DoS attacks a growing internet problem

This is a general forum about all topics, i.e. TrashMail.net, spam mails, email protection, privacy and other things.

Post Reply
Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

DoS attacks a growing internet problem

Post by Z » 07 Jun 2007, 07:36

I thought it would be good idea to start new thread about this matter. We discusses this problem here:
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356

--

Broken ADSL line, ok that's unfortunately quite normal.

But DoS attacks or even DDoS attacks?

Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?

That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.

As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.

I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.

P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.

- Thank you!

Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm

Admin
Site Admin
Posts: 1239
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: DoS attacks a growing internet problem

Post by Admin » 07 Jun 2007, 18:29

Z wrote:I thought it would be good idea to start new thread about this matter. We discusses this problem here:
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356

--

Broken ADSL line, ok that's unfortunately quite normal.

But DoS attacks or even DDoS attacks?
Its a DDos (distributed DoS attack).
Z wrote: Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?
Its currently only targeting the SMTP server and TrashMail's MX backup servers. I have switched long time ago to a new version of the Postfix SMTP server which accepts only a limited number of connections per IP address per minute. Since I have upgraded to this new version, TrashMail works very fine. Additionally I have banned a lot of whole network addresses!
Z wrote: That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.
Don't worry, TrashMail will soon move to a datacenter. And if this would occur, I would ask the datacenter owner to block this IP addresses directly on their backbone routers.
Z wrote: As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.
This has been done long time ago with the Postfix upgrade.
Z wrote: I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.
Server resources would never be wasted, because TrashMail.net is generally hosted on a machine which owns also another web site which has a huge capacity of resources! Its more a problem of bandwith. TrashMail.net is designed to handle about 1 million active TrashMail.net accounts on a single 1 Unit Server size. If this is not saving power energy, I give up! :D
Z wrote: P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.
No all is fine. Most of things are public here. But for the moment I can only say you, there was no real serious DDoS attack since TrashMail.net has been created. Some attacks are more spam attacks, which means a spammer tries to send spam to over 10 000 different trashmail email addresses. And this spam comes also from a complete bot net and results in a DDoS attack.
Z wrote: - Thank you!

Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm
Nice, they had real problems. Hope that TrashMail would not have this attacks like in Estonia. :D
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Post Reply