My place of work is suffering one. I couldn’t care less about the loss of business etc… but the principle of it - the helplessness of it - I am not used to being unable to fix something. fuck.
Pardon me for asking, this is more GQ than Pit, but how does one go about fixing a DoS anyway?
I’ve been through something like it before. It really sucks when your server is offsite and you have to rely on the whims of other technicians who probably couldn’t care less…and you can’t ssh in to work on the server…and even if those come through, it won’t stop all those bastards piling onto your machine. Ugh.
Anyway, sympathies, Lobsang. Hope it gets better for you.
You can’t, really.
If you have a good log of what sites are being used to DoS you, and if you’re very good friends with the techies at your ISP, they might be able to block the offending IPs until you’ve contacted the respective sysops and told them to please verify the integrity of their hosts. Otherwise, you rely on the friendliness of the respective sysops (whose bandwidth is, after all, being abused) to fix their hosts. But there’s not really anything you can fix yourself.
Actually, depending on the nature of the attack there are several things that you could do.
For example, lets pretend that the DOS is coming from an automated script that one kiddie is running off his own system. If the number of systems that the DOS attack is coming from is on the small side (say a couple of hundred) you can just block the traffic without too much difficulty.
Or if the DOS is coming from a program that’s targetting a specific IP rather than a domain then you can just change the IP and go on with your life.
And even if its a distributed DOS attack (like the ones that the recent MyDoom and varients were doing) where the attack is coming from hundreds of thousands of systems you can always shut your network’s door to the outside world. That does disable your site, of course, but your own internal systems wouldn’t be affected by it.
That’s the basics of it and every attack is different so deciding what the optimum way to deal with it is going to be different every time. Its always possible that just riding it out is the only option for Lobsang’s company.
So, who’d your company piss off?
No-one. It’s a ransom attack. We offer a service and the attackers believe we are willing to pay the ransom in order to keep offering the service.
They are wrong.
Thank God.
Good luck to ya. Hopefully you can find these SOBs and clue the RIAA into their extensive downloads of porn and MP3s.
Tripler
Fight 'em, and nail 'em to the wall.
Dang. I’d written out a really witty response (just trust me), but it appears the hamsters are now loosening their trousers, picking their teeth, and belching contentedly, so here’s the short version:
What’s a Denial of Service attack? I know a little bit about it, but is your site being flooded with millions of e-mails or something? How does it work?
There are people here with knowledge infinitely better than mine, but here is my understanding.
Basically a DoS attack is a mass automated request of a particular website. The purpose is to disable it by ‘eating up’ it’s bandwidth (amount of data it can give out at any one time)
It’s like when the SDMB stops working (too many requests) except it’s deliberate.
I see. Thanks, Lobsang.
For a guy who makes his living working for a Web site, my own technical ignorance astounds me sometimes.
Can I ask what the ransom request was?
Bugger. THe hamsters seem to know when I don’t ctrl-c my replies! Here it is from memory…
I’d rather not say. It’s highly unlikely that I could get into trouble for revealing specifics but I still feel funny about it.
Anyway, thanks for the support (other replies). It’s really not that bad. It’s not a personal problem. It just came as a bit of a surprise when I was told upon arriving at work.
The attack is still in progress btw. The law is on the case.
I wish them luck, but I imagine the ransom is from a East European group. If it is, don’t expect much.
Russian mafia apparently. If that counts as Eastern-European since the breakup of the USSR then you are right.
In Soviet Russia, the service denies you!
hehe, I never get sick of that joke.
Denial of Service is a broad category of attacks. What you are probably experiencing is a SYN flood. http://news.com.com/2100-1017-236728.html?legacy=cnet
How are things going Lob?
The DoS has ceased. Without payment of the ransom I might add.
If this reply seems late it’s because I’ve been away from work a few days. I only found out tonight on ringing that the DoS had stopped (touch wood)