OcUK DDoS attack - £10,000 reward

[Ghosteh]

Spie, or whoever, I've emailed you at the email address you gave in the OP, Contains a Log with some vital information. Trying to get a hold of some more information as we speak, waiting on a reply on a few emails. Hopefully this will help you out guys .

 

[Jock Dodds]

As a "network security guy" (seriously, network security guy? is that a job role?), surely you realise that "hosted in a datacentre" means that OcUK aren't directly responsible for the leading edge firewall.



No, they aren't all called ASA5000's, the ASA5000 is called the ASA5000.

Didn't you read properly? He is a NETWORK SECURITY GUY! He knows all the Ciscos.

 

[bigredshark]

As a network security guy, have you considered getting a CISCO firewall?
They are now call ASA5000 Security Appliance.

They cost about 2 to 3 thousand pounds but are well worth it.

They can automatically detect a DDoS attack before the packets reach the server and let them fall into a "black hole" while the legitimate packets (me building my dream system over and over again) get through.

Had many of these over the years and the Cisco firewalls can easily deal with DDoS attacks. There is a reason why some hardware firewalls cost £200 and some cost £2000.

If you're interested in finding these guys send me a private mail and I can tell you how to set-up some stuff on your end to catch them red handed.

As a network security guy you should realize that the kind of volume of DDOS they're likely getting would cause an ASA5000 to curl up and die. DDOS on those levels of boxes is a useless feature as they can't handle the session levels or session initiation levels to have an affect against serious attacks. They also don't have the advanced heuristics that real IDP boxes have to detect the attacks to start with... the reason some firewalls cost £70k you might say.

You'll also never catch the initiator of a DDOS attack with security in front of the server, the whole point is the attack doesn't come from them, it comes from a botnet. So unless you can catch the initiation command to the botnet somehow you're not going to have much luck.

 

[Garp]

As a network security guy, surely you realise that "hosted in a datacentre" means that OcUK aren't directly responsible for the leading edge firewall.

What's that got to do with the price of tea in china?

It is not the primary responsibility of the hosting company to protect the servers inside the network, only in so much as if the traffic becomes service affecting to the whole network and other customers.
Heck, on any decent data centre you're talking hundreds of Gigabits of data for the hosting company to process. The cost of that would be prohibitive, even when passed on to the end user. You will find that those that do are in the extreme minority compared to those that don't. At the previous big hosting company I worked for all customers were advised to have firewalls of their own. We had a riverhead and a few other DoS protection devices around but that was for emergency purposes and helping customers however we could. Not everyone chose to do so, and some suffered as a consequence.

 

[bigredshark]

What's that got to do with the price of tea in china?

It is not the primary responsibility of the hosting company to protect the servers inside the network, only in so much as if the traffic becomes service affecting to the whole network and other customers.
Heck, on any decent data centre you're talking hundreds of Gigabits of data for the hosting company to process. The cost of that would be prohibitive, even when passed on to the end user. You will find that those that do are in the extreme minority compared to those that don't. At the previous big hosting company I worked for all customers were advised to have firewalls of their own. We had a riverhead and a few other DoS protection devices around but that was for emergency purposes and helping customers however we could. Not everyone chose to do so, and some suffered as a consequence.

We do it as standard, I can appreciate the £50 a month crowd of hosting companies don't, but at the high end companies should be doing it now. Ours is done at the network edge behind the edge router and can process 120Gbps without any affect on speed. It's not terribly expensive split between all customers really...

 

[PistolPete]

I bet Chloe O'Brien could do it.

And in 30 seconds too, unless it's running a type of encryption she's never seen before........ 45 seconds.

 

[Manics]

Exciting! I hope we get to find out who it was and why they did / are doing it.

 

[jamief]

As a network security guy, have you considered getting a CISCO firewall?
They are now call ASA5000 Security Appliance.

They cost about 2 to 3 thousand pounds but are well worth it.

They can automatically detect a DDoS attack before the packets reach the server and let them fall into a "black hole" while the legitimate packets (me building my dream system over and over again) get through.

Had many of these over the years and the Cisco firewalls can easily deal with DDoS attacks. There is a reason why some hardware firewalls cost £200 and some cost £2000.

If you're interested in finding these guys send me a private mail and I can tell you how to set-up some stuff on your end to catch them red handed.

How do you propose to catch them, given that they won't personally be doing anything other than controlling zombie machines?

Also a £2000 firewall will NOT deal with a real DDoS attack.

 

[bigredshark]

Exciting! I hope we get to find out who it was and why they did / are doing it.

I wouldn't hold out much hope...very difficult to prove anything. But I suspect most of the older members are aware of a few people who bear a (slightly childish IMO) grudge against OCUK. Nothing will ever be proven I suspect...

 

[G-MAN2004]

Well id imagine its an individual with a grudge to bear. So that must narrow things down a tad.

Yep, that certainly narrows it down.

 

[alex24]

Looks like the network security guy got told pretty good.

Would OCUK have any insurance against this type of thing? Perhaps there's something in the agreement with the host, i'm not sure. I really hope it hasn't had a huge impact on business, i'd hate to see the best (imo) PC company struggling. I'd happily donate a little if it'd make a difference, like a tip if you like, i've had much use out of the forums and whittled away way too many hours on here. Not to mention the free shipping etc.

 

[Strife212]

We actually don't know anything, for all we know it could be 25 guys with packet flooders.

Or it could be a 100,000 bot DDoS. Those who don't have access to logs have no chance of figuring out anything.

 

[ddoS]

it wasnt me!

 

[rodo]

And in 30 seconds too, unless it's running a type of encryption she's never seen before........ 45 seconds.

she could probably have a tac team there in under a minute!

 

[Solari]

As a network security guy you should realize that the kind of volume of DDOS they're likely getting would cause an ASA5000 to curl up and die.

I LOL'd I'd give up bashing your head against a brick wall mate

 

[Spie]

Looks like the network security guy got told pretty good.

Would OCUK have any insurance against this type of thing? Perhaps there's something in the agreement with the host, i'm not sure. I really hope it hasn't had a huge impact on business, i'd hate to see the best (imo) PC company struggling. I'd happily donate a little if it'd make a difference, like a tip if you like, i've had much use out of the forums and whittled away way too many hours on here. Not to mention the free shipping etc.

Really decent of you, but we are far from struggling. OcUK is a well-run, efficient and profitable business. We are probably in the best position compared to our competitors to ride out any disruption or recession. Lots of others are on a knife edge.

 

[Rameses]

I know of old who did ddos on here, and would say its the same person? maybe he was getting bored of his current ISP and thought what the heck? do it and get kicked off it as what happened previously.

I wouldn't put it past him.

My 2p.

 

[G-MAN2004]

Infact, today, I was shocked when a 17 year old girl in my IT class didn't know what a g-spot and ovaries were.

Yet, you posted a question asking why your penis was a different shade of colour to the rest of your body.

People in glass houses...

 

[GarethDW]

Heh, this thread has provided me with lots of LOLs. Five stars for some of the posts here

I don't know who's behind it (maybe it was the janitor...?) but, as has already been mentioned, the chances of getting a prosection are somewhere between slim to zero. As such, I'll take the £10K and instead I'll provide you with a few days consultancy to help you better deal with this kind of thing in the future, if you like.

 

[Spie]

I know of old who did ddos on here, and would say its the same person? maybe he was getting bored of his current ISP and thought what the heck? do it and get kicked off it as what happened previously.

I wouldn't put it past him.

My 2p.

Please send any info to the email address in the OP.