Repgeek ??

[onzenuub 309]

Yup - shame the company is actually Greek (their admin centre is in Athens...)

Well that explains it all. If they are Greek they won't give a shit until early next week. Priorities!

[greg_r 84]

that fits in pretty good with that whole sparta thing.

 

[hk45ca 0]

ok, i still just want greg's watch.....just sayin.

[onzenuub 309]

ok, i still just want greg's watch.....just sayin.

I'll ask his wife if she is oke, oke?

[greg_r 84]

Whose wife?

 

*confused*

[onzenuub 309]

Whose wife?

 

*confused*

 

Yours ofcourse, you knew.

[JohnG 41]

Whose wife?

 

*confused*

 

Yours ofcourse, you knew.

Of course he knew. I knew too.

[JoeyB 0]

Yup - shame the company is actually Greek (their admin centre is in Athens...)

Well that explains it all. If they are Greek they won't give a shit until early next week. Priorities!

Yes. PRIORITIES!!!

[onzenuub 309]

Whose wife?

 

*confused*

 

Yours ofcourse, you knew.

Of course he knew. I knew too.

 

 

Ofcourse he knew and you knew ofcourse, what time are you leaving for work tomorrow?

[JoeyB 0]

Hey greg_r, if you are concerned about Onze, JohnG and I will keep an eye on her for you.

[JohnG 41]

He isn't talking to us, we pushed him too far I think.

 

I told you in that pm YESTERDAY that the fued thing was going to piss him off.

[JoeyB 0]

Oh. I thought he sent the PM. Oops.

[JohnG 41]

Thought it was time to get people talking at RWG.cc about what might REALLY be going on (thanks Greg for the raw material for this post ):

 

 

What is this I hear that it is NOT a DOS attack? I heard that

 

1) such a DOS attack is unheard of, they last hours at most, not days or weeks.

 

2) such an attack would require a HUGE botnet (zombie machines all sending connection requests to the RG servers) that would cost MANY tens of thousands of dollars to hire (even into the hundreds of thousands by now, given the length of the "attack")...

 

3) The host is one of the largest and most respected in Europe (its in NL) and would have the gear to handle such an attack.

 

4) RG is going to cough up 40k for a appliance from Cisco? Kind of hard to believe....

 

5) WHY? Big big big bucks and effort to attack RG? WHY?

 

 

Dunno, just doesn't make a lot of sense to me, based on what I have been hearing... I wonder if something else is going on here....

[greg_r 84]

Hey greg_r, if you are concerned about Onze, JohnG and I will keep an eye on her for you.

 

Very comforting...

 

As I keep telling Onze, she's far too good for the likes of you...

[greg_r 84]

Thought it was time to get people talking at RWG.cc about what might REALLY be going on (thanks Greg for the raw material for this post ):

 

You're welcome. Greg (the OTHER one, dammit! ) made a similar post over at RWI.

 

Should get the popcorn poppin'

 

 

[JohnG 41]

Thought it was time to get people talking at RWG.cc about what might REALLY be going on (thanks Greg for the raw material for this post ):

 

You're welcome. Greg (the OTHER one, dammit! ) made a similar post over at RWI.

 

Should get the popcorn poppin'

 

 

Oooohhhh, RWI one must be good, given all the Sparta jealousy they have there in the "Land of the Banned"

[greg_r 84]

Thought it was time to get people talking at RWG.cc about what might REALLY be going on (thanks Greg for the raw material for this post ):

 

You're welcome. Greg (the OTHER one, dammit! ) made a similar post over at RWI.

 

Should get the popcorn poppin'

 

 

Oooohhhh, RWI one must be good, given all the Sparta jealousy they have there in the "Land of the Banned"

 

Actually nope - it said pretty much what we've already said here...

[JohnG 41]

Thought it was time to get people talking at RWG.cc about what might REALLY be going on (thanks Greg for the raw material for this post ):

 

You're welcome. Greg (the OTHER one, dammit! ) made a similar post over at RWI.

 

Should get the popcorn poppin'

 

 

Oooohhhh, RWI one must be good, given all the Sparta jealousy they have there in the "Land of the Banned"

 

Actually nope - it said pretty much what we've already said here...

I only saw a thread in OT, pretty lame, not even a Fakemaster post....

[greg_r 84]

I only saw a thread in OT, pretty lame, not even a Fakemaster post....

 

This is the thread:

 

http://www.replica-watch.info/phpBB3/viewt...p;sk=t&sd=a

 

Greg's post was towards the end - somewhere around 95th post. ish.

[JohnG 41]

I only saw a thread in OT, pretty lame, not even a Fakemaster post....

 

This is the thread:

 

http://www.replica-watch.info/phpBB3/viewt...p;sk=t&sd=a

 

Greg's post was towards the end - somewhere around 95th post. ish.

Better, a few Fakey posts, but nothing exciting.

 

Some rehashing of Jandrew controversy and results of their anti-Jandrew threads on RG....

[greg_r 84]

Yup. Mostly snoozeville

[JohnG 41]

Yup. Mostly snoozeville

Those guys just have no passion... no joie de vivre

[greg_r 84]

Was talking to a very close friend earlier (I'm godfather to both his kids). He's senior network honcho for one of the world's biggest service providers - his responsibility being the routers that provide the backbone that regular ISPs hang off. We're talking the central core of the internet here. Prior to this job he was an Internet Specialist at Juniper networks, providing security and router support to companies like AOL and other major ISPs.

 

Network/Internet protocols are an area I'm pretty well up with, but a second opinion is always worth having - and he knows quite a bit more about DDoS security procedures than I do. I told him the basic facts and the info we've had from RG - leaving out any speculation. His reaction was, and I quote: "d'oh. Brothers Grimm strike again. NFW." Incidentally, EuroVPS were a Juniper customer (which also makes it odd that they're buying Cisco gear btw). He's worked with them when he was at Juniper.

 

I'd love to know the real story...

 

Meantime we wait...

[JohnG 41]

Just posted on RWG.cc -

 

I have been holding my tongue on commenting on this, but if there is a DDos attack involved the RG Admins aren't going to say much about what happened or how they fixed it because they don't want to tip off the perpetrators about what to try next. I will give some general answers to your points though to help everyone understand how these things 'could' be happening, because a lot of people are making incorrect assumptions about DDoS attacks.

 

1) No it's not, I had an online casino client that was hit with one that was attempting to flood the site with over 1GB of traffic. Very few NOC's can handle that and we were fortunate that we had bandwidth with several ISP's to help fend it off. We had several attacks which escalated over a two month period of time, the last of which went on for two straight weeks. They finally gave up as our site couldn't be taken down with a DDos attack of that size due to the security we had in place and the insane amount of bandwidth we bought. We got lucky as we put everything in place about a month before we got hit, after one of our competitors got hit. They were completely offline for three days and spent millions to get it to stop. A site like RG probably only needs 5-10 MB of bandwidth to keep it online. That size pipe is amazingly easy to flood. One person could do it from their home PC if they wanted to. It wouldn't have lasted this long of course, as RG's ISP could easily dispatch an attack from one IP address. Fact of the matter is that any DDos attack can be fended off if you have enough cash to do so. My guess is that RG isn't in that kind of financial position so some time has been spent to evaluate other less costly options than can work for the Admins who have to pay the bills.

 

2) Huge botnets are common, and are cheap to administer and run. A script kiddie can put together a small one in a few hours that can do serious damage. Certainly you can hire them out, but many are used by their own creators for evil purposes.

 

3) As I said earlier it depends on how big the attack is. They may have enough gear to slow down or fend off the attack, but if more bandwidth is flooding the NOC than they have connectivity for, it doesn't matter how much gear they have. Also, they could intentionally be keeping the site offline for a period of time in an effort to get the botnet operator to get bored and move along. When bringing sites back up after these things you run the risk of having the attack start up again and crashing you yet again if you aren't careful. My guess is the Admins are spending a lot of time looking at possible solutions vs costs to deploy them as I'm sure they are on tight budgets to keep the site alive.

 

4) Any appliance you can put in place to mitigate these things has to go out on the edge to be effective. If RG is paying for it directly, I would be surprised. To have any shot at stopping anything more than 'amateurs' fooling around, you can't put these security appliances on your own network because your bandwidth pipe will fill up before it has a chance to do anything. It has to be at the ISP so your pipe stays clean and the traffic gets bounced at the edge. They are far more likely going to be paying an additional fee for security services.

 

5) Again, not big bucks to do this. Once the attacker has the botnet set up, they can release it on anything. Assuming the DDos attack is the real cause, my theory is this, RG was attacked due to the casino. The casino was taken down a few days before the site went down completely is why I believe this. If it was an intentional hit it was done because of the casino, and probably the misguided belief that it was a cash casino, not geekbucks. Even though botnets are not expensive to use (or deploy) the operators of them want to use them to make a profit. That's why spam is sent using them, and why you see things like online casinos and othe financial sites getting hit. The operators are looking for cash/banking info, or to extort money from the site owners as ransom to make it stop. The only other explaination is an amateur let a botnet get away from them, but given the length of time RG has been offline I'd have to believe this was a professional job. I also doubt any hardware failures, corrupt DB's etc. It's too easy in this day and age to replace that stuff and get back online, even if you lose data in the process.

 

 

 

 

 

 

 

 

.

[greg_r 84]

Saw that. Not going to post to that thread as I really don't want to get into a pointless argument. He's right as far as it goes. The thing is that he's talking about a massive commercial site that will have been hosted on a dedicated server (possibly several dedicated servers) at the end of a fat pipe. Lots more bandwidth, but easier to take down unless, as in the instance of his client's casino that survived an attack, they're sharing bandwidth over several fat pipes.

 

As I said in one of my earliest comments on this situation, if it was a dedicated server on the end of a private pipe that's one thing - if, however, it's a virtual server (i.e. a shared machine in a managed datacentre, which is what their hosts specialise in), then that's another matter entirely. And they wouldn't be buying a Cisco XT5650 in that instances as the hardware is managed by the host.

 

Also bear in mind that an attack against a VPS-based host would take several sites down, not just RG as it would saturate the connection to every virtual server running on that particular piece of hardware - it's the reverse of tomhorn's situation; several virtual servers sharing the same hardware and pipe to the internet. It would be the hosts setting up DDoS protection (and you can bet your ass that EuroVPS already have it).

 

Basically we're not comparing like with like - it still doesn't add up.