[JDEV] Jabber DevZone News - @jabber.org server

Mathew Johnston johnston at megaepic.com
Wed May 23 10:17:43 CDT 2001 

I assume you've got TCP Syncookies enabled in your kernel (and
in your /proc files)? :)

I guess it's time that we encouraged that 'distributed' nature of
jabber to kick in, and have more people run private servers. :)

Mat.

On Wed, May 23, 2001 at 12:35:49AM -0700, Jabber DevZone wrote:
> @jabber.org server
> 
> The following was posted by jer at jabber.org via the Jabber DevZone web site (http://dev.jabber.org/):
> 
> For the past few weeks the server hosting jabber.org has been under
> frequent DDoS (Distributed
> Denial of Service) attacks.  The type of attack has been a SYN flood
> to port 5222, originating from
> various networks and most likely compromised hosts.  We're not sure
> who or why, and don't yet have any
> information about the abuse, but it's not uncommon for popular open
> chat systems to be targeted in    
> such a way (IRC for instance).
> 
> There are two results of the attacks, one is congesting the server on
> port 5222 so that nobody can
> connect.  To combat this, as soon as an attack is recognized we
> immediately apply ipchains filters to
> block network access to the box and drop all packets from the
> offending hosts.  The larger problem is
> that on a few occassions the size of the attack is greater than and
> overwhelms the amount of bandwidth allotted to   
> our server (a few T1s).  It takes a bit longer, but the local ISP
> hosting the server calls the     
> upstream provider and have the offending networks blocked, returning
> the 
> bandwidth capacity to normal.
> 
> There have a couple of other service outages recently, due to the
> development nature of the server  
> and that often a transport will runaway and consume system resources,
> bringing the server to a halt. As
> part of the foundation two new server boxes will be arriving soon, one
> for the production-only 
> jabber.org server, and one available to the community for server and
> transport/services development and
> testing.  With the server developers getting their own domain
> (jabelin.org) to [ab]use
> and the added focus on the quality of services available from the
> foundation, server uptime and administration should improve :-)
> 
> One last note is that the service was just updated to the latest
> release last night.  The flash5  
> and HTTP-tunneling socket support is now available directly on
> jabber.org.  WCS (the Web Client 
> Service) is now configured as well, and will be activated shortly for
> testing and experimentation.
> 
> http://jabber.org/?oid=1502
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list