BNLS is down?

NetNX · August 29, 2004, 09:48 AM

Hail Skywing!

LizArD · August 29, 2004, 10:06 AM

Still down.. =( Cant they somehow block off the DDoS attack or something, I dunno though, i've never been DDoS'd before..

TangoFour · August 29, 2004, 10:48 AM

Sure they can - by pulling out the network cable of the server computer - renders the DDoS completely ineffective (then again, so will the server be)

Warrior · August 29, 2004, 11:33 AM

Possible Legal Actions ? I mean doesn't this Server cost money to run and him just crashing the service with a DoS attack isn't it illegal?

LizArD · August 29, 2004, 12:22 PM

yeah sue them bastards

TangoFour · August 29, 2004, 04:49 PM

Sue who exactly? They'd need to know the real identity of the person responsible

LizArD · August 29, 2004, 05:06 PM

oh no, someone acted like a smartass on me

if they're DDoS'ing you I have a feeling you can get their IP somehow, maybe contact their ISP? maybe get their ISP to ban them? I dont know.

Meh · August 29, 2004, 05:07 PM

The guy who did will have masked his ISP. vL know who did it same as me

Arta · August 30, 2004, 12:33 AM

Not exactly on topic but nevermind:

DDoS attacks are very hard to trace back to the attacker, because:

1. The attack does not originate from the attacker's computer. It is distributed across many hosts commonly called 'zombies'.
2. The attack does not require that a connection is established, and does not require any response to packets sent to the target. This means that the source IP addresses of all the packets sent to the target can be spoofed.

I once read somewhere that you can trace spoofed packets back to the host that sent them by figuring out what routers the packet traversed on it's journey to the target, but I have no idea how one might actually accomplish that. If anyone knows, I'd be interested to hear about it.

MyndFyre · August 30, 2004, 04:02 AM

Or, in a reflexive attack, the SYN packet of a SYN, SYN/ACK, ACK connection sequence is sent with a spoofed IP in the headers to many different high-bandwidth reflection servers. These servers in turn send the SYN/ACK traffic to the IP address (the spoof) which is the target machine, and they'll keep doing it until a timeout, because they think that a connection is being initiated. But, when a machine receives a SYN/ACK packet without having first sent SYN, it discards the packet and never responds.

iago · August 30, 2004, 06:45 AM

Quote from: Warrior on August 29, 2004, 11:33 AM
Possible Legal Actions ? I mean doesn't this Server cost money to run and him just crashing the service with a DoS attack isn't it illegal?

I was talking to Arta a couple days ago about potential legal action that can be taken. The problem is, the laws for the Internet are pretty slack, and it is generally very difficult to do anything. We'd have to get his identity, link him to the bots, and prove that money was lost as a result. Doing that is basically impossible.

To whoever said to pull the network cable -- that's basically what they did, in a way.

TangoFour · August 30, 2004, 07:47 AM

Quote from: LizArD on August 29, 2004, 05:06 PM
oh no, someone acted like a smartass on me

if they're DDoS'ing you I have a feeling you can get their IP somehow, maybe contact their ISP? maybe get their ISP to ban them? I dont know.

The first D in DDoS stands for "distributed" - which means the attacker isn't using his own IP address, but several - read Arta's post for a more detailed description.

QuoteTo whoever said to pull the network cable -- that's basically what they did, in a way.

Crude but effective

Valhalla Legends Archive

BNLS is down?

NetNX

LizArD

TangoFour

Warrior

LizArD

TangoFour

LizArD

Meh

Arta

MyndFyre

iago

TangoFour