[Discussion/Theory]About the recent DDOS attacks

Nezekan · 07/06/2012, 15:31

Quote:

Originally Posted by PortalDark

i have never done this so im gonna ask
is there a way to notify the hosting company to report all this DDOS activities?

yes, if you look it up in the appropriate NIC database (eg. ripe for eu, arin for us), you can get the abuse email for the instance who is in charge of the ip. Just send an abuse report to that email with all the needed details (time, ip, type of attack, etc)

Biboja · 07/06/2012, 15:37

Quote:

Originally Posted by r7slayer

Yea the DDoS company do commit a crime to gain money sure... And have you seen them advertising thier protection directly to these servers? I havnt so bit pointless and a waste of money for them to do such a crime. Not worth it at end of the day. So not so simple well might seem that way for your simple mind cos you cant think things through and the same for everyone else that comes to such a conclusion...

Think about it ...
The most Privateservers are illegal

So why should they run to the police for example?! It's easy to ddos them...

~~pH33n1x<3~~ · 07/06/2012, 15:56

Quote:

Originally Posted by Nezekan

there are some really weird ips in there, what kind of attack are they doing on your server?

By the way, if only those IPs are attacking, is it possible to solve that by blocking these IPs in Windows Firewall?

16:33:19 An incoming packet(Allowed) Protocol: UDP, Source port: 138, Destination port: 138
ô²îâþ.Š.À.. EDEEEFFGDCCACACACACACACACACACACA. FHEPFCELEHFCEPFFFACACACACACACABN.ÿSMB%............ .................&.........è........&.V...... 7.\MAILSLOT\BROWSE..€ü
.CDEV2.............Uªcdev2.

Nezekan · 07/06/2012, 16:56

Quote:

Originally Posted by pH33n1x<3

By the way, if only those IPs are attacking, is it possible to solve that by blocking these IPs in Windows Firewall?

16:33:19 An incoming packet(Allowed) Protocol: UDP, Source port: 138, Destination port: 138
ô²îâþ.Š.À.. EDEEEFFGDCCACACACACACACACACACACA. FHEPFCELEHFCEPFFFACACACACACACABN.ÿSMB%............ .................&.........è........&.V...... 7.\MAILSLOT\BROWSE..€ü
.CDEV2.............Uªcdev2.

for really small attacks that can help, but for bigger attacks it's rather useless

PortalDark · 07/06/2012, 17:04

shame SRO cannot implement ipv6 since it would help for now

~~pH33n1x<3~~ · 07/06/2012, 17:33

Attack methods:
-amplified udp reflection
-ssyn

Attack size: 1gbps average / 300k pps

Attack duration: it seems that the attacks last only 10 minute or less.

The attacks come from all around the world (could be spoofed?).

~~™Rapid™~~ · 07/06/2012, 17:35

Quote:

Originally Posted by pH33n1x<3

Attack methods:
-amplified udp reflection
-ssyn

Attack size: 1gbps average / 300k pps

Attack duration: it seems that the attacks last only 10 minute or less.

The attacks come from all around the world (could be spoofed?).

now I am sure 100% that joymax is doing this

~~pH33n1x<3~~ · 07/06/2012, 17:50

Quote:

Originally Posted by ♯ᵜBraveSlaveᵜ♯

now I am sure 100% that joymax is doing this

What makes you so sure? =)

~~™Rapid™~~ · 07/06/2012, 17:50

I've known who sends attacks on large private servers he is from my friends on the internet and this picture of send attacks to overlimit

~~♫>,<♫~~ · 07/06/2012, 17:53

roflmao np i open hoic and take screenshot with vatican.va > im anonymous . nice one

Nezekan · 07/06/2012, 17:57

Quote:

Originally Posted by ♯ᵜBraveSlaveᵜ♯

I've known who sends attacks on large private servers he is from my friends on the internet and this picture of send attacks to overlimit

that's not a ddos attack, that's a lame kid doing a 'DoS' attack with a retarded script kiddy program

Quote:

Originally Posted by PortalDark

shame SRO cannot implement ipv6 since it would help for now

IPv6 would not help against DDoS attacks at all, there has been no real structural security improvement to take care of denial of service attacks in the new protocol.

Quote:

Originally Posted by pH33n1x<3

Attack methods:
-amplified udp reflection
-ssyn

Attack size: 1gbps average / 300k pps

Attack duration: it seems that the attacks last only 10 minute or less.

The attacks come from all around the world (could be spoofed?).

UDP is really easy to mitigate, just request your upstream provider to block udp to your server, silkroad does not need it. syn attacks are a bit harder to mitigate, since they are stealthed as actual legit traffic. It could help to limit syn requests, but your firewall would probably explode with 300kpps.

It might be a small botnet, or even a booter, and yes the udp attack might be spoofed.

~~™Rapid™~~ · 07/06/2012, 18:01

Quote:

Originally Posted by ♫>,<♫

roflmao np i open hoic and take screenshot with vatican.va > im anonymous . nice one

He is owner of private server and it does this in order to close all private servers to his server becomes top one in the region
and he Has sent me this picture, so I liked that show you the picture no more.

Nezekan · 07/06/2012, 18:04

Quote:

Originally Posted by ♯ᵜBraveSlaveᵜ♯

He is owner of private server and it does this in order to close all private servers to his server becomes top one in the region
and he Has sent me this picture, so I liked that show you the picture no more.

A DoS attack using LOIC, even with a 10gbit connection would be totally useless. Even a chicken could mitigate that, besides he's using http so he's only targetting the webpage, which is even dumber. I hope he knows that the malicious packets contain his ip, so he's just a call away from loosing his own server ^^

~~pH33n1x<3~~ · 07/06/2012, 18:34

198.195.196.112 - MCI/SAE
201.99.147.102 - Uninet S.A. de C.V.
8.127.147.100 - Level 3 communications
16.77.188.70 - Hewlett Packard
122.94.188.74 - China TieTong Telecommunications Corporation
122.104.147.101 - Optus (phone service provider)
210.82.148.101 - China Unicom IP network
63.21.11.102 - UUNET Technologies
24.80.148.102 - Shaw Communications
183.129.67.66 - CHINANET Zhejiang province network
93.217.89.11 - Deutsche Telekom AG
62.191.26.120 - Verizon Nederland B.V.
178.66.188.74 - OJSC North-West Telecom
78.96.147.106 - UPC Romania SRL
82.97.147.100 - TNG AG
80.99.147.105 - UPC Magyarorszag Kft. (Hungarian provider, lol I will contact them)
36.43.174.118 - CHINANET SHAANXI PROVINCE NETWORK

Nezekan · 07/06/2012, 18:50

Quote:

Originally Posted by pH33n1x<3

198.195.196.112 - MCI/SAE
201.99.147.102 - Uninet S.A. de C.V.
8.127.147.100 - Level 3 communications
16.77.188.70 - Hewlett Packard
122.94.188.74 - China TieTong Telecommunications Corporation
122.104.147.101 - Optus (phone service provider)
210.82.148.101 - China Unicom IP network
63.21.11.102 - UUNET Technologies
24.80.148.102 - Shaw Communications
183.129.67.66 - CHINANET Zhejiang province network
93.217.89.11 - Deutsche Telekom AG
62.191.26.120 - Verizon Nederland B.V.
178.66.188.74 - OJSC North-West Telecom
78.96.147.106 - UPC Romania SRL
82.97.147.100 - TNG AG
80.99.147.105 - UPC Magyarorszag Kft. (Hungarian provider, lol I will contact them)
36.43.174.118 - CHINANET SHAANXI PROVINCE NETWORK

some of them are directly from ip providers, not from normal ISPs, also some are from company networks. That's a very weird mix...