GoFuckYourself.com - Adult Webmaster Forum - View Single Post

drunkmonkey · 02-16-2002, 06:33 PM

From what I can tell from the limited info here is that this is a coordinated attack of trojaned computers. It is becoming a quite frequent method of attack on servers and is extremely difficult to thwart.

The way it works is trojans are placed on individuals computers giving the attacker root access and total control of said computers. When a computer (i.e. your server) is targeted, all of the trojaned computers send predefined commands to the target. It is a very hard attack to stop. Here is an example of a Denial of Service attack recorded in detail using this attack method.

http://grc.com/dos/grcdos.htm

The information that the attacker is looking for (password) must be relayed back to the attacker. Since each i.p address is different, the attacks are coming from different computers. The i.p. addresses cannot be faked because a packet must be sent back if the password is to be found. Spoofed attacks are good for Denial of Service attacks but nothing else. Your attacker CAN be traced.

I would suggest logging all of the i.p. numbers, tracing them and attempt to contact as many of the owners as possible. When you can contact someone who is willing to help, inform them of the fact that their computer is being used to attack your server. Locate the trojan file on their computer, decompile it or do whatever to establish where the trojan is SENDING the information. The course of action that you take depends on where the information is being funneled to.

A computer security professional will most likely have to be consulted. The best place to find the best in the business is

http://www.securityfocus.com/archive/1

my

02-16-2002, 06:33 PM
drunkmonkey Confirmed User Join Date: Feb 2002 Location: behind you Posts:1,075,324 Posts: 799	From what I can tell from the limited info here is that this is a coordinated attack of trojaned computers. It is becoming a quite frequent method of attack on servers and is extremely difficult to thwart. The way it works is trojans are placed on individuals computers giving the attacker root access and total control of said computers. When a computer (i.e. your server) is targeted, all of the trojaned computers send predefined commands to the target. It is a very hard attack to stop. Here is an example of a Denial of Service attack recorded in detail using this attack method. http://grc.com/dos/grcdos.htm The information that the attacker is looking for (password) must be relayed back to the attacker. Since each i.p address is different, the attacks are coming from different computers. The i.p. addresses cannot be faked because a packet must be sent back if the password is to be found. Spoofed attacks are good for Denial of Service attacks but nothing else. Your attacker CAN be traced. I would suggest logging all of the i.p. numbers, tracing them and attempt to contact as many of the owners as possible. When you can contact someone who is willing to help, inform them of the fact that their computer is being used to attack your server. Locate the trojan file on their computer, decompile it or do whatever to establish where the trojan is SENDING the information. The course of action that you take depends on where the information is being funneled to. A computer security professional will most likely have to be consulted. The best place to find the best in the business is http://www.securityfocus.com/archive/1 my