Jump to content
Oh Shoot

DOS Attack

Recommended Posts

Do I have to pay any type of licensing fees to use that one at a later time? Hilarious.

Well the trademark office hasn't gotten back to me on approving it, so it's up for grabs in the meantime

Share this post


Link to post
Share on other sites

Kernel-level filtering (and especially logging) ala iptables, ipfw, etc on a per-host or network basis is generally a waste of time, effort, and precious machine resources during a DDOS attack. The very best thing you can do on the server itself is to simply drop all packets destined for any port for which you do not provide a service. In this case, drop (not reject, just drop) every packet not destined for port 80 (and maybe 443).

The reason is that the entire point of an attack like that is to saturate the bandwidth to the server. More specifically, it only has to saturate that final piece from the server to the upstream ISP's router, which is typically the narrowest leg. So if you're blocking at the kernel level, the traffic has already has already succeeded in using your bandwidth and the attack is, therefore, successful.

As has been mentioned, the only true way to stop these attacks are from upstream. Either at the router of your ISP, or even a NOC router if you can get those guys to move for you. BTDT. Good luck.

Given that this server has largely been accessible during the attack, I'd say it's a fairly small DDOS. If you can keep the server running, the attacker will probably grow bored and go his merry way. Or eventually he'll get reported by one of the zombies to his ISP and get cutoff. At any rate, there's virtually no defense against a large-scale, coordinated DDOS, and such things have brought down the likes of Amazon and other major sites in recent years.

Here's a great article on the subject for those interested. Prolexic has probably the best solution to DDOS by inserting themselves in your upstream bandwidth and filtering before the traffic gets to you.

Gambling Sites Hedging Bets

Oh, btw, hi, I'm new here. Glad to meet ya ;)

JT

Edited by Sysvr4

Share this post


Link to post
Share on other sites

How often to these type of attackers get busted? I would think it's not very often.

With the economy as it is, I'm sure someone is willing to be a narc for $500. That's assuming it's someone who is/was related to the site.

There are more than a few anti-gun nuts out there who'd like to see the likes of TGO shut down.

Share this post


Link to post
Share on other sites

Oh, I almost forgot....

To whomever is perpetrating this attack:

You might bear in mind that a good number of the zombies you're controlling are likely honeypot machines set up for the express purpose of busting people like you. Google 'honeypot' if you don't believe me. The best part is you have no idea which ones.

These machines typically log the controllers' IPs and those logs are automatically harvested and parsed on a schedule. Eventually, your number will come up and it will very likely lead to some well-deserved PMITA prison time for you.

I see the typical sentence is about two years if you have no other record. My guess is that you do, so, well, um... cheers.

JT

Edited by Sysvr4

Share this post


Link to post
Share on other sites

Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to break into a system.:)

Share this post


Link to post
Share on other sites

I admit....all of this tech talk is over my head....funny thing is I'm considered the "techno-geek" at work...lol But this is a different ball of wax. N-E-WAY

I JUST HOPE WHATEVER IS CAUSING THIS CAN BE STOPPED!!!

It is getting very frustrating for me.

In fact....David, if you want to take donations to increase the size of the reward....just let me know...I'll for sure throw in a few bucks!!!

Share this post


Link to post
Share on other sites

Unless, somebody has the budget of the Govt. it is impossible to track somebody down, if the person doing this, know's what they are doing, which does seem to be the case.

It simply basically boils down as to who has the best equip. Even the Govt. in many cases cant track somebody down, especially if they are operating out of certain Countries!

Also many "Safety Device's" can create more problem's than do good!

:)

Share this post


Link to post
Share on other sites
Loggin to block traffic is one thing but to track it is another. odds are people on this vary forum participate in dos attacks. Personally I wouldn't have a server on the public wire. However, sometimes funding is an issue and thus security suffers.

Typically providers will not install filters in their equipment. Most cases they will instruct you to install your own device. The problem is if the service you have is rated on bandwidth. In that case you end up paying more in usage charges (which is what they want) then it would cost to co-locate a firewall.

It really sucks. I ran IRC servers on both IRCNET and Undernet for years. You haven't seen DOS attacks untill you have dealt with that. We had a smurf attack so bad one time it took down our backbone's core router in Chicago. We had to have then NULL route our netblock for a few hours becasue the flood saturated our DS3.

Oh and by the way.. a DS3 back in early 90's was a HUGE pipe. Unlike the multi-gigabit connections of today.

I ran my own server on chatnet for a few years as a hobby. I know, I know, the minors. Our crew somehow got into a war with 3 or 4 machines from one of the dalnet splits though. That was fairly amusing. I've contributed code to both branches of IRC server. I've issued a few k-lines in my day.

I'm pretty sure the old NOC building down on 2nd avenue offers a pretty high level of service, but you got to pay to play. I never did understand their business model...and neither do they, apparently.

I quit doing web/sysadmin around town for cash back in about 2001. I finished off my master's in CS and never looked back. Bumped up to a jack of all trades system hack, sorta. Kinda glad I'm out of it, for the most part. I look at web work like contracting is to an engineer. You can always go back to it if you run out of decent gigs.

Share this post


Link to post
Share on other sites
I ran my own server on chatnet for a few years as a hobby. I know, I know, the minors. Our crew somehow got into a war with 3 or 4 machines from one of the dalnet splits though. That was fairly amusing. I've contributed code to both branches of IRC server. I've issued a few k-lines in my day.

I'm pretty sure the old NOC building down on 2nd avenue offers a pretty high level of service, but you got to pay to play. I never did understand their business model...and neither do they, apparently.

I quit doing web/sysadmin around town for cash back in about 2001. I finished off my master's in CS and never looked back. Bumped up to a jack of all trades system hack, sorta. Kinda glad I'm out of it, for the most part. I look at web work like contracting is to an engineer. You can always go back to it if you run out of decent gigs.

Ahh the good 'ole days. +1 on the fail safe.. always gigs to score some quick cash.

Edited by lowbud

Share this post


Link to post
Share on other sites
Whew. In some ways I'm lucky to be alive. :)

I hear ya. I wouldn't have been supprised if someone came knocking on my door to either arrest me or wipe me out. I had one hell of en eggdrop back then.

Share this post


Link to post
Share on other sites
I hear ya. I wouldn't have been supprised if someone came knocking on my door to either arrest me or wipe me out. I had one hell of en eggdrop back then.

I was more worried about some freaked out psycho chick showing up with a butcher knife and her fifty-eight in-bred cousins. I did blow a disk out of my back jumping out of the 2nd floor of the marathon motors building...

Share this post


Link to post
Share on other sites
I was more worried about some freaked out psycho chick showing up with a butcher knife and her fifty-eight in-bred cousins. ..

LOL.. Ya'll come back now, ya hear!

Share this post


Link to post
Share on other sites
I did blow a disk out of my back jumping out of the 2nd floor of the marathon motors building...

There's GOTTA be a story here :wave:

Share this post


Link to post
Share on other sites
i read this thread title and thought something was up with the Department of Safety. Guess I am not a big enough computer dork to catch what DOS really meant, LOL

+1 :doh:

Share this post


Link to post
Share on other sites

Again, last night i could not get on here from about 1 30 AM until ?, quit trying at 4 AM! All it said, Internet expl. can not display this page!

Been happening a lot early in the morning!

Share this post


Link to post
Share on other sites

David, I don't know that it is just TGO that has been attacked, it would appear that whoever is doing this is targeting v bulletin installations. As someone else mentioned a lot of the other gun forums have been attacked. But it is not just the gun forums. I could be wrong but there are a lot getting hit right now.

Share this post


Link to post
Share on other sites
Again, last night i could not get on here from about 1 30 AM until ?, quit trying at 4 AM! All it said, Internet expl. can not display this page!

Been happening a lot early in the morning!

Yeah, I'm a night owl most of the time, and site has been crawling or unreachable often in the wee hours of morning from 1am on...

Maybe there's a clue there?

- OS

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


The Fine Print

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions. TGO makes no claims, guarantees or assurances regarding any such transactions.

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines