GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Deepsy has threatened me. 2000 dollar reward!

Phil21 · 07-05-2003, 07:55 PM

Asking an ISP to filter a *good* attack is near-impossible.

The means that IRC servers are protected are probably the most well thought out and designed anti-DoS stuff around these days.. But all rely some point along the chain to drop the service to save the network as a whole.

With websites, and worse large programs, etc. You can't do this. A clueful attacker WILL be able to down a service for quite some time before you can get it stopped enough to get things back on-line.

Just note the cnn/yahoo/ebay/whatever attacks of long ago. Those were launched by a far-from-clueful attacker (mafiaboy. heh.), and were successful for quite some time. Someone with more of a clue, and more interests in adapting to protections being thrown in place (i.e. dns changing, renumbering key devices and dropping routes, etc.) will be far more successful.

Not trying to be doom and gloom, but if this idiot actually can pull off what he says, saying your hosting provider sucks because you're down is just being ill-informed. Multi-Gigabit floods w/ random source addresses are about impossible to filter effectively, and extremely difficult in tracking to the source. In fact for probably most hosting providers here save a few with literally multi-gigabits in *excess* capacity (there are a few), it will be a choice between dropping the client being attacked, or losing ALL your customers.

However, the good news is that the longer an attack goes, the easier it gets to track things back to sources.

Of course, this is all probably moot since it's more than likely some two dollar script kiddie with 500 drones thinking he's 3l33t. Yes, painful. But within the realms of reason to defeat in a reasonable timeframe.

I say track him down and do very bad things to him. Script kiddies are about one of the lowest life forms on the planet imo.

peace,

-Phil

07-05-2003, 07:55 PM
Phil21 Confirmed User Join Date: May 2001 Location: ICQ: 25285313 Posts: 993	Asking an ISP to filter a good attack is near-impossible. The means that IRC servers are protected are probably the most well thought out and designed anti-DoS stuff around these days.. But all rely some point along the chain to drop the service to save the network as a whole. With websites, and worse large programs, etc. You can't do this. A clueful attacker WILL be able to down a service for quite some time before you can get it stopped enough to get things back on-line. Just note the cnn/yahoo/ebay/whatever attacks of long ago. Those were launched by a far-from-clueful attacker (mafiaboy. heh.), and were successful for quite some time. Someone with more of a clue, and more interests in adapting to protections being thrown in place (i.e. dns changing, renumbering key devices and dropping routes, etc.) will be far more successful. Not trying to be doom and gloom, but if this idiot actually can pull off what he says, saying your hosting provider sucks because you're down is just being ill-informed. Multi-Gigabit floods w/ random source addresses are about impossible to filter effectively, and extremely difficult in tracking to the source. In fact for probably most hosting providers here save a few with literally multi-gigabits in excess capacity (there are a few), it will be a choice between dropping the client being attacked, or losing ALL your customers. However, the good news is that the longer an attack goes, the easier it gets to track things back to sources. Of course, this is all probably moot since it's more than likely some two dollar script kiddie with 500 drones thinking he's 3l33t. Yes, painful. But within the realms of reason to defeat in a reasonable timeframe. I say track him down and do very bad things to him. Script kiddies are about one of the lowest life forms on the planet imo. peace, -Phil