Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


2998 posts

Uber Geek
+1 received by user: 187

Trusted
Subscriber

  Reply # 677822 27-Aug-2012 21:05 Send private message

Hey guys,
Just to update you all. Everything has been going fine since the upgrade to 1gbps. We started getting alternative style attacks of lots of TCP SYN requests which clogged the CPU on the router. What I ended up doing is taking the target outside of the firewall and directly attached to the border router (since firewalling takes up a lot of CPU). All has been good since with about 1 attack greater than 300mbps doing nothing.

I am happy now :)





105 posts

Master Geek


  Reply # 677925 28-Aug-2012 07:43 Send private message

Zeon: Hey guys,
Just to update you all. Everything has been going fine since the upgrade to 1gbps. We started getting alternative style attacks of lots of TCP SYN requests which clogged the CPU on the router. What I ended up doing is taking the target outside of the firewall and directly attached to the border router (since firewalling takes up a lot of CPU). All has been good since with about 1 attack greater than 300mbps doing nothing.

I am happy now :)

Why not try fix it instead of bandaiding it?



Just my 2c.

mjb

922 posts

Ultimate Geek
+1 received by user: 21

Trusted

  Reply # 677926 28-Aug-2012 07:52 Send private message

frizianz: Why not try fix it instead of bandaiding it?


That was my exact thought after reading this thread for the first time last night..




contentsofsignaturemaysettleduringshipping

BDFL
49617 posts

Uber Geek
+1 received by user: 4459

Administrator
Trusted
Geekzone
Subscriber

  Reply # 677930 28-Aug-2012 08:07 Send private message

Zeon: Hey guys,
Just to update you all. Everything has been going fine since the upgrade to 1gbps. We started getting alternative style attacks of lots of TCP SYN requests which clogged the CPU on the router. What I ended up doing is taking the target outside of the firewall and directly attached to the border router (since firewalling takes up a lot of CPU). All has been good since with about 1 attack greater than 300mbps doing nothing.

I am happy now :)


Hmmm. So instead of getting this stopped you rather just waste bandwidth, put more resources that cost money?

There's a reason why [email protected] and [email protected] exist.





1734 posts

Uber Geek
+1 received by user: 325

Trusted
Spark NZ

  Reply # 677950 28-Aug-2012 08:51 Send private message

freitasm:
Zeon: Hey guys,
Just to update you all. Everything has been going fine since the upgrade to 1gbps. We started getting alternative style attacks of lots of TCP SYN requests which clogged the CPU on the router. What I ended up doing is taking the target outside of the firewall and directly attached to the border router (since firewalling takes up a lot of CPU). All has been good since with about 1 attack greater than 300mbps doing nothing.

I am happy now :)


Hmmm. So instead of getting this stopped you rather just waste bandwidth, put more resources that cost money?

There's a reason why [email protected] and [email protected] exist.


Yep.. And if you need me to chase up you can e-mail me pl at telecom dot co dot nz and we can see what's going on.

However just because the source IP shows it from a Telecom IP address range doesn't necessarily mean it is. :(  Such as things can be that source IP addresses can be spoofed using LOIC when someone wanted to DDos you.




I work for Spark, but as always my views are my own.



2998 posts

Uber Geek
+1 received by user: 187

Trusted
Subscriber

  Reply # 678022 28-Aug-2012 10:07 Send private message

The rest of the attacks have been DDoS - not from a Telecom source specifically anymore. I went to the police but they declined to help...





2203 posts

Uber Geek
+1 received by user: 183

Trusted
Subscriber

  Reply # 678205 28-Aug-2012 14:38 Send private message

It is quite possibly a botnet.

I get them all the time - invalid logins from all sorts of ip addresses trying random logins on my email server.

We have the NZNOG (New Zealand Network Operator Group) mailing list hosted by the university of waikato.
You can often get in touch with a technical person with regard to things like botnet attacks by asking on the mailing list for a contact within a company. Its not really for average helpdesk enquiries, and more upper level technical issues such as tracking down offending users and inter-isp communication.

So if abuse@xtra didnt help, that would be the next place i would try.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by networkn on 18-Sep-2014 15:32 (344 replies)
Pages... 21 22 23


10 Iphone 128gb 6+ iphones this weekend at auckland airport
Created by frysie, last reply by TimA on 17-Sep-2014 22:02 (36 replies)
Pages... 2 3


Mr. Key to extradite Kim Dotcom?
Created by TimA, last reply by SaltyNZ on 18-Sep-2014 09:20 (126 replies)
Pages... 7 8 9


Spark DNS Issues - Amazing - Broadband Service Alert
Created by PeteS, last reply by Demeter on 15-Sep-2014 14:13 (307 replies)
Pages... 19 20 21


hp bios update
Created by foxy38, last reply by foxy38 on 14-Sep-2014 19:08 (26 replies)
Pages... 2


Gigatown finalists and retail provider
Created by freitasm, last reply by macuser on 17-Sep-2014 23:02 (17 replies)
Pages... 2


2014 Holden SS (V8) or Ford XR6-T (in-line 6 turbo)
Created by joker97, last reply by ilovemusic on 16-Sep-2014 14:34 (71 replies)
Pages... 3 4 5


IOS8 - Network Load
Created by FireEngine, last reply by sDew on 18-Sep-2014 15:44 (15 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.