Denial of Service Attacks - NZNOG - lists.nznog.org

newer
How many ISP's charge their...

Denial of Service Attacks

older
Re: [nznog] pop from xtra adsl]

Anaru Hartley

7 Feb 2005 7 Feb '05

5:25 p.m.

Has anyone noticed a surge in DDOS attacks from Asia? One of the Windoze servers I look after has been getting rather nailed these past few days. Most appear to be coming from Japan - at least 5 a day and every time within a few minutes of each other, lasting a minute or two. If I am really lucky, I'll get 20 in one day ... somebody loves me :-)

Attachments:

attachment.htm (text/html — 943 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Joe Abley

7 Feb 7 Feb

8:05 p.m.

On 8 Feb 2005, at 07:25, Anaru Hartley wrote:

Has anyone noticed a surge in DDOS attacks from Asia? One of the Windoze servers I look after has been getting rather nailed these past few days. Most appear to be coming from Japan - at least 5 a day and every time within a few minutes of each other, lasting a minute or two. If I am really lucky, I'll get 20 in one day ... somebody loves me :-)

A good place to coordinate mitigation of denial of service (and other) attacks is the nsp-sec list: https://puck.nether.net/mailman/listinfo/nsp-security You need references to get on to the list. If there are people here who would like to participate in that list, and who need references, drop me a line privately so we can see what can be done. Joe

Reply

Sign in to reply online Use email software

Lin Nah

8 Feb 8 Feb

1:29 a.m.

On Wed, 9 Feb 2005, Anaru Hartley wrote:

Has anyone noticed a surge in DDOS attacks from Asia? Asia is a big continent.

One of the Windoze servers I look after has been getting rather nailed these past few days. Most appear to be coming from Japan - at least 5 a day and every time within a few minutes of each other, lasting a minute or two. Well the machine dossing you could be in Japan or have an IP there but doesn't mean the person who started it or is coordinating the attack is in Japan.

If I am really lucky, I'll get 20 in one day ... somebody loves me :-) Have you annoyed anyone lately? Some DDOS seems to happen when someone is annoyed.

Have you spoken to your ISP about it? I suggest starting there first. regards lin

Reply

Sign in to reply online Use email software

Gavin Legge

3:13 a.m.

New subject: pop from xtra adsl

Grasping at straws and no disrespect intended but would blocking all outbound connections to port 110 be the kind of thing an ISP like say for example xtra would do? I have a customer/friend that cannot pop there mail from our mail server (pop.dts.net.nz) today. they can ping but not open a connection on port 110. i can see there pings to my box but not there connection requests on port 110. I admit there local systems are a mess at best but before i go around there i thought i'd ask the question. thanks - and thanks for a great NZNOG. i enjoyed watching and learning a lot. Wish i could have been there. cheers Gavin -- Kind Regards Gavin Legge Technical Manager DTS Limited phone +64 4914 5946 email gavin(a)dts.net.nz cellphone 021 441 299

Reply

Sign in to reply online Use email software

Juha Saarinen

3:22 a.m.

New subject: pop from xtra adsl

Gavin Legge wrote:

Grasping at straws and no disrespect intended but would blocking all outbound connections to port 110 be the kind of thing an ISP like say for example xtra would do?

I have a customer/friend that cannot pop there mail from our mail server (pop.dts.net.nz) today. they can ping but not open a connection on port 110. i can see there pings to my box but not there connection requests on port 110.

I admit there local systems are a mess at best but before i go around there i thought i'd ask the question.

Tested from Xtra -- I can connect to port 110 on the server above. Check that they haven't played with their firewall, or if they are using an anti-virus POP proxy that's not set up properly or running. -- JUha

Reply

Sign in to reply online Use email software

Richard Patterson

3:48 a.m.

New subject: pop from xtra adsl

On 2/8/2005, "Gavin Legge" wrote:

Grasping at straws and no disrespect intended but would blocking all outbound connections to port 110 be the kind of thing an ISP like say for example xtra would do?

On a side note, they do block ingress 110 to pop.xtra.co.nz from outside their network. But hey, its their network I guess *shrug* -Richard

Reply

Sign in to reply online Use email software

Mark Foster

7:07 a.m.

New subject: pop from xtra adsl

On 2/8/2005, "Gavin Legge" wrote:

...
Grasping at straws and no disrespect intended but would blocking all outbound connections to port 110 be the kind of thing an ISP like say for example xtra would do?

On a side note, they do block ingress 110 to pop.xtra.co.nz from outside their network. But hey, its their network I guess *shrug*

Yes, it is.... I do find it interesting that one of the first things people think of is 'Oh, Xtra must be blocking all outbound POP3...' Its almost like every thing that Xtra does must be a conspiracy to annoy the very same end users they need to retain to succeed in business? To the man from DTS: Dare I ask, was Xtra's tech support team contacted re the problem? I imagine they can help you troubleshoot the problem, as they should certainly be able to run comparisons in realtime from other types of Xtra connection medium (similar routes) and if its something at their end, they'd need to address it as a fault. Good luck :) Mark. PS: If this seems slightly frustrated or sarcastic, I apologise. It seems theres a tendency to skip over the obvious 'lets try the helpdesk' and jump straight to NZNOG for issues that have a tenuous 'network operations' component at best. Xtra, like most NZ ISPs, have a competent support structure (Ok, in the case of some, you need to be persistent) who will help their client... as its in their best interest to _retain_ said client.)

Reply

Sign in to reply online Use email software

Gavin Legge

7:18 a.m.

New subject: pop from xtra adsl

Yes well. Sorry if i got anyone's nose out of joint - was not my intention. just a quick note to the collective experience of everyone to see if it was probable. (always second guessing myself). so yeah - was not intended as an 'XTRA suck' type thing - just running an idea about and the reply's where correct. i removed norton firewall/virus/puterbreaker from said machine and all is well. (installed AVG). sorry for the lack of/poor 'operator' content. end of subject ay? cheers Gavin On Wed, 2005-02-09 at 15:07, Mark Foster wrote:

...
On 2/8/2005, "Gavin Legge" wrote:

...
Grasping at straws and no disrespect intended but would blocking all outbound connections to port 110 be the kind of thing an ISP like say for example xtra would do?

On a side note, they do block ingress 110 to pop.xtra.co.nz from outside their network. But hey, its their network I guess *shrug*

Yes, it is....

I do find it interesting that one of the first things people think of is 'Oh, Xtra must be blocking all outbound POP3...'

Its almost like every thing that Xtra does must be a conspiracy to annoy the very same end users they need to retain to succeed in business?

To the man from DTS: Dare I ask, was Xtra's tech support team contacted re the problem? I imagine they can help you troubleshoot the problem, as they should certainly be able to run comparisons in realtime from other types of Xtra connection medium (similar routes) and if its something at their end, they'd need to address it as a fault.

Good luck :)

Mark.

PS: If this seems slightly frustrated or sarcastic, I apologise. It seems theres a tendency to skip over the obvious 'lets try the helpdesk' and jump straight to NZNOG for issues that have a tenuous 'network operations' component at best. Xtra, like most NZ ISPs, have a competent support structure (Ok, in the case of some, you need to be persistent) who will help their client... as its in their best interest to _retain_ said client.)

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog -- Kind Regards Gavin Legge Technical Manager DTS Limited

phone +64 4914 5946 email gavin(a)dts.net.nz cellphone 021 441 299

Reply

Sign in to reply online Use email software

7257

Age (days ago)

7258

Last active (days ago)

Download

7 comments

7 participants

tags

participants (7)

Anaru Hartley
Gavin Legge
Joe Abley
Juha Saarinen
Lin Nah
Mark Foster
Richard Patterson