[MLB-WIRELESS] Fw: [Oz-ISP] oz.org under attack?

sanbar sandbar at ozemail.com.au
Wed Apr 3 09:18:35 EST 2002 

I guess this is an issue that will confront melbwireless at some stage in
its lifetime.
- Barry

----- Original Message -----
From: "matt carter" <riv at oz.org>
To: <aussie-isp at aussie.net>; <nap at waia.asn.au>
Sent: Tuesday, April 02, 2002 3:38 PM
Subject: [Oz-ISP] oz.org under attack?


>
> There has been a lot of discussion recently relating to a thread that was
> created about DDoS attacks on the oz.org IRC servers.
>
> It is very disappointing to see such a resource provided for the benefit
> of the community abused in such a manner. Hopefully this will summarise
> some of the discussion so far and offer an insight to the list members
> (WAIX/OZ-ISP) as to where oz.org goes from here.
>
> oz.org operates essentially entirely on the good will of the people who
> donate their time, their hardware or their bandwidth solely for the
> benefit of the .au community for no financial or other tangible gain
> whatsoever.
>
> All of the issues, suggestions and otherwise need to be understood in the
> context of the above, and the limitations this places on us.
>
> That understood, let me address some of the discussion which has been
> floating around.
>
>
>
> 1. Who is responsible for these attacks?
>
> As this is an ongoing investigation by a number of parties, without going
> into detail, it would appear that a number of individuals have been
> involved in a virtual-pissing contest of lets see who can take out the IRC
> server first. It would appear that we are not the only ones affected by
> this spate of attacks and it is certainly not uncommon with EFnet and
> Undernet both savagely crippled in the past for extensive periods of time.
>
>
>
>
> 2. Why don't you just use packet shaper/ios/upstream to rate limit the
> attacks?
>
> People who provide the network capacity to us are often taken out
> themselves as a result of these attacks.  Whether that be by sheer volume
> of data saturing their uplinks (Can your network handle 150mbps+ of
> additional traffic?) or by routers choking in an attempt to mitigate the
> damage.
>
> Even in situations where it is technically possible for the upstream
> provider to protect us by implementing changes to their network design, it
> is often not financially sustainable to do so due to the cost of the
> traffic which they receive and shield against on ozorgs behalf.
>
> The thing that really is a shame here is these people are already copping
> the tab for the traffic that the IRC network generates, let alone having
> their entire business suffer. Inevitably, and rightly so, the business
> needs come first.
>
>
>
>
> 3. Where do we go from here?
>
> First of all, there has been mention of moving to slowaris, which I am not
> sure why has been brought into this discussion at all. The move to solaris
> is for sysadmin ease of use, as we will be standardising on os, platform
> architecture and environment for all of the servers. It is not in any way
> related to this DDoS attacks, and has been part of a restructure plan
> prior to these events.
>
> We will continue to have discussions with the providers who are currently
> hosting servers for us and we will hopefully soon have provider portable
> networks that aren't part of an aggregate route for each server.
>
> All servers with the exception of a single US point of presence, will only
> be advertised to domestic peers, and will be unreachable from outside
> Australia as they simply won't exist in the routing tables.
>
> This means traffic from outside Australia won't even know how to get to
> Australia to get to these IRC servers, and thus they will be immune to
> DDoS attacks using hosts outside Australia.
>
> Any hosts which are used to participate in attacks within Australia can
> then be aggressively pursued locally.
>
>
>
> 4. My 2c.
>
> Many people have commented on how upset & angry it has made them that once
> again a few kiddies with no clue and someone elses tools/scripts, have
> come in and trashed resources provided freely for the general use of all.
>
> More importantly, this is your backyard too. This is the largest .au only
> IRC network, and it's highly disappointing to see these individuals go
> about destroying the very community this list represents.
>
> At the moment our future looks uncertain. As a result of this wave of
> attacks, we have had servers turned off and may lose more to the point
> where ozorg is a non functional net.
>
> I would dearly like for some of the bigger players to get behind this and
> other resources like it, if at the very least to step in and assist in
> preventing these script kiddies from dictating the terms in which we
> operate.
>
> These types of acts are becoming more frequent, I fear years of selfless
> acts and time by committed individuals and organisations will be erased at
> some point in the near future by pre-pubescent teens with someone elses
> tools and a need to extend their virtual-penis amongst their wannabe
> black-hat peers.
>
> This is nothing but juvenile technological vandalism on a grand scale ..
>
>
> --matt
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ----
> email "unsubscribe aussie-isp" to majordomo at aussie.net to be removed.
>


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list