-
November 22nd, 2001, 09:18 AM
#1
Senior Member
Ddos attack
Hello everyone
I think you have heard about Denial of Service Attack.
My network is under this attack .In the past days i had an attack and the Ip sources were false but from another networks.Now i got an attack with Ip-s of my domain.and i am sure that the attack is still from outside my network .
Does anyone of you know anything more about this kind of attack or any new trick to find the real ip source in a tcp packet?
What kind of chinese **** programs they are using?
I need your advices .
thanks
If God had intended
Man to program,
we would be born
with serial I/O ports.
-
November 22nd, 2001, 10:23 AM
#2
Well could you describe your network in short ? like OS/firewall are you running a webserver etc.
Finding the source is very difficult, the "chinese"programs they use? I think you mean all the idiots pc's on adsl or something that they have compromised to pund on your system.
-
November 22nd, 2001, 12:25 PM
#3
Senior Member
Re: Ddos attack
Originally posted by magic1
I think you have heard about Denial of Service Attack.
My network is under this attack .In the past days i had an attack and the Ip sources were false but from another networks.Now i got an attack with Ip-s of my domain.and i am sure that the attack is still from outside my network .
IP sources, you mean the ips where the attack was coming from?
when you say your domain what exactly do you mean, within your own network?
Originally posted by magic1
Does anyone of you know anything more about this kind of attack or any new trick to find the real ip source in a tcp packet?
Well.....i doubt that they are using IP spoofing for this kind of attack....unless they really hate you, but they could be using so called zombie computers, for details have a look at GRC for steve gibsons ideas. alternatively they may be using smurf attacks with TFN or Trin00
or pinging the crap out of your site if they have a really quick connection, its only the 3rd one where i can think of a reason why anyone would want to hide their IP from you but have a look at any router logs to see where abouts the attacks are coming from, and if you find something mail the isp that they use. hope that this helps
There\'s no sense in being Pessimistic...it would never work anyway.
-
November 22nd, 2001, 01:26 PM
#4
Steve Gibson has a lot of knowledge on computers but the part about raw sockets is not entirely true.
Check out www.grcsucks.com
-
November 22nd, 2001, 02:20 PM
#5
Senior Member
Originally posted by Focmaester
Steve Gibson has a lot of knowledge on computers but the part about raw sockets is not entirely true.
Check out www.grcsucks.com
yeah i admit that he is a bit of an over eggarerater, but i didn't say that he was wonderful, just that he gave a decent qwrite up for zombie attacks, thats all
There\'s no sense in being Pessimistic...it would never work anyway.
-
November 22nd, 2001, 04:36 PM
#6
Senior Member
hello
I found their pages
they are using subseven.cgi in which they stores ips ports and passwords of zombie computers and then they attack .
their url is (please be carefull)
http://209.90.125.212/~desuave/cgi-b...i?action=about
I wanna stop them .
they use a file subseven.mem for the login of members.
and subseven.adr for the zombie computers.
I wrote to freeprohosting (their page is in that free server) but i don't know if they had received my message
What can i do more ???????
Any idea??????
If God had intended
Man to program,
we would be born
with serial I/O ports.
-
November 22nd, 2001, 04:59 PM
#7
Originally posted by Therealmaster
yeah i admit that he is a bit of an over eggarerater, but i didn't say that he was wonderful, just that he gave a decent qwrite up for zombie attacks, thats all
Maybe I made it sound irritating, my apologies for that but what I meant whas that his statement on raw sockets is not entirely true. It has been proven that is whas possible with wintel systems prior to the release of XP.
As for Magic 1, writing to free pro hosting will get them kicked off, but not shut down. Try to find out who their ISP is and report them. And also have your logs ready. You might need them for evidence.
I believe JP/or whas it Meinel has the link to report a case such as this to the feds.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|