Burst Problem? <Threads Merged> - Knowledgebase

Portal Home > Knowledgebase > Articles Database > Burst Problem?

Burst Problem?

Posted by FredTT, 12-22-2004, 11:13 PM
Is it just me or is Burst Lagging really bad? Ping #1: * [No response] Ping #2: Got reply from 66.197.217.229 in 542ms [TTL=46] Ping #3: * [No response] Ping #4: * [No response] Ping #1: Got reply from 66.197.146.229 in 331ms [TTL=47] Ping #2: * [No response] Ping #3: * [No response] Ping #4: * [No response] Fred T
Posted by Clark2, 12-22-2004, 11:16 PM
me too. C:\Documents and Settings\Administrator>ping burst.net Pinging burst.net [66.96.192.201] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 66.96.192.201: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Documents and Settings\Administrator>
Posted by catfishing, 12-22-2004, 11:17 PM
Same here.
Posted by catfishing, 12-22-2004, 11:20 PM
back up
Posted by FredTT, 12-24-2004, 10:27 AM
Pinging thunder.hostinglite.com [66.197.217.229]: Ping #1: * [No response] Ping #2: * [No response] Ping #3: Got reply from 66.197.217.229 in 531ms [TTL=46] Ping #4: * [No response] Pinging cpanel.hiyacorp.com [66.197.146.229]: Ping #1: Got reply from 66.197.146.229 in 346ms [TTL=47] Ping #2: Got reply from 66.197.146.229 in 350ms [TTL=47] Ping #3: * [No response] Ping #4: * [No response] Down again. :-/
Posted by Dacsoft, 12-24-2004, 10:35 AM
down here also.
Posted by whmcsguru, 12-24-2004, 10:40 AM
Burst's christmas present to you. More downtime! The network isn't "down", it's just quite severely lagged. Most likely, *gasp*, Yet another DDOS attack, but yes it's severly affected.
Posted by kapot, 12-24-2004, 11:09 AM
BAHHHHHHHHHHHHHHHHHHHH !!!!!!!!!!!!!!!!!! ITS DOWN AAGAAAIINNN !!!! 4:04 PM CET
Posted by Odd Fact, 12-24-2004, 11:14 AM
I'm getting an average RTT of 1015 with 75% loss. I thought they just implemented new DDOS protection?
Posted by bloodyman, 12-24-2004, 11:31 AM
Does anybody know what's going on and when it will be ok?
Posted by whmcsguru, 12-24-2004, 11:33 AM
New as in newer than the new ddos protection they put in place last year? They may have, and it may take a few months to configure, then they'll have to upgrade it to a DDOS protection v 3 .
Posted by jsw6, 12-24-2004, 11:38 AM
The product Burst says they are using (and have been evaluating since September?) is not exactly impressive. I hope they received a deep discount for implementing it.
Posted by thomas.smith, 12-24-2004, 11:38 AM
A dead hacker is a good hacker. Guys who do DDoS attacks ought to be shot.
Posted by FredTT, 12-24-2004, 11:39 AM
Called about an hour ago. They said, "There is an incoming flood. Should be resolved in a few minutes." Few = 60+ Minutes?
Posted by Arsalan, 12-24-2004, 11:39 AM
This is not good...
Posted by isalh, 12-24-2004, 11:39 AM
http://forum.burst.net/ is suppose to be the place where you can have information about what's going on.
Posted by Arsalan, 12-24-2004, 11:41 AM
Less then 10 mins's since this started and we already have a dozen phone calls. I guess
Posted by Arsalan, 12-24-2004, 11:45 AM
The forms seems to be working, but very slow.
Posted by thomas.smith, 12-24-2004, 11:47 AM
People who do DDoS attacks should be tortured to death.
Posted by InfluxHost, 12-24-2004, 11:48 AM
Wait, what was the reason they increased pricing? Didn't they promise a better network? I now see a bigger bill, and a network still not improved.
Posted by EverSpeed, 12-24-2004, 11:50 AM
Hi everyone. I have no electricity at home and am forced to use a public computer to post this. Because it's public, I can't get to ping and tracert stuff. Argh. Could a few of you please ping these IPs and tell me if they are down for you, too? 64.191.73.117 66.96.192.201 66.96.192.220 My dedicated server provider is burst/nocster and I can't even connect to their servers. But I don't know if it's related to internet service in my area (hit hard by snow storms) and a lot of stuff is still out. thanks
Posted by thomas.smith, 12-24-2004, 11:50 AM
>Wait, what was the reason they increased pricing? Didn't they >promise a better network? >I now see a bigger bill, and a network still not improved. They said they will do this soon... They didn't say they already did it. I think Nocster is fine. Just the people who do such attacks are crap and should be shot right away.
Posted by whmcsguru, 12-24-2004, 11:52 AM
10 minutes? Errm, this been going on for almost an hour now (I was drug out of bed around 845 because of it, it's now 951). It does NO good to go to their forums, because they're not smart enough to host 'em on another network, unfortunately.
Posted by Xau, 12-24-2004, 11:52 AM
I cannot get to some of my sites on their network either. the ones i can get to are extremly slow
Posted by isalh, 12-24-2004, 11:52 AM
> I think Nocster is fine. Nocster is down too. What's fine in this?
Posted by thomas.smith, 12-24-2004, 11:56 AM
I mean they are working to prevent such downtimes in the future. They are providing good support and they have good offers. I would recommend them to anyone. It would not be fair to say they are crap just because they are down for an hour each month. But I hate the people who do DDoS attacks. They should be punished very severly. At least 10 years of jail per incident. And if they do it like 3 or 4 times just shoot them. Nobody needs that human crap.
Posted by wbpro, 12-24-2004, 11:58 AM
I did a Ping and trace route on 64.191.73.117 and here are the results: ping 64.191.73.117 Pinging 64.191.73.117 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Reply from 64.191.73.117: bytes=32 time=935ms TTL=54 Ping statistics for 64.191.73.117: Packets: Sent = 4, Received = 1, Lost = 3 (75% loss), Approximate round trip times in milli-seconds: Minimum = 935ms, Maximum = 935ms, Average = 935ms ------------------------------------------------------------------------------- tracert 64.191.73.117 Tracing route to 64.191.73.117 over a maximum of 30 hops 1 6 ms 7 ms 7 ms 10.104.16.1 2 7 ms 7 ms 8 ms srp1-0.orldflwrpk-rtr1.cfl.rr.com [24.95.224.33] 3 8 ms 9 ms * 24.95.224.165 4 7 ms * 7 ms p1-0.hsa2.orl1.bbnplanet.net [63.209.120.29] 5 7 ms 8 ms * ge-6-1-1.mp1.Orlando1.Level3.net [209.247.9.241] 6 33 ms 37 ms 32 ms so-0-2-0.mp1.Philadelphia1.Level3.net [209.247.8 .69] 7 33 ms 33 ms 31 ms ge-11-0.hsa1.Philadelphia1.Level3.net [64.159.0. 146] 8 175 ms 167 ms 170 ms 4.78.144.6 9 443 ms 443 ms 442 ms ge-7-0-ctsi.rtr0.scra1.hostnoc.net [66.197.191.4 5] 10 761 ms 769 ms 749 ms 66.197.191.82 11 946 ms 950 ms 964 ms 64.191.73.117 Trace complete.
Posted by ITWeb LLC, 12-24-2004, 12:00 PM
Hmm, So nothing really changes for us, but we get to pay more? I am going to consider a new service provider for the new year. Everyone else is seeing prices come down on this basically commodity service, yet BURST is going up?
Posted by thomas.smith, 12-24-2004, 12:03 PM
Burst is still cheaper than other providers. Take their prices and compare them to other companies. Take the number of people you can host on their servers and compare it to how many you can host on another server. You will see that Burst still has the best deal.
Posted by ITWeb LLC, 12-24-2004, 12:03 PM
Oh, Merry Christmas by the way. This is all I need, my customer calling me on Christmas Eve screaming that their sites are down. What a way to relax and enjoy the holiday.
Posted by HostJedi, 12-24-2004, 12:03 PM
We are currently the target of a large DDOS attack. This should be resolved shortly. We are currently in the middle of installing DDOS protection gear from a leading vendor, however, the installation is not yet complete.
Posted by mainarea, 12-24-2004, 12:05 PM
Burst junked the Netscreen equipment - they just got Toplayer gear installed on Monday, but word from them on the forums from them was that it was not configured yet...
Posted by certify, 12-24-2004, 12:08 PM
I hope its going to solved soon.
Posted by GordonH, 12-24-2004, 12:10 PM
Christmas is the biggest time for this sort of thing. If I had a totally free hand I would unplug our servers from the 24th to 27th December every year. It would solve a lot of problems for a lot of people. Maybe I should officially propose to the IETF that we have an annual "internet holiday"?
Posted by whmcsguru, 12-24-2004, 12:11 PM
You're right, it wouldn't It WOULD, however be find and fair to say they are crap because of the continued problems that have gone on in the past few years. Look at their history on this forum, in this specific forum even. 3-4 threads a month minimum regarding burstnet outages, and those lasting at MINIMUM an hour. Now, let's step back and look at things from a larger picture: I left BurstNet over a year ago, and they were still pulling this same crap, had been for over a year at that point. So, when, pray tell IS it fair to say they are crap? When they continue to spout things such as "the network is not down"? Or "It's a DDOS attack", when these are easily avoided? BurstNET customers are taking it up the tail end because their provider won't buckle down and do what needs to be done. I've said this before, countless times. EV1 doesn't have these problems, SeverMatrix/TP doesn't have these problems, Fastservers doesn't have these problems. The list goes on and on and on and on. What are they doing differently than Burst? Who knows, but it's clear Burst is having problems that others aren't and needs to address their network professionally and get it fixed and updated for good, NOT for 6 months, for good! Just for the record, the attack looks to have started around 730, at least on burstnet forums. Logs follow: If it takes over 1s to get the headers to any website, then there's a problem. The attack itself probably didn't increaase until 830 or so, when the first spike hit, but that's still over 2 hours long, and very not acceptable.
Posted by Excal, 12-24-2004, 12:13 PM
burstnet is down they are working on the problem this is the away message i got from AIM Auto response from BurstNET [11:05 A.M.]: We are currently experiencing problems with our Network. We are working on the issue and hope it have it resolved ASAP. At the moment there is no ETA. Please bear with us as we work to resolve this problem.
Posted by GordonH, 12-24-2004, 12:21 PM
You need to bear in mind that Burst host a lot od servers with a lot of users on them and any one of them could be the target of this attack. If you move to a smaller provider you will get less of this. If Burst had bigger pipes they would be able to cope better with any attack. Its not easy to prevent this sort of thing.
Posted by HostJedi, 12-24-2004, 12:22 PM
<< 3-4 threads a month minimum regarding burstnet outages, and those lasting at MINIMUM an hour. >> What's funny about that, is that a few recent ones seems to be related to servers YOU claim to administrate in our facility. Coincidence?
Posted by FredTT, 12-24-2004, 12:24 PM
Now it gets interesting.
Posted by HostJedi, 12-24-2004, 12:25 PM
<< If Burst had bigger pipes they would be able to cope better with any attack. >> It's not a pipe issue at this point, we have the capacity we need to handle such. In the past, FE connections we had would get overloaded, but that is not the scenario any longer. DDOS methods have gone way beyond just filling up a pipe. We've done alot of network upgrades in the past 6 months, and our network perfomance has gotten much better due to such. The DDOS attacks are the last remaining issue plaguing us, and unfortunatly it's not even something we are causing. We contracted with TopLayer to resolve this for good, but we are still in the middle of equipment installation. I wouldn't be surprised if the announcement of such pushed the individual(s) responsible for this attack to do it. That is why we did not make a major announcement about it yet, and only notified our direct clients of installation work. Last edited by HostJedi; 12-24-2004 at 12:29 PM.
Posted by EverSpeed, 12-24-2004, 12:25 PM
Thanks for the info everyone! At least I know it's not on my end. (somewhat comforting)
Posted by Cirtex, 12-24-2004, 12:27 PM
Ok, now let's just stop arguing and get the problem fixed so everything will be backup and running I think that's most important thing right now.
Posted by RyanD, 12-24-2004, 12:28 PM
Well I've posted many threads about your network sucking which it does for me on a weekly basis and I only have one server that I keep there as a backup nameserver.... I'm tired of getting these e-mails telling me it couldn't publish a zone to the server becasue the connection timed out... everytime it happens something has blown up on your network. I don't think it's fair for you to start making acusations that it's somehow your customer's fault ala ANz
Posted by GordonH, 12-24-2004, 12:33 PM
Yes, I know. I have been there and experienced it. Sadly too many of opur custoemrs have free time today and have noticed. Often they don't, or very few do. Anyway, its just typical Christmas really. I ahve all our boxes secured as best as we can but I guarantee we will have defacements late on tommorrow.
Posted by HostJedi, 12-24-2004, 12:34 PM
<< I don't think it's fair for you to start making acusations that it's somehow your customer's fault ala ANz >> I'm not accusing anybody, I'm just stating facts about a few attacks we had in the recent past.
Posted by GordonH, 12-24-2004, 12:35 PM
Burst does have outages, but I am not convinced they are as regular as your claim. At least they can;t be for extended periods. I have a mail account on a server there that I poll every 10 minutes and outside the big publicesed outages it rarely fails.
Posted by mainarea, 12-24-2004, 12:37 PM
According to my cacti ping graphs, there were absolutely no issues until 8:45, not 7:40 as you claim. Either way, the attack isn't good. - Matt
Posted by Chatmag, 12-24-2004, 12:37 PM
Have any of you looked at your stats over a long period, as far as user hits to your sites? This is just about the slowest period for us, not a lot of users hit us around Christmas (Merry Christmas to all, btw). I consider our site representative of Internet use overall. Google ranks "chat" as the fifth most hit term of 2004, and our site appears in the listings in the #180 result range. Not bad, considering Google has over 195 Million results for that term. These things are going to happen, no matter what hosting company it is. I can understand everyones frustration at this, I could get frustrated about it also. I'm not going to worry about this, just relax and let Burst handle it.
Posted by dmtnet, 12-24-2004, 12:42 PM
seems to be aback up now, no issues with any of my boxes on Nocster or burst
Posted by RyanD, 12-24-2004, 12:44 PM
ours is still dead
Posted by GordonH, 12-24-2004, 12:45 PM
Ours are all still unreachable.
Posted by sightz, 12-24-2004, 12:50 PM
Customer privacy? Professionalism?
Posted by Odd Fact, 12-24-2004, 12:51 PM
Back up here
Posted by GordonH, 12-24-2004, 12:52 PM
Back up here now too.
Posted by jackpot, 12-24-2004, 12:54 PM
It's not down.. just atrociously slow.....
Posted by mainarea, 12-24-2004, 12:54 PM
Back up here too.
Posted by Odd Fact, 12-24-2004, 12:55 PM
Threads Merged. Maybe now all the monitoring notice emails will stop flooding my inbox!
Posted by pvaneyck, 12-24-2004, 01:02 PM
Hello, Form Belgium still down 100% packet loss Sorry with the new topic i was wrong it must be burstnet down topic Last edited by pvaneyck; 12-24-2004 at 01:14 PM.
Posted by ResellerPlanet, 12-24-2004, 02:05 PM
I hate the fact that BurstNet is down, but oh well at least this thread gave me a laugh The network seems to be back stable for about 15 minutes now. Let's hope it stays like this.
Posted by whmcsguru, 12-24-2004, 04:17 PM
Coincidence? Actually, believe it or not, none of the attacks (recent) have come from that specific server, and yes, I have mentioned this many times to that specific customer. When it comes down to it, it is the customer's server, the customer may do as the customer sees fit with the server. Unfortunately, in these specific cases, the customer had chosen to run outdated, faulty software on their server (which, btw was advised against by myself). I agree, it's not good, but one person can only do so much. When it comes down to it, if the customer says "I want this on the server", and will not be swayed, then it goes on the server (I won't install it, but it goes there).
Posted by HostJedi, 12-24-2004, 04:51 PM
Yes, but if I was informed correctly, it is IRC tools on the specific server you are referring to. This is not allowed on our network, was removed by our staff, and immediately replaced by someone with access to that server. :-(
Posted by RossH, 12-24-2004, 08:04 PM
If Burst is installing Top Layer gear I feel sorry for you all and I hope Burst changes its mind on that. We have two Top Layer 5500's and are already replacing them.
Posted by rbayless, 12-24-2004, 09:42 PM
Nothing against Burst or anything, but anytime there is a "BurstNet downtime" thread it is always comical and I feel like putting some popcorn in the microwave .. Richard
Posted by jsw6, 12-24-2004, 11:10 PM
I am also wholely unimpressed with the TopLayer products. Deploying them in a role whereby they are meant to mitigate DDoS attacks against a large downstream customer base will do much more harm than good. I hope Burst got a huge discount on their Top Layer gear; as there are superior products available in the same price range. Thomas, you need to realize that dealing with DDoS is a cost of doing business for any sizeable hosting company. Would you deposit your money at a bank that didn't have a vault? I doubt it. Two-thirds of my clients make engineering decisions based in part on how it affects their exposure to DDoS-induced downtime. These are hosting companies ranging all the way from a few tens of Mbps to > 1Gbps of sustained traffic; and my mid-sized clients are typically doing a better job of this than the larger folks, who are not as quick to implement recommended changes. Last edited by jsw6; 12-24-2004 at 11:21 PM.
Posted by thomas.smith, 12-25-2004, 12:06 AM
>Thomas, you need to realize that dealing with DDoS is a cost of >doing business for any sizeable hosting company. Would you >deposit your money at a bank that didn't have a vault? I doubt >it. Sure, as it doesn't affect me if the money is stolen (the bank still owes me the money and their money in the bank has nothing to do with my money)...but of course it affects me if Burst is down so your example maybe doesn`t really fit. Ok, if they were down for a day each month I'd definitely leave them but their uptime is still around 99.7 or 99.8% or something. I am not losing customers because of these downtimes...probably because my prices are quite low and are targeted to private people. >and my mid-sized clients are typically doing a better job of this >than the larger folks, who are not as quick to implement >recommended changes Probably because the larger folks have a lot more that needs to be secured and therefore have a lot more costs to cover and things are more difficult and complex. Sure, Burst needs to work on this but I mean they do work on it. Besides this their support is fine and I feel safe with them. It is difficult to describe but do you know the companies that simply kick your *** if they just save 2 minutes time (like after spending $7000 with DomainRightNow they refused to send me a single paper bill I needed for tax reasons or SkyNetWeb after paying them around $10,000 just pulled the plug because of a credit card issue or 1&1 just leaving me alone with my broken root server as "they can`t administrate root servers") ? Well, I think Nocster is none of these companies. I feel like they really take care of me. Other DCs have just kicked my *** but Burst did never disappoint me support wise. I have been with many other DCs and they all had crappy support compared to Burst. I've been with Burst for around 10 months and I really like Burst. Last edited by thomas.smith; 12-25-2004 at 12:12 AM.
Posted by RossH, 12-25-2004, 04:44 AM
Agreed here. Our Top Layers were the cause of two network outages but this was just when they first started the 5500 series. We haven't had a massive ddos attack while they have been in use so I can't comment on how well they can handle ddos. There are alternatives but also you should stay away from Tipping Point, their products make me cringle and have no High Availability. We have had over 14 of their boxes fail at our company when they were deploying them, they have to be the most unreliable pieces of equipment out there.
Posted by cincinnati, 12-29-2004, 05:18 PM
Did you identify the cause of the Toplayer related outage? Was it misconfiguration? Software bug?