[JDEV] Jabber DevZone News - @jabber.org server

temas temas at box5.net
Wed May 23 12:35:57 CDT 2001 

we're just running into the problem that they have more bandwidth than
us and by targetting a single service they can overwhelm it quickly and
effeciently so the cookies really do little for us.  The pipes just full
(well rate limitted at least) =)

--temas

On 23 May 2001 11:17:43 -0400, Mathew Johnston wrote:
> I assume you've got TCP Syncookies enabled in your kernel (and
> in your /proc files)? :)
> 
> I guess it's time that we encouraged that 'distributed' nature of
> jabber to kick in, and have more people run private servers. :)
> 
> Mat.
> 
> On Wed, May 23, 2001 at 12:35:49AM -0700, Jabber DevZone wrote:
> > @jabber.org server
> > 
> > The following was posted by jer at jabber.org via the Jabber DevZone web site (http://dev.jabber.org/):
> > 
> > For the past few weeks the server hosting jabber.org has been under
> > frequent DDoS (Distributed
> > Denial of Service) attacks.  The type of attack has been a SYN flood
> > to port 5222, originating from
> > various networks and most likely compromised hosts.  We're not sure
> > who or why, and don't yet have any
> > information about the abuse, but it's not uncommon for popular open
> > chat systems to be targeted in    
> > such a way (IRC for instance).
> > 
> > There are two results of the attacks, one is congesting the server on
> > port 5222 so that nobody can
> > connect.  To combat this, as soon as an attack is recognized we
> > immediately apply ipchains filters to
> > block network access to the box and drop all packets from the
> > offending hosts.  The larger problem is
> > that on a few occassions the size of the attack is greater than and
> > overwhelms the amount of bandwidth allotted to   
> > our server (a few T1s).  It takes a bit longer, but the local ISP
> > hosting the server calls the     
> > upstream provider and have the offending networks blocked, returning
> > the 
> > bandwidth capacity to normal.
> > 
> > There have a couple of other service outages recently, due to the
> > development nature of the server  
> > and that often a transport will runaway and consume system resources,
> > bringing the server to a halt. As
> > part of the foundation two new server boxes will be arriving soon, one
> > for the production-only 
> > jabber.org server, and one available to the community for server and
> > transport/services development and
> > testing.  With the server developers getting their own domain
> > (jabelin.org) to [ab]use
> > and the added focus on the quality of services available from the
> > foundation, server uptime and administration should improve :-)
> > 
> > One last note is that the service was just updated to the latest
> > release last night.  The flash5  
> > and HTTP-tunneling socket support is now available directly on
> > jabber.org.  WCS (the Web Client 
> > Service) is now configured as well, and will be activated shortly for
> > testing and experimentation.
> > 
> > http://jabber.org/?oid=1502
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list