In a test environment we came up with an odd behavior between Remote Desktop Client Apps/Programs and Windows X. All of the boring details after a short version of what happened and how we fixed it.
Category Archives: Security
That’s a fine server, Anthony, a fine, fine server!
July, 2014. The internet is a secluded village, all controlled and terrorized by one boy…
Meet Anthony, from the ‘It’s a Good Life’ episode of The Twilight Zone (Nov. 1961). Details over at imdb, or watch the whole episode (with modernized commercial/ad inserts) at hulu.
We’ve hired Anthony, now in his 50s to do away with spam, Zombie DNS DDoS Bots, and other such pests buzzing around and annoying or destroying everything and everyone in the internet play ground. We should have thought of it earlier… Just making bad things dead or wishing them into the cornfield.
OK, not quite that easy, here’s what’s up in the fight against Spam-Nados and Zombie Bots…
It reminds me of a level of Serious Sam – the one where 1,000s of those headless bomb-toting zombie-soldiers and screamers came pouring at you relentlessly, seemingly to infinity (and beyond).
It was a backdraft. Or the eye of the Zombie-Nado-Cane. When the bad-bots got some air around August 5th – hak4umz.net DDoS or DNS Amplification – fail2ban (and the servers) got burned.
Even the “eye-dee-keff-kuh-may” (TammyBelle’s God Mode Code for DOOM][ ) cheat didn’t help. fail2ban got clobbered… ‘already banned’ every one second in the log and no more bans happening because 100s or 1000s of times per second from 100s or thousands of bots: bad requests.
Zombie Bot Back-Draft?
Starting on about the 27th of July, sema.cz became the dns query flood from all around the world in huge numbers (@350,000 requests per hour; hundreds of sources).
Suddenly, in sync with Aug 1 (00:00:00) rolling in around the globe (asia, Europe, etc):
ZombieBots Part 2 or…
Equally exciting, terrifying, low-budget and prone to sequels.
So bad it’s good movie lovers, click the link above and see if you can survive that whirlwind of bites.
Server admins, stay right here and get ready for DNS-Zombie-Bots Two: More Tech-Talk and .configs Than You Can Stand! (Or, “Bored To Death!” Or, “You can have the whole seat, but you only need the edge!”) Continue reading
Killin’ Zombie Bots DNS Style
The fun post title is the only thing fun about this. Unless you are in hosting, server admin, or run your own DNS servers this is going to be complicated, technical and boring.
First [is first ~LK]: an apology to any “upstream” DNS servers that our pet zombie bots may have passed bad requests to. Like us, you probably didn’t know it was happening.
~ Dana (Dominique Dunne, Poltergeist, 1982)
Thousands Hundreds of thousands Millions Hundreds of millions of bad DNS requests.