User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > A strange attack ?


A strange attack ?




Posted by Mastermind Networks, 06-03-2013, 05:19 AM
I host some radio stations on one of my servers. For the past 24 hours the lister count of one of the stations is slowly rising. Their average is 30 and they are now at almost 300. This sudden rise happened after they sent 40.000 emails promoting the radio. The listeners count went up with ~10 listeners per hour. However most of the new listers come from 1 IP which now has 250 connections opened. All connections from that IP have stayed opened and not one was closed. I blocked the subnet and now the new connections have stopped but i haven't killed the old ones yet. The server isn't even blinking since it's a monster box with a 1 Gbps pipeline. The owner said that it might be a VPN endpoint or something like that. I've looked up the IP and it does trace to a big data corporation. The owner thinks he can use the new lister numbers to get in some ads but I think he's shooting himself in the foot. However this doesn't look human but it doesn't look like an attack either. I mean if they wanted to snuff the station financially and make them go over their BW limit they could have just used multiple attack IPs not one freaking IP the can be banned by a 4 year old. If they wanted to take out the server there were far more methods available. I'm puzzled by this situation and I would love to hear some opinions. Has anyone encountered something similar ?
Posted by madaboutlinux, 06-03-2013, 06:32 AM
They may be a big organization with one public IP and a LAN network inside, so everyone when accessing the radio station from their computers will initiate a new connection to your server from the same public IP. OR it may be a 4 year old trying to attack your server
Posted by FastServ, 06-03-2013, 08:15 AM
It's either a malfunctioning player or someone trying to maliciously fill up your slots.
Posted by Mastermind Networks, 06-04-2013, 02:30 PM
Well after 60 hours the attack came to an end. I still have no idea why it happed. I guess some thing in life will always remain a mystery. Thanks for the input guys
Posted by Zilovic, 06-05-2013, 04:20 AM
If you want suggestions for firewall rules that limits the number of connections from the same origin IP, let us know.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
VPSSQUAD is down (Views: 632)
Switch from dedi to VPS? (Views: 650)
Shaw Networks Down? (Views: 648)
Nocster DOWN! [MERGED] (Views: 649)
PHP bug with the word "sponsor"? (Views: 719)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com