Mon 18 Dec 2006
Category : Technology/AccidentalDoS.txt
This server has, very thankfully, settled back to normal levels of service. The bots look like they're gone, hopefully for good.
It probably wasn't a Denial of Service attack after all. More like, Incidental or Accidental Denial of Service. But, tell that to the victims of a drive-by shooting. It's no fun getting pummeled, intentional or not.
Here's something that could explain what happened :
Last Thursday, US Time. It was Friday, my time. That was when I started hearing my Mac Mini server's fan whirring like a jet engine. The Mac Mini is usually so dead quiet. So that was when I realised something was up. Something was making it go into overdrive ... it was those bots.
So, if things are quietening down now, it's probably because those infected PCs are getting shut down, or the ISP admins are filtering them off their firewalls.
So, like the Christians say, "all good things happen for good...". I've got the kick I need to look at firewalls and computer security. And, so far, that looks like another fascinating area for study, now that I have the context.
I've been thinking that I had taken this with some equanimity because it's not like I had built this business so big I couldn't walk away from it. But if I were to have crossed some tipping point, then losing the ability to transact business at this particular domain - one that I had spent years building on - that would then become a crushing blow.
And this experience shows how easy it is to lose it all. Your web server and mail server get hit so hard you can't keep the ports open without your system come crashing down. Closing the ports means closing off contacts with your customers. How would they reach you then? How would you do business, bring in revenue, keep your reputation, hold on to your world?
So, with this context, the technical issues come alive. How does denial of service work? What to do immediately when it happens? Where are the choke points? How do you parry it? Where do you place your blocks? How do you trace the attacks so you block the attacks with surgical precision without bringing down the whole site, because that is precisely what the attacks are meant to do - to put you out of business.
It's clear to me now that the time to think about these things is while we're still building our business - so that our means of protecting it grow as our business grows. If we wait till it's worth the world to us, we may not have time to secure it before we lose it all. Apocalyptic and dramatic? Technology is the double-edged sword. The speed you exploit to build up is the same speed that can used to cut you down. If anything, I've seen how now.