OpenESB Users

Fwd: Re: [Community Leaders] java.net is slow today

1 message

Paul Sterk

Fwd: Re: [Community Leaders] java.net is slow today

Reply Threaded

Some javascript/style in this post has been disabled (why?)

java.net is being restarted. It should be up in about 40 min +/- 10min.

Paul

-------- Original Message --------

Subject:	Re: [Community Leaders] java.net is slow today
Date:	Wed, 07 Oct 2009 09:35:55 -0700
From:	Eric Renaud [hidden email]
Reply-To:	[hidden email]
Organization:	CollabNet, Inc.
To:	[hidden email]
CC:	Janice Roberts Wilson [hidden email]

Latest Update -

java.net is being restarted.

Eric Renaud wrote:

Hi all,

Okay - here's the status from VP of Ops:

The synchonized DoS attack has shifted and they're (Ops/CERT) blocking IPs again to combat this. They've been
working on this for about the last hour. The incoming requests (attacks) have been reduced since they
started so progress is being made rapidly.

We will ensure that the requested unblocked IPs remain open or get reopened if they are caught in the sweep
(we have them all documented, of course).

Clearly someone does not like java.net . . .

I'll send more info as soon as I have it.

Eric

Eric Renaud wrote:
FYI that I've already called our VP of Operations to let him know the site is slow

Eric

Paul Sterk wrote:

Note the report below. Sailfin site is also slow today.

Paul

Salut,

Atmosphere and Grizzly pages are extremely really slow this morning
again...

Thanks

-- Jeanfrancois

Paul Sterk wrote:

FYI. Update from communityleader meeting minutes:

Meeting 10/6:

30 minute recording here:
https://communityleads.dev.java.net/servlets/ProjectDocumentList?folderID=11540

- latest update on the IP blocks and recovery from the DOS attack -
the attack is still happening, we're opening IPs by request and also
opening a range at a time to see if they are safe or not. Also have
ordered new routers that have more bandwidth and better software to
help prevent these attacks in the future, no delivery date.

Meeting 10/5:

     * Meeting minutes
           o Outage
                 + outage caused by an attack. Not sure where the source
                   is yet.
           o Blocked IPs
                 + Africa, Russia and China were blocked. Other
                   subdomains got blocked by accident.
                 + Continuing efforts to unblock IPs
                 + Spoofed IPs make it difficult to identify the source
                   of the attack.
                 + To get it right, you will need an unacceptably high
                   number if IP addresses in the router.
                 + Instead, block based on Class A networks. However,
                   this will include IPs that are not in the blacklisted
                   country.
                 + Attacks are still coming to the router, but the router
                   is blocking.
                 + Ordered new hardware[1] and software to block the
                   SDNs. No delivery date yet. About a month or so
from now.
                 + Aside from emails, hard to say which domains are
blocked.                 + Between Fri and today (Mon) only 10 IP
requests have
                   come in.
                 + New announcement will go out to community leaders
                   about blocked IPs.
                 + An issue has been filed with suncert.
           o Plan
                 + Use IP blacklisting until new hardware and software
                   are installed.

[1] http://www.f5.com/products/big-ip/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

--

--