Gibson Research taken down in DDOS Attack
Results 1 to 8 of 8

Thread: Gibson Research taken down in DDOS Attack

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    25

    Gibson Research taken down in DDOS Attack

    Story is old (about a month) but truly telling in it's complete nature. Shows where the DOS aTtackers are going and how in detail they carry out their attacks - evein using Internet Core Routers owned by ISP's to carry out their work. Well worth the read.
    http://grc.com/dos/drdos.htm
    If you lived here you\'d be home by now.

  2. #2
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Come on......can't people think of anything better to do then launch a DDOS?
    I toor\'d YOU!

  3. #3
    Banned
    Join Date
    Feb 2002
    Posts
    38
    Zigar already posted that like 3 weeks ago. Personally I am glad to see that happenend to the web site because they are crooked and behind cover up story's! Way to go hackers

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    You call people who launch DDoS attacks, hackers? Why?
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  5. #5
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Because didn't you know that only 313173 h4x0r can launch a DDOS .......oh...wait...most people who launch DDOS are friggin script kiddes who don't know a damn thing about computers and security.~my mistake
    I toor\'d YOU!

  6. #6
    Banned
    Join Date
    Feb 2002
    Posts
    38
    You call people who launch DDoS attacks, hackers? Why?
    Because didn't you know that only 313173 h4x0r can launch a DDOS .......oh...wait...most people who launch DDOS are friggin script kiddes who don't know a damn thing about computers and security.~my mistake

    Do you call these types of people average users? I think not. Would you call them script kiddys? no-way! Would I call them some bad ass hackers YES! How many script kiddys you know can bring down web site's like grc.com? If they used a "buffer overflow" attack would that make them a hacker? Perhaps they discovered and coded the exploits for themselves! Just don't call them script kiddys because their not!


    oh...wait...most people who launch DDOS are friggin script kiddes who don't know a damn thing about computers and security.~my mistake
    [/QUOTE] LOL yea right!

  7. #7
    Junior Member
    Join Date
    Feb 2002
    Posts
    25
    okay - so they may have deserved it - the article is an excellent technical discussion of an attack - and if any of you blowhards had bothered to read it you might learn something.

    This was a very clever attack using completely different techniques - they were able to fool Verio, Qwest, and Above.net's core routers into doing their dirty work. These guys are far from script kiddies.

    no skin off my azz that you are all too cool to read something.

    "In other words, a malicious hacker located somewhere else on the Internet, was SYN FLOODING INTERNET ROUTERS with TCP connection-requesting SYN packets. Those SYN packets carried the fraudulent (spoofed) source IP belonging to grc.com. Therefore, the routers believed that the SYN packets were coming from us, and they were replying with SYN/ACK packets as the second phase of the standard TCP three-way connection handshake.


    Malicious SYN packets were being "Reflected" off innocent bystanding TCP servers. Their
    SYN/ACK responses were being used to flood and attack our bandwidth.

    ...

    Since the malicious hacker's SYN packets were aimed at the intermediate routers' port 179, any reflected packets would be originating from that port.
    Verio's engineer added a "filter" to the aggregation router servicing our Internet connection to block (drop) any packets inbound to us from port 179. The flood of packets coming in from port 179 immediately stopped.

    ...

    With the routers traffic blocked, we were now being flooded by a SYN/ACK packets pouring in from ports 22 (Secure Shell), 23 (Telnet), 53 (DNS), and 80 (HTTP/Web). There were also some packets coming from port 4001 (a proxy server port) and 6668 (IRC chat). "


    If you lived here you\'d be home by now.

  8. #8
    Banned
    Join Date
    Oct 2001
    Posts
    590
    Well I think at some point some websites running less services and a good firewall can't be defaced. SO perhaps the kiddy strategy would be "if you can't own em, DDOS em!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides