From owner-freebsd-hackers@FreeBSD.ORG Sat Nov 24 22:27:43 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D12216A417 for ; Sat, 24 Nov 2007 22:27:43 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outT.internet-mail-service.net (outT.internet-mail-service.net [216.240.47.243]) by mx1.freebsd.org (Postfix) with ESMTP id 4581E13C467 for ; Sat, 24 Nov 2007 22:27:43 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Sat, 24 Nov 2007 14:27:41 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 9E057126AAE; Sat, 24 Nov 2007 14:27:40 -0800 (PST) Message-ID: <4748A55B.9030204@elischer.org> Date: Sat, 24 Nov 2007 14:27:39 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Jeff Mohler References: <000101c82ed9$4d0986b0$0200a8c0@windsor> <4748A0FA.1060402@elischer.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, "Joel V." Subject: Re: Welcome to Hell / Mysterious networking troubles on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 22:27:43 -0000 Jeff Mohler wrote: > On Nov 24, 2007 2:08 PM, Julian Elischer > wrote: > > Joel V. wrote: > > Hello. > > > > A big thanks to everyone who contacted me. FreeBSD really has the > best > > community one could help for. > > > > Now, it has been confirmed by the backbone manager that we're > dealing with a > > DDOS attack. However, the ISP seems to be as clueless as a > headless sheep, > > and we haven't been able to contact their technical staff yet (of > course one > > can't be 100% sure that they even have a technical staff, judging > by the > > level of their response). > > > > Hopefully the situation will be fixed soon. One final question > though: are > > there any quick steps one can take to protect their server from > DDOS attacks > > like these? > > > Well..call the people responsible for the source IP, complain to them as > well. > > www.onlinehome-server.com is the > provider. > > Customer u15194704 is the problem computer. OR the victim. If I remember the thread correctly, it's only when he puts a nameserver at that address that he has problems. That's because the damage is being caused by the REPLIES he's making to that address. His upload BW is less than his download BW. We have no guarantee that the packets are actually coming from that address but could instead be spoofed, so that the victim is being swamped by replies from Joe's friend and others.. (I may have misremembered the beginning of the thread however) > > > > >