DoS attack against Sedo's parking program

[SedoCoUk]

Hello from Sedo,

the cluster for serving the websites for the Sedo parking program is attacked by a Bot network or a sophisticated attacker since this afternoon.
We are experiencing a SYN flood attack with spoofed IP addresses as the source.

Before getting into details, we want to assure you that we will fully compensate you for the revenue loss that occured because of the DoS attack.

The tech team is working together with third-party consultants who are experienced in dealing with DoS attacks to get this issue resolved. To give you an idea of the size of the attack: We would need about 200 additional servers to handle the SYN traffic coming in.

The immediate measures against such an attack are very limited. We do have two of the best routers available on the market in front of our network. These routers catch all DoS attacks which can be caught automatically.

We have tuned server parameters and identified certain "evil" subnets which are now filtered. As a result, the load on the system has started to decrease. We continue to filter specific nets and patterns until our system is operational again.

We apologize for the inconvenience. Let me assure you again that all loss in revenue will be compensated.

Sincerely,
the Sedo team

 

[KwelX]

Thanks for the heads-up.

 

[Leading Names]

Thanks for the info.

- Rob

 

[KwelX]

doublepost

 

[websitedeveloper]

how will the loss of revenue be calculated?

 

[A D]

That is disgusting.

People have nothing better to do than cause crap.

hope all ends up ok at sedo.

-=DCG=-

 

[jdk]

Have been wondering why logging in has been lagged the last couple of days.

 

[namestrands]

Madness it is.. I mean really who would have it in for SEDO? hmmm

 

[Shaggy]

That is crazy. What do these people get out of it? I really never understood that?

 

[mike031]

extremely sophisticated hackers do this... why? many reasons.. but mostly just because they could. sometimes they go at it randomly, sometimes revenge... sometimes just for fun so they can brag to their friends and/or peers... oh, look i took down google.. or sedo... or whatever other big site. it's all fun and games to them'

 

[dvdrip]

Did I hear "compensation"?
That would be a first!

And if I don't get it, it would be the last of me at sedo...

 

[namestrands]

That is crazy. What do these people get out of it? I really never understood that?

if you want to get into the psycology of it all.. some people see there computer are there partner.. and like most couples they want to procreate.. and we all want whats best for our kids.. we want them to grow into much more.. spread there wings.. hence the reason for creating Bots and Viri.. however this is a very sophisticated attack and would most likely be a DDoS against the main DNS.. Sending hundreds of thousands requests at the same time causes the machines to start thousands of processes.. normally you could isolate the IP address and filter it out.. however this is a distributed attack using Bots on other peoples machines (without there knowledge) in the form of Viri or Spyware.. think of it as a massive grid of computers... because to take down something like SEDO they would need to send 500000 packets a second at the very least.

SEDO.. Contact This Company.. they are in Austria and these guys are the kings of DDoS they have a 24hr emergency number.. 0043-1-715 08 66 they should be able to help you out...

 

[hookah]

extremely sophisticated hackers do this... why? many reasons.. but mostly just because they could. sometimes they go at it randomly, sometimes revenge... sometimes just for fun so they can brag to their friends and/or peers... oh, look i took down google.. or sedo... or whatever other big site. it's all fun and games to them'

Sure these are reasons, too. However there is at least one important reason more: hackers are hired to bring "sth" in the net down. Hired for a big money. And with this scale of attack (not a service with 10 pages on one free server) someone can suppose an intentional, well-prepared attack having a clear reason. And in the era of complex grid networks such attacks become more and more frequent forcing service owners to fix more attention on network security.

 

[GeorgeK]

A lot of online casinos use http://www.prolexic.com/ to combat DDOS attacks.

 

[namestrands]

When I ran theredline .com and asiangamble .com we used something similar.. but our biggest issue was bandwidth and well the lack thereof out in costa rica.. Our Servers were colocated at the government Telco Racsa and we still got attacked at least once a month.. only solution was to IP forward trafffic from a DDOS protection company.. they filtered the traffic and then routed legitimate traffic to us.. never had a problem after that..

Same issues with one of the finance/pension companies.. my first week as IT security Manager we got hit with a DDOS attack.. which coincided with the launch of online insurance claims.. only solution was to take the same action.. reroute our IP Net through another DDOS company and filter it out... after that we got our own 40mbs Link with burst capability of upto 200mbs.. we just rode out the attacks as and rerouted the packets so they could not touch the server processes.

There is no real defence against Grid Attacks and BotNetworks as its impossible to filter out what is legitimate and whats not.. too many variables.. You just need to have a good contingency plan and proper procedures in place to limit the damage.. and backup DNS and your own Zombie Servers...

 

[SedoCoUk]

Hello from Sedo,

all parked domains are now back online and are operating as usual!

The URL forwarded domains (parked at http://www.sedoparking.com/domainname) have been working since 3pm (CET) today.
Now the DNS parked domains (DNS settings set to ns1.sedoparking.com and ns2.sedoparking.com) are back online. Please allow some minutes for the DNS settings to update.

If you have set your A record directly to our parking IP, you don't have to change it. We managed to pull the attack away from this IP. However, please bear in mind that we might need to quickly change an IP address in case of future attacks. If we do not control the DNS settings, we then can't move your domain. Therefore we do not recommend that you point your domain's A record to our parking server.

We have certainly gained a lot of experience during the attack which will help us to fight future problems.

We will discuss compensation tomorrow and keep you updated. Our goal is that you are fully compensated for any loss.
From what we know, the DDoS attack started yesterday afternoon, but we will even look at the stats of the days before yesterday.

Thank you again for your patience and your support.

 

[Theo]

Good to see you guys are back on your feet. The monthly stats don't work BTW.

 

[Equalizer]

forwarded domains (rather than domains using Sedo servers) have expereinced problems in the 3 last months (most people were blaming that to the natural Summer slowdown) ,
eg : July 27th and 8-1-2005 (check your stats) this was prior to the hacking.
What Sedo has to say about this ?

 

[Theo]

I think servers are not very responsive right now. Definitely not up to par, especially on a Sunday evening when overall Internet traffic is low.

 

[namestrands]

Pinging Fine From Here..

Take that back my monitoring software is showing SEDO.COM(webservices) unresponsive however IP is TTL 50