Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Annoying DoS

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Annoying DoS

Chronological Thread 
  • From: The Doctor <drwho AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] Annoying DoS
  • Date: Thu, 18 Oct 2012 12:17:15 -0400
  • Openpgp: id=807B17C1
  • Organization: Virtual Adept Networks, Unlimited

Hash: SHA1

On 10/17/2012 04:51 PM, Martin C wrote:

> I hope I haven't accidentally blocked the IP of an OpenNIC T1
> testing server, if I have, let me know. Otherwise, this is a heads
> up about a possible DoS attempt which as it turned out, was highly
> annoying.

For what it's worth, I've been seeing stuff like that happening for
over a month now.

A group that I work with has been noticing someone (or someones)
systematically DoSing their VPSes. Not by flooding them off the Net
through any of the usual means, but by using up their bandwidth quotas
(an in a few cases forcing disconnection because the bandwidth bill
was so high the admin couldn't pay it (thousands of dollars or Euros
at a time for a single VPS)). This has impacted everything from
software development to communication. Others of us are taking our
VPSes down as a precaution.

I don't know if this matches what you're seeing or not - it might not
be - but it fits the general pattern of what we're seeing. Are you
noticing that the attacker is trying variants of the Sloworis attack
directed at different ports (in your case, 53/TCP) and going not for
speed but just stuffing up the connection queue?

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium:

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1

We are not a clone.

Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Archive powered by MHonArc 2.6.19.

Top of Page