Help - Search - Members - Calendar
Full Version: URGENT: Internet Attack
Hostony Board > General > News and Announcements
Shurik
Jan 25 2003, 11:29 AM
This night tehre was a magor DDOS attack targeted to US national backbone. As a result whole internet is affected with this. US, Europe Asia. Some networks and isps are down other networks are flooded with packets and have high latency.

As for now all our servers are up for us, but many of our customers reported that they could not access their sites. We cannot do something about it as some transit providers for them are down or flooded with packets. We hope bandwidth providers will adjust their networks to stay agains this attack soon and everything will get back to normal on the net.

Below is a quote from the security report:

QUOTE
MASSIVE DDOS ATTACKS ALL OVER U.S.
--------------------------------------------------------------------------------
We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight starting at around 11:30 PM CST. As many as 5 of the 13 root nameserver have been down, up to 10 with massive packet loss (xx%):

Internet Status to Root Name Servers
Date: Fri Jan 24 21:37:00 PST 2003

Place Address Packet Loss Time: Min/Avg/Max
Root b.root-servers.net 53% 25/40/48
Root c.root-servers.net 0% 82/82/82
Root e.root-servers.net 20% 16/29/33
Root f.root-servers.net 26% 17/27/32
Root h.root-servers.net 20% 91/101/108
Root i.root-servers.net 26% 190/199/205
Root j.root-servers.net 26% 81/91/96
Root k.root-servers.net 64% 172/188/201
Root l.root-servers.net 0% 5/5/6
Root m.root-servers.net 33% 160/171/205
GTLD b.gtld-servers.net 26% 52/63/67
GTLD c.gtld-servers.net 31% 85/93/95
GTLD d.gtld-servers.net 13% 88/100/103
GTLD f.gtld-servers.net 22% 38/50/57
GTLD i.gtld-servers.net 0% 198/200/203
GTLD k.gtld-servers.net 24% 90/100/105
GTLD l.gtld-servers.net 33% 128/138/171


All backbone providers are suffering major packet loss (XX%):

Place Address Packet Loss Time: Min/Avg/Max
AboveNet ns.above.net 28% 53/64/66
AGIS ns1.agis.net 26% 62/74/78
AlohaNet nuhou.aloha.net 35% 84/94/98
ANS ns.ans.net 26% 83/97/100
BBN-NearNet nic.near.net 28% 91/114/572
BBN-BARRnet ns1.barrnet.net 26% 16/26/32
Best ns.best.com 35% 79/89/95
Concentric nameserver.concentric.net 35% 18/31/56
CW ns.cw.net 28% 88/98/105
DIGEX ns.digex.net 31% 78/86/91
ENTER.NET dns.enter.net 28% 91/104/108
Epoch Internet ns1.hlc.net 33% 37/48/52
Flash net ns1.flash.net 17% 80/92/94
GetNet ns1.getnet.com 20% 40/52/56
GlobalCrossing name.roc.gblx.net 24% 85/97/104
GoodNet ns1.good.net 31% 83/92/97
GridNet grid.net 20% 80/92/101
IDT Net ns.idt.net 20% 91/104/121
Internex nic1.internex.net 26% 18/31/35
MCI ns.mci.net 22% 91/103/107
MindSpring itchy.mindspring.net 15% 75/88/106
NAP.NET ns2.nap.net 20% 73/85/94
PacBell ns1.pbi.net 0% 89/89/90
Primenet dns1.primenet.net 20% 31/41/45
PSI ns.psi.net 0% 82/84/160
RAINet ns.rain.net 31% 40/49/53
SAVVIS ns1.savvis.net 31% 88/99/102
SprintLink ns1.sprintlink.net 11% 15/27/35
UUNet,AlterNet auth00.ns.uu.net 26% 89/98/103
Verio-West ns0.verio.net 22% 31/42/47
Verio-East ns1.verio.net 22% 86/96/101
VISInet ceylon.visinet.ca 20% 102/116/188
MoonGlobal-ClubNET ns.clubnet.net 0% 0/1/2
MoonGlobal-Netway dns.nwc.net 4% 6/6/7
MoonGlobal-Netxactics verdi.netxactics.com 4% 6/6/7
InterWorld ns.interworld.net 0% 4/4/5


It's massive, no word on source yet. We are watching it closely.

Brad G
American Intelligence
www.americanintelligence.us



You can see status of major world bandwidth backbone at
http://www.internethealthreport.com/

Thank you for your patience.
Shurik
Jan 25 2003, 01:14 PM
Problems ara cause by vulnurability found in MS SQL 6 months ago.

Here is more info:
http://www.kb.cert.org/vuls/id/370308


Now someone wrote the worm that infects boxes on the net and send flod packets like hell.

The following ports are affected.

ms-sql-s 1433/tcp # Microsoft-SQL-Server
ms-sql-s 1433/udp # Microsoft-SQL-Server
ms-sql-m 1434/tcp # Microsoft-SQL-Monitor
ms-sql-m 1434/udp # Microsoft-SQL-Monitor

We ara lucky that we don't use Windows and other Microsoft products smile.gif


Hope internet administrators will block above mentioned ports all over the internet soon to prevent attack and everything will get back to normal.
Serge
Jan 25 2003, 02:20 PM
For you information you may want to check this cnn report
http://www.cnn.com/2003/TECH/internet/01/2...k.ap/index.html
Serge
Jan 29 2003, 08:12 PM
Some users are complaining that they cannot access their sites for some periods of times. This caused by the consecuences of worm attack that happened on 25 January.

These problems usually caused by the transit networks who failed to lock worm down. To our regret we cannot do anything about it except letting them know that they are causing problems to some part of the network.

From the past experience with similar worm Worm. Slapper it took about 2 weeks for isps all arounf the word to almost completely lock the worm.

Below is an reply that I've just sent to the user who complained about not being able to access his site for 5 hours.

QUOTE

As we previously informed in our forums on 25 January there were an MS worm that brought about half of the internet down.

http://forum.hostony.com/viewtopic.php?t=85

As for now major backbones have filtered out flooding packets and most of the internet is accessible. However smaller network still have not removed worm from all Windows boxes infected with MS SQL worm.

Worm floods smaller networks with packets causing high packet loss. When paclet loss reaches about 70% sites are inaccassible.

All that time during attack our servers were up as we don't run windows on our servers and it is not present in pur datacenter. However there were times when some servers were not accessible or slow for some customers. Number of complains about users not being able to access their sites have decreased from 25 ass more and more providers upgrade security of their networks and kill the worm, but still here or there users complains they cannot access site on this or that server. That problems don't lasted more then 12 hours.
Our servers were up all the time during that worm attack and you can see it with shell top command.

We have 0 influence on the situation as packets or timeouts happen on transit networks. The only thing we can do is to send complaign to the hop that causes packet loss so they could fix their network.

In case you cannot reach our server please, be sure to run a traceroute to our server to see what hop on the route causes the problem.
You can complaign to them directly or send your traceroute to us and we'll do it for you.

When some server cannot connect to our mailserver the mail is not lost. Internet mail servers will be trying to deliver it for 6 days.

And in this case we don't offer a refund because problems was not happened because of our server or network.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2024 Invision Power Services, Inc.
IPS Driver Error

IPS Driver Error

There appears to be an error with the database.
You can try to refresh the page by clicking here