we're just running into the problem that they have more bandwidth than
us and by targetting a single service they can overwhelm it quickly and
effeciently so the cookies really do little for us. The pipes just full
(well rate limitted at least) =)
--temas
On 23 May 2001 11:17:43 -0400, Mathew Johnston wrote:
> I assume you've got TCP Syncookies enabled in your kernel (and
> in your /proc files)? :)
>
> I guess it's time that we encouraged that 'distributed' nature of
> jabber to kick in, and have more people run private servers. :)
>
> Mat.
>
> On Wed, May 23, 2001 at 12:35:49AM -0700, Jabber DevZone wrote:
> > @jabber.org server
> >
> > The following was posted by [EMAIL PROTECTED] via the Jabber DevZone web site
>(http://dev.jabber.org/):
> >
> > For the past few weeks the server hosting jabber.org has been under
> > frequent DDoS (Distributed
> > Denial of Service) attacks. The type of attack has been a SYN flood
> > to port 5222, originating from
> > various networks and most likely compromised hosts. We're not sure
> > who or why, and don't yet have any
> > information about the abuse, but it's not uncommon for popular open
> > chat systems to be targeted in
> > such a way (IRC for instance).
> >
> > There are two results of the attacks, one is congesting the server on
> > port 5222 so that nobody can
> > connect. To combat this, as soon as an attack is recognized we
> > immediately apply ipchains filters to
> > block network access to the box and drop all packets from the
> > offending hosts. The larger problem is
> > that on a few occassions the size of the attack is greater than and
> > overwhelms the amount of bandwidth allotted to
> > our server (a few T1s). It takes a bit longer, but the local ISP
> > hosting the server calls the
> > upstream provider and have the offending networks blocked, returning
> > the
> > bandwidth capacity to normal.
> >
> > There have a couple of other service outages recently, due to the
> > development nature of the server
> > and that often a transport will runaway and consume system resources,
> > bringing the server to a halt. As
> > part of the foundation two new server boxes will be arriving soon, one
> > for the production-only
> > jabber.org server, and one available to the community for server and
> > transport/services development and
> > testing. With the server developers getting their own domain
> > (jabelin.org) to [ab]use
> > and the added focus on the quality of services available from the
> > foundation, server uptime and administration should improve :-)
> >
> > One last note is that the service was just updated to the latest
> > release last night. The flash5
> > and HTTP-tunneling socket support is now available directly on
> > jabber.org. WCS (the Web Client
> > Service) is now configured as well, and will be activated shortly for
> > testing and experimentation.
> >
> > http://jabber.org/?oid=1502
> > _______________________________________________
> > jdev mailing list
> > [EMAIL PROTECTED]
> > http://mailman.jabber.org/listinfo/jdev
> _______________________________________________
> jdev mailing list
> [EMAIL PROTECTED]
> http://mailman.jabber.org/listinfo/jdev
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
