Does ATS need a fallout shelter? IP after DNS.

page: 1
13
<<   2  3 >>

log in

join

posted on Mar, 7 2013 @ 12:29 AM
link   
I am putting this in the survival section because this may be a usable idea for other website owners to help support IP communications during global communications disruptions, and attacks. I could have put it in board questions and business but decided not to.

The current web attack has got me thinking of an idea I have had running around in my head for a while.

A lot of the ATS people seem to take pride in prepping for any situation. But the ATS website seems ill prepared for a DNS shutdown/attack.

Some people think you can just type in the IP and you will get the website. That usually isn’t true. Some websites will allow it. A lot won’t. Including this site. And a lot of servers are hosting several websites, so they couldn’t even if they wanted to.

Currently If you type in the direct IP number for the ATS server, the server dumps you to a redirect to abovetopsecret.com. Which hits the DNS which drops you right back at the same server with the proper host name which causes the server to feed you the website.

Both you and me know that that process will not function if the DNS system is down. And I also know you don’t want the full website to show up if you type in the IP address because that will make search providers think that there is two identical websites with different names. That would cause you to lose rank on the search provider.

And idea has been running around in my head to solve both problems.

Instead of redirecting to The normal ATS site when someone enters via the direct IP address. Set the server to serve a single layer, single topic forum that is labeled “the fallout shelter”

The fallout shelter will not mirror the main website in any way, shape or form. That way, the search providers will not ding you. The link to the fallout shelter from the main site will be in the normal topics section, just like all the other topic sections on ATS. The only difference will be the link will have the server IP address instead of Abovetopsecret.com for the root address. Google will treat it as a link to a separate website, so it won’t ding ATS for duplicate websites. When the server sees a user coming in on the raw ip, it will serve the single layer forum which will function somewhat like any of the other topic forums.

People will be able to bookmark the fallout shelter. If a network or DNS attack or other issue does happen, people will still be able to make it to the fallout shelter to converse about the current situation, and distribute information. They will still be able to log on, post messages in that forum, and send and receive private messages without interacting with any DNS based stuff.

It would probably be lightly used, as it should be, until a global network attack did happen, then you would have someplace you could try and get to as long as you had a functioning connection between your computer and the ATS server.

They can use the fallout shelter to talk about any subject at hand while the situation is ongoing. When the situation clears, then you can move the threads to the relivent sections on the main site.

Or you could make it a dual use forum “fallout shelter/internet war forum” Because the only times you would be using that forum is if a major internet disruption was happening, or the subject was related to a major internet disruption, which would be good info to have during a major internet disruption.

I know you will probably dismiss the idea, but I am going to put it out there anyway.




posted on Mar, 7 2013 @ 12:36 AM
link   
reply to post by Mr Tranny
 


If they are taking out dns servers (a whole bunch it would have to be to be complete), then the IP will still work as the server side does the redirect.

If they're taking down the ats servers, then the IP will not work as the server is not up to service the request.

Either way, you're proposing a combination of the two which means no access at all to ats.



posted on Mar, 7 2013 @ 12:57 AM
link   

Originally posted by winofiend
If they are taking out dns servers (a whole bunch it would have to be to be complete), then the IP will still work as the server side does the redirect.


The server initiates the redirect, but the browser still needs DNS to follow through with the redirect.

When you type in the ip address. The browser sends a packet to (IP) with a destination host field of (IP). The server receives the packet and sees the host field and sees that it should redirect request coming in for that host. It sends a packet back to the browser that says “go to abovetopsecret.com” The browser Sends a request to the DNS for the IP address for abovetopsecret.com. The DNS server sends it the IP address it already has and tells the browser that that ip address is abovetopsecret.com The browser sends a new request to (IP) with the destination field of (abovetopsecret.com) The server sees the proper host name in the request, and sends the proper website.

The server may do the redirect, but the browser needs DNS to make the host name/IP match up.

That interaction will not work without DNS.

Having the server serve an emergency forum on incoming basic IP request will allow people to get to the server even when the DNS is down, but the server is still functioning. There can be a link on the emergency “fallout shelter” forum that will take them to the normal ATS. That link will function like a normal redirect. But that link will only work if the DNS system is working.

The IP address can be bookmarked for use if you can’t get to the normal ATS because of stated DNS problems..

Basic features like Personal messages and account settings should be available at the raw IP level from the “fallout shelter”
edit on 7-3-2013 by Mr Tranny because: (no reason given)



posted on Mar, 7 2013 @ 12:59 AM
link   
One forum site that I occasionally visit had so many problems with its server host a few years back that the moderators set up a "spare" forum site that people could visit to get news about the main site.
The spare, backup site didnt normally get much traffic at all, but just visits during times of main site downage.

So... in that same light, maybe somebody could setup a forum called ATSBUNKER (or similar).
Advertise it as an emergency fallout shelter... so if ATS goes down, users know where to go to get some news and info.



posted on Mar, 7 2013 @ 01:10 AM
link   

Having the server serve an emergency forum on incoming basic IP request will allow people to get to the server even when the DNS is down, but the server is still functioning


Even if you get to the server via direct IP if DNS for some reason is down, the site would have to be completely reconfigured. (at considerable cost)

When top level DNS fails everything is screwed.

ATS is the least of worries.



posted on Mar, 7 2013 @ 01:19 AM
link   
reply to post by Mr Tranny
 


Yes it most certainly does.
It wouldn't hurt.

S&F



posted on Mar, 7 2013 @ 01:33 AM
link   
reply to post by Zarniwoop
 


No, you don’t have to reconfigure everything. There is several ways it can be done without bothering the main site scripts.

They were already doing it a while back when they had BTS and ATS running from shared account databases and the like from a single server. Just differentiating the page they sent them based on requested host name.

With the way operated them as separate sites, and the way they folded ATS and BTS together, I am sure they already know how to do such a thing in very short order.



posted on Mar, 7 2013 @ 01:38 AM
link   
reply to post by Mr Tranny
 



No, you don’t have to reconfigure everything.


Coming from experience, I'd say... you do... big time

However, I don't know for certain how SO has the site laid out.



posted on Mar, 7 2013 @ 01:45 AM
link   

Originally posted by Mr Tranny
But the ATS website seems ill prepared for a DNS shutdown/attack.

We did very well.

How many other sites can stay up during sustained inbound requests over 700 megabits per second?

That's a traffic level more than 100 times our typical. And we had less than 20 minutes of total inaccessibility while the mitigation solution identified the source and blocked it.



posted on Mar, 7 2013 @ 01:47 AM
link   
I imagine if the DNS is down and you can still ping the web servers gateway directly. If it's alive then you can type the IP:80 will get you the default homepage.



posted on Mar, 7 2013 @ 01:54 AM
link   
reply to post by SkepticOverlord
 


That was DDOS and you did a great job


How would the site (or any site) do if top-level DNS went down? (again)



posted on Mar, 7 2013 @ 01:54 AM
link   

Originally posted by SkepticOverlord

Originally posted by Mr Tranny
But the ATS website seems ill prepared for a DNS shutdown/attack.

We did very well.

How many other sites can stay up during sustained inbound requests over 700 megabits per second?

That's a traffic level more than 100 times our typical. And we had less than 20 minutes of total inaccessibility while the mitigation solution identified the source and blocked it.


We are not talking about the same thing. This was a denial of service attack. I am talking about the Domain name server system being corrupted, or taken down. Apples to oranges here.

AKA the government hits the DNS kill switch.

Your site may be able to take 1TB per second of DDOS attacks, but if the DNS does not point to the server IP, then NO one can get anything.

Someone types in the IP, and your server will will direct them to the corrupt or missing DNS.
edit on 7-3-2013 by Mr Tranny because: (no reason given)



posted on Mar, 7 2013 @ 01:58 AM
link   
reply to post by sean
 


Your browser defaults to port 80. The ATS server will still hit you with a redirect even if you force port 80.



posted on Mar, 7 2013 @ 02:03 AM
link   

Originally posted by Zarniwoop
reply to post by Mr Tranny
 



No, you don’t have to reconfigure everything.


Coming from experience, I'd say... you do... big time

However, I don't know for certain how SO has the site laid out.


Create new scripting directory.
Load forum installation package.
Install forum in that directory.
Link forum to existing shared database server.
Set the server to Bind (raw IP host name) request to new directory instead of hitting request with a redirect.
Drink coffee.
Go home.



posted on Mar, 7 2013 @ 02:07 AM
link   
I don't understand why you think you need a DNS server if you already have IP address?

In fact, If I know your IP address I could use my hosts file to do the lookup and bypass DNS all together.

What am I missing?



posted on Mar, 7 2013 @ 02:15 AM
link   
reply to post by Mr Tranny
 


I know I was just using that as an example showing that peeps could append on end like that.



posted on Mar, 7 2013 @ 02:20 AM
link   

Originally posted by nothingwrong
I don't understand why you think you need a DNS server if you already have IP address?

In fact, If I know your IP address I could use my hosts file to do the lookup and bypass DNS all together.

What am I missing?


Yes, I can create a local lookup list.
That functionality is already built into my router so that all computers on the network can be served a custom list for specified hostnames.
I know how to set it to allow me to get into the ATS website even with the server's current configuration, even if the outside DNS is down.

But what is the percentage of other ATS users that can do the same thing with no real time or personal instructions on how to prepare to do so?

That is why I picked the name “fallout shelter” because if you have warning of what is going to happen, you can just catch a boat and head to Mexico before the bomb goes off. The fallout shelter is what you need to survive when you can’t get away, and have no extended warning.



posted on Mar, 7 2013 @ 02:21 AM
link   
reply to post by Mr Tranny
 



Create new scripting directory.
Load forum installation package.
Install forum in that directory.
Link forum to existing shared database server.
Set the server to Bind (raw IP host name) request to new directory instead of hitting request with a redirect.
Drink coffee.
Go home.


If it aint broke, don't fix it.

The changes you propose are needless and will surely break the site, at least during testing.

Bad idea.



posted on Mar, 7 2013 @ 02:30 AM
link   

Originally posted by Zarniwoop
If it aint broke, don't fix it.

The changes you propose are needless and will surely break the site, at least during testing.

Bad idea.



I am not saying that anyone has to do anything. I was just posting a little idea that was running around in my mind. If anyone wants to do anything with it, is totally up to them.

Everything is a cost benefit analysis.

It would take work to institute such a change.
The question is “Does that work outweigh any foreseeable benefits?”



posted on Mar, 7 2013 @ 02:34 AM
link   
reply to post by Mr Tranny
 


Sorry, you lost me there. What I don't understand is why I can't just type the IP address and get the site up when DNS is down. You talk about redirects, but if that were done to an IP address (I think it usually is) then why the need for DNS? It's like, if I have your phone number I don't need to look in the phone book. Even if you set your phone to forward all your calls, this would still work even if there were no phone books.......?

Even on a server running multiple web sites, each site would have a separate IP address. The IIS server for example would server the sight based on it's IP address, not it's host name.

So unless there is something new out there I am unfamiliar with (And there may well be, I am a couple of years out of date since leaving the industry) I remain confused.

PS - please don't think I am questioning your expertise, I am just trying to cure my confusion lol





top topics
 
13
<<   2  3 >>

log in

join