Results 1 to 7 of 7

Thread: Ddos attack

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    111

    Ddos attack

    Hello everyone

    I think you have heard about Denial of Service Attack.
    My network is under this attack .In the past days i had an attack and the Ip sources were false but from another networks.Now i got an attack with Ip-s of my domain.and i am sure that the attack is still from outside my network .

    Does anyone of you know anything more about this kind of attack or any new trick to find the real ip source in a tcp packet?

    What kind of chinese **** programs they are using?

    I need your advices .

    thanks
    If God had intended
    Man to program,
    we would be born
    with serial I/O ports.

  2. #2
    Well could you describe your network in short ? like OS/firewall are you running a webserver etc.
    Finding the source is very difficult, the "chinese"programs they use? I think you mean all the idiots pc's on adsl or something that they have compromised to pund on your system.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    118

    Re: Ddos attack

    Originally posted by magic1
    I think you have heard about Denial of Service Attack.
    My network is under this attack .In the past days i had an attack and the Ip sources were false but from another networks.Now i got an attack with Ip-s of my domain.and i am sure that the attack is still from outside my network .
    IP sources, you mean the ips where the attack was coming from?
    when you say your domain what exactly do you mean, within your own network?

    Originally posted by magic1
    Does anyone of you know anything more about this kind of attack or any new trick to find the real ip source in a tcp packet?
    Well.....i doubt that they are using IP spoofing for this kind of attack....unless they really hate you, but they could be using so called zombie computers, for details have a look at GRC for steve gibsons ideas. alternatively they may be using smurf attacks with TFN or Trin00
    or pinging the crap out of your site if they have a really quick connection, its only the 3rd one where i can think of a reason why anyone would want to hide their IP from you but have a look at any router logs to see where abouts the attacks are coming from, and if you find something mail the isp that they use. hope that this helps
    There\'s no sense in being Pessimistic...it would never work anyway.

  4. #4
    Steve Gibson has a lot of knowledge on computers but the part about raw sockets is not entirely true.
    Check out www.grcsucks.com

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    118
    Originally posted by Focmaester
    Steve Gibson has a lot of knowledge on computers but the part about raw sockets is not entirely true.
    Check out www.grcsucks.com
    yeah i admit that he is a bit of an over eggarerater, but i didn't say that he was wonderful, just that he gave a decent qwrite up for zombie attacks, thats all
    There\'s no sense in being Pessimistic...it would never work anyway.

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    111
    hello

    I found their pages
    they are using subseven.cgi in which they stores ips ports and passwords of zombie computers and then they attack .

    their url is (please be carefull)
    http://209.90.125.212/~desuave/cgi-b...i?action=about

    I wanna stop them .
    they use a file subseven.mem for the login of members.
    and subseven.adr for the zombie computers.

    I wrote to freeprohosting (their page is in that free server) but i don't know if they had received my message

    What can i do more ???????
    Any idea??????
    If God had intended
    Man to program,
    we would be born
    with serial I/O ports.

  7. #7
    Originally posted by Therealmaster


    yeah i admit that he is a bit of an over eggarerater, but i didn't say that he was wonderful, just that he gave a decent qwrite up for zombie attacks, thats all
    Maybe I made it sound irritating, my apologies for that but what I meant whas that his statement on raw sockets is not entirely true. It has been proven that is whas possible with wintel systems prior to the release of XP.

    As for Magic 1, writing to free pro hosting will get them kicked off, but not shut down. Try to find out who their ISP is and report them. And also have your logs ready. You might need them for evidence.
    I believe JP/or whas it Meinel has the link to report a case such as this to the feds.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •