Jump to content

Recommended Posts

Posted

I am sure my internet connection is perfectly working...

 

but when I try to access Amazon.com, or Amazon.co.uk

 

It takes either a very very long time, or it is mostly unaccessible...

 

I tried ping as well, and the result is 4 times the "request timeout"

 

Can any one try to access Amazon, and see is it accessible?? if you have same result as me or not...

 

May be it is just temporarily down..., but AMazon is really a big site... It seems impossible for this...

 

thx for Any respond

 

Albert

Posted

me niether.

 

probably they found a fault in the site and had to shut it down for temporary fixing or editing.

 

a ping returns 0% packets

 

a trace of the route:

(black box = private stuff !)

amazon.jpg

Posted

Jonathan is me... yes im in the UK

 

as you can see from that the trace works 90% of the way but the final bit fails. this proves that its not me with the problem. the problem is with the server at the other end which has been disconnected, crashed or otherwise offline!

 

incidently the amazon server is loacted in seattle, WA, USA (just in case you were interested)

Posted

By Jove :mad:

 

I was going to buy some books for my school studies.....

 

any way, thx u guys, for the responds :embarass:

 

By the way, for personal curiosity, what is the point of "Service Denial" attack?? What does that do good for hackers??

 

Albert

 

Wait for some big news from Amazon :)

Posted

gets publicity and revenge on the site??? i dunno!

 

it is most probably either for:

 

1) updating server

2) fixing a bug which could just have been a genuine mistake and not a hacker

3) maybe there's a loose wire or a power cut in the area!!!

Posted

Hey...

 

The interesting thing is....... try Amazon.fr, Amazon.de, Amazon.co.jp... All these different Amazons are very very slow as well.....

 

Albert

Posted
All these different Amazons are very very slow as well.....

 

slow? you mean they load???? for me they dont load at all. it looks like the server is off air for whatever reason.

 

a search (like the image i posted) of all of those sites ends just before it reaches the server... every time. there is no way that server is online.

 

therefore unless amazon is in your cache you cannot access it.

Posted
Probably since they're on the same server, different domain names

 

yes they are all on exactly the same server (my tracer thingy showed me).

Posted
By the way, for personal curiosity, what is the point of "Service Denial" attack?? What does that do good for hackers??

If you can anonymously deny service to a server, you can essentially blackmail the owners into paying you to stop.

Posted
If you can anonymously deny service to a server, you can essentially blackmail the owners into paying you to stop[/b'].

 

although 9 times outta 10 the company which the server belongs to will sort the problem out themselves and will not pay anyone.

 

although looking at mossoi's link they dont yet know the problem.

not knowing the problem but fixing it suggests that it is not a hacker of some sort. as that would be blatantly obvious in that they'd have to remove the malware to make the server work properly. basically unless they accidently removed the offending malware it would be hard to remove the source of the attack without noticing you were doing so!

Posted
although 9 times outta 10 the company which the server belongs to will sort the problem out themselves and will not pay anyone.

The recommended course of action seems to be skip IPs and/or co-lo if possible, and pass all information to whatever electronic crime department your local police force operates.

 

The ones I have heard about who pay up usually get another attack and demands for even more money a week later.

Posted
The ones I have heard about who pay up usually get another attack and demands for even more money a week later.

 

:D

 

laugh-able but sooo true!

 

(still cant see the logic in doing it... spose its easier but really, not only will they end up poorer they will also end up in a worst position (as stated in the quote)).

Posted
yes they are all on exactly the same server (my tracer thingy showed me).
Haha!

 

Amazon will be nowhere near that simple. Usually for this kind of large company, they have different solutions in different datacenters all over the world. Probably load-balanced globally with something like F5's 3-DNS (see http://www.f5.com/f5products/products/bigip/gtm/ ).

 

Each solution will also be locally load balanced transparently to the user between lots of webservers, and on from there it'll get more complicated with probably caches, application servers and databases at the backend.

 

Where you get load balanced will depend on where your request comes from, where you're going to and probably lots of performance metrics, too.

 

So, it takes rather a lot of effort and coordination to take someone like Amazon down. The possible upside on the minds of the bad guys is that while nobody can get to a retailer that exclusively operates on the web they're losing a lot of money and might possibly pay the bad guy to stop attacking. This is usually a bad idea though, as has been mentioned.

 

Fortunately, we have ways of mitigating organised DDoS style attacks these days. Arbor Peakflow being one - http://www.arbornetworks.com/

Posted

maybe so, but this tracer program is very reliable and good.

 

i just ran a trace on amazon.co.uk .com .fr and .de

 

they are all at different IPs so maybe different servers or terminals or even buildings.... but i assure you they are all in the same area. (seattle)

 

maybe there are different sub-servers all around the world.... but there is a main server which all traffic routes back to. different IPs which suggests different servers or terminal per amazon.* but they are all in seattle.

 

infact each IP is identical APART from the last digit, which varies from .19 (.co.uk) to .148 (.de) - or at least those are the ones i tried.

 

unless you work for amazon, (nothing personal) but i think that a computer tracer program will be more accurate than other generalisations about networks.

(really no offense meant by that :))

Posted

Heh.

 

All your 'tracer' program is doing is giving you an IP for a given name. This IP is only the start of the picture and really doesn't tell you anything about how it all fits together.

 

I know for a fact that Amazon, for example, use Akami's global CDN network to distribute content around the world and make it quick no matter if you're in America, Europe or anywhere else. This is why most of the images (for the UK site, anyway) come from a different amazon subdomain (images-eu.amazon.com in this case) I also know that that IP address you're getting is a load balancer, and not in fact a server.

 

I'm not trying to offend you either, just trying to point out it's really a lot more complicated than "this server gives me this site". Trust me, I know a lot about this sort of thing.

Posted

ok, agreed on that last post.

 

however what im saying is that if you look again at the image i attached in post #3 the nodes 9 - 15 are all amazon stuff (not actual amazon network but that amazon nodes).

 

when you click amazon.com you are first directed to the server (or whatever it is) in seattle. from there you may gather images from servers worldwide... but the actual amazon.* 'template' so to say does come from seattle.

 

"come from a different amazon subdomain"

sure, im talking about THE domain... not subdomains... obviously the domain can redirect things to subdomains (as with big companies it normally does) but that doesnt mean the domain isnt there in the first place!

 

"Trust me, I know a lot about this sort of thing"

so ive been told! :)

Posted

Sure, yes. I'm just trying to put a bit of meat on the bones, as it were.

 

Whats interesting is when you get a different response depending on where you are in the world.

 

Try out http://www.mytravel.com and you'll see what I mean. I could tell you *exactly* how that one works :)

Posted
So, it takes rather a lot of effort and coordination to take someone like Amazon down.
Not really. By it's very nature load balancing itself doesn't prevent a dedicated DoS attack. As the name suggests, the load is balanced, but if the number of requests is high enough it's still going to go down no matter how many channels are available, it may just take longer.
Posted

yes mossoi. lutze was probably referring to taking down each indivdual subserver... obviously taking down the main server would deal with that.

 

in effect having subservers would mean you need an increase request numbers as each request is redirected which uses less proccesing power than handling the request. although obviously:

"but if the number of requests is high enough it's still going to go down no matter how many channels are available"

is true.

Posted
Not really. By it's very nature load balancing itself doesn't prevent a dedicated DoS attack.
No, not by itself - but then I never said it did.

 

A good loadbalancer (I have the most experience with F5 BigIP's) has features like DDoS protection (syncookies) and an 'adaptive reaper' that can free up resources faster depending on the utilisation of the unit. This, combined with global load balancing and products from Arbor (Peakflow, which does some very clever things), and services from people like Akami make it very difficult indeed.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.