Network issues (continued)

[Ryan]

Since I’ve already been hit with about 100 IM’s and 4500 PM’s and so on and so forth… I figured its time to let you all know what happened.

Yesterday (10/24/2005) at approximately 11:50 EDT the RunUO Network was hit with a massive Denial of Service attack that saturated our provider’s datacenter.

At approximately 12:05 PM EDT the RunUO Network was null routed in order to alleviate its traffic off of the datacenter. The datacenter’s operations returned to normal at around 13:00 EDT.

From that point until 11:00 AM EDT today (10/25/05) we have been offline and stayed offline to ensure that no one would be affected by a continued attack.

I’ve pulled this definition for you: On the Internet, a denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy programming and files in a computer system.

In short a user was upset at the RunUO Team, launched a massive Denial of Service (10 gigabit plus) against our network and forced us to take it off line. Afterwards I spoke with this user at length and he has assured me this will never happen again. Of course… there’s no way of knowing.

In the end folks, this service is free but this attack affected thousands of customers at our datacenter who have done nothing other than choose the same internet provider we use. I find it despicable that anyone would attack us or any other person on the internet in a scale that will actually affect people who use the service to put food on the table for their families.

We’ve had some long conversations with our datacenter and will be doing some changes to the RunUO Network over the next few days to hopefully bring some sanity back into our world. At this point and time we are debating keeping our IRC network as it has been the target of a few of these attacks.

For the record these are the graphs of the attacks on the links to the datacenter:

Abovenet Gigabit Links 1, 2 and 3






Cogent Gigabit Links 1 and 2




Verio Gigabit Links 1, 2, 3 and 4








XO Gigabit Link




As you can see by the sharp drop in these bandwidth graphs to the middle/left of the graph the entire datacenter pretty much lost its connectivity. This affected thousands of other customers, not just our HOBBY. That is unacceptable and it cannot happen again.

Those of you that think you’re attacking us need to step back and realize you’re messing with people’s livelihoods, not our game servers. No offense to anyone but we don’t care if the game servers get taken out because they are a HOBBY for us. We do however care when peoples businesses get affected.

In the end, the RunUO network is back online, routes are falling back into place and things are looking good. If you have a friend that cannot get connected to our servers please have them run a traceroute (start -> run -> cmd -> tracert 67.15.137.2) and paste the results in this thread.

[Alis]

Well thats normal thank god the data is saved

[Wind Minstrel]

You "had a talk with the guy"? You're a better man than me -- the only talk I'd be having if I knew his identity (and he was out of baseball bat range) would be with the FBI.

[gorf]

Ryan and RunUO Staff,
I am sorry to hear of something like this happening. It is unfortunate to the RunUO community for all you do and the other people that are serviced by your provider for something like this to happen. I commend you and your team for all that you have done. Thankyou for your Hardwork.
Gorf

Oh I'm sure he'll be having a talk with RunUO's internet provider.

[Nora]

We got the same in Argentina, 2 weeks ago! yes!

[TMSTKSBK]

Good grief. Does this user have nothing better to do?

[Jeff]

Quote:

Afterwards I spoke with this user at length and he has assured me this will never happen again.

Umm, does this line mean Ryan talked to the person that did the DOS attack? cause if he had is he going after this guy, or is the data center, its a federal crime to do this. I know some guys from the Secret service: Electronic Crimes division if Ryan needs some help on what todo.

[Phantom]

Quote:

Originally Posted by Sorious

Umm, does this line mean Ryan talked to the person that did the DOS attack? cause if he had is he going after this guy, or is the data center, its a federal crime to do this. I know some guys from the Secret service: Electronic Crimes division if Ryan needs some help on what todo.

When their goverment doesn't go after people like this, its sort of pointless to report them, but talk to them and tell them what they want to hear.

The problem people don't seem to understand is. If because of an attack, it costs Ryan enough money, he will just not run the website. There is a difference between running a website and paying for its costs, and having some kid attack the service your using, and having to pay for the damages. So before you make attack towards UO Gamers and RunUO, think if its really worth it, because without Ryan we have nothing.

Attacks on RunUO and UO Gamers does effect other people, sometimes very large companies, who can and will go after you no matter where you are. Ryan is just a small fish in a very large lake. Attacking the small fish, can make the bigger fish upset, who can go after you.

Just because this person, talked to Ryan, it doesn't mean somebody else won't go after him.

What he did was wrong, and the thing/or creator of life will be the final judge. Basicly karma will come back to him, and he will wish he never did it, he might be laughing now but that will change. Since karma and our final judgement always will come back to haunt us.

Yes I am one of those types of people who believe in a final judgement. I just don't believe in something/someone that guides us, our actions are our own, and till that time where we leave our loved ones we are on our own. So the only person he will have to worry about is himself. The guilt of taking food from somebody who is trying to make a living reselling hosting, and because of his actions, he had to refund people money.

I mean those are the types of actions that have happen, and are only because of him, so in the future think about the other people. Plus the fact if it happens again, your risking alot for the entire community.

[Jeff]

Quote:

Originally Posted by Phantom

When their goverment doesn't go after people like this, its sort of pointless to report them, but talk to them and tell them what they want to hear.

The problem people don't seem to understand is. If because of an attack, it costs Ryan enough money, he will just not run the website. There is a difference between running a website and paying for its costs, and having some kid attack the service your using, and having to pay for the damages. So before you make attack towards UO Gamers and RunUO, think if its really worth it, because without Ryan we have nothing.

Attacks on RunUO and UO Gamers does effect other people, sometimes very large companies, who can and will go after you no matter where you are. Ryan is just a small fish in a very large lake. Attacking the small fish, can make the bigger fish upset, who can go after you.

Just because this person, talked to Ryan, it doesn't mean somebody else won't go after him.

What he did was wrong, and the thing/or creator of life will be the final judge. Basicly karma will come back to him, and he will wish he never did it, he might be laughing now but that will change. Since karma and our final judgement always will come back to haunt us.

Yes I am one of those types of people who believe in a final judgement. I just don't believe in something/someone that guides us, our actions are our own, and till that time where we leave our loved ones we are on our own. So the only person he will have to worry about is himself. The guilt of taking food from somebody who is trying to make a living reselling hosting, and because of his actions, he had to refund people money.

I mean those are the types of actions that have happen, and are only because of him, so in the future think about the other people. Plus the fact if it happens again, your risking alot for the entire community.

Agreed!

[Wind Minstrel]

You know, Ryan, you don't even have to report the fucker to the fibbies. Just let us know a screen name or email address or something, and you can count on us making him ... uhh, uncomfortable.

If anyone took a shot at one of my servers (let alone a production server), I'd be pissed. I admire your magnanimity.

[XxSP1DERxX]

Phantom is right, there is no point in reporting a person like this to American authorities when they are protected by their countries laws, or lack thereof. If EV1 or Verio decide to take action, they will so.
As a matter of fact, two datacenters were taken completely offline due to this, and if I remember correctly, that was a whole subnet. I really do hope that EV1 does as much as possible, even if this kid says it will never happen again.

[Roxin]

I doubt it's just some punk kid if he's utilizing over 10 gig of bandwidth to do it.
That kind of INTERNET POWER cannot be unleashed from a simple home PC.

[maxilar]

I can't connect to anything in the runuo network, i'm only posting here trought an US proxy, i live in Brazil, and here are the results of the trace i runned.

Microsoft Windows XP [versão 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.



C:\>tracert 67.15.137.2

Rastreando a rota para ev1s-67-15-137-2.ev1servers.net [67.15.137.2]
com no máximo 30 saltos:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 14 ms 15 ms 13 ms 200.101.108.254
3 13 ms 15 ms 13 ms BrT-G5-0-751-bsacecore01.brasiltelecom.net.br [2
01.10.248.117]
4 15 ms 13 ms 12 ms BrT-G3-2-bsaceborder.brasiltelecom.net.br [201.1
0.209.50]
5 179 ms 184 ms 178 ms sl-gw9-nyc-7-2.sprintlink.net [160.81.182.53]
6 174 ms 174 ms 174 ms sl-bb20-nyc-11-1.sprintlink.net [144.232.7.93]
7 177 ms 171 ms 168 ms sl-bb22-nyc-8-0.sprintlink.net [144.232.7.106]
8 173 ms 166 ms 163 ms sl-bb21-nyc-14-0.sprintlink.net [144.232.7.101]

9 * 177 ms 173 ms p16-0-1-2.r20.nycmny01.us.bb.verio.net [129.250.
9.173]
10 * 173 ms 171 ms xe-0-3-0.r21.nycmny01.us.bb.verio.net [129.250.2
.33]
11 * 183 ms 184 ms p16-1-2-0.r21.asbnva01.us.bb.verio.net [129.250.
2.35]
12 153 ms 150 ms 150 ms xe-1-3-0.r20.asbnva01.us.bb.verio.net [129.250.2
.170]
13 216 ms 218 ms 220 ms p16-0-1-1.r21.dllstx09.us.bb.verio.net [129.250.
5.34]
14 221 ms 226 ms 224 ms p16-6-0-0.r02.hstntx01.us.bb.verio.net [129.250.
5.101]
15 229 ms 228 ms 224 ms ge-6.ev1.hstntx01.us.bb.verio.net [129.250.10.19
0]
16 198 ms 202 ms 202 ms gphou-66-98-241-29.ev1.net [66.98.241.29]
17 200 ms 200 ms * gphou-66-98-241-116.ev1.net [66.98.241.116]
18 202 ms 197 ms 201 ms ev1s-67-15-137-2.ev1servers.net [67.15.137.2]

[Foreverzero]

I agree that going to the FBI wont do much for something like this, thanks to the fact of everything else going on in the US now. But deff report him to his internet company, they will take the action from there even if it is just shutting him off, granted that might just piss him off even more but hey who knows, if it was me id be at his house with a molotov cocktail and a baseball bat.

[Hoss]

Here's my friend's Tracert:

2 144 ms 72 ms 77 ms rd1so-ge1-3-2.cg.shawcable.net [64.59.129.130]
3 189 ms 33 ms 15 ms rc1so-ge6-0.cg.shawcable.net [66.163.71.129]
4 61 ms 28 ms 38 ms rc1wh-pos12-0.vc.shawcable.net [66.163.76.10]
5 72 ms 76 ms 116 ms rc2wt-pos7-0.wa.shawcable.net [66.163.76.154]
6 173 ms 38 ms 34 ms ge-1-1.r00.sttlwa01.us.bb.verio.net [129.250.10.
21]
7 73 ms 23 ms 32 ms xe-1-2-0.r20.sttlwa01.us.bb.verio.net [129.250.2
.206]
8 145 ms * 108 ms xe-1-3-0.r21.sttlwa01.us.bb.verio.net [129.250.4
.17]
9 147 ms 127 ms 125 ms p16-1-1-1.r21.plalca01.us.bb.verio.net [129.250.
2.49]
10 189 ms 125 ms 146 ms p16-3-0-0.r02.hstntx01.us.bb.verio.net [129.250.
2.2]
11 193 ms 102 ms 94 ms ge-6.ev1.hstntx01.us.bb.verio.net [129.250.10.19
0]
12 147 ms 174 ms 178 ms gphou-66-98-241-29.ev1.net [66.98.241.29]
13 389 ms 135 ms 96 ms gphou-66-98-241-116.ev1.net [66.98.241.116]
14 485 ms 116 ms 93 ms ev1s-67-15-137-2.ev1servers.net [67.15.137.2]

[DontdroptheSOAD]

I too am on a proxy.

This is utter b.s.

I cannot believe someone would do something like this for apparently no good reason.

The first set of attacks were because of faction script and were no where near the size of this one. This seems like a whole network of computers focused on runuo for fun :/

Burn in hell _______ (Insert Person Responsible).

[Phantom]

Guys, Ryan knows people cannot connect, thus the whole point of a null route.

It will take 24-72 hours for you to be able to connect again, no need to tell us you can't connect, most people unless connected to a top tier provider won't be able to connect.

Ryan's host is connected to the a top teir connection, basicly within the first 10 pings, most connections go through their subnet ( newbie terms ).

[Nora]

Like i said before, we got attacked in same way on our data center Telecom of Argentina. Not just for UO, was to all servers games. CS LineageII and more. Last attack was yesterday, in the morning.

[XxSP1DERxX]

Quote:

Originally Posted by Roxin

I doubt it's just some punk kid if he's utilizing over 10 gig of bandwidth to do it.
That kind of INTERNET POWER cannot be unleashed from a simple home PC.

I didn't mean kid in a literal sense, I meant kid as in he is immature and has nothing better to do. Plus, I would argue that even a REAL kid who knows the right people could do this much damage.

[Manu]

Yepp. A lot of virus/trojan construction kits I've seen are quite powerfull. Given the mass of broadband internet accesses today, it's not that much of a problem (even for a fucking script kiddy with absolutely no knowledge beyond "I am teh hAx0r") to spread a trojan and get his very own so called bot net, just waiting to strike at whatever target he wishes.
To damn many unprotected machines on the net...

[XxSP1DERxX]

I wonder, was Munich named after Munich, or Munich named after Munich (the other way around)? But I don't think the person lived in the city.

Sorry, thats off topic

[QuIcK_FiNgErS]

Quote:

Originally Posted by Manu

Yepp. A lot of virus/trojan construction kits I've seen are quite powerfull. Given the mass of broadband internet accesses today, it's not that much of a problem (even for a fucking script kiddy with absolutely no knowledge beyond "I am teh hAx0r") to spread a trojan and get his very own so called bot net, just waiting to strike at whatever target he wishes.
To damn many unprotected machines on the net...

Well Brazil have the biggest internet speeds ( so therfore bandwidth? ) in the world atm.


Looks like someone really doesnt like the Mondains Legacy stuff...

[TMSTKSBK]

Quote:

Originally Posted by QuIcK_FiNgErS

Well Brazil have the biggest internet speeds ( so therfore bandwidth? ) in the world atm.


Looks like someone really doesnt like the Mondains Legacy stuff...

you're kidding...O_o...right?

[QuIcK_FiNgErS]

eh? kidding regards what? No Brazil have uber internet. It was Korea, now Brazil...