The server is currentlly being DDOS'd for an unknown reason.

Access will be intermittent. The duration of this is unknown.

Attached graph, blue/purple is current incoming traffic. Green is outgoing. Each dotted line is 10MB/s

The attack has resided.

We're still being attacked, however the volume of traffic is much lower. Lag may be present in-game.

Ah so my guess was right. Though I'm stumped as to why anyone would want to ddos a minecraft server.

Thanks for informing us =) should keep the confusion down a little.

Dw folks, we've got a very strong server here, so we'll get through this fine. Just gotta ride out this bit of turbulance

Several reasons Chista.

Member Theft and Competition: Hey, want to join a "non" laggy server.... blah blah blah.

Security: Try and hijack any information. Again well protected against that.

Banned: I've been banned and I am now very very angry... Why not attack a server in revenge!

Bored: Lets see if we can down this server.

Anyway, I can't see it being a rival server, as there has been few adverts going around. Can't see any recently banned members pulling this off unless someone is nursing a very long grudge. So that leaves security or boredom.

Anyway, this is all pure speculation. I'll leave broonie to add any info if he so wishes.

what if we reverse the polarity of the TCP Connection?

Could be the hosting company's the target not CF?

From what I've read it is possible to track down the people behind these kinds of attack, just difficult as it requires the cooperation of a number of system administrators in the chain, especially if source addresses are spoofed.

Hopefully someone'll get bored and attack something else.

s'ok guys. Lets just counter-DDoS attack them with LOIC. I'll backtrace the IP if you post em here broonie, I took computer science III!

Could be the hosting company's the target not CF?

From what I've read it is possible to track down the people behind these kinds of attack, just difficult as it requires the cooperation of a number of system administrators in the chain, especially if source addresses are spoofed.

Hopefully someone'll get bored and attack something else.

boriseng

It wouldn't be the hosting company at all, it was us directly.

I wouldn't be with the host if the max bandwidth of their switches was 100 meg. Before concluding to DDOS'ing a router or switch, that is a separate virtual interface of the hardware, not the switching/routing hardware itself.

It was a direct layer 3 (network( attack on the server from a layer 7 application TCP/IP socket (application), SYN/ACK attack through the headers themselves.

Also there is little to no point in tracing the cause of the attack, more than likely someone with a bot net rented for 5-10 minutes.

Security: Try and hijack any information. Again well protected against that.

Aconan

DDOS'ing is purely a technique to cause downtime, not to obtain information.

s'ok guys. Lets just counter-DDoS attack them with LOIC. I'll backtrace the IP if you post em here broonie, I took computer science III!

404thread

I know the sarcasm here, but you'll need to have a bigger bandwidth pipe than them to 'take them down', if its a single IP.

If it's a single IP then it's not a DDOS attack

you can flood from a single IP. for example a server running Vmachines using the hosts IP as a VM bridge can technically send enough packets to flood a system. I've done it to my brothers just to piss him off while he's playing warcraft "Here chud monkey... have a ping of 999 for a few hours so i can get some bandwidth"

If it's a single IP then it's not a DDOS attack

Winters

IP address header frames can be modified in such a way that it can appear a single IP. Thats what stumps people and as a multi gig connection coming from a single IP through multiple routes on globally distributed WAN will hardly be a single IP in reality. Rather a spoofed packet flooding SYN requests to a single IP that is non existant, resulting in no ACK packages being returned to original sender (or some poor person).

you can flood from a single IP. for example a server running Vmachines using the hosts IP as a VM bridge can technically send enough packets to flood a system. I've done it to my brothers just to piss him off while he's playing warcraft "Here chud monkey... have a ping of 999 for a few hours so i can get some bandwidth"

draze

Of course VMs are suspectible! Why else does the webserver go down all the time? This is not the case with this server, it's physical, layers 1-3 aren't emulated so to speak