Update on the pool downtime

[shyrwall]

If the verizon ips you plan of using is in the same /24 as the old ones I suggest you request a new ip range in another /24 from verizon or it might be very easy for the attacker to find the backend.

Best is of course if verizon can firewall all traffic except javapipe

[FRISKIE]

I suggest you request a new ip range in another /24 from verizon or it might be very easy for the attacker to find the backend

I agree and have not understood why a new set of IPs have not been provided already?

Especially if 2 of the current IPs are not working as expected.

[Steve Sokolowski]

I suggest you request a new ip range in another /24 from verizon or it might be very easy for the attacker to find the backend

I agree and have not understood why a new set of IPs have not been provided already?

Especially if 2 of the current IPs are not working as expected.

They can't do that on the weekends, because the department that has authorization to do that apparently only works on weekdays.

Really, the main problem here is Verizon, not the attacker. If Verizon didn't have this problem, we would have been able to respond to this attacker much more quickly. This sours me on Verizon's service - how is this "business class?" When I've called Comcast for their "residential" service, they still the ability to fix stuff like this, even at my house, on the weekends.

[FRISKIE]

Hehe . . perhaps the attackers have actually done you guys a favor in the long run by giving you a bit of downtime and opportunity to implement the DDoS protections that I'm sure have been on the "TO DO" list , but performance upgrades are taking up all available time for the longest

[Steve Sokolowski]

Chris is having problems trying to figure out why DNS names are not resolving on the server after he configured it for this new setup.

He's been at it for about 4 hours and hopefully will figure it out soon.

[GregoryGHarding]

I suggest you request a new ip range in another /24 from verizon or it might be very easy for the attacker to find the backend

I agree and have not understood why a new set of IPs have not been provided already?

Especially if 2 of the current IPs are not working as expected.

They can't do that on the weekends, because the department that has authorization to do that apparently only works on weekdays.

Really, the main problem here is Verizon, not the attacker. If Verizon didn't have this problem, we would have been able to respond to this attacker much more quickly. This sours me on Verizon's service - how is this "business class?" When I've called Comcast for their "residential" service, they still the ability to fix stuff like this, even at my house, on the weekends.

comcast even has higher priority for business class customers and here verizon cant even keep the department open on weekends what happens when a company begins to hemorrhage money because of that? bye bye verizon.

[FRISKIE]

Right - having managed a support team for an ISP here in the EU (Interoute) I'm likewise disappointed by Verizon's support response.

[GregoryGHarding]

i did comcast support.. never again

[Steve Sokolowski]

I talked with Chris.

We determined that the previous method won't work, because Verizon is blocking outbound traffic that appears to come from IPs outside their network. The idea was to use a front server that had a lot of bandwidth to filter traffic and then just re-broadcast good packets with a different destination IP. Our server would then reply and rewrite the packets as if they came from the front server. But Verizon apparently filters these packets, a policy which was probably informed by people who tried to execute DDoS attacks with fake source addresses from within their network.

So Chris is trying a different idea. He's going to buy a VPS that provides DDoS protection from Javapipe, and set up a tunnel. Inbound, the behavior is the same, but outbound the packets travel back to the origin server and are broadcast there. No filtering is going to happen out there because the packets actually are coming from the server they pretend to come from.

We'll see if Chris can get this online in a few hours.

[FRISKIE]

Hey Steve - I was reading thee Javapipe "remote DDoS protection" offering and options, and the 2nd solution you describe here sounds good from what I understand of things - good luck!