Re: ddos in Site Bugs

Re: ddos in Site Bugs http://www.dslreports.com/forum/r20312842 en Sun, 29 Nov 2009 16:40:21 EDT Sun, 29 Nov 2009 16:40:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20430105 nil : No.. no ddos. Should be better soon. ]]> http://www.dslreports.com/forum/remark,20430105 Sun, 04 May 2008 13:29:58 EDT Re: ddos http://www.dslreports.com/forum/remark,20430100 Turbocpe : Is there another ddos in progress? I'm having a lot of issues browsing BBR (12:25PM CT). I'm either getting a lot of construction errors, or very large delays between pages. I'm not having any such issue with any other website at the moment.]]> http://www.dslreports.com/forum/remark,20430100 Sun, 04 May 2008 13:27:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20424018 justin : probably. Pretty weak as a technique though.]]> http://www.dslreports.com/forum/remark,20424018 Fri, 02 May 2008 23:01:33 EDT Re: ddos http://www.dslreports.com/forum/remark,20421649 Gwellin : I wonder, is this from the same DDOS people, now trying to discredit BBR? »Free Internet Access At DSLReports.COM
--
Here to help all those in need, whenever I can.]]> http://www.dslreports.com/forum/remark,20421649 Fri, 02 May 2008 14:21:22 EDT Re: ddos http://www.dslreports.com/forum/remark,20389631 rawgerz : I am getting a lot of "server reset connection" pages in firefox after this whole mess started..]]> http://www.dslreports.com/forum/remark,20389631 Sat, 26 Apr 2008 01:20:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20388142 KCrimson : Since my address doesn't appear, I'd assume that they'd have to have been hammering pretty hard! :) I was trying the IP address and every combination of www2, 3, 4, up to about 10!
--
Happy With What I Have To Be Happy With]]> http://www.dslreports.com/forum/remark,20388142 Fri, 25 Apr 2008 19:30:48 EDT Re: ddos http://www.dslreports.com/forum/remark,20388082 justin : I'd have to check the logs to make sure they were not users hammering on the door and getting blacklisted, before getting anyone into trouble.]]> http://www.dslreports.com/forum/remark,20388082 Fri, 25 Apr 2008 19:19:20 EDT Re: ddos http://www.dslreports.com/forum/remark,20387488 KCrimson : I'm pretty certain that the following IP's from the list are FiOS IP addresses, and those addresses don't change but once every 10th blue moon. I can't say for ABSOLUTE certain that they're all FiOS, but my own address falls within the 96.232.xxx.xxx region,and after the list I'm pasting the ARIN WHOIS database information for the entire block of addresses. It would seem to me that if they ARE domestic US FiOS zombies, they are particularly dangerous to us all, with their high bandwidth potential for DDOS attacks.
What do you think - should I/we report these back to abuse@verizon.net? I'm sure a concerted request, or one from DSLR itself might receive more attention.

96.224.12.118 Sat Apr 19 15:07:05 2008 UTC
96.224.12.38 Sat Apr 19 15:08:49 2008 UTC
96.224.14.176 Sat Apr 19 14:01:10 2008 UTC
96.224.4.220 Sat Apr 19 15:15:58 2008 UTC
96.232.212.89 Sat Apr 19 12:44:05 2008 UTC
96.232.214.26 Sat Apr 19 18:37:07 2008 UTC
96.232.218.148 Sat Apr 19 14:08:55 2008 UTC
96.232.25.217 Sat Apr 19 15:49:07 2008 UTC
96.246.45.119 Sat Apr 19 11:37:52 2008 UTC
96.246.72.21 Sat Apr 19 15:01:34 2008 UTC
96.246.74.15 Sat Apr 19 16:26:41 2008 UTC

OrgName: Verizon Internet Services Inc.
OrgID: VRIS
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US

NetRange: 96.224.0.0 - 96.255.255.255
CIDR: 96.224.0.0/11
NetName: VIS-BLOCK
NetHandle: NET-96-224-0-0-1
Parent: NET-96-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLATLANTIC.NET
NameServer: NS2.BELLATLANTIC.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
Comment:
RegDate: 2006-12-29
Updated: 2007-10-31

OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: abuse@verizon.net

OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: 800-243-6994
OrgTechEmail: IPNMC@gnilink.net
--
Happy With What I Have To Be Happy With]]> http://www.dslreports.com/forum/remark,20387488 Fri, 25 Apr 2008 17:36:02 EDT Re: ddos http://www.dslreports.com/forum/remark,20381933 robertfl : site is very fast again, kudos to those stopping this bullshit.

-rob]]> http://www.dslreports.com/forum/remark,20381933 Thu, 24 Apr 2008 19:32:16 EDT Re: ddos http://www.dslreports.com/forum/remark,20378274 Mele20 : I just posted about the bad link and came back to the forum and now it is ok. Good. :) Disregard earlier post. ]]> http://www.dslreports.com/forum/remark,20378274 Thu, 24 Apr 2008 09:02:40 EDT Re: ddos http://www.dslreports.com/forum/remark,20378270 Mele20 : err..the link is bad and I want to read it!

]]> http://www.dslreports.com/forum/remark,20378270 Thu, 24 Apr 2008 09:02:37 EDT Re: ddos http://www.dslreports.com/forum/remark,20378260 justin : »Experiences with DDOS mitigation - Part I]]> http://www.dslreports.com/forum/remark,20378260 Thu, 24 Apr 2008 07:18:41 EDT Re: ddos http://www.dslreports.com/forum/remark,20372368 justin : the ultimate botnet needs to be indistinguishable from real traffic to succeed. That means the bot members don't flood, they don't have stupid user-agents. They follow redirects. They accept cookies. They request real lots of real URLs.

With enough members distributed globally that would be very hard to defend against.]]> http://www.dslreports.com/forum/remark,20372368 Wed, 23 Apr 2008 01:47:49 EDT Re: ddos http://www.dslreports.com/forum/remark,20372358 djr777 : 'Ragtag' Russian army shows the new face of DDoS attacks

BlackEnergy
One weapon used in these most recent raids is a tool called BlackEnergy. It doesn't rely on the more primitive IRC protocol, doesn't scan for new hosts to infect and is cloaked in a rootkit, making it hard for users or security researchers to detect. A graphical interface makes it easy for hackers to configure and it is designed solely for carrying out DDoS attacks, Nazario says.

More than three dozen servers have been detected as command and control centers for BlackEnergy, and because the tool is available for $40 the number could grow, Nazario says. HTML-based bots like BlackEnergy are harder for security professionals to detect and stop because the data they generate looks similar to web traffic.
»www.theregister.co.uk/2008/01/04···of_ddos/
--
...there will be an answer. let it be]]> http://www.dslreports.com/forum/remark,20372358 Wed, 23 Apr 2008 01:45:25 EDT Re: ddos http://www.dslreports.com/forum/remark,20365892 SkellBasher :

said by justin

:

But a modern ddos attack is much more subtle and involves so many machines that data centers are not (as I understand it) often able to do much more for you.

This is correct. Defending against the types of attacks being seen here requires some specialized equipment and tools that generally aren't available.]]> http://www.dslreports.com/forum/remark,20365892 Mon, 21 Apr 2008 22:37:57 EDT Re: ddos http://www.dslreports.com/forum/remark,20360921 SND2005 :

said by justin

:

But a modern ddos attack is much more subtle and involves so many machines that data centers are not (as I understand it) often able to do much more for you.

That is why services like ProxyShield cost $1000/month on up and sell to people located in any data center. Go google it up and read what they offer, then wonder if your own webhost would offer the same thing for free? (or nac.net for that matter).

Ouch!! That is damn expensive. Point taken. Too bad they don't offer a "pay as you use it" option..they wouldn't make any money that way though.

I saw in another thread that you were looking at some Apache modules, is this the only other viable solution other than throwing serious amounts of cash at it?

Your doing a great job btw ;-) not trying to question your judgment.. I think this entire ordeal has been eye opening for regular visitors of the site.]]> http://www.dslreports.com/forum/remark,20360921 Sun, 20 Apr 2008 23:29:35 EDT Re: ddos http://www.dslreports.com/forum/remark,20360804 justin : yes I am paying but smart DDOS prevention costs extra, and most colocs do not even offer it, because it requires some experts, a lot of hardware, and baby sitting.

so most coloc does dumb ddos protection: they can place a few upstream filters for you by request (such as: block all ICMP please. Block all udp please). They can identify one or two hosts that are flooding you, by inspection of data volume, and filter them.

But a modern ddos attack is much more subtle and involves so many machines that data centers are not (as I understand it) often able to do much more for you.

That is why services like ProxyShield cost $1000/month on up and sell to people located in any data center. Go google it up and read what they offer, then wonder if your own webhost would offer the same thing for free? (or nac.net for that matter).]]> http://www.dslreports.com/forum/remark,20360804 Sun, 20 Apr 2008 22:59:32 EDT Re: ddos http://www.dslreports.com/forum/remark,20360774 Lanik :

said by SND2005

:

If you are paying nac.net to provide connectivity, ...

That's the thing I don't think justin

is paying. :)
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,20360774 Sun, 20 Apr 2008 22:53:06 EDT Re: ddos http://www.dslreports.com/forum/remark,20360727 SND2005 : justin

, I'm confused a bit here.

If you are paying nac.net to provide connectivity, wouldn't the responsibility of addressing connectivity issues rest with them? If the BBR site is limited to a single patch cable worth of bandwidth, how could you ever hope to fight off a serious attack? (I understand that a good web admin would always try and help..)

I'm no expert, but shouldn't the provider employ some type layer or "buffer" between the site and malicious traffic? Is deep packet inspection ("DPI") of any use? What do big sites like microsoft.com or cnn.com do in situations like this? ]]> http://www.dslreports.com/forum/remark,20360727 Sun, 20 Apr 2008 22:41:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20358085 Nsane_iceman :

said by Matt

said by Nsane_iceman

:

As a side note...

If you have a Linksys PAP2 use a password for it. It has your name(Mr. Jazayeri), location (CA, USA), call(s) (12136129xxx) made on the webadmin page.

Please keep in mind the most of these computers are likely not willing participants in this attack and probably don't even know they have been rooted. They are zombie computers being controlled by someone nefarious, so don't log into their device and use the information for any reason. Especially don't post it in a public forum.

Log into their devices and change their gateway sure ... to stop that device from attacking, but posting or using personal information makes you no better than the zombie controller.

Fully aware of how botnets work and the ideas behind them.

Used to be part of it all back in 2001-2002 when Windows XP came out and most everyone still had the admin account without a password. Tons and tons for EDU computers were good for IRC bots to xdcc movies or act as a FTP to transfer the .rar files around.

Posted a little information, but it is not the full information.

**edit**
Maybe someone didn't know that you could see a name, location, and last calls when viewing the webadmin page of the Linksys PAP2...]]> http://www.dslreports.com/forum/remark,20358085 Sun, 20 Apr 2008 10:34:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20358045 Nsane_iceman : Not really.
It looks like whatever hole the bot got into is now closed, and each computer has port 23 (telnet), 80(http), and 443(https) open. So it looks like these bots are secure, unless in the scanning I find one that was not secured so well and then I can poke myself in there and find that .exe...
--
Avatar by: dandelion | Disarm you with a smile. | Tell me, tell me what you're after. I just want to get there faster.]]> http://www.dslreports.com/forum/remark,20358045 Sun, 20 Apr 2008 10:20:32 EDT Re: ddos http://www.dslreports.com/forum/remark,20357959 nil : The behavior of the stragglers is consistent with lack of a central command machine and peer-to-peer communication.
--
Life is too short to be boring]]> http://www.dslreports.com/forum/remark,20357959 Sun, 20 Apr 2008 09:53:44 EDT Re: ddos http://www.dslreports.com/forum/remark,20357954 elias :

said by TKJunkMail

said by robertfl

:

this will probably get worse when people "upgrade" to vista and their lack of security.

Vista is more secure than Windows/XP and as secure as a Mac system. Where did you come up with the idea that Vista is less secure?

UAC's Continue or Cancel prompt (especially without requiring a password) is not as secure as sudo (and requiring a password) in MacOS and *NIX.]]> http://www.dslreports.com/forum/remark,20357954 Sun, 20 Apr 2008 09:52:12 EDT Re: ddos http://www.dslreports.com/forum/remark,20357941 justin :

quote:
put the number at closer to 20,000. Dittrich estimates that the size of the Nugache network was roughly equivalent to Enright's estimates for Storm.

well if it was one of those two, then it grew by a factor of 5 since the research. I identified 60k IPs and I wasn't logging for the entire period, only half the period..]]> http://www.dslreports.com/forum/remark,20357941 Sun, 20 Apr 2008 09:48:05 EDT Re: ddos http://www.dslreports.com/forum/remark,20357899 jonnyz : This is a very good article on DoS/DDoS:
»vayner.net/dos/dos.html

This looks like what DSLR could have been hit by:
»searchsecurity.techtarget.com/ne···,00.html
If somebody really doesn't like us, they can easily rent a botnet that did the type of damage seen here.

Also, I remember reading this article about a DoS attack on grc.com and found it very interesting (if a bit over the top as well):
»www.crime-research.org/library/grcdos.pdf
--
Join the RC5 team.]]> http://www.dslreports.com/forum/remark,20357899 Sun, 20 Apr 2008 09:32:12 EDT Re: ddos http://www.dslreports.com/forum/remark,20357071 Mele20 :

said by rawgerz

:

So I guess that DSLR won't ever be pingable again?

You can use Ping Plotter's TCP engine. ]]> http://www.dslreports.com/forum/remark,20357071 Sun, 20 Apr 2008 01:30:19 EDT Re: ddos http://www.dslreports.com/forum/remark,20356938 justin : I've pulled the list of IPs that were identified as members of the net, timestamped by the time they were first spotted and active. There are over 69,000 of them.

»/front/ddos-apr19-utc.txt

Obviously as time goes on this list is less and less likely to be the current botnet as most are on dhcp/ppp connections.]]> http://www.dslreports.com/forum/remark,20356938 Sat, 19 Apr 2008 23:08:22 EDT Re: ddos http://www.dslreports.com/forum/remark,20356871 rawgerz : So I guess that DSLR won't ever be pingable again?

I can't help but wonder if hosting companies are behind such attacks to get more money from their clients :uhh:
--

You can't make all the people happy all of the time. But it should be common sense to shoot for the majority.]]> http://www.dslreports.com/forum/remark,20356871 Sat, 19 Apr 2008 22:51:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20355734 robertfl : from various sources. ]]> http://www.dslreports.com/forum/remark,20355734 Sat, 19 Apr 2008 18:19:10 EDT Re: ddos http://www.dslreports.com/forum/remark,20355358 nil : It could just be a prelude to a new attack and switched tactics, but yes, it appears to have greatly subsided. Still seeing some residual traffic, but not nearly in the same league as before. ]]> http://www.dslreports.com/forum/remark,20355358 Sat, 19 Apr 2008 16:38:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20355353 TKJunkMail : Looks like the DDos has subsided for now. The green is inbound traffic to dslreports and current time is on the left & earlier times on the right of the graph. The blue line is outbound traffic to clients.

--
My BLOG .. .. Internet News .. .. My Web Page]]> http://www.dslreports.com/forum/remark,20355353 Sat, 19 Apr 2008 16:35:11 EDT Re: ddos http://www.dslreports.com/forum/remark,20355318 TKJunkMail :

said by robertfl

:

this will probably get worse when people "upgrade" to vista and their lack of security.

Vista is more secure than Windows/XP and as secure as a Mac system. Where did you come up with the idea that Vista is less secure?
--
My BLOG .. .. Internet News .. .. My Web Page]]> http://www.dslreports.com/forum/remark,20355318 Sat, 19 Apr 2008 16:25:41 EDT Re: ddos http://www.dslreports.com/forum/remark,20355265 robertfl : like i said before, i wonder if each host realizes their pc is doing this? (why we get so much spam in our inbox)

thanks to false protection from norton and macafee who only care about their bottom line, this will probably get worse when people "upgrade" to vista and their lack of security.

internet security should be a basic requirement for each person to learn before they plug in. but it's not.

-Rob]]> http://www.dslreports.com/forum/remark,20355265 Sat, 19 Apr 2008 16:15:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20354641 Nemokrad :

said by 81399672

:

A lot of them are in Russia. Good luck ever getting them shut down.

The point is not to get the bots to shut down one by one, but to find out how they are being controlled (via IRC, etc) and see what can be done to interrupt the control of them.
--
"To create a new standard takes something that's not just a little bit different. It takes something that's really new and captures people's imaginations. Macintosh meets that standard." -- Bill Gates]]> http://www.dslreports.com/forum/remark,20354641 Sat, 19 Apr 2008 13:33:01 EDT Re: ddos http://www.dslreports.com/forum/remark,20354590 Matt :

said by Nsane_iceman

:

As a side note...

If you have a Linksys PAP2 use a password for it. It has your name(Mr. Jazayeri), location (CA, USA), call(s) (12136129xxx) made on the webadmin page.

said by Nemokrad

said by Nsane_iceman

:

If you will PM me the IPs. I will see if I can get the .exe or config to find where they are gathering and shut em down.

Any luck with that?

A lot of them are in Russia. Good luck ever getting them shut down. ]]> http://www.dslreports.com/forum/remark,20354578 Sat, 19 Apr 2008 13:11:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20354573 Nemokrad :

said by Nsane_iceman

:

If you will PM me the IPs. I will see if I can get the .exe or config to find where they are gathering and shut em down.

Any luck with that?
--
"To create a new standard takes something that's not just a little bit different. It takes something that's really new and captures people's imaginations. Macintosh meets that standard." -- Bill Gates]]> http://www.dslreports.com/forum/remark,20354573 Sat, 19 Apr 2008 13:08:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20354519 ureihcim : No, thank you.]]> http://www.dslreports.com/forum/remark,20354519 Sat, 19 Apr 2008 12:51:16 EDT Re: ddos http://www.dslreports.com/forum/remark,20354510 justin :

said by ureihcim

:

It looks like you got things now under control since I talked to you at 2AM.

I will now take the temp forum offline, and good luck.

thanks helping out..]]> http://www.dslreports.com/forum/remark,20354510 Sat, 19 Apr 2008 12:49:40 EDT Re: ddos http://www.dslreports.com/forum/remark,20354498 ureihcim : It looks like you got things now under control since I talked to you at 2AM.

I will now take the temp forum offline, and good luck. ]]> http://www.dslreports.com/forum/remark,20354498 Sat, 19 Apr 2008 12:44:44 EDT Re: ddos http://www.dslreports.com/forum/remark,20354343 justin : don't worry about it, security via obscurity is never a very good strategy anyway.]]> http://www.dslreports.com/forum/remark,20354343 Sat, 19 Apr 2008 12:04:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20354334 Doctor Olds :

said by djr777

:

I did it.
But the pub is for registered members only. It can't be accessed unless you are a member so if the member was the culprit he already had this info as well.

If the Site Mgmt wanted the notice published in the Pub or any other "must be registered to read" Forums (registration is free after all), then they would have placed a sticky in each of those Forums as common sense dictates, but since they didn't and they instead chose to spread "the word" by another way that means that no-one should have re-posted the info.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,20354334 Sat, 19 Apr 2008 12:01:57 EDT Re: ddos http://www.dslreports.com/forum/remark,20354258 djr777 :

said by Shrapnel64

said by jabarnut

:

Just a reminder...I've seen many registered users posting the alternate addresses for BBR.

One person even posted the entire site announcement from yesterday, intended for registered members only. :uhh:
They have since been edited out, but a little common sense may go a long way.

I did it.
But the pub is for registered members only. It can't be accessed unless you are a member so if the member was the culprit he already had this info as well. But just in case I edited it. Live and learn. If an extra computer is needed in anyway to trace or watch other computers mine is available.
--
...there will be an answer. let it be]]> http://www.dslreports.com/forum/remark,20354258 Sat, 19 Apr 2008 11:45:10 EDT Re: ddos http://www.dslreports.com/forum/remark,20354205 OSUGoose : no we dont (at least i)]]> http://www.dslreports.com/forum/remark,20354205 Sat, 19 Apr 2008 11:30:29 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20354180 OSUGoose : and to think i was just about to call you David. Herd about the layoffs then couldent access the site and in some trange way thought T thought somehow they owned the site and shut it down/blocked it.]]> http://www.dslreports.com/forum/remark,20354180 Sat, 19 Apr 2008 11:22:39 EDT Re: ddos http://www.dslreports.com/forum/remark,20354101 Amethyst : Glad to see the site back on!

Condolences on having to deal with scum-of-the-earth armed with technology... it's a pretty sad state of affairs.]]> http://www.dslreports.com/forum/remark,20354101 Sat, 19 Apr 2008 11:00:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20354093 Kibbles :

said by justin

:

no need for secrecy.

the current blacklist is
»/front/blackli···rted.txt

all were collected in the last 2 hours.

Hmm..those IP's look like the same ones that send out e-mail spam?]]> http://www.dslreports.com/forum/remark,20354093 Sat, 19 Apr 2008 10:59:09 EDT Re: ddos http://www.dslreports.com/forum/remark,20354091 DonG : Justin,

THANK YOU for this site and for your hard work in keeping it going!

Sure hope Internet protocols and computer security get BETTER in the future, so attacks like these become a thing of the past. Not to mention FINING ISPs that let these kind of attacks run through their servers without catching them!

The poor idiots who's computers are being used for this kind of stuff, without their knowledge, need to "get a clue" and put firewall software with outbound protection on their systems NOW!

Sure wish there was some way of contacting the individuals to let them know their computer is INFECTED and being used for illegal activity by a third party.

Keep up the great work Justin!]]> http://www.dslreports.com/forum/remark,20354091 Sat, 19 Apr 2008 10:58:35 EDT Re: ddos http://www.dslreports.com/forum/remark,20354042 Rogue Wolf : Jeez oh man, Justin, someone must've kicked a hornet's nest somewhere to start up this mess. Did you not tip your cabbie or something? ;)

I've learned enough (mostly from this site) to understand the how of what's going on, but for the life of me I'm lost as to the why. This is far too strong and long-lasting an attack just to be the revenge of some snert from the forums, but there's been no type of demands from anyone like you would expect from a criminal organization out to shake someone down. And while the site is useful, it's not as valuable a target as some of the major anti-crapware sites (the example that comes to mind is CastleCops, which seems to be hit fairly regulary this way). The only theory I can come up with is that it's a demonstration or test of sorts.

Didja ever feel like an ant trapped by a bunch of cruel kids? :p

Anyway, good luck with getting this situation under control. You've got a whole lot of good people here supporting you. :)
--
I have learned to ignore such naysayers, when... quelling... them... hm?... was out of the question.]]> http://www.dslreports.com/forum/remark,20354042 Sat, 19 Apr 2008 10:41:40 EDT Re: ddos http://www.dslreports.com/forum/remark,20353934 dallash : My wife's from England, and I swear I don't understand why, but people seem to "switch on" the computer, use it, then "switch it off". I thought it was just my wife's family at first.

Keep up all the excellent work!

Dallas]]> http://www.dslreports.com/forum/remark,20353934 Sat, 19 Apr 2008 10:13:34 EDT Re: ddos http://www.dslreports.com/forum/remark,20353912 scott1527 : you got any packet dumps.]]> http://www.dslreports.com/forum/remark,20353912 Sat, 19 Apr 2008 10:04:13 EDT Re: ddos http://www.dslreports.com/forum/remark,20353882 Reign : justin I have faith in you.]]> http://www.dslreports.com/forum/remark,20353882 Sat, 19 Apr 2008 09:54:50 EDT Re: ddos http://www.dslreports.com/forum/remark,20353872 justin :

said by RickNY

:

Can someone PM me the alternate URL or IP to access the site?

Thanks,
Rick

There isn't really an alternate url anymore, both are served by the same physical box and front end. So if one works they both work, and if one doesn't work, they both don't work.]]> http://www.dslreports.com/forum/remark,20353872 Sat, 19 Apr 2008 09:51:20 EDT Re: ddos http://www.dslreports.com/forum/remark,20353871 RickNY :

said by RickNY

:

Can someone PM me the alternate URL or IP to access the site?

Thanks lilhurricane

:)]]> http://www.dslreports.com/forum/remark,20353871 Sat, 19 Apr 2008 09:50:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20353862 RickNY : Can someone PM me the alternate URL or IP to access the site?

Thanks,
Rick]]> http://www.dslreports.com/forum/remark,20353862 Sat, 19 Apr 2008 09:47:26 EDT Re: ddos http://www.dslreports.com/forum/remark,20353785 scott1527 : justin

these are all the same as what I PMed you. only difference is the password. these are the same chipset / directory structure.]]> http://www.dslreports.com/forum/remark,20353785 Sat, 19 Apr 2008 09:22:18 EDT Re: ddos http://www.dslreports.com/forum/remark,20353777 Done_Posting : I was hoping to find at least one customer from our class C blocks on the list so I could put the smack down and have their modem disabled, but alas, our customers aren't participating.

Good luck!

- Tate

--
Happiness is an OC-768 in your basement...]]> http://www.dslreports.com/forum/remark,20353777 Sat, 19 Apr 2008 09:18:39 EDT Re: ddos http://www.dslreports.com/forum/remark,20353668 Nsane_iceman : As a side note...

If you have a Linksys PAP2 use a password for it. It has your name(Mr. Jazayeri), location (CA, USA), call(s) (12136129xxx) made on the webadmin page.
--
Avatar by: dandelion | Disarm you with a smile. | Tell me, tell me what you're after. I just want to get there faster.]]> http://www.dslreports.com/forum/remark,20353668 Sat, 19 Apr 2008 08:23:03 EDT Re: ddos http://www.dslreports.com/forum/remark,20353649 justin : just to let you know the ip list has a very short use-by date.. what is alive one moment is turned off the next, or possibly replaced by an innocent. If I had to guess I'd say over 60% of that list is currently active, and a hard core 20% will still be active in 8 or even 24 hours time, but there are so many appearing per minute there are definitely also many vanishing. I think a higher proportion of overseas clients turn off and on their PCs each day than we're used to.]]> http://www.dslreports.com/forum/remark,20353649 Sat, 19 Apr 2008 08:10:23 EDT Re: ddos http://www.dslreports.com/forum/remark,20353646 Nsane_iceman :

said by justin

:

no need for secrecy.

the current blacklist is
»/front/blackli···rted.txt

all were collected in the last 2 hours.

Found 95 of 150 active host, response ICMP request.
Yeah that is a fresh list.

So far they have the "normal" open ports of 21, 22, 23 and 80.]]> http://www.dslreports.com/forum/remark,20353646 Sat, 19 Apr 2008 08:09:28 EDT Re: ddos http://www.dslreports.com/forum/remark,20353644 djdanska : I support you justin! Good luck with everything! I wish i could do more. ]]> http://www.dslreports.com/forum/remark,20353644 Sat, 19 Apr 2008 08:08:44 EDT Re: ddos http://www.dslreports.com/forum/remark,20353627 Doctor Olds :

said by djr777

:

Is there anything the average user like myself can do to help? If there is let me know.

Not really unless you have specialized expertise that you can offer in how to track down the control bots and know the steps needed to backtrack to the guilty parties.

Just show your support for the dedication and hard work going on in the background that gets the site back online even while the attacks are still going on.

Regards,

Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,20353627 Sat, 19 Apr 2008 08:03:08 EDT Re: ddos http://www.dslreports.com/forum/remark,20353612 Nsane_iceman : Thank you much, off to scan and crack.
I work today, but I will do as much as I can.]]> http://www.dslreports.com/forum/remark,20353612 Sat, 19 Apr 2008 07:58:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20353608 justin : no need for secrecy.

the current blacklist is
»/front/blackli···rted.txt

all were collected in the last 2 hours.]]> http://www.dslreports.com/forum/remark,20353608 Sat, 19 Apr 2008 07:56:47 EDT Re: ddos http://www.dslreports.com/forum/remark,20353604 Nsane_iceman : If you will PM me the IPs. I will see if I can get the .exe or config to find where they are gathering and shut em down.

**edit**

Still got that black hat from 2002. :D

--
Avatar by: dandelion | Disarm you with a smile. | Tell me, tell me what you're after. I just want to get there faster.]]> http://www.dslreports.com/forum/remark,20353604 Sat, 19 Apr 2008 07:53:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20353600 justin : It hasn't stopped. Stopped screwing up the page, yes. Stopped, no.

I think the block list is now up to 25,000 ..]]> http://www.dslreports.com/forum/remark,20353600 Sat, 19 Apr 2008 07:51:22 EDT Re: ddos http://www.dslreports.com/forum/remark,20353589 Nsane_iceman : Glad it all stopped! Missed my news on the home page during lunch at work.

Anyone get around to finding the .exe or config of the botnet?
--
Avatar by: dandelion | Disarm you with a smile. | Tell me, tell me what you're after. I just want to get there faster.]]> http://www.dslreports.com/forum/remark,20353589 Sat, 19 Apr 2008 07:45:42 EDT Re: ddos http://www.dslreports.com/forum/remark,20353588 jabarnut : Well, I'm not a Mod if that was intended for me, but there are certainly a lot of outstanding Mods here none the less.

I do like to keep an eye out for anything that deserves attention and should be reported though. ]]> http://www.dslreports.com/forum/remark,20353588 Sat, 19 Apr 2008 07:45:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20353583 Shrapnel64 :

said by jabarnut

If you do a google search for the main address, you will pretty much see a boatload of posts which have the alternates (unfortunately).

But, I agree -- the Site Announcement, which clearly said it was for registered users should not have been posted. Thanks for being an outstanding mod and staying on top of everything!]]> http://www.dslreports.com/forum/remark,20353583 Sat, 19 Apr 2008 07:42:05 EDT Re: ddos http://www.dslreports.com/forum/remark,20353579 Shrapnel64 : Justin,

We appreciate all of your hard work and dedication. Unfortunately, continuous DDoS attacks are probably another way that they (whomever is responsible) are testing your patience before you throw in the towel, and is also a new challenge when you add new hardware to prevent such attacks (since they probably want to see if they can get around all of the extra lock-down hardware).

I haven't been here as long as some of the members around here (in fact, I came here back when Excite@Home was pretty much going downhill to bankruptcy), but do know that if you are willing to take some donations for time, effort, and hardware cost / server relocation/redundancy, that I'd (and I'm sure many others who appreciate this site) will be willing to donate some money towards to cause.

This has been a great web site, and continually grows stronger every day. The members here are all very much appreciated, as they provide very helpful insight to many of not only my questions, but questions of other members. BBR has been one of the best places to visit, and I continually visit it on a daily basis (multiple times a day) -- When it's down, I feel lost, because there aren't many other web sites that I tend to go to.

Thanks for the hard work, and...know that we are behind you and your team!]]> http://www.dslreports.com/forum/remark,20353579 Sat, 19 Apr 2008 07:39:58 EDT Re: ddos http://www.dslreports.com/forum/remark,20353575 Loker :

said by jabarnut

I did not even get the site announcement :huh:

I ended up figuring it out on my own...
--
"While preceding your entrance with a grenade is a good tactic in Quake, it can lead to problems if attempted at work." -- C Hacking]]> http://www.dslreports.com/forum/remark,20353575 Sat, 19 Apr 2008 07:38:28 EDT Re: ddos http://www.dslreports.com/forum/remark,20353570 jabarnut : Just a reminder...I've seen many registered users posting the alternate addresses for BBR.

One person even posted the entire site announcement from yesterday, intended for registered members only. :uhh:
They have since been edited out, but a little common sense may go a long way.
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,20353570 Sat, 19 Apr 2008 07:35:01 EDT Re: ddos http://www.dslreports.com/forum/remark,20353563 RR Conductor :

said by signmeuptoo

:

Good points well taken, I didn't mean to bash any place really, more that it seems so much trouble appears to originate in those places (why?)

My sympathy to Justin (and team) too, he and his team run a fine site, a place that is like home to me and so many!

We are in a new Cold War, Cold War II with Russia, the Russian Bear is strong once again, though the original never really ended, things just thawed for a few years before refreezing again. That said, I doubt this has anything to do with that, it's probably some punks with nothing else to do.
--
»www.freightrailworks.org
»www.amtrak.com
»www.amtrakcalifornia.com
»www.metrolinktrains.com
»www.up.com
»www.bnsf.com
»www.aslrra.org/home/index.cfm]]> http://www.dslreports.com/forum/remark,20353563 Sat, 19 Apr 2008 07:28:16 EDT Re: ddos http://www.dslreports.com/forum/remark,20353499 IllIlIlllIll : you have a very great site Justin.
for what its worth, i hope all these "annoyances" dont discourage you from continuing on with your "baby".
at the very least, i suspect these disruptions are designed to pain you into shutting this site down.
while i have seen other sites go through similar situations as yours, they couldnt hold up and threw the towel in never to be seen again.
i do understand that these disruptions are costing you time and money and i hope your host/provider understands well enough to work with you and not declare "its not my problem".
i agree with you that what is happening is certainly revenge based.
i am sure i am not the only one who wishes to contribute help in any way possible, even monetarily.
this site is great, i am glad to be a member here, the topics, discussions and chatter is not like any site forum i have ever been to.
its well moderated and kept clean.
and even though i dont post much anymore, i still visit and read the chatter.
so to Justin and his team... Kudos.
:)
--
S.C.P.D. Live Scanner Feed
N.C.P.D. Live Scanner Feed]]> http://www.dslreports.com/forum/remark,20353499 Sat, 19 Apr 2008 06:19:57 EDT Re: ddos http://www.dslreports.com/forum/remark,20353431 robertfl : I hope no one in those countries is using DSLREPORTS.com (doubtful)

It surprises me how many windows machines are doing this without the owner even knowing it.

I go through great strides in keeping my machines clean.

Also, did you notify the FBI and abuse department of each ISP?

-Rob]]> http://www.dslreports.com/forum/remark,20353431 Sat, 19 Apr 2008 04:49:17 EDT Re: ddos http://www.dslreports.com/forum/remark,20353363 djr777 :

said by Doctor Olds

said by Rick

:

I'd have to imagine that everyone would join me in saying with ONE opinion..that we stand behind you 100%.

Is there anything the average user like myself can do to help? If there is let me know.
--
...there will be an answer. let it be]]> http://www.dslreports.com/forum/remark,20353363 Sat, 19 Apr 2008 03:47:21 EDT Re: ddos http://www.dslreports.com/forum/remark,20353361 ureihcim : OORAH justin!]]> http://www.dslreports.com/forum/remark,20353361 Sat, 19 Apr 2008 03:47:04 EDT Re: ddos http://www.dslreports.com/forum/remark,20353335 Doctor Olds :

said by Rick

:

I'd have to imagine that everyone would join me in saying with ONE opinion..that we stand behind you 100%.

Yes, I'd agree and I do stand behind BBR.

I just hope they can pinpoint some of the control bots and get a watcher planted to enable trackdown of the master bot control. These criminal bastards need to be removed from the Net and all ISPs need to clean their blocks of infected PCs or shut their access off until they are clean. It has to stop.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,20353335 Sat, 19 Apr 2008 01:34:07 EDT Re: ddos http://www.dslreports.com/forum/remark,20353296 Rick : Justin,
I just wanted to say that I and countless others I'm sure are very appreciative of your efforts in dealing with this ongoing issue. Many of us who've been around for years have watched as you've built this into a world class website and a place many of us would be lost if we didn't get a chance to visit it daily and frankly, to watch it come under this kind of continual attack is just sickening. BBR is a community unto itself spanning so many people, interests, and opinions.

But yet I'd have to imagine that everyone would join me in saying with ONE opinion..that we stand behind you 100%.

Good luck to you and everyone in getting this resolved.

And thanks for your efforts.

~Rick
--
The Coyote captured the RR! Roadrunner Rick is now Comcastic!]]> http://www.dslreports.com/forum/remark,20353296 Fri, 18 Apr 2008 22:36:35 EDT Re: ddos http://www.dslreports.com/forum/remark,20353281 Gizy : More likely it's a courtesy message to let us know that things are being worked on and a bit unstable until it's done.

All in all, does it really matter? Most of us know what's going on if we can't get to the site. And the registered users now how to get here if the main site isn't working.]]> http://www.dslreports.com/forum/remark,20353281 Fri, 18 Apr 2008 22:16:51 EDT Re: ddos http://www.dslreports.com/forum/remark,20353214 Mele20 : Yes, I know the main site is not loading. But that is not an error message. It an announcement of the site purposefully going off line until Saturday afternoon. Yet, the site is still here (albeit on the alternative addresses) hence my question. ]]> http://www.dslreports.com/forum/remark,20353214 Fri, 18 Apr 2008 21:32:03 EDT Re: ddos http://www.dslreports.com/forum/remark,20353196 Lanik : The main URL isn't loading thus the error message.
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,20353196 Fri, 18 Apr 2008 21:19:25 EDT Re: ddos http://www.dslreports.com/forum/remark,20353186 m0n : maaaaaaaaan this stinks! Yesterday I finally sign up and think "why not! I'll become a premium member too," then moments later the site is inaccessible. Hope things get better soon and whoever is hittin' the site gets busted and sent to PRISON!]]> http://www.dslreports.com/forum/remark,20353186 Fri, 18 Apr 2008 21:12:11 EDT Re: ddos http://www.dslreports.com/forum/remark,20353112 Mele20 : What's the thing with the notice at the top of page which appeared at 6:22PM EDT? What it says is sort of contradictory to the fact I am here currently. Has it been postponed?]]> http://www.dslreports.com/forum/remark,20353112 Fri, 18 Apr 2008 20:29:02 EDT Re: ddos http://www.dslreports.com/forum/remark,20353131 Doctor Olds : The only way I can access the site is to put »i.dslr.net into my HOSTS file and localhost it to my local http ad blocking image server (eDexter or Hostman on different systems) as otherwise the pages hang, time out and just don't respond on any of the alternative URLs for the main site. When I do this, it responds super fast.

IMHO there needs to be alternative IPs or URLs for the image server also, otherwise it drags down the main site and all the alternative URLs since it is also under attack.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,20353131 Fri, 18 Apr 2008 20:17:31 EDT Re: ddos http://www.dslreports.com/forum/remark,20353101 CCat : Thanks..at least we have someplace to go if the S*** hits the fan again.
--
Graphics Playground]]> http://www.dslreports.com/forum/remark,20353101 Fri, 18 Apr 2008 19:47:57 EDT Re: ddos http://www.dslreports.com/forum/remark,20353080 Jim Gurd :

said by Alcohol

:

I guess the script kiddie was a registered user because i couldn't get on the site with the alternative urls either

I was thinking that myself. Perhaps it's someone who got banned (Photog??) and is getting revenge.

Earlier today I couldn't get on at all. Now the main address is still down but I can get on with #2. For a while it was running very slowly but it seems to be O.K. now.
--
Calling an illegal alien an undocumented worker is like calling a crack dealer an unlicensed pharmacist.]]> http://www.dslreports.com/forum/remark,20353080 Fri, 18 Apr 2008 19:31:46 EDT Re: ddos http://www.dslreports.com/forum/remark,20352999 ureihcim : I am putting this up as a means if the current access points also become unavailable.

»michieru.dyndns.org/forum

This is getting ridiculous already.
--
michieru_.livejournal.com]]> http://www.dslreports.com/forum/remark,20352999 Fri, 18 Apr 2008 18:24:03 EDT Re: ddos http://www.dslreports.com/forum/remark,20352979 Alcohol : I guess the script kiddie was a registered user because i couldn't get on the site with the alternative urls either

Edit: removed url by request. ]]> http://www.dslreports.com/forum/remark,20352979 Fri, 18 Apr 2008 18:09:40 EDT Re: ddos http://www.dslreports.com/forum/remark,20352937 La Luna : Just had a real problem getting here. I don't think they're done. :huh:

I'm using an alternate addy after going down the list. I finally hit one that worked.

The main address isn't working at all for me, neither are the alts. It wasn't this bad yesterday. I thought it was over, but I maybe not?
--
10,925 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
]]> http://www.dslreports.com/forum/remark,20352937 Fri, 18 Apr 2008 16:43:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20352660 justin : I found this paper useful..

nftest.pdf

]]> http://www.dslreports.com/forum/remark,20352660 Fri, 18 Apr 2008 13:07:37 EDT Re: ddos http://www.dslreports.com/forum/remark,20352368 TKJunkMail :

said by justin

:

so.. the simpler and more immediate solution is round robin dns and more ports..

I see the DNS part is already being implemented. BBR for 1st time is showing more than 1 IP addr for the main web site name.
--
My BLOG .. .. Internet News .. .. My Web Page]]> http://www.dslreports.com/forum/remark,20352368 Fri, 18 Apr 2008 12:08:02 EDT Re: ddos http://www.dslreports.com/forum/remark,20352346 sporkme : How many PPS can linux/netfilter deal with (small packets) on modern hardware before it gets swamped?]]> http://www.dslreports.com/forum/remark,20352346 Fri, 18 Apr 2008 12:03:24 EDT Re: ddos http://www.dslreports.com/forum/remark,20352342 astirusty :

said by justin

:

The problem is how many packets per second interface cards (and the driver, and the kernel, and ones netfilter config) can handle without dropping packets on the floor.

So what we need in response to the ongoing DDoS is DDrSs**.
** Distributed DSLReports redundant Server System ... ;) :)
--
Do yourself a favor, just say no to anything Windows.]]> http://www.dslreports.com/forum/remark,20352342 Fri, 18 Apr 2008 12:02:39 EDT Re: ddos http://www.dslreports.com/forum/remark,20352239 justin : thankfully not every PC is connected via fiber (one day though)

the processing delay is more netfilter (linux firewall) and the pps being close to the max sustainable for this particular card/driver and kernel (when you add in some useful rules such as nat and so on).

so.. the simpler and more immediate solution is round robin dns and more ports..]]> http://www.dslreports.com/forum/remark,20352239 Fri, 18 Apr 2008 11:44:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20351967 Matt :

said by justin

:

it isn't the number of web servers in this particular case: we can recognize and ignore bad requests before they take any page creation time. The problem is how many packets per second interface cards (and the driver, and the kernel, and ones netfilter config) can handle without dropping packets on the floor.

most servers have adapters not THAT much more powerful in packet handling terms than the ones that come with PCs. So you can see that if a PC has a clear shot at sending as many packets as possible (size is immaterial) to a server then the only defense is sufficient interface muscle on the other end to deal with them all without throwing away half that arrive due to simple lack of buffers/time.

Would something like the Broadcom TCP Offload Engine help in this case? Or would a combination of TOE and fast host processor help mitigate these types of attacks?

I guess you're really talking, in this case, of having 6000 times the packet processing power of a standard home PC, so I'm thinking things like TOE won't really help?]]> http://www.dslreports.com/forum/remark,20351967 Fri, 18 Apr 2008 10:53:44 EDT Re: ddos http://www.dslreports.com/forum/remark,20351754 justin : it isn't the number of web servers in this particular case: we can recognize and ignore bad requests before they take any page creation time. The problem is how many packets per second interface cards (and the driver, and the kernel, and ones netfilter config) can handle without dropping packets on the floor.

most servers have adapters not THAT much more powerful in packet handling terms than the ones that come with PCs. So you can see that if a PC has a clear shot at sending as many packets as possible (size is immaterial) to a server then the only defense is sufficient interface muscle on the other end to deal with them all without throwing away half that arrive due to simple lack of buffers/time.]]> http://www.dslreports.com/forum/remark,20351754 Fri, 18 Apr 2008 10:10:57 EDT Re: ddos http://www.dslreports.com/forum/remark,20351600 Matt :

said by justin

said by robertfl

:

Justin, does your hosting provider offer this sort of protection from attacks?

-Rob

Justin, out of curiosity, how many web servers serve pages for DSLReports? I'm curious as to how many web servers 6000 bots can fill up. If you'd rather not disclose this I understand.

Do you find a single, high bandwidth client can be the proverbial straw that broke the camels back, or can even a relatively low speed broadband connection issue enough requests fast enough to fill up server slots?]]> http://www.dslreports.com/forum/remark,20351600 Fri, 18 Apr 2008 09:04:49 EDT Re: ddos http://www.dslreports.com/forum/remark,20351502 justin :

said by robertfl

:

Justin, does your hosting provider offer this sort of protection from attacks?

-Rob

yes they can (and have) put in filters.

But in this case the hardest part to defeat is an ever-changing roster of IPs, with about 6000 active at once and all attempting to open and hold many connections at once so even if you are under your bandwidth (as we are) you might be over your capacity to properly filter and process that many packets per second.

There is no facility for either them to manage this type of active block list, or to identify in real time (as I can do this end) which IPs make it to the list, and which can fall off.

Believe me if there was a very simple solution I'd do it within hours.]]> http://www.dslreports.com/forum/remark,20351502 Fri, 18 Apr 2008 07:30:19 EDT Re: ddos http://www.dslreports.com/forum/remark,20351418 robertfl : Justin, does your hosting provider offer this sort of protection from attacks?

-Rob]]> http://www.dslreports.com/forum/remark,20351418 Fri, 18 Apr 2008 03:50:12 EDT Re: ddos http://www.dslreports.com/forum/remark,20351187 81399672 :

said by MysticGogeta

:

I would figure it would just amount to banning the IP of the individual. I have a feeling the ass came from one of the forums and decided to "Show Us" I really hope you report this to his/hers ISP and they get in trouble for this. Then again its likely they are smart and use proxy's.

You can report it to Russian isp all you want. Russian isp just don't care.]]> http://www.dslreports.com/forum/remark,20351187 Fri, 18 Apr 2008 00:42:10 EDT Re: ddos http://www.dslreports.com/forum/remark,20351126 MysticGogeta : I would figure it would just amount to banning the IP of the individual. I have a feeling the ass came from one of the forums and decided to "Show Us" I really hope you report this to his/hers ISP and they get in trouble for this. Then again its likely they are smart and use proxy's.
--
Team Discovery-Join the fight]]> http://www.dslreports.com/forum/remark,20351126 Fri, 18 Apr 2008 00:26:37 EDT Re: ddos http://www.dslreports.com/forum/remark,20351110 sailor : The organization behind these attacks should be classified as "enemy combatants" and a threat to national security if they are indeed coming from a long running criminal multi-million dollar identity theft ring that is doing this in retaliation for being exposed in the Scam, Spam and Unauthorized Charge Busting Group forum here. »Spam, Scam and Phishbusters]]> http://www.dslreports.com/forum/remark,20351110 Fri, 18 Apr 2008 00:23:57 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20350702 astirusty :

said by justin

:

I have no idea what the target or aim is, and yes the botnet is still nearly all east europe broadband pcs although your guess is as good as mine as to who the paymaster is.

You and your crew/staff are doing a great job of fending off the attack. My hat is off to you and your crew/staff!
Like others here, I wish there was a way to help. Maybe we could all pitch in and buy you a big-fat pipe, say an OC-256? :D
--
Do yourself a favor, just say no to anything Windows.]]> http://www.dslreports.com/forum/remark,20350702 Thu, 17 Apr 2008 22:48:47 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20350561 Airwolf : Too bad we can't use this. :(

I wish there was something we could do to help divert this garbage. The internet feels empty without Broadband Reports. That sounds pretty lame, but it's the website I visit most.

]]> http://www.dslreports.com/forum/remark,20350561 Thu, 17 Apr 2008 22:09:54 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20350559 mjf : Still clogging access.]]> http://www.dslreports.com/forum/remark,20350559 Thu, 17 Apr 2008 22:06:29 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20350555 David : I dunno, call it a gut feeling. I still keep feeling kind of bad this is happening to you guy. I am sure everyone is kind of wondering as well.

I hope I don't get a rash of complaints about at&t hindering the viewing of this site, cause it seems obvious that we are not responsible for it. ]]> http://www.dslreports.com/forum/remark,20350555 Thu, 17 Apr 2008 22:02:26 EDT Re: I keep wondering http://www.dslreports.com/forum/remark,20350195 justin : I have no idea what the target or aim is, and yes the botnet is still nearly all east europe broadband pcs although your guess is as good as mine as to who the paymaster is.]]> http://www.dslreports.com/forum/remark,20350195 Thu, 17 Apr 2008 19:53:47 EDT I keep wondering http://www.dslreports.com/forum/remark,20350028 David : if maybe the direct forums are the intended target and bbr is just the follow up target.

These all still coming from russia? ]]> http://www.dslreports.com/forum/remark,20350028 Thu, 17 Apr 2008 19:24:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20349320 Lanik : »main url not working, anyone else?
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,20349320 Thu, 17 Apr 2008 16:10:45 EDT Re: ddos http://www.dslreports.com/forum/remark,20349319 robertfl : does the ISP that host the site offer this kind of protection?
The dslreports.com still not working (found a work around which i won't publish)

-Rob]]> http://www.dslreports.com/forum/remark,20349319 Thu, 17 Apr 2008 16:09:15 EDT Re: ddos http://www.dslreports.com/forum/remark,20318630 ureihcim : Cyber crime is on the rise on American sites, I am not surprised you are having issues as well.]]> http://www.dslreports.com/forum/remark,20318630 Fri, 11 Apr 2008 14:58:23 EDT Re: ddos http://www.dslreports.com/forum/remark,20318623 La Luna :

said by TKJunkMail

:

BBR still periodically slow as molasses - especially the i.dslr.net image server.

I assume the DDOS is still going strong.

Look to the top of your browser window:

Announcement:
We apologize for any slow page loads you might be experiencing it is due to a renewed distributed denial of service attack

edit: that message has now been removed
--
10,886 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
]]> http://www.dslreports.com/forum/remark,20318623 Fri, 11 Apr 2008 14:57:46 EDT Re: ddos http://www.dslreports.com/forum/remark,20318529 Airwolf : Argh. I lost what I typed when I clicked to spellcheck. Proxy error. Guess I should have copied it first. :hmm:]]> http://www.dslreports.com/forum/remark,20318529 Fri, 11 Apr 2008 14:38:53 EDT Re: ddos http://www.dslreports.com/forum/remark,20318202 TKJunkMail : BBR still periodically slow as molasses - especially the i.dslr.net image server.

I assume the DDOS is still going strong.]]> http://www.dslreports.com/forum/remark,20318202 Fri, 11 Apr 2008 13:37:31 EDT Re: ddos http://www.dslreports.com/forum/remark,20317649 Name Game : Checked out enough of them that it seems if one used a backlist from this group they would cut on the junk coming in.

»www.uceprotect.net/en/rblcheck.php

It can be changed into a DDOS block list and all I checked in your list were there and for good reasons.

SpamCannibal blocks spam at the origination server and can be configured to block DoS attacks as they claim but seems one shoud look into it more.

»www.spamcannibal.org/cannibal.cgi

I guess one would be reluctant to use lists like that since in some case it would block legit members or new member :( But I should think we have already a data base of current members to work from.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,20317649 Fri, 11 Apr 2008 11:39:24 EDT Re: ddos http://www.dslreports.com/forum/remark,20317637 Kibbles :

said by signmeuptoo

:

People that attack useful, good, important sites like DSLR are losers and fools. They prove nothing, they aren't proving that they are smarter, because they aren't, smart is showing respect for others. They aren't superior, they are just kiddies with kiddie brains.

I think they are just testing a bot net for an upcomming DDOS attack....my guess a large one will be around April 15 on the IRS :p]]> http://www.dslreports.com/forum/remark,20317637 Fri, 11 Apr 2008 11:36:46 EDT Re: ddos http://www.dslreports.com/forum/remark,20317495 SkellBasher :

said by fartness

:

I don't understand how the UDP attack works... does there have to be something running on UDP for it to take the site down? Or are there just too many random packets being generated that it slows things down?

Most DDOS attacks are analogous to stuffing 10 pounds of shit in a 5 pound bag.

This style of attack is easily mitigated by upstream filters. Generally the trickier part is identifying exactly how you're being hit first. ]]> http://www.dslreports.com/forum/remark,20317495 Fri, 11 Apr 2008 11:04:58 EDT Re: ddos http://www.dslreports.com/forum/remark,20317053 justin :

said by fartness

If you have X bandwidth to the world and the world sends you 2X traffic, then unless the gateway to your X sized pipe has some smart packet drop technology - such as drop UDP first, before TCP - then every conversation will experience 50% packet loss which is enough to stall out pretty much everything.

Of course this is easily stopped by dumping all UDP destined for IP a.b.c.d, further up the pipe where it is hopefully wider bandwidth than 2X, thus no good packets are lost.]]> http://www.dslreports.com/forum/remark,20317053 Fri, 11 Apr 2008 09:19:03 EDT Re: ddos http://www.dslreports.com/forum/remark,20317045 fartness : I don't understand how the UDP attack works... does there have to be something running on UDP for it to take the site down? Or are there just too many random packets being generated that it slows things down?
--
»www.computersOC.com - User reviews of computer hardware - Computer forums - Adelphia forum - P2P politics - more...]]> http://www.dslreports.com/forum/remark,20317045 Fri, 11 Apr 2008 09:15:37 EDT Re: ddos http://www.dslreports.com/forum/remark,20317007 OmenQ :

said by kywirelessgu

:

Someone hire Chris Hansen to do some investigating. Bait them with an unfirewalled packard bell running windows 98 and aol.

I think I have one of those in my closet.]]> http://www.dslreports.com/forum/remark,20317007 Fri, 11 Apr 2008 09:04:20 EDT Re: ddos http://www.dslreports.com/forum/remark,20317002 kywirelessgu : Someone hire Chris Hansen to do some investigating. Bait them with an unfirewalled packard bell running windows 98 and aol.]]> http://www.dslreports.com/forum/remark,20317002 Fri, 11 Apr 2008 09:03:06 EDT Re: ddos http://www.dslreports.com/forum/remark,20315955 mers2 : Just wanted to pipe in and say thanks for keeping this place running. All of your hard work and that of those who assist in the effort is greatly appreciated. The sweetest part is the knowledge that they know they failed in their ultimate mission: to shut DSLR down.

The people who run these attacks are despicable slime balls and I trust that some day they'll get what they deserve. ]]> http://www.dslreports.com/forum/remark,20315955 Thu, 10 Apr 2008 22:51:27 EDT Re: ddos http://www.dslreports.com/forum/remark,20315807 justin : the udp was from a random port to a random port most packets sized 1000-1200 bytes.

I just realized (doh) they also spammed icmps that look like this:

]]> http://www.dslreports.com/forum/remark,20315807 Thu, 10 Apr 2008 22:23:28 EDT Re: ddos http://www.dslreports.com/forum/remark,20315767 sporkme :

said by justin

:

...but also a pile of pointless udp traffic got added after that didn't work, to try to fill up the port - which it did for a few hours.

I assume they use udp because it's quick-n-dirty and not rate-limited at the edges like icmp. What packet sizes do they hit with when they want to just flood like that? Big ones to fill the pipe (traffic) or little ones to put a hurt on NAC's infrastructure (pps)?

I feel your pain, I get these a few times a year at work and it really sucks. We're dual-homed, so we have to deal with two upstreams. The last one was pointed at a DSL customer and was total overkill if all they wanted to do was make him miserable. Luckily they usually just hit one IP, so that seems easy for our upstreams to filter. I wish they both supported a blackhole bgp community so we could "fix" things ourselves. We usually sacrifice the IP until the attackers get bored. We've never received any communication in all the years this has been happening - no threat, no extortion, nothing.]]> http://www.dslreports.com/forum/remark,20315767 Thu, 10 Apr 2008 22:16:25 EDT Re: ddos http://www.dslreports.com/forum/remark,20315525 justin : Further to the above, from looking at the logs I think a second botnet was deployed to flood the port using udp

the UDP emitters are

»docs.google.com/Doc?id=dpbj3qz_12dwt2nvdb

they are 100% bad, no false positives.

There doesn't seem to be a single common IP, these are 800+ *other* bad IPs doing the port flood.

Basically the first botnet was deployed and when the site came back around 9am, the second botnet got added to do the port flood - a far more primitive attack.]]> http://www.dslreports.com/forum/remark,20315525 Thu, 10 Apr 2008 21:34:49 EDT Re: ddos http://www.dslreports.com/forum/remark,20315392 justin : I'm looking at the botnet and the distribution of IPs by country are as follows:

18 pl
20 eg
23 fr
25 bg
25 by
27 md
39 kz
44 ca
48 de
59 il
60 ro
111 tr
160 uk
365 ua
1355 ru

The distribution across ISPs:

51 volia.net
62 corbina.ru
68 ttnet.net.tr
80 spbnit.ru
91 mtu-net.ru
117 ukrtel.net

Unfortunately this IP lookup database is quite out of date so I don't trust the "uk" count. However, the majority of the IPs are broadband connected PCs inside .ru

If anyone wants to do a better analysis, the file of IPs is:

»docs.google.com/Doc?id=dpbj3qz_11722939fd

The list is 99% correct, in other words it contains very few false positives. If there ARE a few true US/CAN ip addresses in it, they are more likely to be false positives.]]> http://www.dslreports.com/forum/remark,20315392 Thu, 10 Apr 2008 21:02:38 EDT Re: ddos http://www.dslreports.com/forum/remark,20315279 justin : I suspect it is one of the gangs that run credit card/ecommerce extortion getting some "revenge" for activities against them now, or in the past.

It is the same group that tried a few weeks ago, and there is more than one very irritated "entrepreneur" who could easily rent this botnet, or even controls it directly.

These botnets are comparatively small - they couldn't bring down any big ecommerce sites - but it is big enough to fill a port from gig ethernet down which takes down any single patch cable no matter what server/OS/countermeasure you run unless one gets help upstream (which is what in the end got us back).

Hopefully nac.net got some upstream filtering experience out of this, so even if I keep the site on the same weeny port (which is more than adequate for daily traffic) any future attacks will be squashed more quickly than the 5 or 6 hours this one took.]]> http://www.dslreports.com/forum/remark,20315279 Thu, 10 Apr 2008 20:36:07 EDT Re: ddos http://www.dslreports.com/forum/remark,20315191 81399672 :

said by sailor

:

I had to google DDOS denial of service attack as I had no clue what that even was. So after reading about it I have a question for you. When this happens to your site here, do you ever get contacted by those behind it for anything?...Like attempting to extort money from you or anything at all?
Thanks.

Justin is to small of a "dog" to be used to extort money. The only thing that could possible be the reason of why he was targeted is either for practice or to demonstrate their power to someone else]]> http://www.dslreports.com/forum/remark,20315191 Thu, 10 Apr 2008 20:17:08 EDT Re: ddos http://www.dslreports.com/forum/remark,20315178 justin : nope. I've heard this particular net is often used for extortion but not had any demands.]]> http://www.dslreports.com/forum/remark,20315178 Thu, 10 Apr 2008 20:13:41 EDT Re: ddos http://www.dslreports.com/forum/remark,20314911 sailor : I had to google DDOS denial of service attack as I had no clue what that even was. So after reading about it I have a question for you. When this happens to your site here, do you ever get contacted by those behind it for anything?...Like attempting to extort money from you or anything at all?
Thanks.]]> http://www.dslreports.com/forum/remark,20314911 Thu, 10 Apr 2008 19:19:49 EDT Re: ddos http://www.dslreports.com/forum/remark,20314868 Anonymous_ : it works fine]]> http://www.dslreports.com/forum/remark,20314868 Thu, 10 Apr 2008 19:13:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20314621 jaykaykay : Are images for upload not being accepted? I am on and able to post, which is fairly obvious :) but cannot upload any image.]]> http://www.dslreports.com/forum/remark,20314621 Thu, 10 Apr 2008 18:29:37 EDT Re: ddos http://www.dslreports.com/forum/remark,20314548 signmeuptoo : Good points well taken, I didn't mean to bash any place really, more that it seems so much trouble appears to originate in those places (why?)

My sympathy to Justin (and team) too, he and his team run a fine site, a place that is like home to me and so many!
--
You know your life has gotten "DICEY" when it turns into an episode of LOST, like my ex wife, who I swear is one of "The Others". Cancer and other diseases kill fellow members here at DSLR! Easy: Join us in Teams Helix and Discovery to save the world!]]> http://www.dslreports.com/forum/remark,20314548 Thu, 10 Apr 2008 18:16:41 EDT Re: ddos http://www.dslreports.com/forum/remark,20314372 sitrix : Ok, lets not make it about countries or people. I've known my share of ass hats here in US that “packeted” just about anybody they could with reason or without, good old #bottalk comes to mind. It has nothing to do with being enemies, but rather personal stupidity of select few individuals and every country has their share of them.

In regards to this DDOS, it's possible that some Romanian after scamming a few individuals was tracked down by DSLR users and now uses gigE Moscow lines to express his anger. Then again, it could be a very bored kid in Kentucky testing out his friends botnet on a large site. So it's hard to pinpoint who is responsible or where he lives (unless that monkey starts yapping off in forums), but my sympathy goes to Justin along with guys doing damage control, since cost of added bandwidth often gets passed down to that site. :(]]> http://www.dslreports.com/forum/remark,20314372 Thu, 10 Apr 2008 17:39:26 EDT Re: ddos http://www.dslreports.com/forum/remark,20314231 signmeuptoo : People that attack useful, good, important sites like DSLR are losers and fools. They prove nothing, they aren't proving that they are smarter, because they aren't, smart is showing respect for others. They aren't superior, they are just kiddies with kiddie brains.

When Russians or Chinese or whoever attack, the prove what enemies they still can be for us. They are just jealous of Americans. If this is coming from Mother Russia, then the corrupt people are just jealous.
--
You know your life has gotten "DICEY" when it turns into an episode of LOST, like my ex wife, who I swear is one of "The Others". Cancer and other diseases kill fellow members here at DSLR! Easy: Join us in Teams Helix and Discovery to save the world!]]> http://www.dslreports.com/forum/remark,20314231 Thu, 10 Apr 2008 17:13:01 EDT Re: ddos http://www.dslreports.com/forum/remark,20314172 DrModem : Guess we made to many "In Soviet Russia..." jokes :D]]> http://www.dslreports.com/forum/remark,20314172 Thu, 10 Apr 2008 17:02:59 EDT Re: ddos http://www.dslreports.com/forum/remark,20314134 Anonymous_ : that is not it

never mind]]> http://www.dslreports.com/forum/remark,20314134 Thu, 10 Apr 2008 16:56:35 EDT Re: ddos http://www.dslreports.com/forum/remark,20314044 dadkins :

said by justin

:

Same as a couple of weeks ago, sorry!

Not you Justin!
Not your fault some asshat is being stupid and trashing the routers. :huh:

Hope someone finds the fool!
--
Think outside the Fox... Opera]]> http://www.dslreports.com/forum/remark,20314044 Thu, 10 Apr 2008 16:41:39 EDT Re: ddos http://www.dslreports.com/forum/remark,20313750 81399672 :

said by Turbocpe

:

I see a lot of posts here referencing a "backup IP". I've been here for several years, and I'm not certain what this backup IP is? Can someone point me to it for future reference?

I would love too, but first need to confirm your top secret clearance. See pm in a minute ]]> http://www.dslreports.com/forum/remark,20313750 Thu, 10 Apr 2008 15:56:22 EDT Re: ddos http://www.dslreports.com/forum/remark,20313708 Turbocpe : I see a lot of posts here referencing a "backup IP". I've been here for several years, and I'm not certain what this backup IP is? Can someone point me to it for future reference?]]> http://www.dslreports.com/forum/remark,20313708 Thu, 10 Apr 2008 15:49:53 EDT Re: ddos http://www.dslreports.com/forum/remark,20313592 sailor : Announcement:
Unfortunately an ongoing distributed denial of service attack from russia is causing problems for us today.

________________

From Russia with Love]]> http://www.dslreports.com/forum/remark,20313592 Thu, 10 Apr 2008 15:34:28 EDT Re: ddos http://www.dslreports.com/forum/remark,20313583 justin : I don't have a reliable list of all the ranges, it isn't as easy as 82.x.x.x is Poland, etc. Anyway, there are more sophisticated filters that have gone in now, upstream from us.]]> http://www.dslreports.com/forum/remark,20313583 Thu, 10 Apr 2008 15:32:41 EDT Re: ddos http://www.dslreports.com/forum/remark,20313567 TKJunkMail :

said by justin

:

About 2000 ips mainly eastern europe doing a stream of open and open-holds, but also a pile of pointless udp traffic got added after that didn't work, to try to fill up the port - which it did for a few hours. You can see the traffic graph flatlines at the top so the rest wasn't even reaching us, but getting dropped in nac somewhere.

Just block all the IP ranges from Eastern Europe. There probably aren't any regular legit users from there anyway.
--
My BLOG .. .. Internet News .. .. My Web Page]]> http://www.dslreports.com/forum/remark,20313567 Thu, 10 Apr 2008 15:29:22 EDT Re: ddos http://www.dslreports.com/forum/remark,20313542 Jafo232 : Woops, posted to the wrong thread..

Well, just to chime in, I am finally able to get back on..
--
Custom PHP/Perl Development. Vbulletin And Wordpress Mods Too!]]> http://www.dslreports.com/forum/remark,20313542 Thu, 10 Apr 2008 15:25:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20313537 81399672 :

said by justin

:

try the main site again.. it looks to be almost ok now.

Not for long. We are setting up new plan of attack. It should be here shortly :) Israelis agree to help us. :)]]> http://www.dslreports.com/forum/remark,20313537 Thu, 10 Apr 2008 15:24:01 EDT Re: ddos http://www.dslreports.com/forum/remark,20313493 justin :

said by Matt

said by justin

:

try the main site again.. it looks to be almost ok now.

About 2000 ips mainly eastern europe doing a stream of open and open-holds, but also a pile of pointless udp traffic got added after that didn't work, to try to fill up the port - which it did for a few hours. You can see the traffic graph flatlines at the top so the rest wasn't even reaching us, but getting dropped in nac somewhere.]]> http://www.dslreports.com/forum/remark,20313493 Thu, 10 Apr 2008 15:17:53 EDT Re: ddos http://www.dslreports.com/forum/remark,20313468 djdanska :

said by jabarnut

:

You know many of us go into panic mode, and have immediate withdrawal symptoms when the site is down.

Isn't that the truth! When did this start? I'm glad justing and nac is getting this under control. I hate to see the site go down.
Of course the first thing i do is check my connection. This site is usually rock solid. (Unlike hofo which in my opinion doesn't have the most reliable site compared to dslr.)

Keep up the hard work justin!
--
When you do things right, people won't be sure you've done anything at all.]]> http://www.dslreports.com/forum/remark,20313468 Thu, 10 Apr 2008 15:14:25 EDT Re: ddos http://www.dslreports.com/forum/remark,20313465 DrStrange : The main site just re-appeared from here.

I was unable to get here from about 12:30AM until a few minutes ago [got to the main site on a machine with an active login cookie, apparently].

I did a few ping plots last night and figured it was a DDOS when I saw the lag and packet loss on the NAC end of the route that got worse the closer it got to the site.

*frantically searching the rolodex for an old babushka who's willing to 'burn the midnight oil' [and a few candles, maybe] to give the perps of the DDOS something to worry about besides Interpol* ;-)]]> http://www.dslreports.com/forum/remark,20313465 Thu, 10 Apr 2008 15:13:48 EDT Re: ddos http://www.dslreports.com/forum/remark,20313414 jester121 : Thanks for the workaround to get the site back up and running, but I'd hope that anyone who uses the same user ID and password at a bunch of other sites knows better than to send login info to an IP address claiming to be BBR. At the very least it should be a red flag and you should think twice before typing your password.

My spidey sense was tingling when I saw a plain text splash screen with a redirect to an unusual login screen and a url of 209.123.192.190. I didn't do much testing of the "secure" SSL login, but nothing in my browser showed anything being encrypted either way. If I had successfully pwned BBR I might set up a fake login screen to harvest some user IDs and passwords, since a decent number of them would probably work on other sites.

Justin uses proper spelling and grammar so I figured it was safe, plus I don't use these credentials anywhere else so it's not a biggie if this account gets hijacked... :D]]> http://www.dslreports.com/forum/remark,20313414 Thu, 10 Apr 2008 15:06:36 EDT Re: ddos http://www.dslreports.com/forum/remark,20313413 Matt :

said by justin

:

try the main site again.. it looks to be almost ok now.

What type of ddos attack are they using? Just standard HTTP requests to overload the Apache servers? SYN attack?

I noticed earlier this morning that ping times to the server were still great, so I assumed it was an HTTP attack of some sort?]]> http://www.dslreports.com/forum/remark,20313413 Thu, 10 Apr 2008 15:06:32 EDT Re: ddos http://www.dslreports.com/forum/remark,20313396 justin : try the main site again.. it looks to be almost ok now.]]> http://www.dslreports.com/forum/remark,20313396 Thu, 10 Apr 2008 15:04:14 EDT Re: ddos http://www.dslreports.com/forum/remark,20313382 evilghost : Justin, thanks for the announcement page, I was able to get back in by adjusting the HOSTS file accordingly with the backup IP address.

Why is this site even a target? Content in the Security forum?

I am getting HTTP 503 (mod_evasive?) status pages with everything pointed to the backup IP.]]> http://www.dslreports.com/forum/remark,20313382 Thu, 10 Apr 2008 15:00:38 EDT Re: ddos http://www.dslreports.com/forum/remark,20313375 justin : no, that would be the over-full port.]]> http://www.dslreports.com/forum/remark,20313375 Thu, 10 Apr 2008 14:59:34 EDT Re: ddos http://www.dslreports.com/forum/remark,20313374 evilghost : *Duplicate due to HTTP 503 re-post, sorry*]]> http://www.dslreports.com/forum/remark,20313374 Thu, 10 Apr 2008 14:59:27 EDT Re: ddos http://www.dslreports.com/forum/remark,20313361 Anonymous_ : i think my ip *was* blocked as i could not get to the shut down page]]> http://www.dslreports.com/forum/remark,20313361 Thu, 10 Apr 2008 14:55:42 EDT Re: ddos http://www.dslreports.com/forum/remark,20313313 justin : well they upped the traffic to soak the port, which also screws the image server hence the members only site not working too well right now.

apparently this also kicked over a nac router or two and so nac are trying to get themselves ship-shape before helping me with an upstream block :(]]> http://www.dslreports.com/forum/remark,20313313 Thu, 10 Apr 2008 14:05:05 EDT Re: ddos http://www.dslreports.com/forum/remark,20313305 poacher 1rtd : I`m sorry to hear this again justin.

How I wish I could help in some way, I hate bullies and never give in to them.
--
Photography is all about passion and vision, I have the passion but seem to lack in vision.
]]> http://www.dslreports.com/forum/remark,20313305 Thu, 10 Apr 2008 13:44:53 EDT Re: ddos http://www.dslreports.com/forum/remark,20313141 Dominokat : Are you sure Akasha

didn't come along and push a wrong button someplace? :o]]> http://www.dslreports.com/forum/remark,20313141 Thu, 10 Apr 2008 11:18:45 EDT Re: ddos http://www.dslreports.com/forum/remark,20313000 La Luna :

said by jabarnut

:

And the good times just keep on coming.
Bummer for sure. :(
Good luck justin.

You know many of us go into panic mode, and have immediate withdrawal symptoms when the site is down.

Whew! At least I'm here for the moment.....I'm starting to feel a little better. :)

My problem is not knowing if it's the site or something on my end (although that would be almost unheard of). It bothers me when I can't get in touch with anyone to find out, lol....
--
10,880 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
]]> http://www.dslreports.com/forum/remark,20313000 Thu, 10 Apr 2008 10:46:48 EDT Re: ddos http://www.dslreports.com/forum/remark,20312998 jabarnut :

said by haha :

Their are many different sites around, might want to wonder around while this site is down :)

haha...and you may want to get back to your College work in LA, instead of hanging around the web. (Pay particular attention in your English class)

Make your parents proud! :p
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,20312998 Thu, 10 Apr 2008 10:46:24 EDT Re: ddos http://www.dslreports.com/forum/remark,20312952 Coma :

said by jabarnut

:

.....I'm starting to feel a little better. :)

I mentioned to tmp in IM that I was going to talk to my shrink about dslr withdrawal.

--
. . . I want to be a vegetable when I grow up . . . ]]> http://www.dslreports.com/forum/remark,20312952 Thu, 10 Apr 2008 10:39:46 EDT Re: ddos http://www.dslreports.com/forum/remark,20312949 anon :

said by jabarnut

Their are many different sites around, might want to wonder around while this site is down :)]]> http://www.dslreports.com/forum/remark,20312949 Thu, 10 Apr 2008 10:39:34 EDT Re: ddos http://www.dslreports.com/forum/remark,20312913 jabarnut : And the good times just keep on coming.
Bummer for sure. :(
Good luck justin.

You know many of us go into panic mode, and have immediate withdrawal symptoms when the site is down.

Whew! At least I'm here for the moment.....I'm starting to feel a little better. :)
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,20312913 Thu, 10 Apr 2008 10:20:27 EDT Re: ddos http://www.dslreports.com/forum/remark,20312853 justin : if you like, because the main site might go away or be too slow.]]> http://www.dslreports.com/forum/remark,20312853 Thu, 10 Apr 2008 10:08:45 EDT Re: ddos http://www.dslreports.com/forum/remark,20312845 Dersgniw : Should we still be using the ip address?]]> http://www.dslreports.com/forum/remark,20312845 Thu, 10 Apr 2008 10:06:33 EDT Re: ddos http://www.dslreports.com/forum/remark,20312842 justin : It is mitigated - www.dslreports.com is up now - but the site will be slow on the main url (not the backup url) until they bugger off. Anon users will get the shutdown message for the home page.]]> http://www.dslreports.com/forum/remark,20312842 Thu, 10 Apr 2008 10:05:44 EDT Re: ddos http://www.dslreports.com/forum/remark,20312804 81399672 :

said by TKJunkMail

:

ISPs should boot all their customers who have had their devices controlled by a botnet until those PCs are cleaned. It would cause the ISPs to take a short term hit on income, but in the longer term it would be better for everyone.

Keep dreaming. That will never happen and you know it. This cat and mouse game been going on for years and will continue.]]> http://www.dslreports.com/forum/remark,20312804 Thu, 10 Apr 2008 09:55:54 EDT Re: ddos http://www.dslreports.com/forum/remark,20312799 TKJunkMail : ISPs should boot all their customers who have had their devices controlled by a botnet until those PCs are cleaned. It would cause the ISPs to take a short term hit on income, but in the longer term it would be better for everyone.
--
My BLOG .. .. Internet News .. .. My Web Page]]> http://www.dslreports.com/forum/remark,20312799 Thu, 10 Apr 2008 09:54:31 EDT Re: ddos http://www.dslreports.com/forum/remark,20312797 Coma :

said by CCat

:

...Not your fault though.

Who says ?

;)

--
. . . I want to be a vegetable when I grow up . . . ]]> http://www.dslreports.com/forum/remark,20312797 Thu, 10 Apr 2008 09:54:10 EDT Re: ddos http://www.dslreports.com/forum/remark,20312796 La Luna : The site went down for me last night around 12:30 AM. I entered, read one thread and then couldn't go anywhere else. I figured *someone* was playing with red buttons again. Apparently not. Some people have way too much time on their hands. :mad:]]> http://www.dslreports.com/forum/remark,20312796 Thu, 10 Apr 2008 09:54:02 EDT Re: ddos http://www.dslreports.com/forum/remark,20312794 JohnQPublic : asshats]]> http://www.dslreports.com/forum/remark,20312794 Thu, 10 Apr 2008 09:52:56 EDT Re: ddos http://www.dslreports.com/forum/remark,20312776 CCat : That sucks...Not your fault though. ]]> http://www.dslreports.com/forum/remark,20312776 Thu, 10 Apr 2008 09:44:43 EDT Re: ddos http://www.dslreports.com/forum/remark,20312762 Name Game : Bummer good luck justin :( Whoaaa that looks nasty.]]> http://www.dslreports.com/forum/remark,20312762 Thu, 10 Apr 2008 09:39:33 EDT ddos http://www.dslreports.com/forum/remark,20312753 justin : Same as a couple of weeks ago, sorry!

]]> http://www.dslreports.com/forum/remark,20312753 Thu, 10 Apr 2008 09:37:03 EDT