May be useful to setup a NIDS to monitor incomming scans/penitration attempts on FDCservers machines.
Fixing the DoS issues would be extreamly nice too...

thats what you pay for at thep1@net hahaha...

edit:

but i should say i would be the last person to know how much an IDS would cost... although i have done some reading on ddos packet filtering and WOW... that hardware is expensive!!!!!!

Since we are on the DDOS topic:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/06-14-2005/0003870952&EDATE=

Since we are on the DDOS topic:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/06-14-2005/0003870952&EDATE=

Yeah I saw a similar article somewhere else as well. Things that didn't suprise me

1) AOL is the most infected ISP. Of course this didn't suprise me. did you actually think that I have any mercy for aol, anyone who spends even a reasonable amount of time in chatrooms see what aol brings to the table, mainly children who are trying to prove their epenis lol.

2) Europe is the most infected continent overall. Duh, anyone who's been hit by a dos attack or spam attacks know that all those drones from dialin.net, I'd say at least 40-60% of all IRC networks ban this entire isp because of it.

3) China has the greatest infection per capita. all up and coming countries in the internet world will be the most vulnerable. The key is too learn and adapt your computers and networks to properly deal with it, and sadly even most american ISP's haven't taken an active involvement in the prevention and solution to the problem even AOL with all it's new commercials and free software isn't doing anything against it

Overall this article was very good and I think faqall's realization on how much ddos hardware costs is a good indication of the varying levels of knowledge about protection and prevention. Hopefully we can all learn stuff from each other to help protect ourselves.

thats what you pay for at thep1@net hahaha...

edit:

but i should say i would be the last person to know how much an IDS would cost... although i have done some reading on ddos packet filtering and WOW... that hardware is expensive!!!!!!


There are plenty of NIDS/IDS solutions that are opensource and/or free
search www.sf.net, tucows.com, freshmeat.net

snort for one


get above.net to setup paquet filters cause I'm tired of losing connection to my dedicated server every night. I'm not skilled with networking other than setting up a lan :p
But I know its possible to prevent outages above.net has the bandwith

possibly use above.net and lvl3 together to balance the load

Since we are on the DDOS topic:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/06-14-2005/0003870952&EDATE=

the main reason for end users being used to create ddos nets is all the client side exploits that keep on comming out. and the other majority are cgi exploits then a few locals

www.frsirt.com & www.milw0rm.org then bugtraq on securityfocus.com

think of all the evil ppl that like to use these exploits to install 'spy ware'/malware and dont use these computers in ddos attacks, harvesting massive information.

thats what you pay for at thep1@net hahaha...

edit:

but i should say i would be the last person to know how much an IDS would cost... although i have done some reading on ddos packet filtering and WOW... that hardware is expensive!!!!!!

stuff like that should be the responsiblity of the ISPs since its their duty to ensure connectivity to the "best of their ablilties".

There are many ways to implement DDOS and SYN packet attacks without having to purchase expensive equipment, its called an access list which can be written on any cisco router and yes they do use them here. There is a difference though in securing a datacenter for dos and SYN and securing a corporate network. When an attack happens here they are very fast at stopping the attacks, but you can't run a tight access list and expect to run irc and webservers individually. To block syn you add rules preventing ack replies to a syn request, syn requests are designed to use a spoofed reply ack packet. You can add some simple rules to your unix firewalls the same way though basicly adding all the private ip ranges with correct subnetmasks and proper protocol etc. Corporate networks are designed with the webserver on a seperate stub subnet and close to the gateway router. The rest of the network is behind a distribution layer and access layer and core layer with stubs for email database servers and departments. Here we all need a wider range of ports and protocols for the multiple services we offer. As far as IDS goes (intrusion detection sensors) they are of no use because the public has access to your server from the internet. IDS is used to catch hackers in secure private networks that accessible only through remote access terminals on routers set up for management to have a secure login to the network from satelite offices or home. IDS looks for unusual activity in the secure zone such as packet sniffers and spikes in network traffic that doesn't match the database logs of an autonomous system. Basicly I suggest running sentries on your servers along with firewall rules blocking the most popular asian ip ranges russian ranges etc. And keep your ports/packages up to date shut down all but the most necessary ports below 1024. apply rules that limit connections multiple connections to ssh ftp etc on your ethernet adapter to preven brute force scans and add host access databases for clients ssl certs etc. FDC will deal with massive attacks within sometimes miutes.

stuff like that should be the responsiblity of the ISPs since its their duty to ensure connectivity to the "best of their ablilties".I will disagree with you. Datacenters are not forced to purchase IDS, monitor customer's servers and block hacking attempts. In some cases even with a good IDS, there could be false alerts and block legit traffic which would cause trouble to the customer, so ISPs barely take such responsibility and I agree with this as I prefer to have my own choice which traffic I'll allow and which traffic I'll drop. It's the server's owner/sysadmin duty to keep the server clean and secure, not the ISP's.

A similar example is spam filters. Several dialup/broadband ISPs nowadays have spam filters and depending on their configuration, there are cases that they may accidentally block a non-spam email from arriving to your account, which could be an important email that will cause you trouble if you miss it. So, I prefer to filter the spam myself without ISP's action.

Basicly I suggest running sentries on your servers along with firewall rules blocking the most popular asian ip ranges russian ranges etc. And keep your ports/packages up to date shut down all but the most necessary ports below 1024. apply rules that limit connections multiple connections to ssh ftp etc on your ethernet adapter to preven brute force scans and add host access databases for clients ssl certs etc.Phoenix has given a pretty good suggestion on how people should prevent strangers from abusing their servers, nice post Phoenix :goodjob:

I Think the ddos issues were directed against FDC as far as i know, not a single customer :P
And there isnt anything drastic you can do againt ddos as normal server owner. Except taking ips attacked offline yourself.. :)

I will disagree with you. Datacenters are not forced to purchase IDS, monitor customer's servers and block hacking attempts. In some cases even with a good IDS, there could be false alerts and block legit traffic which would cause trouble to the customer, so ISPs barely take such responsibility and I agree with this as I prefer to have my own choice which traffic I'll allow and which traffic I'll drop. It's the server's owner/sysadmin duty to keep the server clean and secure, not the ISP's.

A similar example is spam filters. Several dialup/broadband ISPs nowadays have spam filters and depending on their configuration, there are cases that they may accidentally block a non-spam email from arriving to your account, which could be an important email that will cause you trouble if you miss it. So, I prefer to filter the spam myself without ISP's action.

Phoenix has given a pretty good suggestion on how people should prevent strangers from abusing their servers, nice post Phoenix :goodjob:

I'm not saying data centers are forced or should be, to purchase IDS/NIDS software. I'm saying it would be a good idea to collect information for legal purposes such as working with the ISPs of where the attacks originated from and law enforcement agencies. In hopes of solving the illegal acitivities that affect FDC and its customers. Not all IDS software costs money, snort for example is a good one to use if setup properly.

I suspect its a few disgruntled people and possibly some companies or company that is responsible for majority of the denial of service attacks.

I'm not up to snuff on the denial of service preventions that exist nowadays... I'm just ranting cause I know its possible to remedy such situations on a smaller scale without disrupting service and I think it shouldn't be too hard to apply the same techniques over a broad spectrum. I'm very unaware of how FDC's network is setup. Blocking forged/spoofed packets is just an idea and perhaps they have this inplace.

I'm just twilight dreaming and have no experience in this subject matter... Other than doing such on my lan or my own server @ FDC.