[Juser] denial of service attack at jabber.org

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 14 19:25:42 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/14/12 1:18 PM, Styopa Semenukha wrote:
> Hi everyone,
> 
> Happily, users can now connect to jabber.org after a short wait and
>  send/receive messages.

It depends on what IM client you use. We needed to do some DNS
trickery to make it work, but if your client doesn't support DNS SRV
lookups or has aggressive timeouts on relogin, then you won't be able
to log in.

> Nevertheless, Gtalk contacts seem offline.

That's because of the DNS trickery.

> By the way, is there any additional info on the attack? How strong
> is the traffic and what kind of attack is this? Transport level
> flood or XMPP abusing? Are the bots concentrated in some specific
> region?

This is not an XMPP-layer attack.

> I guess this might be just a botnet strength test, because I never
> heard about commercial Jabber services who could be financially
> interested in our downtime.
> 
> P.S.: I'd like to offer my assistance if you still need volunteer
> admins. I don't have practical anti-DDoS experience, but my other
> skills are: Debian, CentOS, RHEL, virtualization (Xen Hypervisor /
> Cloud Platform), bash, Perl, PHP, Apache, nginx, memcached, MySQL.
> My JID is styopa at jabber.org.

Thanks. We might be contacting you soon. :)

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAqpjYACgkQNL8k5A2w/vze/QCg9zTfcRjlmtdIwiqlyBEFRGxc
+FEAn2+i2nAV9UlkN093uvSvXaIjRyB4
=AG81
-----END PGP SIGNATURE-----


More information about the JUser mailing list