network outage report

| | Comments (0)
We were hit by a DoS attack last night;  or, rather, we were the source of a DoS attack last night, which caused intermittent packet loss.   The traffic was to and from Chinese IP addresses, so clearly, someone was doing it the old fashioned way and spoofing a source address.

Now, most of my Xen hosts do egress filtering.   But turns out I didn't have egress filtering enabled on my router.   My router is a debian box running quagga, so I whip up a few firewall rules.      Of course, I'm a good 10 minutes out from 55 s. market, so I put in a 'sleep 100' then a flush while testing the rules.  Everything looks good during this time period, so I do it again with a 'sleep 1000' 

Turns out my testing was faulty, and the network was down hard for approximately 1000 seconds.  

Yeah.  I feel like an asshole.

I will be getting help before enabling the rules again.

Leave a comment

About this Entry

This page contains a single entry by luke published on February 11, 2014 7:46 AM.

white down; was down last night, too was the previous entry in this blog.

another outage, likely unrelated is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.