School Is Out And The Kiddies Are Running Another DOS Attack On CU's Webservers

WWW

Run a command prompt and ping any of CU's websites.
Do any of you notice anything amiss?
It's the same as yesterday.

kieferscoins

How old are you www? I don't even know how to ping a firewall.

Cameron Kiefer

keithdagen

How old are you www? I don't even know how to ping a firewall

Sad, the yoots of today. I'm 29 and I can ping a website

WWW

I'm 41 and I blew it with the firewall theroy. But they are certainly under attack right now.
Better still, run a tracert to any of their sites and you'll see what I'm trying to explain.
Windows users: Start/Run/command/ In the command prompt type:
tracert forums.collectors.com and you'll see where the problem occurs.
Same goes for davidhall.com and pcgs.com and so on.

MadMarty

Did you say yoots???

BSqr

I too wondered if yesterday's poor web performance was the result of a (D)DOS attack.

gmarguli

<< <i>How old are you www? I don't even know how to ping a firewall

Sad, the yoots of today. I'm 29 and I can ping a website >>



I'm 29 and I can also ping a website. Hell, I remember the good old days when to get to a site you had to use lynx and searching the internet involved using gopher.

WWW

Don't forget Mosaic. The mother of all browsers.

coindaughter

Will any of you pingers tell us non-pingers what you are pinging and what you see?

Please?

mbbiker

OK i ran it now where's the problem?

Tracing route to forums.collectors.com [64.94.212.253]
over a maximum of 30 hops:

1 13 ms 8 ms 47 ms 10.38.128.1
2 9 ms 13 ms 11 ms 24-196-32-1.shb.wi.charter.com [24.196.32.1]
3 22 ms 49 ms 44 ms 12.119.215.213
4 39 ms 37 ms 34 ms gbr1-p21.cgcil.ip.att.net [12.123.193.50]
5 13 ms 44 ms 24 ms tbr1-p013502.cgcil.ip.att.net [12.122.11.33]
6 17 ms 52 ms 31 ms ggr2-p300.cgcil.ip.att.net [12.123.6.33]
7 70 ms 18 ms 24 ms dcr1-so-3-3-0.Chicago.cw.net [208.175.10.93]
8 73 ms 68 ms 71 ms dcr1-loopback.Anaheim.cw.net [208.172.34.99]
9 71 ms 71 ms 119 ms agr1-so-0-0-0.Anaheim.cw.net [208.172.44.50]
10 81 ms 102 ms 67 ms aar1-loopback.Anaheim.cw.net [208.172.34.2]
11 71 ms 69 ms 71 ms internap.Anaheim.cw.net [208.172.39.10]
12 88 ms 90 ms 67 ms border3.ge3-0-bbnet2.ocy.pnap.net [216.52.96.71]

13 894 ms * 791 ms cuniverse-1.border3.ocy.pnap.net [216.52.98.186]

14 695 ms 563 ms 569 ms forums.collectors.com [64.94.212.253]

dwood

I don't see how you can determine that this is a DOS attack just from latency. More likely a dying router, storm, or dead segment. Assuming CU has an Admin worth his weight in salt, why would kiddies want to take down CU? Logically, all of the sights you listed woud be homed in the same physical location. If a router went bad, they would all be slow.

Could be a DOS, but I doubt it.

DHeath

Greg....and "Archie", but you guys are too young to remember the old days. I used to code Ward Christensens xmodem comm protocol in assembler for micros anytime telecommunications were required by the App, (usually credit bureau or interoffice stuff). 300bps connections were state of the art. GE used to maintain a BBS named GENIE that had a coin forum.

MrKelso

882 MS from there main sight if it replies. Yep someone is DOS'ing them big time.

kyleknap

Pinging??

What in the world is pinging?

ok.....getting back to coins now............this is obviously not my thread

tjkillian

What you would see if you ran a tracert to www.pcgs.com is that once the packet reaches their firewall or border, the packet takes 50 times longer, i.e. normally a 13ms ping suddenly turns to a 803ms ping. Something is seriously wrong, i.e. a DOS (denial of service) attack against pcgs.com.

To do this yourself
Start
Run
Command
tracert www.pcgs.com

Tom

coindaughter

Will you guys speak ENGLISH??!

nwcs

The earliest browser was using the gopher interface, though. It lived for a very short time before the http protocol came around. And all the original mosaic browser did was surf gopher sites, archie/veronica/wais engines, and the default home pages.

I doubt it's a DOS attack. Most modern firewalls can detect those. And if the server is set up correctly, it is easy to fend of those and SYN floods. I know because I set up our initial servers at work. But if it is a DDOS, that's another issue entirely. I still say they need to set up a multi node farm.

Neil

MrKelso

Trace route is showing 856MS at all of the Anaheim locations YEP YEP YEP BIG TIME denial of service attack.

MrKelso

I wonder if they are using the same server to email out there newsletter? That could also be the slowup tonight. My newsletter just showed up in my Note server box

MastaHanky

Could be one of the many worms going around. Perhaps they haven't patched their IIS and SQL servers yet, and just didn't get hit until now.

tjkillian

To ping is the basic way to tell if a computer or site is up and running. Anyone can do it to any site. At a command prompt (DOS Prompt) type: ping www.pcgs.com

It will return either a reply or a request timed out. Many routers are turning ping off so it is not fool proof if it does not return anything, but will let you know if a site is alive if it does reply. You can do that to any site anywhere. It will also tell you the site's ip address.

Tom

MrKelso

Does SQL need IIS to run? I don't remember Geesh it's been to long , i really gotta get back to it and stop plying with Video over IP.

nwcs

A few definitions:

ping: a program that sends a signal to a remote server to see if the server is responding and how long it takes:

trace route: a program that traces the message from your computer to the remote computer and back and shows you all the computers it took to deliver the message to and fro

DOS: Denial of service. An old school approach at shutting down a server by flooding it with requests and thus freezing up the server to prevent it from handling normal requests.

DDOS: Distributed denial of servce. Using the DOS strategy with many different computers. Extremely difficult to defend against.


If they have a good network admin, they would have stopped a DOS by now. But probably not a DDOS. All you'd have to do is find the IP sending a DOS and block it on the firewall.

nwcs

<< <i>Does SQL need IIS to run? I don't remember Geesh it's been to long , i really gotta get back to it and stop plying with Video over IP. >>

No, and if they are smart they would have the SQL server behind the firewall and have a server with a front facing NIC for the outside world and a back facing NIC for communications behind the firewall.

WWW

>If they have a good network admin, they would have stopped a DOS by now. But probably not a DDOS. All you'd have to do is find the IP sending a DOS and block it on the firewall.<

Makes you wonder, eh? Afterall, they got hit yesterday at about the same time. Hello? McFly? Bling, Bling.

coindaughter

Thanks, ncws and tjkillian. A person can learn a lot around here.

Cockney

I thought the way you stopped pinging was to buy better gas?

MrKelso

<< <i>

<< <i>Does SQL need IIS to run? I don't remember Geesh it's been to long , i really gotta get back to it and stop plying with Video over IP. >>

No, and if they are smart they would have the SQL server behind the firewall and have a server with a front facing NIC for the outside world and a back facing NIC for communications behind the firewall. >>



For some reason i just envissioned a Linksys router at there location lol lets hope that they get it secured and soon.

nwcs

Definitely hope they will solve it soon!

dbldie55

They will probably keep the MS stuff. Oh well.

This is so easy to fix. just use the format command and install a non-MS system.

braddick

Everyone wanted consistency, now PCGS is giving it.
Their servers are now as slow as your submission results.

Russ

<< <i>This is so easy to fix. just use the format command and install a non-MS system. >>



Uh, yeah, dbldie55, Unix and Linux are invulnerable to a DDOS attack. (If that's actually what it is).

Russ, NCNE

DHeath

Supercoin, if DH attributes the 72 Ikes, will you call off the attack?

David_R

Hey All -

I speak as an I.S. Insider at CU... We ran into a bandwidth problem and had to upgrade the capacity of our DS-3.

No DOS, DDOS, or anything like that - just a simple capacity issue.

By the way, we're not running Windows, IIS, Apache, or anything else you guys suggested. The sites are actually hosted on a pair of clustered Atari 800's.

thanks!

David R - IS Operations Manager

P.S. I'll be sure to give the hamsters an extra treat tonight - they've been working hard!

Russ

Hi David,

Welcome to hell! You might want to change your name, QUICK!

Russ, NCNE

ursabear

<< <i>Everyone wanted consistency, now PCGS is giving it.
Their servers are now as slow as your submission results. >>



Bhwahahahahahaha

DHeath

I was always an amiga man. Their OS was reentrant.

BTW - David, thanks.

Petescorner

Atari 800s??? You piker! Who else remembers having a Commodore Vic 20 and taking 15 minutes to load a game of Solitaire off of an audio cassette drive?

DesertLizard

David_R,

What a chance to make your first post! SO now we know who to flame when the site is slow!

indianabyron

WOW I remember that petescorner. My friend had a commadore and it had the tape drive. Wow how far we have come. hmmmm well on second thought. They didnt have DOS problems back then.



Byron

crito

IT Rule #1: When all else fails, throw more hardware at the problem

I had the firewall itself come under attack the other day. Have since put it into "stealth mode" (won't back-trace or respond to pings) and switched IPs. Performance problems are gone.