Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Online payment firm in DDoS drama

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Online payment firm in DDoS drama
Date: Thu, 4 Nov 2004 02:13:44 -0600 (CST) 
http://www.theregister.co.uk/2004/11/03/protx_ddos_attack/

By John Leyden
3rd November 2004

Online payments processing firm Protx is continuing to fight a
sustained internet attack which has severely impacting its services
for the fourth successive day.

Since Sunday (31 October), Protx's systems have been reduced to a
crawl because of a malicious DDoS attack. Although Protx felt it was
on top of the problem by Monday (1 November) the attack once again
intensified, prompting the company to draft in heavy duty DDoS
defences which it hopes will finally thwart the assault.

In a statement, Mat Peck, chief technical officer, Protx said:  
"Earlier today [1 November] the parties responsible for the
Distributed Denial of Service attack on our systems stepped up their
assault, this time pushing our systems beyond their capacity to cope.  
A large number of compromised machines from a wide range of spoofed IP
addresses have been attacking our site in a varied and well structured
manner. We have been working all day with Globix, our ISP, to
implement a specific DDoS solution which can burst up to 1Gb
connectivity during periods of peak load whilst also analysing and
killing traffic generated by zombie machine on the Net."

"We have migrated the WWW site across to this system first to check
the functionality and now that's working, we will be moving the
payment servers in the next few hours. This new service, whilst
expensive, still mainly developmental and bleeding edge, should enable
us to continue to process transactions even under DDoS attacks ten
times the size we've seen so far. Future attacks will be dealt with in
a matter of minutes instead of hours (or days as many victims of such
attacks have found). We're continuing to work closely with the
National High Tech Crimes Unit (NHTCU) to bring the perpetrators to
task," he added.

On 2 November Globix said it was also beefing up the hardware used by
its systems in the process of moving across to a new platform. "Whilst
all the payment services are available, some of the auxiliary services
will not be available until tomorrow," Peck wrote in an update.

However Register readers report problems processing payments through
the service today. "Thousands of small transactional websites, like
mine, have been affected," Reg reader Bruce Stidston tells us.

At the time of writing Protx's website was unavailable but you can get
an insight into what's going on through Google's cache of the firm's
status page.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Online payment firm in DDoS drama, InfoSec News <=
Previous by Date:  [ISN] Security UPDATE--Mathematical Strength of Passphrases--November 3, 2004, InfoSec News
Next by Date:  [ISN] Outsourcing Information Security, InfoSec News
Previous by Thread:  [ISN] Security UPDATE--Mathematical Strength of Passphrases--November 3, 2004, InfoSec News
Next by Thread:  [ISN] Outsourcing Information Security, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]