DDoS - Subseven GT LITMUS and more

Quote:

---

Originally posted by acidphreak
as a reply to the cure for DDoS. Ive found that ive NEVER had a user on IRC network survive my big attacks unless they were on a very nice shell v-host. I was able to drop a good ammount of eggys easy but there were always exceptions. Ive found that i could keep even dial up connections down for many hours even if they reconnect.

---

That doesn't really reply to it, and there ARE ways to stop Static-IP DDoS attacks, you just have to be in contact with your provider, or possibly THEIR provider. Dynamic IP DDoS attacks, on the other hand, have no cure (as of yet).

Quote:

---

This is what WKD used on www.grc.com which of course i was totally against. WKD is a lame script kiddie who i have attacked many times, i even found it fun to drop the network he had his EVILBOTS on. oh! and so u know, WKD never had a mass ammount of bots, he had less then 200 bots , the reason it looked like so many is because when evil bot is opened more then 1 time for every exstra time it is run it makes a clone of itself. Meaning u could have more then 17 bots running off the same DIAL UP connection. That evilbot was one of the worsee DDoS bots i have ever seen.

---

I just have one problem with the above: Gibson identified over 470 separate IPs in the attack. Simply running another bot will not change your IP. According to Gibson himself, he found that EvilBot wasn't able to change its source IP address. This must mean that whomever was DDoSing grc.com would have HAD to have had 470+ bots. Perhaps not just WKD, but there were definitively 470+ computers involved.

Gibson also thinks that WkD was the only attacker. As sad as this is and as hard to belive WkD accually does have friends. He had a few friends who also ran bots that helped him in his attacks on GRC. Also when i said he had less then 200 bots, That ment everytime i was in the bot channel there was never more then 200 bots in there, But of course people arent only 24/7 and he ran the attacks multi times meanin victems would come on and off and some ran the attack and some didnt due to the fact that not all the bots were online at once. Evilbot does run clones which was THE biggest problem with the DDoS script. I didnt accually answer all the questions because i was in class at the time i was replying to them. I am sorry if i missed a question or did not finish my answer fully but i was in a hurry.

Quote:

---

as a reply to the cure for DDoS. Ive found that ive NEVER had a user on IRC network survive my big attacks unless they were on a very nice shell v-host. I was able to drop a good ammount of eggys easy but there were always exceptions. Ive found that i could keep even dial up connections down for many hours even if they reconnect.

---

Im basicly sayin ive never seen anything have a "cure" or be able to stop an attack other then shells and good v-host, meaning either that the connection was so fast it was able to take in all the packets, or maybe they had a good routing for the packets to prevent mass loss of speed and stability. I had someone tell me that thier NIS firewall could stop them from being lagged by the DDoS bots but i never put it to the test. From what he said he was able to stop 150 subseven cable bots from droping his DSL from IRC. But i highly doubt any normal computer user can do anything against a mass DDoS attack on thier connection other then by changeing IPs or by someway getting every attackin host shut off *good luck with that*. I have written to ISPs many many many times with enough logs to prove that a user was DDoSin and they still never replyed or did **** (more then 12 popular ISPs). The most i ever was able to do against DDoS is by gettin into one of the computers of a DDoSin bot, use a packet sniffing software off the bot and seeing the channel and commands they were given. I think subseven 2.2 can use packet sniffer software on a bot. So you would just need to find a way into the bots computer *a backdoor* and just run a subseven server for the easy GUI and run the packet sniffer.

Common over 200 people looked at this thread! lets get ur inputs, dont just read add ur opinions ^_^
:rolleyes: