Security websites taken down by unhappy hackers
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Security websites taken down by unhappy hackers

  1. #1
    Senior Member
    Join Date
    Jul 2001
    Posts
    343

    Security websites taken down by unhappy hackers

    This came in to me and I though I would pass it around....
    via www.thei3p.org

    A group of hackers called "SIS-Team" have allegedly denied service to a number of security websites, including Rootkit.com, as revenge for disparaging comments posted to the websites. After a user going by the name "ATmaCA" posted a message on Rootkit.com advertising several SIS-Team spywares, other users posted comments objecting, pointing out that rootkits on Rootkit.com are usually open source. Users also questioned the quality of the spyware in the resulting flame war. Within a few hours, Rootkit.com was under attack by a botnet of around five- hundred nodes, flooding the site with 170,000 requests per second. Website administrators have received extortion e-mails that promise to end the attacks if the owners post public apologies to ATmaCA and SIS-Team. Rootkit.com has 25,000 registered users and around thirty regular contributors; most are security students and professionals studying how rootkits and other hacker tools work.
    http://www.techworld.com/security/ne...fm?NewsID=3465
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  2. #2
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Wow, the tune "jeremy" by perl jam is the first thing that pops into my head...
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well, Well, Well,

    “…under attack by a network of more than 500 compromised computers, or bots, that flooded the site with about 170,000 requests a second, making it unreachable for most Internet users…”

    Hopefully Bubba will be getting some new playthings!

    Cheers
    Connection refused, try again later.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Rootkit.com was under attack by a botnet of around five- hundred nodes, flooding the site with 170,000 requests per second.
    Though I wouldn't want to have to deal with it on my network, a 500 bot net is in the high amateur range. There are botnets out there that are 10,000 plus that are regularly reported.... I'm sure there are botnets for the professional out there that could bring down 100,000 plus machines on you.... Now that's a DDoS...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    Really 500 nodes.

    Rootkit.com must have been begging for them to stop
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  6. #6
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Location
    Underground Bunker, somewhere in Antarctica
    Posts
    109
    I think they should settle this disagreement in the traditional manner, a game of counter strike.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    Speaking of DDoS, is there any way that you could protect your web server from it?
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Originally posted here by Kite
    I think they should settle this disagreement in the traditional manner, a game of counter strike.

    B.R.I.N.G. IT ON.

  9. #9
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Ways to protect against DDOS

    1. From cisco : (related only to cisco products but its a nice read)

    http://www.cisco.com/warp/public/707/newsflash.html

    2. From CERT. (nice read if for starters)

    http://www.cert.org/homeusers/ddos.html

    3. From US-CERT

    http://www.us-cert.gov/cas/tips/ST04-015.html


    But just to get you started there are lot of ways a DoS or DDoS can be carried out Ill mention a few of them :

    1. Ping Of death :

    This DoS attack is carried out by expoiting the maximum packet size that TCP/IP allows for being transmitted over the internet which is restricted to 65,536 octects.

    I am not giving much information on this attack as this attack no longer exists as no operating system is affected by it unless you are using some ancient OS and its ancient version.

    Anyway for more information you may want to read any of these documents
    Information on ping of death

    2. Teardrop

    Teardrop attack uses a vulnerability present in reassembling of data packets. Whenever data is sent over the internet it is first broken insmaller fragments at the source system and put together at the destination.

    For example. You need 4000 byte's from a system and this is broken down into 3 packets

    packet 1 will carry data from 1 byte to 1500 byte's
    packet 2 will carry data from 1501 byte's to 3000 byte's
    packet 3 will carry data from 3000 byte's to 4000 byte's

    Now there is an offset feild in the data packet which specifies from what byte to what byte the data is carried in that perticular packet.

    Normally the system will recive data inform of

    1 to 1500 then 1501 to 3000 and last 3000 to 4000 byte's.

    but in teardrop attack
    1 to 1500 then 1500 to 3000 and last "1001 to 2301" byte's (this is an exmaple)

    hence the destination system gets confused and cannot re-assemble packet's and will hang and reboot.



    3. SYN-Flood


    This is one of the most easiest way to perform a DDoS attack. It is very hard to eplain but just for the sake of it. here is an exaple.

    There are 10 telephone's at your office and I dial all the 10 numbers so all 10 of the teleplhon's will be busy now lets say one of your clients tries to call you he will placed on either hold or will not connect.

    Thats how a SYN-Flood attack works. Legit users are denied access to the data by keeping the server busy.

    SOLUTION : There is no one single countermeasure to protect from this attack but folowing are a good start.

    1. reducing the duration of time required for a "timed out"
    2. Increasing the queue of connection (will increase memory usage)
    3. KEEPING YOUR SYSTEMS UPDATE.

    THIS ATTACK IS MAINLY USED TO CARRY OUT IP SPOOFING


    4. Land attack

    This is same as SYN flood but only diffrence is that instead of bad ip address, IP address of the target system is used. This means that the packet conatins source and destination address (and ports) of the same system which then creats an INFINITE LOOP. ultimately crashing the system

    BEST COUNTERMEASURE USE A FIREWALL.



    5. Smurf Attack

    THis is a sort of Brute force DOS attack where huge numbers of ping request are sent to a system (NORMALLY THE ROUTER). of a target network using IP address spoofed from the teret network.. This will in the end flood the entire network with ping or echo requests and its replies.

    For more read
    http://www.cert.org/advisories/CA-1998-01.html


    Hope this information help's.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  10. #10
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    Huh,

    Not very encouraging, but nice reads...

    I hope that IPv6 will make it harder to DDoS someone.
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •