What is Digg?23 Comments
- executex, on 10/15/2009, -0/+15More of this please:
"But there are some other researchers who've shown they are willing to take over botnets and issue them commands. If you're under attack, it's a kind of self-preservation." - crapolatime, on 10/15/2009, -0/+11You have the right to defend yourself against an attack, either on your person or your loved ones(computers).
- Nitrodist88, on 10/15/2009, -0/+10Net neutrality has nothing to do with this.
- rusty0101, on 10/16/2009, -0/+6@twiztidsinz Apologies The summary indicating wresting control of the botnet left the impression that the process being described was one of infiltrating the botnet command mechanism. after reading the article, my comment is definitely in the wrong.
- rangah, on 10/15/2009, -0/+6You do not understand what net neutrality is.
- twiztidsinz, on 10/15/2009, -0/+5"Unfortunately, it's pretty rare. It's valuable," he says. "The [tradeoff] is that it can have a negative impact on legitimate PC users [who are bot-infected]. After a while, they can't make any requests at all."
That would be a good thing...
Someone's computer all of a sudden jumps to 100% CPU use and becomes unusable would (or should) signal that something is wrong and they can talk to a friend who knows about computers to help them fix it. - twiztidsinz, on 10/15/2009, -0/+5How so?
The problem is from the person controlling the botnet which includes that persons PC. The increased CPU use is a side effect of the victim defending themself, not a 'reverse' attack. It's basically the infected computer "eating" itself. - TSK05, on 10/15/2009, -1/+6Start > Run > cmd > format C: /y
- DeathfireD, on 10/16/2009, -0/+5It's got nothing to do with Windows lol. It has more to do with your router/gateway firewall/connection speed than then OS. a DoS or DDoS is when an attacker floods you with more data then your connection can handle. A single DoS attack is pretty easy to deal with as long as the attacker doesn't have a faster connection then you. If your router or gateway firewall supports it, type in the attackers IP and simply drop his packets. Do not deny them! The difference between drop and deny is that by dropping packets you're not responding back to his TCP packet (effectively ignoring his packets all together and making it so he has no way to tell if your server is down). By denying your stopping his packets but your also sending a packet back to him saying "cant connect". You don't want to do this since it amplifys the affect of a DoS. Think of it this way, denying would be like chugging a glass of water while trying to say give me another glass every time you gulped.
You should also send your router/firewall logs to your ISP and his ISP as well explaining that he's been DoSing you for x number of days. Most ISPs and shell providers take DoS attacks seriously. - hoodedrobin, on 10/16/2009, -1/+6Reinstall windows... call your ISP and ask for a new IP.
- twiztidsinz, on 10/15/2009, -0/+4Well... I'm not 100% sure on the matter but I think Net Neutrality could/would be "bad" in relation to DoS since it would basically mean that your ISP would have to treat all the packets equally allowing them to pass.
Not to say that the ISP couldn't, shouldn't and wouldn't assist in defending against the DoS attack because an attack on a user would affect other users. - HamNCheese, on 10/16/2009, -0/+3Tarpitting may have worked 5 or 10 years ago, but these days the sheer number of bot zombies far outweighs whatever bandwidth you have by several orders of magnitude. So, a drop firewall policy will do little to stop a legion of slaves from congesting your connection well beyond its limits.
Also.... lol @ netfilter for Windows... Right tool, wrong platform. - billalbertson, on 10/16/2009, -0/+3FTA- "The [tradeoff] is that it can have a negative impact on legitimate PC users [who are bot-infected]. After a while, they can't make any requests at all."
I look at that as a double win, from a network admin's perspective. There is no excuse for running an infected system, and anyone attacking my networks drops the moniker of "legitimate user"- ignorant, willing, or otherwise. Given the opportunity, I pro-actively tarpit as well, taking down any system that is performing obvious scans against vulnerable ports or is sending spam. If I get contacted about it, I tell them why they were tarpitted/blocked, and discuss whether or not they knew their hosts were owned. The amusing ones actually try to justify their attacks and scans as "legitimate traffic", causing no end of laughter among my cohorts. - Aciid, on 10/16/2009, -0/+3I prefer this
http://www.biggercheese.com/?comic=332 - billalbertson, on 10/16/2009, -0/+2Tarpitting and blocking are totally legitimate means of dealing with attackers. Going onto botnets and taking them over, that can get you time in the pokey.
- ZaZ2137, on 10/15/2009, -2/+44chan needs to implement some of these techniques....considering the amount they get DDoSed
- rusty0101, on 10/15/2009, -1/+2The problem in the US is that this is illegal. And if you are caught, or acknowledge that you do this, you are as liable as any black hat hacker.
- wshs, on 10/16/2009, -0/+1With proper reverse path verification on a well peered network, it's easier to deal with source IP forgery. This renders half open syn floods harder or even impossible. That means the attackers would then have to make full connections with real IPs. You can tarpit based on IP as long as a full connection can be made, so that it only affects the attacking hosts.
- Genma, on 10/16/2009, -0/+1haha so true... but in the context of DoS, that would be like doing the denial for them, cut your power/connection and your service is gone, even worse than having at least partial throughput left. in this case to keep things working, the first scenario is closer to the truth because you have to do all sorts of rerouting and counter measures to evade the unstoppable flood of data. here they're not trying to get in or out, just relentlessly pounding on the door so that no one else can.
- MrPacMan36, on 10/15/2009, -1/+1At the moment, I am a victim of a DoS attack, by one individual, his name is Brent, and he's been attacking me for the past couple of months, at least 9 times. I contacted the FBI office and have submitted a form, but nothing helps me on here to defend his attacks, I've tried closing port 80 on my modem and I can still browse the web, but when I closed it on my router, I could not use the web at all, so I'm not sure if the modem will protect me, he hasn't DoS'ed me yet since I did, but I don't want him to try, I read all of these methods, but where can I LEARN how to do them? I like the one where it goes "we are congested at the moment, send 1 byte at a time"
Please help me, email me at mrpacman36@yahoo.com - HavocXphere, on 10/16/2009, -2/+2Buried for being completely *****.
A competently executed DDoS looks just like legit traffic. Effectively you can't distinguish between real and attack traffic. So you either apply your tricks to all traffic or none of it. And if you try to apply this "tarpit" technique to everything then your real traffic gets slowed down too & becomes unusable. Which means your back to fcking square one: Legit traffic can't use your site aka Denial of Service.
No, you do what the big boys do: Take the server offline, Outgun the attacker on bandwidth or find a way to distinguish the attack traffic from real traffic. - Ymeg, on 10/15/2009, -4/+1Care to explain? I think I have a good grasp on t he topic.
- Ymeg, on 10/15/2009, -14/+1I wonder how much DDoS attacks would stop if we had net neutrality. I bet the telecoms love it when bandwidth is taken up by the victims of these attacks.
© Digg Inc. 2009
— Content created and posted by Digg users is