A denial of service attack could ruin our well laid plans for a political coup on the 16th. Campaign's tech guys should have a plan to deal with this.

Bump this for a day or two. ;)

Let's not make suggestions to the opposition.

Its so obvious it doesnt matter if its said... but you are right, it is a concern and I hope plans are made in advance

how does one prevent this?

Wait. Why would any self-respecting person capable of launching a DoS attack support one of the other GOP candidates? :p

Let's not make suggestions to the opposition.

I'm sure that everyone has already thought of this.

...except for maybe the official campaign.

Personally, I think it's better for us to talk about this problem frankly, so that we can minimize the damage, and not trust to security by obscurity. At the bare minimum, the campaign needs to have (1) geographically isolated mirrors on separate backbone networks, and (2) some alternate registered domains handy, so in case a really concerted DDOS attack is launched, the official site can be brought back up at a fresh address.

With the money we've raised and the amount they stand to raise on the 16th, I think that they might be able to afford it. :rolleyes:

bump

This is VERY important and is not giving our adversaries ideas. DOS attacks are quite common (and highly illegal). Site developers I am sure have considered this; one possible measure is to have a duplicate site (url not given out unless an attack is underway). Best way is to secure teaparty07 on the back end by being stingy with resources made available to each IP (also this means we absolutely need to control ourselves and not keep refreshing the page every 5 seconds!!:o)

Shoot- it just occured to me that we do not donate through the teaparty page but to the campaign's site!!! Anyone who is a good database securer needs to contact HQ!

With proper security measures in place, (such as an adequate firewall for example) would eliminate this problem.

It's really nothing to worry about unless it's being hosted on somebody's home server, etc.

A dos attack is actually not a good idea as they are easily trackable. Any campaign tied to one of these even by supporters would be disastrous for them wit the negative media it would get. The only one that could get away with doing this would be Hillary as a scandal there is but a blip.

With proper security measures in place, (such as an adequate firewall for example) would eliminate this problem.

It's really nothing to worry about unless it's being hosted on somebody's home server, etc.

Uh.... no, it definitely could be a problem.

Just as we assume the opposition is responsible for the spam being sent promoting RP, people definitely have access to huge networks of infected computers capable of monstrous DoS attacks.

If something like yahoo.com can be DoS'd offline for hours at a time, surely RP08 can be as well.

Well, as for myself. If the site is down on the 16th, I pledge to donate what I would've anyways as soon as the site becomes available again. I hope that everyone else here does the same!

I sent a PM to the swordofshannarah suggesting he put the phone number up on the website incase ronpaul2008.com has issues.

someone else mentioned they are working with the campaign to have a mirror site in case of problems

they are hosted on rackspace, so I'm not that worried.

either way we can still donate through the phone, just make sure we all know 1-800-ron-paul

There are enough whitehats involved in this campaign to make sure that doesn't happen, and if it did, it would only happen for a very brief time.

DoS attacks can be handled quite effectively these days.

how does one prevent this?

You need to communicate with your hosting provider and anyone upstream of them... likely a business class ISP. You work with them to filter and redirect packet spam... it's not very easy and most ISP's simply "unresolve" your domain until the attack stops to prevent the larger network from suffering. Very few ISP's are proactive about protecting against DDoS attacks, which is why large businesses collocate their website across several datacenters in different parts of the country.

In short, the easiest way is to expect it and notify your ISP.

Well, here is your chance to shine RackSpace.

We are watching. :)

Keep the mailing list separated so it can be mailed from another location. Easy.

bump

I started talking with the campaign on setting up multi-site redundancy/load balancing which would also help against this as well as power failures etc.

Waiting to hear back from them... they might be doing background check on me first or at least googling. :)



A denial of service attack could ruin our well laid plans for a political coup on the 16th. Campaign's tech guys should have a plan to deal with this.

Bump this for a day or two. ;)

Wait. Why would any self-respecting person capable of launching a DoS attack support one of the other GOP candidates? This.

If anything, the 1337 h4xx0rz out there are Paul supporters.

This is probably mostly true. ...there have been cases when candidates hired communications companies to phone jam etc. There's been cases of that and some people have gotten busted for it. So it's not too far fetched. As someone said though, people will still donate as soon as the site is back.

So Ron will still have a huge quarter, and an attack on the web site might just get it MORE press.




This.

If anything, the 1337 h4xx0rz out there are Paul supporters.

So Ron will still have a huge quarter, and an attack on the web site might just get it MORE press.

This is absolutely true.

RackSpace does have Preventier™ DDoS Mitigation (http://www.rackspace.com/products/security/preventier.php). Who knows, maybe the campaign already has this and their Firewall Service (http://www.rackspace.com/products/security/firewalls.php). I would hope so all things considered - not just for the 16th.

With proper security measures in place, (such as an adequate firewall for example) would eliminate this problem.

It's really nothing to worry about unless it's being hosted on somebody's home server, etc.

This is wrong.


A dos attack is actually not a good idea as they are easily trackable.

This is wrong.


There are enough whitehats involved in this campaign to make sure that doesn't happen, and if it did, it would only happen for a very brief time.

This is wrong. Remember how a measly power outage took us down this week?


DoS attacks can be handled quite effectively these days.

This is wrong, unless you are very well-prepared.


Uh.... no, it definitely could be a problem.

Just as we assume the opposition is responsible for the spam being sent promoting RP, people definitely have access to huge networks of infected computers capable of monstrous DoS attacks.

If something like yahoo.com can be DoS'd offline for hours at a time, surely RP08 can be as well.

This is absolutely right. If there really is a conspiracy by powerful interests to keep our candidate from being elected, this sort of thing could happen. You can pay people in Russia and China to make these things happen.


I started talking with the campaign on setting up multi-site redundancy/load balancing which would also help against this as well as power failures etc.

Thank you. This is what needs to be done, and we need to make sure that the campaign does it. We cannot underestimate just how important Dec. 16th is to the campaign; it would be negligent for them not to prepare for these sorts of exigencies.

Wait. Why would any self-respecting person capable of launching a DoS attack support one of the other GOP candidates? :p






Paid mercenaries like blackwater.

This is wrong. Remember how a measly power outage took us down this week?


We can't echo a power failure to stop it, the same is not true of the case in point.

server admin, please check if this is really chris matthews. :)

Don't let MSNBC know you're violating your "no Ron Paul support/discussion" contract amendment they forced you to sign.

Edit: or is it a 20:1 Hillary to Ron Paul ratio you must maintain? heh


We can't echo a power failure to stop it, the same is not true of the case in point.

bump

they are hosted on rackspace, so I'm not that worried.

Good to know they went for quality.
Does Rackspace offer clustered servers with load balancing?

bump

I called the campaign about this... I had gotten a call back from Justine at the campaign and she said she forwarded it to the "vp of communications", I have not heard back from them yet.

I was proposing doing mirroring to my data center in NH and also possibly doing some local media up here since me and my company have been featured in local papers a few times in the past and have had press releases printed etc.

I also hosted US Senator Judd Gregg's 2004 (R-NH) campaign site up here too. Maybe a clash between Paul and Gregg's political views/actions has something to do with the slow reply? Although I just hosted the site, didn't officially endorse any his politics, so that should not matter.

What fcofer said.

Typically done by bot-networks, tons of IPs, all zombie machines, no traceable links back to central operations without a ton of work, if it's even possible technically, and even then the perpetrators are usually in any number of foreign countries that have less than robust legal infrastructure to deal with these types of issues.

There are only one or two paid hosting companies that are any good at dealing with DDoS attacks, and they are rather specifically advertising themselves for that capability, and RackSpace is not one of them.

Having clustered servers or multiple locations is great for any number of reasons but does not generally help the issue unless you are really large in scale, and by that point you're probably dealing with mini-DDoS's on a semi-regular basis. A full fledged assault however can still cause issues. But the people who have the capability know they have a limited resource and use it as best they can, and don't waste it - extorting small companies is far easier, and using the zombies for spamming and click-fraud is far more more productive use of the bot network and doesn't lead to focused investigations by large companies and government agencies.

DDoS can be dealt with successfully but typically for small groups the best method is prevention - don't piss off the wrong people and don't be a good target for extortion and never ever pay if you are.

how does one prevent this?

Firewall with filters and a backup site with servers. There are a number of possible attacks possible, so depending on what it is, a good firewall should be used so that DOS attack can be repelled. If the server its self is under attack or break in, a backup site can be brought up in minutes or even seconds.

The campaign would be best served by going with a large ISP and a datacenter that can handle that kind of issues. It would be prohibitively expensive to try and implement something one off for an event.

I sent an email to the campaign yesterday asking them if they were taking appropriate website precautions for Dec 16th for website crashes due to traffic overload or intentional website attacks. I also advised, well kind of insisted actually, that the website administrator be on hand all day to monitor the website in case of problems.

I have yet to hear back.

I fully expect an intentional attack on the website for the money bomb. I hope they are taking this very seriously and have a plan to avoid this.

I don't expect much of an attack actually. Still, no reason not to take precautions. Also, RackSpace had a major power outage that took the site down. Multiple sites and proper DNS configuration would have prevented it.



I sent an email to the campaign yesterday asking them if they were taking appropriate website precautions for Dec 16th for website crashes due to traffic overload or intentional website attacks. I also advised, well kind of insisted actually, that the website administrator be on hand all day to monitor the website in case of problems.

I have yet to hear back.

I fully expect an intentional attack on the website for the money bomb. I hope they are taking this very seriously and have a plan to avoid this.

Do you think a email bomb to the campaign is necessary to express the seriousness of this?

Point the DNS for ronpaul2008.com to 127.0.0.1 for a dozen minutes and watch the attackers DDOS themselves. :D

I just got this chat from Rackspace:

Chat InformationWelcome to Rackspace. My name is Thomas and I am a Live assistant. How may I help you today?
Thomas: Hello, what brings you to our site today?
you: Hi I am just loking at your DDoS tool
Thomas: Great. Let me know how I can help
you: Are you prepared for December 16th
Thomas: I am not sure I understand your question
you: For Ron Paul
Thomas: :)
Thomas: I see.
you: You need to be prepared for a DOS attack
you: :)
Thomas: We have security measures in place
you: I hope you have someone on staff that day specifically for this event
you: A DOS attack is a very real possibility
Thomas: Due to the high profile of many of our customers, this is an everyday importance that we must be prepared for
you: okey dokey, i appreciate your time
Thomas: No problem. Thanks for the heads up
Thomas: we don't take this lightly
you: thank you
Thomas: No problem
Thomas: Have a good holiday
you: You as well!
Thomas: thanks

IMO it shouldn't matter. DOS attack on a candidate will give press, and people would just donate their money the next day. No biggie.

with this media you never know, they may use that as an excuse not to cover it. However, most people who decide to donate, if they can't due to DDoS, they will most likely come back later to donate, but it may ruin the days totals etc.

So DDoS wont hurt the campaign all that much but it could hurt the 24 hour totals.

STILL, mirroring should be set-up, since hardware failures, network issues and a ton of other problems could cause an outage and simple mirroring of the web site would prevent it.


IMO it shouldn't matter. DOS attack on a candidate will give press, and people would just donate their money the next day. No biggie.

how does one prevent this?

One prevents it by having an active security team/hacker(s)(person(s)) who is/are knowledgeable enough to track the source and deal with the problem quickly.

I'm sure they are working on all of this. ;)

And, it would have to be into the gigs of data to even touch rp2008. Not many opponents can muster such an effort. I doubt anyone from an opposing campaign would be willing to risk such a black hat operation. Although the site certainly can be overloaded, so they need to work on load balancing, mirroring, and such things like that.