DDOS attacks ?

DDOS attacks ?

Post by Fredri » Thu, 17 Jan 2002 09:31:11



Hi all,

I was recently the target of one of these attacks (about 30 machines was
involved), it
didn't succeed ;-)
Is there anything you could do to "counterattack" these attacks, I would
guess there isn't a way but it would be fun to "play" with an attacker.

Fredrik

 
 
 

DDOS attacks ?

Post by lynx » Thu, 17 Jan 2002 10:47:48




Quote:> Is there anything you could do to "counterattack" these attacks,

other than LaBrea, i haven't heard of anything. and in the case of a
targeted DDOS, LaBrea won't do you much good - well, unless you can move
the real server to another IP, put up the tarpit on the old IP, and your
attacker is too dumb to do another DNS lookup, that is.

--
   PGP/GnuPG key (ID 1024D/07A530D6) available from keyservers everywhere
    Key fingerprint = B5A8 62AD 8263 5415 7C3C  9245 50A7 FD59 07A5 30D6
                             "...life goes on
                  long after the thrill of living is gone..."

 
 
 

DDOS attacks ?

Post by Fredri » Fri, 18 Jan 2002 00:55:09


Hmm,

LaBrea, don't think I've heard about but will look it up.

Fredrik




> > Is there anything you could do to "counterattack" these attacks,

> other than LaBrea, i haven't heard of anything. and in the case of a
> targeted DDOS, LaBrea won't do you much good - well, unless you can move
> the real server to another IP, put up the tarpit on the old IP, and your
> attacker is too dumb to do another DNS lookup, that is.

> --
>    PGP/GnuPG key (ID 1024D/07A530D6) available from keyservers everywhere
>     Key fingerprint = B5A8 62AD 8263 5415 7C3C  9245 50A7 FD59 07A5 30D6
>                              "...life goes on
>                   long after the thrill of living is gone..."

 
 
 

DDOS attacks ?

Post by bomb » Fri, 18 Jan 2002 01:49:27



> Hi all,

> I was recently the target of one of these attacks (about 30 machines was
> involved), it
> didn't succeed ;-)
> Is there anything you could do to "counterattack" these attacks, I would
> guess there isn't a way but it would be fun to "play" with an attacker.

Speak to your upstream provider about egress filtering?

You probably won't be able to "play" with an attacker, as in all likelihood
the machines in a DDoS will be unknowingly rooted.  Read Steve Gibson's
story of similar problems at grc.com.

bomba

 
 
 

DDOS attacks ?

Post by Fredri » Fri, 18 Jan 2002 03:44:07



Quote:> You probably won't be able to "play" with an attacker, as in all
likelihood
> the machines in a DDoS will be unknowingly rooted.  Read Steve Gibson's
> story of similar problems at grc.com.

> bomba

I've read the IRC zoombie story at grc and it was very interesting.
I know I won't be able to "play" with the actual attacker but it
would be nice to be as "*" target as possible.
E.g. if there some way to delay the results to him or other ways make it
more worth to an attacker to just skip my FW as a target ;-)

Fredrik

 
 
 

DDOS attacks ?

Post by Matthias Wiese » Fri, 18 Jan 2002 06:16:26



> I was recently the target of one of these attacks (about 30 machines
> was involved), it
> didn't succeed ;-)

Did you receive DNS-Packets from those 30 machines?
 
 
 

DDOS attacks ?

Post by Fredri » Fri, 18 Jan 2002 09:01:35


Matthias,

Don't know, unfortunatly I deleted the log file instead of moving it,
you can call me an idiot ;-)

Fredrik



> > I was recently the target of one of these attacks (about 30 machines
> > was involved), it
> > didn't succeed ;-)
> Did you receive DNS-Packets from those 30 machines?