylon.visinet.ca 20% 102/116/188
    MoonGlobal-ClubNET ns.clubnet.net 0% 0/1/2
    MoonGlobal-Netway dns.nwc.net 4% 6/6/7
    MoonGlobal-Netxactics verdi.netxactics.com 4% 6/6/7
    InterWorld ns.interworld.net 0% 4/4/5


    It's massive, no word on source yet. We are watching it closely. This is upstream mostly, hitting the root name servers and backbone providers. Routes are dropping like flies, dns is getting bad.
    :: Always Back Up Forum Database + Attachments BEFORE upgrading !
    :: Nginx SPDY SSL - World Flags Demo [video results]
    :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

  • #2
    also read http://www.cnn.com/2003/TECH/interne....ap/index.html

    WASHINGTON (AP) -- Traffic on the many parts of the Internet slowed dramatically for hours early Saturday, the apparent effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and interfered with Web browsing and delivery of e-mail.

    Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the "Code Red" virus during the summer of 2001 which also ground traffic to a halt on much of the Internet.

    :: Always Back Up Forum Database + Attachments BEFORE upgrading !
    :: Nginx SPDY SSL - World Flags Demo [video results]
    :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

    Comment


    • #3

      Also http://www.internethealthreport.com/
      You're my Prince of Peace
      And I will live my life for You

      Comment


      • #4
        Are we cross-posting now, eva?
        http://www.vbulletin.com/forum/showt...threadid=63891

        Comment


        • #5
          Eventually one 'crew' of script kids (mixed with packet monkeys) will win the fight of 'who can take down the internet first' and hopefully make history by being quoted on securityfocus or other 'cool' sites.

          And if they get busted, who cares! They are underaged anyway.

          Comment


          • #6
            Gawd, I really hope I don't get charged for all the bandwidth that the stupid thing caused me to get...

            Daily:
            Max In:323.2 kb/s (0.3%) Average In:104.1 kb/s (0.1%) Current In:175.1 kb/s (0.2%) Max Out:6606.3 kb/s (6.6%) Average Out:1253.3 kb/s (1.3%) Current Out:501.3 kb/s (0.5%)

            Monthly:
            Max In:699.4 kb/s (0.7%) Average In:147.2 kb/s (0.1%) Current In:8592.0 b/s (0.0%) Max Out:5568.1 kb/s (5.6%) Average Out:85.6 kb/s (0.1%) Current Out:5236.5 kb/s (5.2%)

            Before it wasn't even close to using 180kb/s.

            I'll keep my fingers crossed!!!

            Comment


            • #7
              If your outgoing bandwidth has gone up then that would suggest that you've got MS SQL Server running and are infected - which means in all likelyhood you'll be charged because you've not patched your box.
              Karl Austin
              UK Web Hosting and Servers :: KDA Web Services Ltd.
              Specialists in Custom Solutions

              Comment


              • #8
                Nope.. no MS SQL at all... since its a linux box (I tend to stay far away from MS when it comes to servers).

                Not only did this affect MS servers, it affected *Nix servers as well. Since its just like the code red virus. It hunts down servers for it to destroy -- but it sends out packets that are 125mb of data a second.

                The whole network I'm on was put down by the virus -- aka Global Compass.

                And all the high usage was during the time that the virus was going rampid.... so I know its not just spontaneous high server usage on my part (I don't have that much crap on there that would do it) - especially since the server wasn't even accessible for several hours.

                Just to answer your suggestion about ms sql...

                Comment


                • #9
                  My point is, that this MS SQL Worm would not cause you any extra traffic out of your server (Unless you're infected of course) - it would only generate incoming traffic trying to probe the port for MS SQL server. The stats you posted are showing outgoing traffic.
                  Karl Austin
                  UK Web Hosting and Servers :: KDA Web Services Ltd.
                  Specialists in Custom Solutions

                  Comment


                  • #10
                    Come to think of it...
                    I think the total out is just on that switch -- and there are several servers on the same switch (only one is mine), and if there are any MS servers on the switch, then it would do the whole output of the switch on my MRTG.

                    Because here's mine:


                    And here is another on the same switch (not mine):


                    So I probably have nothing to worry about it then, huh... I didn't even think to look at the other MRTG reports.

                    Comment


                    • #11
                      You should probably block UDP 1434 on your router...

                      Comment


                      • #12
                        I think it already is since there hasn't been any high outs since early this morning...

                        Plus, I don't have access to the router I tried doing the block in iptables, and it denied me.

                        Comment


                        • #13
                          Updated
                          http://www.eeye.com/html/Research/Flash/AL20030125.html
                          You're my Prince of Peace
                          And I will live my life for You

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X