September 4th, 2005, 09:58 PM
Post DDoS Recovery
Ok, just a quick question. The servers for my favorite MMORPG (final fantasy xi) were the victim of a DDoS attack earlier today. They ended up resolving the issue, but immediatly after the attack they took servers down for maintence. I was just wondering what kinda of maintence goes on after a DDoS. I realize there are probably a variety of things that can go on, but I was just looking for a synopsis.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
September 4th, 2005, 10:01 PM
maintenance could mean a number of things. Looking at logfiles -reporting to authorities about involved IP's, reconfiguring and hardening the stack on the server, patching services...
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
September 4th, 2005, 10:06 PM
I guess that would depend on the DDoS... If it's a simple ICMP flood.. then probably nothing... It's a window for them to say WTF happened.. If it targeted a specific service... then the data may have overloaded and crashed the service... requiring a reboot to solve the problem. If they have a number of servers located world wide, depending on the staff supporting it.... this may be a few minutes or a few hours... Other than that, it's quite often more to check logs, document what happened, make records of everything (firewall logs, event logs, etc).. See if there's a way to prevent it...
Also a DDoS against a group of a companies servers/systems... may be a diversion while something more diabolical is happening in the background... Another server being hacked/cracked, or something else..
It's basically breathing room and documentation time... When all lights are green and everyone has finished their coffee, bring it back up..
They may have also done some patching... "Hey we're already offline and this round of patches has been tested, let's just do the updating now rather than have a service outage in a few weeks"..
Someone who's been on the receiving end could prolly give you more detail about what exactly went on their instance.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".