• Anything ‘published’ on the web is viewed as intellectual property and, regardless of whether it displays a copyright symbol or not, is therefore copyrighted by the originator. The only exception to this is if there is a “free and unrestricted reuse” statement associated with the work.

    In order to protect our members and TFL from possible litigation, all members must abide by the following new rules:

    1. Copying and pasting entire articles from another site to TFL is strictly prohibited. The same applies to articles from print or other media, and to posting photographs taken of copyrighted pages or other media.

    2. Copyright law provides for “fair use” of portions of a copyrighted work. You can copy no more than a SINGLE paragraph from the article to your post (3 or 4 sentences at most).

    3. You must provide a link to the article along with the name of website. For example: ww.xxx.yyy/zzz (The Lower Thumbsuck Daily News).

    4. You must provide, in your own words, a brief summary of the article AND your reasons for believing it will be of interest to TFL members. Failure to do so may result in the thread being closed or your post being deleted as a “cut and paste drive by.”

    5. Photographs and other images are also copyrighted. "Hotlinking" of images (so that it appears in your message) from other sites is also prohibited unless you own rights to the image. If you wish to share an image, provide a clickable link to it.

    Posts that do not follow these new guidelines will be altered or deleted by staff. Members who continue to violate this policy may lose their posting privileges at TFL.

    Thank you for your cooperation and your participation in TFL, the leading online forum for firearms enthusiasts.

THR Outage right now

Status
Not open for further replies.
D

Derek Zeanah

New member
Sorry folks, but THR is unavailable.

From what I can tell it's a network-related issue. My alarms went off this morning as we saw a 6 minute outage, then things came up fine, then they went down again, and are still down 86 minutes later.

It's not the THR box, it's all of them I have at the datacenter. It looks like it's a datacenter issue, as my colo provider's web page is down, no-one's available via AIM, and their voicemail box is full.

Just wanted to let folks know what's happening. I'm aware of the situation, but am sitting here waiting for a problem that's in someone else's hands...

Sorry.
 
Derek,

I hope everything works out soon, I know you have a life besides tending to Networks.
As always, I appreciate your time and hard work, as I do others responsible for keeping THR , TFL and Sister sites up and running.

Steve
 
Take a step back, and look around for Mr. Chainsaw. That always makes _me_ feel better...

(warning: If Mr. Chainsaw is actually close at hand, this can have Bad Consequences. It is recommended that one modify this error protocol to include a device that is not readily available.)
 
Data

Don't know that we're up permanently, but I was able to get through to the firewall. Here are two graphs of bandwidth data: one from the last 2 months to give you a feel for averages, and one from the last 2 hours. Note the increments -- normal inbound traffic might be .3 megabits/sec. For at least a short while there, we were reporting 36? I thought I was on a 10 megabit port. :p

This might end up being an interesting explanation...

attachment.php


attachment.php
 

Attachments

  • 2-month.gif
    2-month.gif
    18.1 KB · Views: 604
  • 2-hour.gif
    2-hour.gif
    13 KB · Views: 606
Isn't that what a DDoS attack looks like?
Click to expand...
Yeah, but it doesn't seem consistent. We just went down again, but I grabbed this from the firewall while we were up:

attachment.php


Why just the 2 spikes, and why isn't it constant? Either my colo is doing a great filtering job, or it's generalized around the IPs that the datacenter owns. I'm still feeling a bit blind here though, to be honest. Colo still seems slammed.
 

Attachments

  • spike.gif
    spike.gif
    17.5 KB · Views: 599
Thinking through the "is it a DDOS against THR" question a bit further, it still doesn't make much sense. Basically, I'm on a 10 mb/s pipe for all of my sites -- if someone's sending more than 10 megabits per second, there's a good chance packets are gonna get dropped. Well, maybe 20 megabits -- my firewall is plugged into a 10 Mbit port which should allow us to duplex.

So, it wouldn't be that hard to knock my sites offline. What we're seeing appears to be a more general failure -- my provider's got big pipes from 7-8 providers coming into his cages, and it would take a lot more to knock him offline. It's still possible (maybe the routers can't keep up with the demand if this is way more than normal traffic would predict), but if he was getting slammed that hard with an attack on THR or Oleg's site or whatever you'd think he would just blackhole the affected IP addresses so the data was dropped before it hit the local network.

For that not to work would mean a huge attack.

No-one hates us that much. ;)
 
Last edited:
No-one hates us that much
Click to expand...
Don't forget the "mad lemur" that has been such fun for for Oleg on APS.

Maybe somebody did a router upgrade somewhere along the line that your not aware of.
 
No-one hates us that much. ;)
Click to expand...

I don't know about that, Missouri Legislature and wise cracks about Baking Soda being "restricted" might have hurt THR, I know I tried real hard ...:)

Steve,

Who knows where the big rubber hammer is in his IT classroom...works great on Routers and Switches...
Gives a whole new meaning to "switchport security". :)
 
Looks like an attack to me, or horrible routing screw-up or IP conflict. I'm intermittently managing to connect, but it never serves a webpage.

Code: 
64 bytes from wellbuiltnetworks.net (209.51.144.70): icmp_seq=4 ttl=51 time=53.9 ms
64 bytes from wellbuiltnetworks.net (209.51.144.70): icmp_seq=14 ttl=51 time=60.5 ms
64 bytes from wellbuiltnetworks.net (209.51.144.70): icmp_seq=16 ttl=50 time=74.2 ms
64 bytes from wellbuiltnetworks.net (209.51.144.70): icmp_seq=25 ttl=50 time=67.4 ms
64 bytes from wellbuiltnetworks.net (209.51.144.70): icmp_seq=32 ttl=50 time=103 ms

On second thought, looking at those TTLs, maybe there's a route flapping somewhere. It's still switching between 51 and 50 as of 0008 UTC
 
Status
Not open for further replies.
Back
Top