I thought it would be good idea to start new thread about this matter. We discusses this problem here:
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356
--
Broken ADSL line, ok that's unfortunately quite normal.
But DoS attacks or even DDoS attacks?
Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?
That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.
As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.
I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.
P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.
- Thank you!
Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm
DoS attacks a growing internet problem
Re: DoS attacks a growing internet problem
Its a DDos (distributed DoS attack).Z wrote:I thought it would be good idea to start new thread about this matter. We discusses this problem here:
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356
--
Broken ADSL line, ok that's unfortunately quite normal.
But DoS attacks or even DDoS attacks?
Its currently only targeting the SMTP server and TrashMail's MX backup servers. I have switched long time ago to a new version of the Postfix SMTP server which accepts only a limited number of connections per IP address per minute. Since I have upgraded to this new version, TrashMail works very fine. Additionally I have banned a lot of whole network addresses!Z wrote: Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?
Don't worry, TrashMail will soon move to a datacenter. And if this would occur, I would ask the datacenter owner to block this IP addresses directly on their backbone routers.Z wrote: That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.
This has been done long time ago with the Postfix upgrade.Z wrote: As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.
Server resources would never be wasted, because TrashMail.net is generally hosted on a machine which owns also another web site which has a huge capacity of resources! Its more a problem of bandwith. TrashMail.net is designed to handle about 1 million active TrashMail.net accounts on a single 1 Unit Server size. If this is not saving power energy, I give up!Z wrote: I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.
No all is fine. Most of things are public here. But for the moment I can only say you, there was no real serious DDoS attack since TrashMail.net has been created. Some attacks are more spam attacks, which means a spammer tries to send spam to over 10 000 different trashmail email addresses. And this spam comes also from a complete bot net and results in a DDoS attack.Z wrote: P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.
Nice, they had real problems. Hope that TrashMail would not have this attacks like in Estonia.Z wrote: - Thank you!
Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH
Who is online
Users browsing this forum: No registered users and 1 guest