|
|
|
|
|
#1
06-12-2004, 04:23 AM
|
||||
|
||||
|
190Revolution.net victim of devastating DOS attack
This is an FYI to all 190revolution.net members...
190Rev has been enduring a constant barage of malicious packets, a "Denial of Service" attack, beginning late last week and continuing even when the site is off line. The attack appears to be coming from about 30 high bandwidth, compromised computers infected with DOS "zombie" trojans. The attack is sophisticated. As soon as IPs are blocked, the attacking computers proxy a new IP. When the attack starts, all of the bandwidth it sucked dry. Almost 50 gigs of transfer was logged in the first 2 hours. Sadly, the attack is impossible to stop with out $5000+ to hire a specialized security team to design a packet filter an install it at the host's ISP. Hopefully the attack will stop soon or I will find a host with experience combating these attacks. Cassidy
__________________
Cassidy 1982 MB 300DT - Running Great @ 104K! 1972 MB 220D - RIP @ ~200K (Dropped prechamber) 1992 MB 190E 2.6 - SOLD @ 145K 
|
|
#2
06-12-2004, 05:26 AM
|
|||
|
|||
|
I hate to hear that
I hope you can catch the person (s) that have done this, I really like that web site too.. Also contact the FBI maybe they can help you resolve this issue..
__________________
2000 Ford 7.3 Powerstroke 4x4 2006 Mazda Tribute 1983 Black 300 D (donated to charity) 1993 Teal 300 D (160K) Sold "I love the smell of burnt diesel fuel in the morning, it smells like ....VICTORY" Semper Fidelis USMC 1973-1976
|
|
#3
06-12-2004, 11:30 AM
|
|||
|
|||
|
Okay... so that is what is happening. I'll try to ask some computer experts at work to see what there take on it is.
Joseph.
|
|
#4
06-12-2004, 12:41 PM
|
||||
|
||||
|
Sounds like they need Microsoft's ISA server. Its a software firewall in which you can configure your own custom packet filters. It costs about $900 bucks. Install it, then make a $250 support call to MS and they'll tell you how you need to configure it for that particular DOS and DOS attacks in general. They have to be running MS servers, tho. If its LINUX they're SOL on the DOS.
|
|
#5
06-18-2004, 07:23 PM
|
|||
|
|||
|
According to our computer experts at work,
The first thing you should do is find out what ISP the DOS attacks are coming from and report them to there ISP. Their own ISP' s will disconnect them. 2nd you should get that some firewall software to block DOS attacks. Hope I can get on the website soon! Joseph_190E
|
|
#6
06-18-2004, 09:23 PM
|
||||
|
||||
|
Unfortunately, the "zombie" computers that are hitting the system are using spoofed addresses that constantly change, so blocking at the present time is not viable. As for adding a firewall, the site is hosted by an ISP, not on a home PC. It's a micro version of what happened to Akamai's DNS servers this past week.
|
|
#7
06-18-2004, 11:02 PM
|
|||
|
|||
|
MTI,
I don't think we are talking about the same thing? If we are then I appologize. We need to find what ISP (internet service provider) the attacks are coming from, not IP (internet protocol) address. Once we find the ISP, then we contact them and the provider will disconnect that user/program from their system. Sort of like what aol did to my account when it regonized that I was sending out 150 emails every minute. AOL disabled my account. I had a virus. I had to phone in. As far as the ISP for the 190rev, maybe they need to upgrade to a better firewall somehow? Joseph_190E
|
|
#8
06-18-2004, 11:24 PM
|
||||
|
||||
|
Locating the ISP is impossible if the IP addresses are counterfeit spoofs. For a better explanation:
The packets used in today's DDoS attacks use forged source addresses; they are lying about where the packet comes from. The very first router to receive the packet can very easily catch the lie; it has to know what addresses lie on every network attached to it, so that it can correctly route packets to them. If a packet arrives, and the source address doesn't match the network it's coming from, the router should discard the packet. This style of packet checking is called variously Ingress or Egress filtering, depending on the point of view; it is Egress from the customer network, or Ingress to the heart of the Internet. If the packet is allowed past the border, catching the lie is nearly impossible. Returning to our analogy, if you hand a letter to a letter-carrier who delivers to your home, there's a good chance he could notice if the return address is not your own. If you deposit a letter in the corner letter-box, the mail gets handled in sacks, and routed via high-volume automated sorters; it will never again get the close and individual attention required to make any intelligent judgments about the accuracy of the return address. Likewise with forged source addresses on internet packets: let them past the first border router, and they are unlikely to be detected.
|
|
#9
06-18-2004, 11:46 PM
|
||||
|
||||
|
They got to get off all that public domain stuff their using. The current MS server software firewalls can defeat that strategy by requiring a valid ping back. They might trying changing there own IP number for their domain.
|
 |
| Bookmarks |
|
|
Linear Mode
