[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 24 Jul 2009, tom wrote: >> Got more on my plate right now though - someone has decided to DDoS one of >> my servers )-: Almost wiped me out earlier. Took my connection up to ... >> Why? Who knows )-: B'stards. > Either you've offended them somehow, they've got the wrong IP or you may > be contacted for money to stop it happening again! Extortion is a possibility, but unlikely (I hope). The IP that was targetted has about a dozen or so websites behind it and I checked these - they're all fairly static sites - nothing new had been uploaded to them for some time, so who knows. Maybe one of them send out email or did something to otherwise upset someone. There's still about a dozen sites now sending the SYN attack to it, but that's quite easy to manage. Obviously some of the zombie hosts missed the 'stop' command... First direct DDoS I've experienced, although I know other customers of my upstream have been hit in the past. I'll chalk it down to experience and work on ways to better control and accecss my network when/if it happens again... (And a lesson learned is that a 1GHz Linux router maxes out at 100,000 SYN packets a second routed between 2 interfaces!) Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html