Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to zbestwun2001
Re: Conerning The On Going Denial of Service Attacks Today.
It still appears to be only DDoS 1: Attackers flood unprivileged traffic.
Result: Privileged users unaffected, “1-packet”privileged users
Defenses against Distributed Denial of Service Attacks
»www.dtc.umn.edu/resources/perrig.pdf.
There are also some other solutions..
WRAPS: Denial-of-Service Defense through Web Referrals
»ieeexplore.ieee.org/search/wrapp···=4032468
But then there are worse conditions.. 
Keep DNS servers from contributing to a DDoS attack
Takeaway: How can a recursive query become a DDoS attack? It doesn't take much. Mike Mullins explains how an attacker can take advantage of a DNS server using recursion to perpetrate a DDoS attack, and he tells you how to prevent your organization's DNS servers from taking part.
»adakabartekno.blogspot.com/2007/···-to.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Travelfan1
RIP Analog Go Digital
join:2005-08-23
Iselin, NJ
 ·Comcast
| reply to zbestwun2001
I'll leave to the techies to discuss the technical details.
But what I wonder is: What could be a reason for a hacker/cracker to perform a DDOS against DSL Reports? What financial gain or, what the heck, personal gain suck person/people can gain?
Maybe it's a combination of Comcast and VZ, after all the complains in their forums 
--
COMpressionCAST of New Jersey II(Union)
Verizon DSL
And who would think Eli would outplay Brady... |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| said by Travelfan1  : What could be a reason for a hacker/cracker to perform a DDOS against DSL Reports? Someone sulking at a perceived insult in one of the forums? |
|
Portmonkey
scurvy
Premium
join:2004-04-09
Southern IL
| reply to zbestwun2001
There is big money in some of the illegal online activities nowadays. When people can come here to the numerous forums for free and learn how to avoid and prevent such things as the various flavors of scams, identity theft, phishing, infections, and how to repair and secure a computer that has already been compromised, then it is likely significantly hitting some of the bad guys/gals in the pocket when you consider how many have been helped over the years. Maybe that's not the case here, I'm only guessing, and it could just be someone really bored with nothing better to do.
--
Ninja of the Nasty |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to dave
said by dave :said by Travelfan1 : What could be a reason for a hacker/cracker to perform a DDOS against DSL Reports? Someone sulking at a perceived insult in one of the forums? Hacker groups practising their skills and having contests with each group on who is the best at taking down a target.
Recent attack at this site also..
Hackers, Lamers and Script Kiddies
»auralmoon.com/forum/showthread.php?t=3803
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest
| reply to dave
said by dave :Someone sulking at a perceived insult in one of the forums? Or perhaps one of the forums at DSLReports was involved in defeating/circumventing a black-hats mal-ware/SPAM-site.
--
Do yourself a favor, just say no to anything Windows. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| said by astirusty :said by dave :Someone sulking at a perceived insult in one of the forums? Or perhaps one of the forums at DSLReports was involved in defeating/circumventing a black-hats mal-ware/SPAM-site. I agree with you and believe it's more than a disgruntled member or poster. I believe it's about money and the take-down of moneymaking criminal activity like phishing, CC fraud, bulk ticket buyers, the $9.95 eBook guys and so on. Some of the anon posts I've seen in scambusters indicate that this bunch is clearly upset at some revelations and reports being made.
Several scambusters use BBR as well as other methods to communicate publicly, so paying a bot herder a few thousand bucks to DoS is not out of reason for the criminal organizations.
Thanks to Justin and the nameless team supporting him (Thumbs up to them!), you can go there and take a look at the work they are doing - Despite the DoS attempts.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
Travelfan1
RIP Analog Go Digital
join:2005-08-23
Iselin, NJ | reply to zbestwun2001
all of your explanations make perfect sense.
Kudos to dslreports tech team for their hard work! |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to EGeezer
said by EGeezer :I agree with you and believe it's more than a disgruntled member or poster. I believe it's about money and the take-down of moneymaking criminal activity like phishing, CC fraud, bulk ticket buyers, the $9.95 eBook guys and so on. Some of the anon posts I've seen in scambusters indicate that this bunch is clearly upset at some revelations and reports being made..... The EBook website scammers certainly look like prime suspects.
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
--
10,886 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to zbestwun2001
When this started, one of the first announcements stated that the attack was coming from Russia. Is this still the case?
If so, there are several easy ways of dropping all packets originating from a specific country. There are DNS-Based country zones available, as well as Text-based country zones available for blocking purposes.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs: | reply to Name Game
Name Game - Thanks for all those cartoons - they gave me a good laugh. 
--
Life is simply one damned thing after another. |
|
Styvas
Go Canucks Go
Premium
join:2004-09-15
Waterloo, ON
·Shaw
·Primus Talkbroadband
| reply to TamaraB
said by TamaraB :When this started, one of the first announcements stated that the attack was coming from Russia. Is this still the case? If so, there are several easy ways of dropping all packets originating from a specific country. There are DNS-Based country zones available, as well as Text-based country zones available for blocking purposes. Bob No!!! Don't do that. I log in when I'm over there visiting my wife's family. In fact, DSLR keeps me sane while I'm there!
--
Check out the »Primus TalkBroadband VoIP FAQ. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| said by Styvas :No!!! Don't do that. I log in when I'm over there ... Obviously it would be a temporary measure.
If you dropped all syn packets originating from Russia (Assuming Russia is the source) It wouldn't take long to mitigate the attack. The bot-net would slow down to a crawl, and the impact on dslr would be minimal, especially if the dropping of syn packets happened at the router. Such a response would likely make the botnet unusable for other purposes.
I suspect however, that the attack has a wider demographics than Russia.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA
·AT&T Yahoo
| said by TamaraB :If you dropped all syn packets originating from Russia (Assuming Russia is the source) It wouldn't take long to mitigate the attack. The bot-net would slow down to a crawl, and the impact on dslr would be minimal, especially if the dropping of syn packets happened at the router. Such a response would likely make the botnet unusable for other purposes. Stopping DoS attacks is not that easy. The router would still have to evaluate the packet before dropping it which takes up processing time. |
|
jig
join:2001-01-05
Hacienda Heights, CA | its the "drinking from a fire hose" problem. very hard to drink at full blast, no matter what. only real way to fix it is to turn down the fire hose at the nozzle or further back, not try to shield/divert at the cup. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to toadlife
said by toadlife : ... The router would still have to evaluate the packet before dropping it which takes up processing time. True, so you become slow instead of unreachable. Right now, it is not possible for me to reach dslr via the advertised IP. A slow connection would be preferable to a no connection. Yes? To financially upgrade a router to the needed speed and memory to efficiently deal with this sort of attack, it would be, IMHO, paltry compared to the long-term loss of adversing revenue DSLR is experiencing. Hell, I am a paid subscriber, and would not balk at a charge to upgrade dslr's router.
This attack is directed to us, the users. We, the users, have the means to thwart it. We as a community should band together, and make it happen. It's OUR INTERNET, not the Criminal's Internet.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA
1 edit | DSLr doesn't even own the router it's server(s) sits behind. They are hosted by Net Access Corporation. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | reply to zbestwun2001
Looks like it's over? |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to toadlife
said by toadlife :DSLr doesn't even own the router it's server(s) sits behind. They are hosted ... So? I have co-located servers and routers at CoLo facilities, one does not preclude the other. All you need is control of a class C network. I have an extra ClassC, and if DSLR wants it I would be glad to sign it over for free! I also have a Cisco 2600 multi-port configured router, and cables, already programmed for this class C, and would be willing to give it up for a very nominal fee (going price on Ebay for a used router). I am sure there are many people here who would be willing to help finance such a switchover.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
astirusty
Premium
join:2000-12-23
Henderson, NV |  reply to zbestwun2001
It would be interesting and educational for all -- if after the DDoS subsides some details about the attack could be provided.
--
Do yourself a favor, just say no to anything Windows. |
|
