Thread: BAD NEWS: discussion.
View Single Post
  #19  
Old 03-09-2004, 09:34 AM
Quinn Whipple
Guest
  
Posts: n/a
Chris, your Subaru box was on a separate v-lan from the bulk of our other network. That is not what caused the problem. The problem came that the DoS attach saturated every hop between the big pipes and your box. The traffic shaper in the router was overwhelmed because of the smaller than normal packet size. The overwhelmed router affected everyone. Jim's proposed solution gives you a small separate and distinct channelized t1 that as long as the upstream provide gives you dual PVC's and your own IP network you will be in charge of your own destiny. The downside is that the pipe will be much smaller making it so that even just 1 cable modem or DSL customer could do a DoS attack and bring you down. The saving grace on the whole thing was that Friday we upped our bandwidth out to the world and fortunately this made the pipe enough bigger that thousands of domains and all the dedicated clients didn’t completely tip over. I watch network utilization on a daily basis. Before they did the DoS attack I saw people poking and prodding at your server. I almost drafted an email asking if the box had been compromised again, but I didn't want people to think that I was being over critical.

I figured Chris would address this but because it hasn't been addressed, I will. This issue deals with the aggressive emails from members of your forum concerning QWK.net's actions. Of all car forum's the last place that I thought we would get threats from would be a car club made up of upper scale car nuts. I guess that everyone is a critic especially when their service is free. It's easy for some one that doesn't have to maintain the box to get grumpy concerning uptime or the quality of the service. QWK.net responsibility to uptime dealt only with the bandwidth. Nothing on the SVX box was under maintenance contract to ensure patch level and the current security state of the box. QWK.net does not own the server that Subaru-SVX.net was hosted or even have the Root level password on the compromised box. The box's maintenance was done by Chris, Travis, and Jim. All three are skilled admin's with full time day jobs and maintenance was done between other pressing events in their schedules. Unfortunately network security is a journey and not a destination. Servers need and require daily attention to keep them secure. Any service provider would have problems knowing that a server is compromised or in a bad patch state. But again we didn’t' have control of the box. The only control that we have over the box is to turn the port on/off and to change the upstream traffic shaper.

QWK.net as a company has provided quality service to your forum. Instead of getting grumpy and angry you guys should be happy for the multi megabits of service that was available to your forum.

Quinn Whiple
QWK.net Hosting
Reply With Quote