Floods, attacks and misdirections

Apologies for the service in the past week, but I think the excuses may be valid.

We had a two-and-a-half day outage when the home town (Gloucester, UK) of the webhost (fasthosts.co.uk) got flooded. Although the server hardware wasn’t affected, electrical power to the town became sporadic, and the ISPs supplying connectivity for fasthosts couldn’t fix the connections for a day.

A few days later, Anthony reports that his pictures server galleries.surfacestations.org is under Denial of Service attack. Obviously somebody hates auditing of the surface record badly enough to try to push his server off the Internet.

At almost the same time, CA appeared to go down. Although we were initially tempted to connect the event with Anthony’s problem, it became quickly clear that the real problem was that climateaudit.org’s DNS entry had been reset back to its previous IP address when it was being hosted by webserve.ca. So my server was fine (I could reach it), but nobody could see it because the DNS entry for http://www.climateaudit.org pointed to the wrong server (which was why auditblogs.com didn’t go awry even though its on the same box)

Steve put in a call to webserve.ca to change the DNS entry back and we’ve been sorted out.

I blame global warming.

Update: Today we’ve had the fun of a router at the webhost going down twice, so that the server is up, but can’t reach the Internet. This is no fun.

14 Comments

  1. Richard deSousa
    Posted Jul 27, 2007 at 3:05 PM | Permalink

    The bastards are really getting desperate… enough to play dirty tricks like foisting denial of service attacks. It appears climate audit and surface stations are really putting a monkey wrench in the plans of the AGW crowd.

  2. Posted Jul 27, 2007 at 3:30 PM | Permalink

    I have no proof that the DOS attack on my server came from anybody whom has an opinion on AGW. It may have been a random attack from a hacker seeking to find weaknesses in my server.

    In any event, we’ve put a stop to it.

  3. Sam Urbinto
    Posted Jul 27, 2007 at 3:41 PM | Permalink

    One way or the other as much as some people whine about the uselessness of auditing the stations and the stupidness of the people bothing to do it, those folks pretty obviously don’t like it being done. I can’t think of any other explanation why somebody would care so much about it but that they are scared of having something other than what they believe proven. Is this a high quality network or not? Why would anyone be scared of finding out how much it is or isn’t? I could see somebody feeling like that DDoSing Anthony’s site, but yeah, unless you found out who was trying to take you down, who knows.

  4. DeWitt Payne
    Posted Jul 27, 2007 at 3:59 PM | Permalink

    Think of it as hitting the big time. No hacker is likely to bother with a minor site.

  5. Jan Pompe
    Posted Jul 27, 2007 at 5:12 PM | Permalink

    #4 DeWitt

    My server is purely private yet I see many dents on my firewall of others seeking known exploits. Sometimes they come so thick and fast it slows my connection down.

  6. John A
    Posted Jul 27, 2007 at 5:29 PM | Permalink

    Everybody gets pinged looking for exploits. What Anthony had was multiple hosts sending badly formed packets in order to knock him off the net.

  7. Sam Urbinto
    Posted Jul 27, 2007 at 6:08 PM | Permalink

    You can buy equipment that stops that sort of thing, you know.

  8. JP
    Posted Jul 27, 2007 at 10:05 PM | Permalink

    I surprised the IT guys didn’t turn off the ICMP ports for the router. If you cannot ping a router, you cannot create a DOS attack. When I bring up a router, one of the first things I do is to remove the ICMP echo response. A person can ping a router, but it will ignore it.

  9. T J Olson
    Posted Jul 28, 2007 at 1:25 AM | Permalink

    My guess is that the DOS attack on Anthony’s site was evoked by FoxNews Channel’s airing of the Tucson site, recently.

    A couple days ago, during a segment called the “Political Grapevine” airing at the bottom of the “Special Report” news-hour, and the host ‘€” Britt Hume ‘€” noted the irony of the location, just as Steve has, and showed an image like the first parking lot one we are familiar with here at CA.

    Furthermore, the story noted that the USHCN stopped making their site coordinates available online.

    Apparently, some AGW ‘„¢ advocate saw this solid criticism as marching orders for waging a cyber-attack. Or was this mere coincidence?

  10. MrPete
    Posted Jul 29, 2007 at 6:48 AM | Permalink

    #7

    You can buy equipment that stops that sort of thing, you know.

    It is not always that easy. Given enough incoming traffic (even if blocked), the local backbone can be flooded. I’ve seen DOS situations requiring coordinated assistance from multiple ISP/NOC/backbone sites up the chain.

  11. Chris
    Posted Jul 29, 2007 at 9:59 AM | Permalink

    Last night, I first noticed that the MMS database now appears to be inaccessible to guest log-ins for whatever reason. Can anyone confirm?

    http://mi3.ncdc.noaa.gov/mi3qry/login.cfm

  12. Jeff C.
    Posted Jul 29, 2007 at 10:08 AM | Permalink

    #11 I’m having the same problem.

    This happens from time to time and just seems to be a quirk. In the past I have contacted the webmaster (jeff.arnfield-at-noaa-dot-gov) and he immediately responded with a very courteous email and quickly corrected the problem. Unfortunately you will probably have to wait until normal business hours to get a response.

  13. Jeff C.
    Posted Jul 29, 2007 at 10:15 AM | Permalink

    #11

    BTW, I have downloaded and compiled much of the station metadata previously. If you are looking for info for a survey this weekend, post what you need and I or someone else probably has it.

  14. Jason Blouno
    Posted Aug 6, 2007 at 2:46 PM | Permalink

    #10, MrPete, in the old days maybe so, but these days, you can get appliances that do a great job protecting networks, such as the ones that Tipping Point sells just for that purpose, and it works great right out of the box. In the old days you had to tweak that stuff a lot or you would get a lot of false positives but that’s not true any more. This ain’t the old days no more!

Follow

Get every new post delivered to your Inbox.

Join 3,254 other followers

%d bloggers like this: