OcUK DDoS attack - £10,000 reward

Status
Not open for further replies.
Spie, or whoever, I've emailed you at the email address you gave in the OP, Contains a Log with some vital information. Trying to get a hold of some more information as we speak, waiting on a reply on a few emails. Hopefully this will help you out guys :).
 
paradigm said:
As a "network security guy" (seriously, network security guy? is that a job role?), surely you realise that "hosted in a datacentre" means that OcUK aren't directly responsible for the leading edge firewall.



No, they aren't all called ASA5000's, the ASA5000 is called the ASA5000.
Click to expand...

Didn't you read properly? He is a NETWORK SECURITY GUY! He knows all the Ciscos.
 
keyvan said:
As a network security guy, have you considered getting a CISCO firewall?
They are now call ASA5000 Security Appliance.

They cost about 2 to 3 thousand pounds but are well worth it.

They can automatically detect a DDoS attack before the packets reach the server and let them fall into a "black hole" while the legitimate packets (me building my dream system over and over again) get through.

Had many of these over the years and the Cisco firewalls can easily deal with DDoS attacks. There is a reason why some hardware firewalls cost £200 and some cost £2000.

If you're interested in finding these guys send me a private mail and I can tell you how to set-up some stuff on your end to catch them red handed.
Click to expand...

As a network security guy you should realize that the kind of volume of DDOS they're likely getting would cause an ASA5000 to curl up and die. DDOS on those levels of boxes is a useless feature as they can't handle the session levels or session initiation levels to have an affect against serious attacks. They also don't have the advanced heuristics that real IDP boxes have to detect the attacks to start with... the reason some firewalls cost £70k you might say.

You'll also never catch the initiator of a DDOS attack with security in front of the server, the whole point is the attack doesn't come from them, it comes from a botnet. So unless you can catch the initiation command to the botnet somehow you're not going to have much luck.
 
paradigm said:
As a network security guy, surely you realise that "hosted in a datacentre" means that OcUK aren't directly responsible for the leading edge firewall.
Click to expand...

What's that got to do with the price of tea in china?

It is not the primary responsibility of the hosting company to protect the servers inside the network, only in so much as if the traffic becomes service affecting to the whole network and other customers.
Heck, on any decent data centre you're talking hundreds of Gigabits of data for the hosting company to process. The cost of that would be prohibitive, even when passed on to the end user. You will find that those that do are in the extreme minority compared to those that don't. At the previous big hosting company I worked for all customers were advised to have firewalls of their own. We had a riverhead and a few other DoS protection devices around but that was for emergency purposes and helping customers however we could. Not everyone chose to do so, and some suffered as a consequence.
 
Garp said:
What's that got to do with the price of tea in china?

It is not the primary responsibility of the hosting company to protect the servers inside the network, only in so much as if the traffic becomes service affecting to the whole network and other customers.
Heck, on any decent data centre you're talking hundreds of Gigabits of data for the hosting company to process. The cost of that would be prohibitive, even when passed on to the end user. You will find that those that do are in the extreme minority compared to those that don't. At the previous big hosting company I worked for all customers were advised to have firewalls of their own. We had a riverhead and a few other DoS protection devices around but that was for emergency purposes and helping customers however we could. Not everyone chose to do so, and some suffered as a consequence.
Click to expand...

We do it as standard, I can appreciate the £50 a month crowd of hosting companies don't, but at the high end companies should be doing it now. Ours is done at the network edge behind the edge router and can process 120Gbps without any affect on speed. It's not terribly expensive split between all customers really...
 
keyvan said:
As a network security guy, have you considered getting a CISCO firewall?
They are now call ASA5000 Security Appliance.

They cost about 2 to 3 thousand pounds but are well worth it.

They can automatically detect a DDoS attack before the packets reach the server and let them fall into a "black hole" while the legitimate packets (me building my dream system over and over again) get through.

Had many of these over the years and the Cisco firewalls can easily deal with DDoS attacks. There is a reason why some hardware firewalls cost £200 and some cost £2000.

If you're interested in finding these guys send me a private mail and I can tell you how to set-up some stuff on your end to catch them red handed.
Click to expand...

How do you propose to catch them, given that they won't personally be doing anything other than controlling zombie machines?

Also a £2000 firewall will NOT deal with a real DDoS attack.
 
Looks like the network security guy got told pretty good.

Would OCUK have any insurance against this type of thing? Perhaps there's something in the agreement with the host, i'm not sure. I really hope it hasn't had a huge impact on business, i'd hate to see the best (imo) PC company struggling. I'd happily donate a little if it'd make a difference, like a tip if you like, i've had much use out of the forums and whittled away way too many hours on here. Not to mention the free shipping etc.
 
We actually don't know anything, for all we know it could be 25 guys with packet flooders.

Or it could be a 100,000 bot DDoS. Those who don't have access to logs have no chance of figuring out anything.
 
alexhull24 said:
Looks like the network security guy got told pretty good.

Would OCUK have any insurance against this type of thing? Perhaps there's something in the agreement with the host, i'm not sure. I really hope it hasn't had a huge impact on business, i'd hate to see the best (imo) PC company struggling. I'd happily donate a little if it'd make a difference, like a tip if you like, i've had much use out of the forums and whittled away way too many hours on here. Not to mention the free shipping etc.
Click to expand...
Really decent of you, but we are far from struggling. OcUK is a well-run, efficient and profitable business. We are probably in the best position compared to our competitors to ride out any disruption or recession. Lots of others are on a knife edge.
 
I know of old who did ddos on here, and would say its the same person? maybe he was getting bored of his current ISP and thought what the heck? do it and get kicked off it as what happened previously.

I wouldn't put it past him.

My 2p.
 
Heh, this thread has provided me with lots of LOLs. Five stars for some of the posts here :D

I don't know who's behind it (maybe it was the janitor...?) but, as has already been mentioned, the chances of getting a prosection are somewhere between slim to zero. As such, I'll take the £10K and instead I'll provide you with a few days consultancy to help you better deal with this kind of thing in the future, if you like.
 
AmTechFox said:
I know of old who did ddos on here, and would say its the same person? maybe he was getting bored of his current ISP and thought what the heck? do it and get kicked off it as what happened previously.

I wouldn't put it past him.

My 2p.
Click to expand...
Please send any info to the email address in the OP.
 
Status
Not open for further replies.
Back
Top Bottom