OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.

johnnyj wrote:

OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.

Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...

Any ideas on where the traffic was coming from?

OrangeDragon wrote:

johnnyj wrote:

OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.

Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...

Any ideas on where the traffic was coming from?

not positive it was aimed at us both.. but that would be a shaky coincidence if it weren't. it was for sure a DDoS attack on our side, and I've now added another layer of protection at the DNS level, and will be continuing to tune my countermeasures through the day. Biggest hit was timing... they hit while i was asleep and couldn't react quickly.

and a site shutdown is only one minor impact/goal of a DDoS. They can also be used to launch man in the middle attacks, which are much much worse and can cause a server security breach. i'd rather the site shut down than some hackers gain access to it for sure.

downloading all of my logs now, and i'm going to toss them all into Splunk to review and search for patterns on. With any luck Scoby will send me the ones from 440 as well so I can do a full analysis. Depends on how cooperative they're feeling.

johnnyj wrote:

OrangeDragon wrote:

johnnyj wrote:

OrangeDragon wrote:TO protect us from hacking/DDoS attempts our ISP shut us down for 3 hours. And then again. I have put in some countermeasures that will hopefully stop the attack from reaching us again... we will see.

Did they confirm it was a combined attack (hack/DDOS)?
there are some pretty clever anti-DDOS measures that can be taken at a layer 2 level, however sometimes shutting the site down is the only resort... which sort of achieves the goal of a DDOS anyway...

Any ideas on where the traffic was coming from?

not positive it was aimed at us both.. but that would be a shaky coincidence if it weren't. it was for sure a DDoS attack on our side, and I've now added another layer of protection at the DNS level, and will be continuing to tune my countermeasures through the day. Biggest hit was timing... they hit while i was asleep and couldn't react quickly.

and a site shutdown is only one minor impact/goal of a DDoS. They can also be used to launch man in the middle attacks, which are much much worse and can cause a server security breach. i'd rather the site shut down than some hackers gain access to it for sure.

downloading all of my logs now, and i'm going to toss them all into Splunk to review and search for patterns on. With any luck Scoby will send me the ones from 440 as well so I can do a full analysis. Depends on how cooperative they're feeling.

I've done quite a bit of work on tracking this sort of thing down, let me know if you want a hand reviewing any logs, I'll be offering the same to Scobienz as well.