GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Carrie · 07-04-2003, 04:57 AM

Mike, I know you guys will spare no expense in getting this taken care of - might I suggest that you contact Steve Gibson and bring him on board as a consultant during this attack?
He commonly deals with DDOS attacks and pulls them apart and finds a way to stop or deflect them.
The closest associated emails I can find [email protected] and [email protected] and a phone number of 714-362-8800.
Also definitely take a look at the IPs that the attacks are coming from (you should be able to take apart the attacks and determine if they're spoofed and what the true addy is) and start contacting the owners of those IPs. IE, if any of these attacks are coming from servers on the Rackshack network, send a captured sample of the attack to [email protected] and these emails:
Patrick [email protected] Sen. Sys. Admin
Mario [email protected] Customer Service Manager
Greg [email protected] Support Team Manager
Robert [email protected] Rackshack CEO

and give them a call. Rackshack will be happy to investigate it on their end and start unplugging boxen (although I must say, if they notice any of their servers sending out abnormal amounts of packets like this, they'll unplug them on their own).

I'd like to add to the discussion that it doesn't take a genius or a serious cracker to do this. One patient person with the right script and a list of IPs from a cable provider (like RoadRunner or Cox) can rack up insecure windows boxes left and right. Then the boxes open a connection to an irc chat room where they wait for their marching orders.
Once the orders come in, the boxes all start sending traffic to the victim... and the owners of these computers on cable connections aren't even aware of it. Full-time "always on" connections with nice fat pipes and thousands of insecure boxen blindly following orders - ugh.
The guys can also employ true servers in the attack, and it's the same for that, just running a script that searches for insecure boxen and then goes in and buries itself to await orders.

I assume that this attack is from that Deepsy guy?

07-04-2003, 04:57 AM
Carrie Confirmed User Join Date: Apr 2002 Location: Virgin - nee Posts: 3,162	Mike, I know you guys will spare no expense in getting this taken care of - might I suggest that you contact Steve Gibson and bring him on board as a consultant during this attack? He commonly deals with DDOS attacks and pulls them apart and finds a way to stop or deflect them. The closest associated emails I can find [email protected] and [email protected] and a phone number of 714-362-8800. Also definitely take a look at the IPs that the attacks are coming from (you should be able to take apart the attacks and determine if they're spoofed and what the true addy is) and start contacting the owners of those IPs. IE, if any of these attacks are coming from servers on the Rackshack network, send a captured sample of the attack to [email protected] and these emails: Patrick [email protected] Sen. Sys. Admin Mario [email protected] Customer Service Manager Greg [email protected] Support Team Manager Robert [email protected] Rackshack CEO and give them a call. Rackshack will be happy to investigate it on their end and start unplugging boxen (although I must say, if they notice any of their servers sending out abnormal amounts of packets like this, they'll unplug them on their own). I'd like to add to the discussion that it doesn't take a genius or a serious cracker to do this. One patient person with the right script and a list of IPs from a cable provider (like RoadRunner or Cox) can rack up insecure windows boxes left and right. Then the boxes open a connection to an irc chat room where they wait for their marching orders. Once the orders come in, the boxes all start sending traffic to the victim... and the owners of these computers on cable connections aren't even aware of it. Full-time "always on" connections with nice fat pipes and thousands of insecure boxen blindly following orders - ugh. The guys can also employ true servers in the attack, and it's the same for that, just running a script that searches for insecure boxen and then goes in and buries itself to await orders. I assume that this attack is from that Deepsy guy?