You need to be a member in order to leave a comment
Already have an account? Sign in here.
Sign In NowSign up for a new account in our community. It's easy!
Register a new account
There are 98 replies in this Thread. The last Post () by SWAT_OP-R8R.
QuoteOriginally posted by SWAT_OP-R8R
while TLR is down or rebuilding or... whatever they do
rofl
but thanks for the info...
Visit SWAT Portal - your place for NO downtimes 
QuoteOriginally posted by magnet
Visit SWAT Portal - your place for NO downtimes
i'll 2nd that! 
Is this the new Lancers Reactor webpage?
Strange desing isnt it?
Yeah I saw that aswell im wondering if they will ever come back
thank god for Swat-Portal
we should have a link in that new TLR page to SWAT-Portal
maybe we should buy the domain and link it to swat its only parked 
QuoteOriginally posted by Blaster
maybe we should buy the domain and link it to swat
[w00t]
QuoteOriginally posted by Blaster
maybe we should buy the domain and link it to swat
i'll 2nd that!
if only it would b possible.
QuoteOriginally posted by Blaster
maybe we should buy the domain and link it to swat
sure, but you'll have to wait until April of 2010, assuming they don't renew their ownership. It's redirected, via DNS records, back to the Registry co. (GoDaddy).
Removing their custom DNS pointers will direct any name based flooding back to a company capable of not only handling the volume, but of tracking, and probably prosecuting those behind it. Flooding is a very ineffective tactic, usually, and typically easily throttled down, or even halted altogether. I have seen evidence of automated download attacks that, if a site isn't properly secured and hardened, can imitate normal download activity but at extreme bandwidth use.
Hacked could mean a lot of things. Flooded usually has to do with preventable methods of bandwidth saturation or cost creation. And no, other than at a simple packet level, I am not aware of exactly what method you use to prevent download or page hit flooding. The tools are out there. I don't know the specifics of them.
Their actual registered IP address does return pings:
Pinging 68.178.232.100 with 32 bytes of data:
Reply from 68.178.232.100: bytes=32 time=65ms TTL=11
Reply from 68.178.232.100: bytes=32 time=67ms TTL=11
Reply from 68.178.232.100: bytes=32 time=65ms TTL=11
Reply from 68.178.232.100: bytes=32 time=66ms TTL=11
Ping statistics for 68.178.232.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% lo
Approximate round trip times in milli-seconds:
Minimum = 65ms, Maximum = 67ms, Average = 65ms
This could be via redirection, by another device, to demonstrate uptime. It could also be their indirect DNS provider, domainsbyproxy.com, responding.
Here is the NSlookup for their IP:
Name: parkwebwin-v01.prod.mesa1.secureserver.net
Telnet and FTP don't respond. Due to potential legal issues in performing unsolicited probes, I am stopping at this point.
Let's just hope Lancer's comes up, and becomes the site it was a few years ago.
the hole it has left only reinforces my belief that the community needs SEVERAL sites of high calibre to ensure continuity when one falls.
Agreed with PandaMan. More is better of FL.
These are called SYN attacks, similar to DoS - Denial of service.
More info
The SYN flood attack sends TCP connections requests faster than a machine can process them.
* attacker creates a random source address for each packet
* SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address
* victim responds to spoofed IP address, then waits for confirmation that never arrives (waits about 3 minutes)
* victim's connection table fills up waiting for replies
* after table fills up, all new connections are ignored
* legitimate users are ignored as well, and cannot access the server
* once attacker stops flooding server, it usually goes back to normal state (SYN floods rarely crash servers)
* newer operating systems manage resources better, making it more difficult to overflow tables, but still are vulnerable
* SYN flood can be used as part of other attacks, such as disabling one side of a connection in TCP hijacking, or by preventing authentication or logging between servers.
we can only hope they will not think we did it. but i am not so optimistic.
QuoteDisplay MoreOriginally posted by phileditin
These are called SYN attacks, similar to DoS - Denial of service.
More info
The SYN flood attack sends TCP connections requests faster than a machine can process them.
* attacker creates a random source address for each packet
* SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address
* victim responds to spoofed IP address, then waits for confirmation that never arrives (waits about 3 minutes)
* victim's connection table fills up waiting for replies
* after table fills up, all new connections are ignored
* legitimate users are ignored as well, and cannot access the server
* once attacker stops flooding server, it usually goes back to normal state (SYN floods rarely crash servers)
* newer operating systems manage resources better, making it more difficult to overflow tables, but still are vulnerable
* SYN flood can be used as part of other attacks, such as disabling one side of a connection in TCP hijacking, or by preventing authentication or logging between servers.
SYN flooding is one variant. It is also one of the easiest to defeat. Flooding does not mean SYN floods. It can be ping, malformed packets, port-specific, or even application specific. In all cases (these and more), flooding is referring to exceptionally large counts of whatever is being sent. A SYN flood can be stopped VERY efficiently, from layer 4 on up, or by simple use of Access Control Lists, firewall rules, or an active IDS system.
TLR was not likely a victim of SYN flooding. I'd be more apt to believe it was an inside job, and an attack would make for a good cover up for the embarrassment. since I have seen an attorney worth tens of millions with his login and password known by 10 ppl (2 of which were disgruntled former IT staff), I can authoritatively say that many places that use strong security to the outside, are soft and juicy vulnerable targets for inside attacks. If you have firewall, server and network security, but 4 year old passwords, you have NO security.
No system can be protected for 100%. If one would have done this intentional with the aim to destroy the server - i am sure he would have found a way. And even IDS needs to be configured well to differ between the false positives and false negatives. More a bunch of systems is needed to make an intruders work as hard as possible - but this also needs be good balanced as normally the user wont be burden with too much lost in usability and too much loading times^^
You need to be expert by bypassing several security systems. But this at least needs lot of maintenance time for the admins to control and check the system - so i am sure TLR as well as this server doesn't use such systems (carefully said). More its up to the provider to establish such security systems...
i am more interested about the connection this has to the recent problems with update server we had some time ago... if there is any, but it's not excluded.
