Parts Catalog Accessories Catalog How To Articles Tech Forums
Call Pelican Parts at 888-280-7799
Shopping Cart Cart | Project List | Order Status | Help




Go Back   PeachParts Mercedes-Benz Forum > General Discussions > Off-Topic Discussion

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 06-12-2004, 04:23 AM
Cazzzidy's Avatar
French Fry Fuel
 
Join Date: Feb 2004
Location: Santa Cruz, CA
Posts: 118
190Revolution.net victim of devastating DOS attack

This is an FYI to all 190revolution.net members...

190Rev has been enduring a constant barage of malicious packets, a "Denial of Service" attack, beginning late last week and continuing even when the site is off line.

The attack appears to be coming from about 30 high bandwidth, compromised computers infected with DOS "zombie" trojans. The attack is sophisticated. As soon as IPs are blocked, the attacking computers proxy a new IP. When the attack starts, all of the bandwidth it sucked dry. Almost 50 gigs of transfer was logged in the first 2 hours.

Sadly, the attack is impossible to stop with out $5000+ to hire a specialized security team to design a packet filter an install it at the host's ISP.

Hopefully the attack will stop soon or I will find a host with experience combating these attacks.

Cassidy
__________________
Cassidy
1982 MB 300DT - Running Great @ 104K!

1972 MB 220D - RIP @ ~200K (Dropped prechamber)
1992 MB 190E 2.6 - SOLD @ 145K
Reply With Quote
  #2  
Old 06-12-2004, 05:26 AM
2.5 TURBO
 
Join Date: Jan 2001
Location: Send me back to Atlanta
Posts: 876
I hate to hear that

I hope you can catch the person (s) that have done this, I really like that web site too.. Also contact the FBI maybe they can help you resolve this issue..
__________________
2000 Ford 7.3 Powerstroke 4x4
2006 Mazda Tribute
1983 Black 300 D (donated to charity)
1993 Teal 300 D (160K) Sold
"I love the smell of burnt diesel fuel in the morning, it smells like ....VICTORY"

Semper Fidelis
USMC 1973-1976
Reply With Quote
  #3  
Old 06-12-2004, 11:30 AM
Registered User
 
Join Date: Jun 2003
Location: Southern Cali
Posts: 81
Okay... so that is what is happening. I'll try to ask some computer experts at work to see what there take on it is.

Joseph.
Reply With Quote
  #4  
Old 06-12-2004, 12:41 PM
KirkVining's Avatar
Banned
 
Join Date: Apr 2004
Posts: 5,303
Sounds like they need Microsoft's ISA server. Its a software firewall in which you can configure your own custom packet filters. It costs about $900 bucks. Install it, then make a $250 support call to MS and they'll tell you how you need to configure it for that particular DOS and DOS attacks in general. They have to be running MS servers, tho. If its LINUX they're SOL on the DOS.
Reply With Quote
  #5  
Old 06-18-2004, 07:23 PM
Registered User
 
Join Date: Jun 2003
Location: Southern Cali
Posts: 81
According to our computer experts at work,

The first thing you should do is find out what ISP the DOS attacks are coming from and report them to there ISP. Their own ISP'
s will disconnect them.

2nd you should get that some firewall software to block DOS attacks.

Hope I can get on the website soon!

Joseph_190E
Reply With Quote
  #6  
Old 06-18-2004, 09:23 PM
MTI's Avatar
MTI MTI is offline
Registered User
 
Join Date: Nov 2002
Location: Scottsdale, Arizona
Posts: 10,626
Unfortunately, the "zombie" computers that are hitting the system are using spoofed addresses that constantly change, so blocking at the present time is not viable. As for adding a firewall, the site is hosted by an ISP, not on a home PC. It's a micro version of what happened to Akamai's DNS servers this past week.
Reply With Quote
  #7  
Old 06-18-2004, 11:02 PM
Registered User
 
Join Date: Jun 2003
Location: Southern Cali
Posts: 81
MTI,

I don't think we are talking about the same thing? If we are then I appologize.

We need to find what ISP (internet service provider) the attacks are coming from, not IP (internet protocol) address.

Once we find the ISP, then we contact them and the provider will disconnect that user/program from their system.

Sort of like what aol did to my account when it regonized that I was sending out 150 emails every minute. AOL disabled my account. I had a virus. I had to phone in.

As far as the ISP for the 190rev, maybe they need to upgrade to a better firewall somehow?

Joseph_190E
Reply With Quote
  #8  
Old 06-18-2004, 11:24 PM
MTI's Avatar
MTI MTI is offline
Registered User
 
Join Date: Nov 2002
Location: Scottsdale, Arizona
Posts: 10,626
Locating the ISP is impossible if the IP addresses are counterfeit spoofs. For a better explanation:

The packets used in today's DDoS attacks use forged source addresses; they are lying about where the packet comes from. The very first router to receive the packet can very easily catch the lie; it has to know what addresses lie on every network attached to it, so that it can correctly route packets to them. If a packet arrives, and the source address doesn't match the network it's coming from, the router should discard the packet. This style of packet checking is called variously Ingress or Egress filtering, depending on the point of view; it is Egress from the customer network, or Ingress to the heart of the Internet.

If the packet is allowed past the border, catching the lie is nearly impossible. Returning to our analogy, if you hand a letter to a letter-carrier who delivers to your home, there's a good chance he could notice if the return address is not your own. If you deposit a letter in the corner letter-box, the mail gets handled in sacks, and routed via high-volume automated sorters; it will never again get the close and individual attention required to make any intelligent judgments about the accuracy of the return address. Likewise with forged source addresses on internet packets: let them past the first border router, and they are unlikely to be detected.
Reply With Quote
  #9  
Old 06-18-2004, 11:46 PM
KirkVining's Avatar
Banned
 
Join Date: Apr 2004
Posts: 5,303
They got to get off all that public domain stuff their using. The current MS server software firewalls can defeat that strategy by requiring a valid ping back. They might trying changing there own IP number for their domain.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT -4. The time now is 08:58 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2018 Pelican Parts, LLC - Posts may be archived for display on the Peach Parts or Pelican Parts Website -    DMCA Registered Agent Contact Page