The message:
YOUR SERVER IS UNDER ATTACK AND HAS BEEN FILTERED BY OUR FIRESLAYER FILTERING SYSTEM. WE ARE AWARE OF THE ISSUE AND THE FILTER WILL BE LIFTED WHEN THE ATTACK IS OVER. PLEASE DO NOT RESPOND TO THIS TICKET, IT IS INFORMATIONAL ONLY. PLEASE OPEN AN ADDITIONAL TICKET IF YOU HAVE FURTHER QUESTIONS
If you would like to view more details concerning the attack on this server, follow the link below. This link is only good for this attack and will not be displayed when the Fireslayer filter is removed.
http://slayer3.ev1servers.net/png/209_62_9...1196778803.html
Sources web03.osl.bedsys.net (193.69.167.49/32) ?
server.brasil23.com (205.234.213.67/32) ?
Ports 0
Destination ev1s-209-62-90-178.ev1servers.net (209.62.90.178/32) ?
Ports 0
Protocols udp (17)
TCP Flags (0x00)
After a while I got:
Dear Ricardo,
I apologize for the inconvenience, but we were forced to apply Fireslayer again to your server. It is being targeted by attacks nearing one gigabit per second. If the attack traffic does not reach more manageable levels, we may be forced to nullroute the server to protect our network's integrity.
Regards,
Jacob Bingham
NOC Technician
What could I do?
Full Version: How prevent nullroute?
You need to understand better what is happening.
Basically if you have a 1000Mbps attack going to your server there is not all that much anybody can do, you are going to get null routed.
For that matter are you in DC2? I wonder if you are the person who has been causing all of the packet loss the last few days...
Basically if you have a 1000Mbps attack going to your server there is not all that much anybody can do, you are going to get null routed.
For that matter are you in DC2? I wonder if you are the person who has been causing all of the packet loss the last few days...
QUOTE (eth00 @ Dec 4 2007, 10:08 PM) 
You need to understand better what is happening.
Basically if you have a 1000Mbps attack going to your server there is not all that much anybody can do, you are going to get null routed.
For that matter are you in DC2? I wonder if you are the person who has been causing all of the packet loss the last few days...
Basically if you have a 1000Mbps attack going to your server there is not all that much anybody can do, you are going to get null routed.
For that matter are you in DC2? I wonder if you are the person who has been causing all of the packet loss the last few days...
What about if I contact the companies that are the source of the attack?
Do you have physical proof on who sent the attack? If so you could certainly work with theplanet to get law enforcement involved.
QUOTE (eth00 @ Dec 5 2007, 01:37 AM)
Do you have physical proof on who sent the attack? If so you could certainly work with theplanet to get law enforcement involved.
What's "physical proof"?
I think you need to research what a DDOS is.
I am essentially asking how you know who sent the attack.
If you are saying contact each individual host who sent the attack, well good luck for an attack that size it was thousands most likely.
I am essentially asking how you know who sent the attack.
If you are saying contact each individual host who sent the attack, well good luck for an attack that size it was thousands most likely.
I see, thank you for the information.
eth00 is correct. No matter how much it may stink for one individual, you have tons of other paying customers who will be affected by the attack. It's one of those annoying "look at the big picture" type situations...
As long as the attack is not strong enough fireslayer should do the trick, and there would be no reason for null routing the IP.
As long as the attack is not strong enough fireslayer should do the trick, and there would be no reason for null routing the IP.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.