Between December 1, 2009 and now February 18, 2010 *our* (MLD/CMI/BeagleHost/RAW) servers have been under a massive load (load = Denial of Service (DoS), Syncronized DoS, Flood (scan, slam, spam, ping), Abuse (script/form injection) )
In the last five to ten days, individual blocks/bans have had to be removed resulting in a 5 fold abuse increase in approximately 7 days. On Feb 10th the 'load' had been reduced to approximately 1 Million connection attempts against the servers per day. After unlocking several repeatedly abusive ranges the connection attempts are in excess of 5 Million per day again.
The newest Problem: This is EXACTLY what drove google out of China. We (I) do not have 1/bazillionth of googles resources, if they could not continue we (I) certainly cannot. We (I) concede defeat and prepare to 'retire the field.'
The problem in layman's terms: No amount of equipment can keep a list of over 2 Billion abusers active and 'in check.'
Let us say, for example, that User1 has a friend who emails them regularly.
User1s-Friend has a laptop that is generating 'abuse' (it could be virus infected, or p2p software installed etc)
User1s-Friend goes to WIFI Spot Coffee Shop and connects to their wireless internet, laptop generates abuse from coffeeshop
coffeeshop after abusing ourservers gets a ban for 10 days - autogenerated by ourservers to protect from the abuse
user1 has another business associate who happens to be in-town and sipping java at coffeeshop
user1s-associate cannot access ourservers because of the ban
The ban must now be manually removed - and what if User1s-Friend is still in coffeeshop?
There is no solution. We currently are limited by technology (cisco/ms have not invented the 10-billion-abuse-firewall yet) and the firewall would be absolutely useless in the coffeeshop scenario given above. Using the 'more information' that may or may-not be available (like computer name or mac address + ip4 and ip6 addressing) would require a front-end firewall with approximately 10-billion(to the 10-billionth power) amount of active data storage. A US$60,000,000 movie-rendering (rack/bladecenter/cloud/cluster/distributedwhatever) might take 2 to 3 days to decide statistically if variablecomputername-variableLANip4/6-variableWANip4/6 is 'safe' to connect to ourservers. You cannot delay network connections 2-3 days in the real/virutal world. Since problem/discussion previous exists - the only solution is to disable all security and deal with all servers being abused and 'taken down' 100s of times per day. Google's problem with China was made more complex by the fact that google-associate was abusing google, getting a ban and then calling google and saying 'you banned me. Unban me.' Then, continuing the abuse - totally using up 'the resources' (man and machine).
So, do the 'bad guys' win? Unfortunately, sometimes, in this world, yes.
Is there anything we can do about it?
* Not much.
* Retire the domain name under attack for 'a time' and see if 'dead air' for a while stops 'their efforts.'
* For SPAM and D.O.S. attacks we (MLD/CMI/Beagle) have 'retired' over 50 domains and 1,000s of email addresses since 1994.
* There are rumors floating about that the 'United States Security Entities' have some form of 'access and/or control' over all internet traffic across the territorial lines. These are matters of U.S. National Security (*) - so you might have some luck petitioning your representatives in Congress to see if the U.S. Government could do anything about the 'Denial of Service' problem(s) originating in countries outside of the U.S. Over 80% of the abuse suffered by MLD/CMI/Beagle and our customers originates in foreign countries. *Foriegn 'Entities' using 'means' (electro-mechanical devices) to deny a U.S. Citizen or 'Business Entity' of their right to commerce is an 'action of war' and you may have some recourse or discussion with your Congressional representatives on that level. DO NOT expect that the Congress will declare open hostilities or war with (.de, .jp, .cn, .cz) because they do not 'police' their internet use/abuse to our satisfaction, or, in fact, any better than we do. A few SPAM email(s) every day probably does not warrant your Congress' attention, those few of you that have suffered DDoS might compare a 'Denial of Service' in e-space to a 'blockade' of your enterprise's shipping.