[ISN] Online payment firm in DDoS drama

From: InfoSec News (isn@private)
Date: Thu Nov 04 2004 - 00:13:44 PST


http://www.theregister.co.uk/2004/11/03/protx_ddos_attack/

By John Leyden
3rd November 2004

Online payments processing firm Protx is continuing to fight a
sustained internet attack which has severely impacting its services
for the fourth successive day.

Since Sunday (31 October), Protx's systems have been reduced to a
crawl because of a malicious DDoS attack. Although Protx felt it was
on top of the problem by Monday (1 November) the attack once again
intensified, prompting the company to draft in heavy duty DDoS
defences which it hopes will finally thwart the assault.

In a statement, Mat Peck, chief technical officer, Protx said:  
"Earlier today [1 November] the parties responsible for the
Distributed Denial of Service attack on our systems stepped up their
assault, this time pushing our systems beyond their capacity to cope.  
A large number of compromised machines from a wide range of spoofed IP
addresses have been attacking our site in a varied and well structured
manner. We have been working all day with Globix, our ISP, to
implement a specific DDoS solution which can burst up to 1Gb
connectivity during periods of peak load whilst also analysing and
killing traffic generated by zombie machine on the Net."

"We have migrated the WWW site across to this system first to check
the functionality and now that's working, we will be moving the
payment servers in the next few hours. This new service, whilst
expensive, still mainly developmental and bleeding edge, should enable
us to continue to process transactions even under DDoS attacks ten
times the size we've seen so far. Future attacks will be dealt with in
a matter of minutes instead of hours (or days as many victims of such
attacks have found). We're continuing to work closely with the
National High Tech Crimes Unit (NHTCU) to bring the perpetrators to
task," he added.

On 2 November Globix said it was also beefing up the hardware used by
its systems in the process of moving across to a new platform. "Whilst
all the payment services are available, some of the auxiliary services
will not be available until tomorrow," Peck wrote in an update.

However Register readers report problems processing payments through
the service today. "Thousands of small transactional websites, like
mine, have been affected," Reg reader Bruce Stidston tells us.

At the time of writing Protx's website was unavailable but you can get
an insight into what's going on through Google's cache of the firm's
status page.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Thu Nov 04 2004 - 02:28:56 PST