is arp getting dos'ed again or is it just my vps having issues? pinging kvr15 and my vps both give about 90% packet loss curiously arpnetworks web site pings ok see the network graphs yeh i had 3 megabit peak weirdly quite a way back on the first graph but pretty low really. 328 gig in the last year for monthly. i just did an email well that guy was pinging out a lot. I too am getting 95% packetloss to my VPS on Kvr15 Morning people, anybody else experiencing packet loss? ~75% for the last one and a half hour or so... Nevermind, looks like it's been solved. :D mercutio: mnathani SpaceDump : a vps on kvr15 was dos'd. i was out and kept getting problem / recovery alerts. thought it might subside on its own, but it didn't. the target has been shutdown and i'm in the process of null routing the IPs. but at this point, kvr15 should be A-OK, since the target vlan is dead milki: the network graphs won't show a DoS to anyone but the target customer (like, mercutio wouldn't know if a dos occurred by looking at his graphs, unless he's the target) up_the_irons: I can confirm that it's no longer a problem. :) SpaceDump: roger, thanks another former customer :P irc is bad for vps customers. :p up_the_irons: well yeh i didn't think i was the target, thought i oughta check just in case though thanks for nulling them, maybe need something automatic? mercutio: yeah mercutio: null routing is a bit drastic for an automatic process. you really want to vet the problem first. but yaeh it was basically unusuable. well if it's 95% packet loss.. Automatic is bad, then someone can shutdown your vps for you (well, the network).. You wouldn't like that. :] yeh but people get kicked off if they get dos'ed anyway i thik? even if the automatic isn't nulling but limiting them to like 20 megabit or somethign mercutio: the thing is, it is hard to differentiate an attack vs. some other legit problem, based solely on packet loss alone well true that's why there are programs to detect ddos and telnet into the router and add a community to null route and/or block on router i dunno why people like to get ddos'ed? They don't. :p err i don't know why i said that mercutio: but where would that program run? my setup doesn't use shared vlan's, so i wouldn't think it feasible to run a separate process for each customer i don't know why people get such a buzz out of ddos'ing umm switch ports sflow/netflow or router it reads the sflow/netflow, sees if it's something stupid mercutio: i don't have an sflow card (and no free slots to add one). cisco is cheap about sflow too (like, it doesn't come by default ;) up_the_irons: How often does it happen that you get a ddos today? SpaceDump: today? ahh up_the_irons: nowadays SpaceDump: it's probably the same as it always has been. just unlucky i got two in like a week. since i kill the customer when it happens, it doesn't really "pile up" as we grow That's what I meant. It's pretty easy to handle manually. :) "cisco is cheap about sflow too (like, it doesn't come by default ;)" <-- so cisco is expensive about sflow? ;) jdoe: why, yes :) as in, the cheapskates don't just include it ;) jdoe: like on Foundry,it's just there, even on the low ass end $500 switch. hardware based slow, awesome. cisco is expensive about everything yup brb this new colour schme for weechat is working much nicer still using irssi. ... weechat looks interesting, but not compelling enough to switch. and I remember it being ridiculously unstable. can't get 3.8 to compile :( otherwise, i'd try the new colors bored.