Menu
What's new
UOGamers Community

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • To obtain new Razor updates, please reinstall Razor from our new website.

Shard is (no longer) back up - UPDATED

Status
Not open for further replies.
C

comwiz72

Wanderer
Red Squirrel said:
Easiest way is to just get a hardware firewall, a cheap router will do the trick, since your external IP will point to the router so if the router is properly configured, not much can be done to it, your machine will be behind it and even if it's ports are open, they can only be accessed from your network, unless you forward them to a machine...

...But a sofware firewall like ZA should do the trick as well, but in my opinion a router is better, and leaves room for future expansion, and that's a nice word for network people. :D
Click to expand...

Yeah I run a lovely little Cisco Router and ZoneAlarm, and we all know Cisco ARE the network peeps :D

Personally, I wouldn't have kept the attack going this long PERSONALLY, sitting there myself. They guy had probably activated the attack by signalling his zombie machines, which are going to keep running the attack until he signals them to stop. He's probably forgot to tell them to stop!
If so, it may be a while before the zombies give demise a break, or until this guy want to target someone / thing else...
 
D

DarkLotus

Wanderer
its really quite sad all these people rambleing on about their ideas to fix things, dont you think others have thought of them before?

you all keep going on about firewalling.
how do you plan on doing that when
a. you cant block the ports they attack
b. there is thousands of ip's which can be spoofed
and anyway the size of the attack ( from what i know ) is crippleing the isp as well, so if it goes Zombies > Internet > ISP > firewall > demise. that dosent helpmuch since the isp cant cope with the ddos

and in answer to the guy who thinks the ddoser forgot to tell the machines to stop, thats the most stupid thing ive heard.

i highly doubt he would have set it to run forever, he mostlike has other things to ddos, or shares his network.
it would be a waste to keep ddosing when the ip is nullrouted


anyway all topics like this do is give teh guy doing it a damm good laugh
 
R

Red Squirrel

Wanderer
Ports are not what has to be blocked since these are not regular http packets but lower level like ping, what needs to be blocked is those type of packets.

A firewall, or cluster of them would work, but be costly.
 
D

Dathras

Sorceror
What is the latest on the situation?

Hate to break into the discussion of everyones ideas about how to prevent this with death rays and all, just want to know if there has been any progress on returning the server to a playing status?
 
V

Vlad_The_Impaler

Wanderer
Inquiring minds...

I'd like to know as well since trying to play on SFU kinda sucks, and i don't want to get toooo involved playing chars on rebirth.... so what is the status oh (un)Holy ones...

Death rays?... now theres an idea....
 
C

comwiz72

Wanderer
DarkLotus said:
its really quite sad all these people rambleing on about their ideas to fix things, dont you think others have thought of them before?

you all keep going on about firewalling.
how do you plan on doing that when
a. you cant block the ports they attack
b. there is thousands of ip's which can be spoofed
and anyway the size of the attack ( from what i know ) is crippleing the isp as well, so if it goes Zombies > Internet > ISP > firewall > demise. that dosent helpmuch since the isp cant cope with the ddos

and in answer to the guy who thinks the ddoser forgot to tell the machines to stop, thats the most stupid thing ive heard.

i highly doubt he would have set it to run forever, he mostlike has other things to ddos, or shares his network.
it would be a waste to keep ddosing when the ip is nullrouted


anyway all topics like this do is give teh guy doing it a damm good laugh
Click to expand...


im not syaing at all that zonealarm helps, i was just mentioning in passing my setup, if i dont know that a ddos uses pings and cant be blocked by zonealamr and other firewalls then i should be fired...

and it is quite possible he scripted the setup, and forgot to stop it. why would he keep it going continually?
 
V

Vlad_The_Impaler

Wanderer
ISP attack?

DarkLotus said:
there is thousands of ip's which can be spoofed
and anyway the size of the attack ( from what i know ) is crippleing the isp as well, so if it goes Zombies > Internet > ISP > firewall > demise. that dosent helpmuch since the isp cant cope with the ddos
Click to expand...


It kinda makes me wonder, if the ISP is being attacked and not just specificly aimed at a particular port (Demise itself) then the ISP should be doing an investigation itself since I'm sure demise isn't the only thing on it's servers. I kinda would like to know which ISP so that i may remember not to use it for any of my web serving needs.
Of course this is meant only if the server is being run by a commercialy available buisness.
 
mrpink

mrpink

Sorceror
Very good question to ask. FINALLY something worth asking...

Are the game servers @ EV1 (demise & hybrid) the only servers being attacked? i.e. is ANYONE else having to be null routed?
 
K

KRISTJAN

Wanderer
It is a problem

Red Squirrel said:
I'm sure this is affecting the rest of their network in a way or another.
http://www.cisco.com/univercd/cc/td...ios113ed/113ed_cr/secur_c/scprt3/scdenial.htm
Click to expand...

Sorry but I don't agree with you ... hybrid was still up and running 24 to 36 hours after Demise got down.

There is something wrong ... I am starting to think of a bug or else a worm that went out of control.

Where there any updates latly in the ISP or else EV1 ?

I don't think this can be joke ... no one is that stuipid to keep ddos for 2 days and more :confused:

There must be a bug in the system ...
 
[Drakull]

[Drakull]

Knight
Don_Blast said:
Sorry but I don't agree with you ... hybrid was still up and running 24 to 36 hours after Demise got down.

There is something wrong ... I am starting to think of a bug or else a worm that went out of control.

Where there any updates latly in the ISP or else EV1 ?

I don't think this can be joke ... no one is that stuipid to keep ddos for 2 days and more :confused:

There must be a bug in the system ...
Click to expand...
The problem is that they don't really need to keep the ddos attack for more than 2 days, just from time to time (example, 5 minutes every hour or so). That's enough to take us out and the remaining time is just having us null routed from EV1 as security measure (24 to 72 hours). Something interesting: today at 1:25 pm (pacific time) there was 1 client logged in in the statistics (it seems that someone was logging in while the save game get in). I've a client trying to log every few minutes, but I don't think that I actually achieved to log in (can't tell for sure as a power spike/loss reboot the sytem one hour and a half before arriving home... yes, I'm a log-maniac ;) ).
 
R

Red Squirrel

Wanderer
Could be the hacker did something more then just a DoS and is just continuing the DoS to make it take longer for staff to be able to ssh in and find out the issue.
 
A

ASayre

Guest
The one client logged in on the Reports page that's seen is when the sallos->Demise connection is active to get the online count. Because both computers asre on the same network, they can still talk to EACHOTHER.
 
A

ASayre

Guest
Don_Blast said:
Sorry but I don't agree with you ... hybrid was still up and running 24 to 36 hours after Demise got down.

There is something wrong ... I am starting to think of a bug or else a worm that went out of control.

Where there any updates latly in the ISP or else EV1 ?

I don't think this can be joke ... no one is that stuipid to keep ddos for 2 days and more :confused:

There must be a bug in the system ...
Click to expand...

It's. A. DDoS. Let's not start rumors, kays?
 
[Drakull]

[Drakull]

Knight
ASayre8 said:
The one client logged in on the Reports page that's seen is when the sallos->Demise connection is active to get the online count. Because both computers asre on the same network, they can still talk to EACHOTHER.
Click to expand...
Thank you for the answer, Asayre8. :)
 
K

KRISTJAN

Wanderer
Pbguy434 said:
I believe that Asayre would tell us that if it was true.
Click to expand...

I didn't intend to say admins 'lied' to us... :mad:

I just gave some other possiblities. I know the admins would like demise up and running more we do and if they wanted it shut they would just say it. So please do not misinterpretate what I say :eek:
 
mrpink

mrpink

Sorceror
ASayre8 said:
The one client logged in on the Reports page that's seen is when the sallos->Demise connection is active to get the online count. Because both computers asre on the same network, they can still talk to EACHOTHER.
Click to expand...

Speaking of Sallos, I suck compared to everyone now.... I tried to play the other day and im terrible.... plus nobody I was playing with spoke english :(

I remember the earlier days and I was decent!
 
Status
Not open for further replies.
Top