[MUD-Dev] ADMIN: Recent outages
J C Lawrence
claw at kanga.nu
Mon Oct 29 23:49:18 CET 2001
Writing as list owner:
Kanga.Nu was the subject of a Denial Of Service attack yesterday
and in the early hours of this morning. The attack mostly came in
two forms:
Port scans/connects
eg: 1.2Million connections to port 32772 between 03:21hrs
and 03:47hrs (all seem to have forged source addresses, such
as 0.0.0.0, various broadcast addresses, etc).
Bandwidth saturation:
eg two simultaneous WGET mirrors of ftp.kanga.nu that ran
continuously (looping) from a couple high bandwidth systems in
Denmark.
Per the logs Kanga.Nu actually withstood this quite well. It
continued to (slowly) serve web pages, accept and send mail, etc
during the attacks. What finally brought Kanga.Nu to its knees
was the logfiles growing too big (eg /var/log/syslog grew almost a
Gig in less than 2 hours, along with 5 other log files pacing it),
a circumstance I had unfortunately not adequately prepared for.
There's a variety of other suspicious log traffic going on, but
sorting it out will take time and care.
Summary:
Once I finish inspecting and detail checking the system, mail
and other services will come back up. This should happen
tonight.
Lists and other activities should be back on line about the same
time.
Moderation may not happen before Weds.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw at kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list