[JDEV] Jabber DevZone News - @jabber.org server

Todd Bradley TBradley at jabber.com
Wed May 23 13:02:26 CDT 2001 

FWIW, many of the outtages we've had on Jabber.com have been traced back to
users of Gabber 0.8.2 (and older).  There's a bug whereby Gabber will go
into a rapid reconnection loop and hammer port 5222 with literally thousands
of connection attempts in a few seconds.  This, in turn, floods our firewall
and server and makes it that much harder for Jabber to recover from a
hiccup.  It's essentially a non-distributed DoS.  We block out the offending
IP and then things are back to normal.  Then I try to find who owns that IP,
write them a nice email, and find out that sure enough they use Gabber and
they did notice it acting "strangely" at about that same time.

The new version of Gabber, 0.8.3, supposedly fixes this bug.

As far as having more people run their own servers, I'm all for that!
That's one of the most beautiful things about Jabber to me.  Everyone who
wants can have his own server.


Todd.


> -----Original Message-----
> From: temas [mailto:temas at box5.net]
> Sent: Wednesday, May 23, 2001 11:36 AM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Jabber DevZone News - @jabber.org server
> 
> 
> we're just running into the problem that they have more bandwidth than
> us and by targetting a single service they can overwhelm it 
> quickly and
> effeciently so the cookies really do little for us.  The 
> pipes just full
> (well rate limitted at least) =)
> 
> --temas
> 
> On 23 May 2001 11:17:43 -0400, Mathew Johnston wrote:
> > I assume you've got TCP Syncookies enabled in your kernel (and
> > in your /proc files)? :)
> > 
> > I guess it's time that we encouraged that 'distributed' nature of
> > jabber to kick in, and have more people run private servers. :)
> > 
> > Mat.
> > 
> > On Wed, May 23, 2001 at 12:35:49AM -0700, Jabber DevZone wrote:
> > > @jabber.org server
> > > 
> > > The following was posted by jer at jabber.org via the Jabber 
> DevZone web site (http://dev.jabber.org/):
> > > 
> > > For the past few weeks the server hosting jabber.org has 
> been under
> > > frequent DDoS (Distributed
> > > Denial of Service) attacks.  The type of attack has been 
> a SYN flood
> > > to port 5222, originating from
> > > various networks and most likely compromised hosts.  
> We're not sure
> > > who or why, and don't yet have any
> > > information about the abuse, but it's not uncommon for 
> popular open
> > > chat systems to be targeted in    
> > > such a way (IRC for instance).
> > > 
> > > There are two results of the attacks, one is congesting 
> the server on
> > > port 5222 so that nobody can
> > > connect.  To combat this, as soon as an attack is recognized we
> > > immediately apply ipchains filters to
> > > block network access to the box and drop all packets from the
> > > offending hosts.  The larger problem is
> > > that on a few occassions the size of the attack is 
> greater than and
> > > overwhelms the amount of bandwidth allotted to   
> > > our server (a few T1s).  It takes a bit longer, but the local ISP
> > > hosting the server calls the     
> > > upstream provider and have the offending networks 
> blocked, returning
> > > the 
> > > bandwidth capacity to normal.
> > > 
> > > There have a couple of other service outages recently, due to the
> > > development nature of the server  
> > > and that often a transport will runaway and consume 
> system resources,
> > > bringing the server to a halt. As
> > > part of the foundation two new server boxes will be 
> arriving soon, one
> > > for the production-only 
> > > jabber.org server, and one available to the community for 
> server and
> > > transport/services development and
> > > testing.  With the server developers getting their own domain
> > > (jabelin.org) to [ab]use
> > > and the added focus on the quality of services available from the
> > > foundation, server uptime and administration should improve :-)
> > > 
> > > One last note is that the service was just updated to the latest
> > > release last night.  The flash5  
> > > and HTTP-tunneling socket support is now available directly on
> > > jabber.org.  WCS (the Web Client 
> > > Service) is now configured as well, and will be activated 
> shortly for
> > > testing and experimentation.
> > > 
> > > http://jabber.org/?oid=1502
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list