• Welcome to Valhalla Legends Archive.
 

BNLS is down?

Started by MyndFyre, August 28, 2004, 02:50 PM

Previous topic - Next topic

NetNX


LizArD

Still down.. =( Cant they somehow block off the DDoS attack or something, I dunno though, i've never been DDoS'd before..

TangoFour

Sure they can - by pulling out the network cable of the server computer - renders the DDoS completely ineffective (then again, so will the server be)

Warrior

Possible Legal Actions ? I mean doesn't this Server cost money to run and him just crashing the service with a DoS attack isn't it illegal?
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

LizArD

yeah sue them bastards  ;D

TangoFour

Sue who exactly? They'd need to know the real identity of the person responsible

LizArD

oh no, someone acted like a smartass on me  :'(

if they're DDoS'ing you I have a feeling you can get their IP somehow, maybe contact their ISP? maybe get their ISP to ban them? I dont know.

Meh

The guy who did will have masked his ISP. vL know who did it same as me  :P

Arta

Not exactly on topic but nevermind:

DDoS attacks are very hard to trace back to the attacker, because:

1. The attack does not originate from the attacker's computer. It is distributed across many hosts commonly called 'zombies'.
2. The attack does not require that a connection is established, and does not require any response to packets sent to the target. This means that the source IP addresses of all the packets sent to the target can be spoofed.

I once read somewhere that you can trace spoofed packets back to the host that sent them by figuring out what routers the packet traversed on it's journey to the target, but I have no idea how one might actually accomplish that. If anyone knows, I'd be interested to hear about it.

MyndFyre

Or, in a reflexive attack, the SYN packet of a SYN, SYN/ACK, ACK connection sequence is sent with a spoofed IP in the headers to many different high-bandwidth reflection servers.  These servers in turn send the SYN/ACK traffic to the IP address (the spoof) which is the target machine, and they'll keep doing it until a timeout, because they think that a connection is being initiated.  But, when a machine receives a SYN/ACK packet without having first sent SYN, it discards the packet and never responds.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Quote from: Warrior on August 29, 2004, 11:33 AM
Possible Legal Actions ? I mean doesn't this Server cost money to run and him just crashing the service with a DoS attack isn't it illegal?

I was talking to Arta a couple days ago about potential legal action that can be taken.  The problem is, the laws for the Internet are pretty slack, and it is generally very difficult to do anything.  We'd have to get his identity, link him to the bots, and prove that money was lost as a result.  Doing that is basically impossible.

To whoever said to pull the network cable -- that's basically what they did, in a way.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


TangoFour

Quote from: LizArD on August 29, 2004, 05:06 PM
oh no, someone acted like a smartass on me  :'(

if they're DDoS'ing you I have a feeling you can get their IP somehow, maybe contact their ISP? maybe get their ISP to ban them? I dont know.

The first D in DDoS stands for "distributed" - which means the attacker isn't using his own IP address, but several - read Arta's post for a more detailed description.

QuoteTo whoever said to pull the network cable -- that's basically what they did, in a way.

Crude but effective