SDF Punted, Due to DDOS

bullshizzle writes "The longest running Public Access UNIX System (SDF, running BSD) est. 1989 had their services terminated abruptly by NWLink because of a DDoS attack. Termination was carried out immediately without prior notification, which violates their contract (page1, page2). Complaints can be filed to the Washington State Attorney General's Office by filling out this simple form conveniently located online. You can follow the story at lonestar.org." While still bad, I've been corrected - SDF was *not* the longest running public access Unix - ArborNet (Located right here in my town) has been around for at least a number more years.

Their forum

[Some Bitch]

They have a temporary forum [lonestar.org] for discussion (top comment atm is about making the front page at /.).

Re:I don't understand this.

[ActiveSX]

I believe their *network connection* was cut, not the machine itself. Bandwidth is not immune to DDoS attacks.

(uugh, IHBT)

Re:public access

[Anonymous Coward]

Yes. I joined up when i heard about it in 99 and really cut my teeth on UNIX there, in spite of having been exposed to UNIX at least a year earlier. What makes SDF so great is that there is a real community of users who have their own chat app, their own "message board" app, all inside the shell. It reminded me of the community on the BBSes of old. Stephen (the sysadmin) regularly participates in user discussions and the opinions of the users help shape the direction of the system. In just the past few years i've seen it grow from a single system running Linux/i386 to seven or eight networked NetBSD/Alpha boxes with a user-built MUD, virtual hosting, special IRC bot accounts, all kinds of things. People who have been there since 1989 have seen it grow from SysV UNIX to 386BSD to Linux, on a dozen architectures.

This is nightmare for some of us regular users. I log on every day and rely on it for all my email, for my web page, for ICQ, for hundreds of personal files... SDF is my all-purpose scratchpad, and my $HOME contains so many little text files and projects i've worked on in the past four years. Some of the users have paid-for virtual host accounts and run business websites hosted on SDF. All these people are losing their business, their sites are inaccessible... It's a sad, sad day. I only recall one time in the past four years SDF has been down for longer than a few hours, and i believe that was due to a DDoS attack while they were located in Texas, and just before they moved from Linux to NetBSD.

*sigh* Some people just don't get it :-(

alison at sdf.lonestar.org

Trying to link the WA consumer complaint form

[crush]

produces this error. Is this a /. problem or a problem with their link?

Not Found
The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. Please inform the site administrator of the referring page.

Re:Trying to link the WA consumer complaint form

[crush]

Ah, it'd be nice if /. editors could correct that link, it should be: http://www.wa.gov/ago/consumer/forms/

NWLink

[po8]

I left NWLink [nwlink.com] DSL a couple of weeks ago over their mediocre uptime and high costs, especially bandwidth costs. They were down quite a few hours per month lately (that I noticed) and their tech support was not so good. They seemed to have a lot of router configuration problems: there were frequent router loops. This may have been partly due to their prime (only?) feed to most of the world being alter.net [alter.net], which at least in this neck of the woods is quite slow and tangled. NWlink claimed at one point that they were just finishing up some big network reconfiguration, and things should get better: when things didn't seem to, that was the end for me. I should have waited to switch: it would be nice to dump them now in protest over their DDOSing of SDF :-).

I chose NWLink several years ago because at the time their prices were good, and my previous provider, NW Nexus [nwnexus.com], had been bought out twice and become expensive and quite unreliable in the process. Now I'm with DSL Only [dsl-only.net], and so far they seem great. ISP service is $18/month for 640/256 DSL, with no bandwidth charges, no restrictions on use, a static IP, and two mailboxes. It's been reliable so far, and they are direct to a local exchange that in turn is direct to my work and to Internet2, so ping times and bandwidth are excellent.

It would be nice to be done with ISP switches forever: maybe this is it. The other good news is that this was the easiest ISP switch so far: Qwest seems to have it figured out now, and it was completely routine.

FYI. As always, YMMV.

Re:Easy to get rid of a company you don't like

[innate]

Doug Palin, owner of NWLink, posted his explanation to the Lonestar message board (I won't Slashdot it, you can find it yourself).

NWLink (aka Pacifier aka Europa) has tens of thousands of customers here in the Northwest, including me, and the DoS effectively shut down their entire customer base -- 3 times over the past 3 weeks.

Either they were going to get complaints from one customer, lonestar.org, or they were going to get complaints from thousands of other customers (many of whom they had to pay monetary damages to make up for the loss of service). I can put up with my Internet access being cut off once, twice, but the 3rd time it happens I'm going to seriously consider switching providers. NWLink did what they had to do to save most of their customer base.

Re:Sorry Won't Fly.

[innate]

Northwest Link has this to say:

Posted to SDF message board by the owner of NWLink:

For starters let me say that I fully support SDF and what they are doing
as a long time net user and admin of public access unix boxes. Having been
the victim of multiple attacks over the past 15 years I know how much of a
pain they are.

Over the past 3 weeks SDF has been attacked 3 times that we can document,
we believe that one more network related issue was directed towards them
as well but we were not able track down the destination while it was occurring.

Yesterday morning as in the other events we shut down SDFs port and had the
IP blocked at each of our backbone providers (UUNet, Verio %26 ELI). This effectively
shutdown our entire customer base while the Distributed Denial of Service attack was
under way and until we had the ip blocked. During and Following these attacks we
receive notice from our large line customers that have Quality of Service provisions
in their contracts that they want credits.

These credits are somewhat substantial and which we are contractually obligated to
provide. We have issued over $30K in credits over the past 3 weeks when these attacks
occur. This coupled with the customers that cancel because of their inability to
use the service they are paying for has caused more then a little harm to my business.

Steven has full access to the equipment at this time, we are not holding it hostage
as the webpage page maintains. In fact we suggested he go to Semaphore directly, this
is where we have our network equipment in Seattle. This was following a move on Thursday
from our old Bellevue location. He acknowledged to me in a phone call a few minutes ago
that he is working with them to get a contract signed. It is going to cost more, however
I suspect the price that he is paying to them is more then fair for his bandwidth usage.
What NWlink was charging was an excellent deal for the bandwidth being used.

Steven explained to me that he was quite surprised by the direction this had taken when
I spoke to him a short time ago. He knew what we did and why we did it. I to am sorry
to see any customer go but had no choice in this matter to keep our other customers
functional who pay the bills and salarys of my staff.

Doug Palin
CEO

Re:M-Net?

[jmsaul]

Correct. M-Net went up under Unix in 1983. Chinet didn't go Unix until after that point, I think.

Both systems are still active, still public-access, and still run Unix -- so whichever one is oldest, it isn't SDF.

Complaint form link

[lesterhv]

The correct link is http://www.wa.gov/ago/consumer/forms/ [wa.gov] not the ./form/ that was in the original link.

Re:This kind of crap will continue

[RGRistroph]

The "filter outgoing at border" mantra may apply to much of the current vandalism on the internet, but it's not going to stop it when administrators finally wise up and deal with it.

Here's a few links to the next level of annoyances:

• http://www.cs.berkeley.edu/~nweaver/cdc.web/ [berkeley.edu]
• http://blanu.net/curious_yellow.html [blanu.net]
• http://www.cs.berkeley.edu/~nweaver/warhol.html [berkeley.edu]

There will be no tracking back from a single trojaned box.

Re:You're missing the point

[dpalin]

SDF was involved each and every time these events occurred. There were a 3 different attacks in 3 weeks. There was a 4th attack that was short lived that we were not able to confirm was directed at SDF. What course of action would have been more realistic when 12 million packets per second started hitting our network? We took the action we could. I would have loved to have kept SDF as a customer. However had this continued I would have explaining to do to other customers (which I spent most of yesterday doing following the attack). Doug Palin CEO - NWLink