Taking on an Online Extortionist 784
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
Interesting article (Score:3, Interesting)
That's frightening (Score:5, Interesting)
It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.
Good, some balls. (Score:5, Interesting)
Curious (Score:3, Interesting)
I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally.
But how does slashdot itself cope with the high traffic?
Re:Here's a tip (Score:5, Interesting)
fighting back with infrastructure (Score:5, Interesting)
The ease of infecting home XP systems remotely means you sometimes find teenagers with tens of thousands of zombie computers at their control. They can sell them to spammers, too.
The ease of doing massive DDoS attacks is why I stopped running an IRC server, and also stopped a research project I was doing related to inter-protocol messaging. It wasn't worth the hassle.
Fighting back is hard if you don't know who to fight, but in the case of extortion, (1) document everything on paper, (2) keep timestamped printed IRC logs of all conversations, and full email printouts; (3) ask some other people to print copies of their IRC logs when appropriate. Then contact the RCMP (or if you are in the USA, the FBI, but in the USA you need to show financial damage of $5,000 or more). Don't wait until it's all over before contacting them.
Good luck!
Liam
Re:Even Slashdot? (Score:2, Interesting)
No protection (Score:5, Interesting)
Re:That's frightening (Score:5, Interesting)
Re:Question (Score:5, Interesting)
But like I said, he's cleaned up his act in recent months, so I no longer have a beef with him. Some folks, on the other hand, still hold this against him--which isn't an entirely unreasonable position to take.
Re:Here's a tip (Score:3, Interesting)
MAILSERVER: Error, mailbox does not exist
Not saying it would necessarily work, and as it was probably sent to a published address, would at best delay the threat while lowering the extortionist's expectation of your ability to defend your network.
Re:Good, some balls. (Score:2, Interesting)
In any case, Nevada is actually an Open Carry state. Meaning, even without a CCW, as long as you carry openly in a holster (IOW, do not meet the criteria to be considered concealed), you are legal. No CCW needed. That doesn't mean someone can't ask you to leave their premises, but that's a different store entirely. That's what your CCW is for.
It's so exhilarating being so close to the PR of Commufornia, and still having my Civil Liberties intact. They may have the literal 'greener grass', but we have the more imporant metaphorical kind.
Rudyard Kipling's "Dane-geld" - extortion poem (Score:4, Interesting)
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:--
"We invaded you last night--we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:--
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:--
"We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!"
- Rudyard Kipling
Anyone willing to try their hand at "updating" this to fit online extortion? This could be lots of fun
Re:Never pay (Score:5, Interesting)
Re:No protection (Score:3, Interesting)
Sorry, but I grew up in a decidedly non-ethnic area and am somewhat ignorant in the finer points of coercee etiquette.
Re:Interesting article (Score:4, Interesting)
ICQ accounts aren't named, they're numbered (you can assign names, but they were always changeable). Low ICQ account numbers are like 2 or 3 digit Slashdot ids....a source of pride.
The hacker probably gave Lyon a low ID account, and to those fuckers it's a nice gift for status.
Re:Good, some balls. (Score:5, Interesting)
And to answer the obvious question, our office WAS there for a reason, we were a block from the ILEC's main CO. This made quite a difference in the cost and time to install of new circuits.
Insult? (Score:2, Interesting)
Hacked ICQ? (Score:3, Interesting)
a little outdated.. (Score:1, Interesting)
I fought a DDoS and won (Score:5, Interesting)
Anonymizer.net tried to help me by putting my domain behind a series of rotating proxy servers. Their whole network crashed after 6 hours and they had to stop helping me.
Finally my web host hit on the right idea. I set up a half dozen virtual private servers (VPS) at Globalservers.com (same company that hosts about.com and freeservers) and my host installed a proxy server on each one called twhttpd and set them all to route traffic to and from my web server at his data center.
Then I set up an account at ZoneEdit and added all the IPs for the proxy servers with a failover system. Every time the bastards knocked out one of the proxy servers, ZoneEdit would detect that the server was borked and switch to another one. With the load reduced, the dead proxy came back on its own a few minutes later.
After about 6 months of this, they finally gave up and I won.
Re:That's frightening (Score:5, Interesting)
Doubtful, but perhaps it should.
Consider another everyday activity, with a lot of benefits but some inherent risks, which works fine when people take care but goes wrong when they don't: driving. In most places, you don't get to drive without taking a simple test to prove you're reasonably safe and competent. Then if you're caught driving in a way that's hazardous or inconsiderate to others, a nice policeman pulls you over. Depending on the significance of the violation, you get a verbal warning, a formal sanction, or read your rights and your vehicle confiscated.
If a similar principle applied to the Internet, with minor offences attracting a polite warning up to running a grossly insecure system that causes widespread inconvenience to other netizens getting you completely blocked, people would soon learn to respect the technology and others using it. But first we have to get over this strange idea that because it's The Internet, everyone should be allowed to use it, without any traceability or responsibility for their actions whatsoever, regardless of the harm it may cause others. I doubt that'll be a popular viewpoint around these parts.
Re:Here's a tip (Score:5, Interesting)
Re:That's frightening (Score:4, Interesting)
But what they don't solve and, indeed, what they cannot solve, no matter how smart, is the problem of sheer volume - the problem of bandwidth. If the attacker overwhelms your pipe, or your ISP's pipe, or your ISP's ISP's pipe, then mission accomplished.
You also have to have enough bandwidth to fight the attack, even if your servers can handle all those SYN packets per se.
Re:oblig Churchill (Score:4, Interesting)
"I do not agree that the dog in a manger has the final right to the manger even though he may have lain there for a very long time. I do not admit that right. I do not admit for instance, that a great wrong has been done to the Red Indians of America or the black people of Australia. I do not admit that a wrong has been done to these people by the fact that a stronger race, a higher-grade race, a more worldly wise race to put it that way, has come in and taken their place."
He also had no problem with using gas to put down uprisings by colonized indigenous peoples. I'm not saying he's a saint, just pointing out that popular leaders tend to get viewed through a rose colored filter.
Re:I fought a DDoS and won (Score:5, Interesting)
Once the traffic passed through their routers, it went through the proxy and the proxy would pull the data from my webserver.
My host wrote a script that he installed somewhere (on his switch I think) that filtered out a specific type of HTTP GET. Whoever wrote the attack bot made a mistake because it generated some weird error (408 or 508 or something). His script filtered that out and then the webserver would return data to the proxy servers and from there to the end client.
It was a little glitchy and it nearly ruined my message board (all the users had the same 6 IP addresses and that played hell with session IDs), but it kept the site going despite the attacker's best efforts. He/they eventually moved on to attack other antispyware web sites with less resources.
Re:oblig Churchill (Score:4, Interesting)
--Winston Churchill
How to bring the FBI into the mix (Score:3, Interesting)
I wonder if the guy that was originally being dossed would get in trouble for it.
Re:oblig Churchill (Score:5, Interesting)
Plus several squadrons worth of American figher pilots went over to help before we declared war.
Plus our navy was fighting an unofficial war with the German U-boats for about a year before we went to war while we escorted the convoys heading from Canada to England.
FYI, we're just as grateful to England for remaining a friend ever since. Although personally I wish your government would try to hold mine in check rather than just going along with everything Bush does. Your government may be our friend but I don't think your people like us very much at this point.
Re:oblig Churchill (Score:2, Interesting)
That's where the line about "the New World coming to rescue the Old" comes in -- Churchill knew he couldn't invade France until the US entered the war. He knew that was likely by early '42, i.e., about two years after that speech. If Pearl Harbor hadn't happen, Roosevelt was prepared to make German attacks on American shipping a casus belli.
Did they teach you the history of WW II, or are you just being obnoxious?
Re:How to bring the FBI into the mix (Score:1, Interesting)
Re:Good, some balls. (Score:4, Interesting)
"I SWEAR I'll do it man! I'll fry this bitch right now if you don't put your gun down! I crazzzzzy - don't you know I'm loco!?!"
What are you going to do then, mister rent-an-adminCop?
Re:Good, some balls. (Score:3, Interesting)
If I had to chase crackheads off of our steps everyday, what's the chance that one of them might take offense to that, and decided to stick me with something, or worse? At first, when I was carrying concealed all the time, about once a week I would get some uppity (sp?) dealer that would decide that I was infringing on his urban pharmacuetical business, and give me some lip, get up in my face, as if he was going to start shit. So we put in some video cameras, and started open carrying. Very rarely did anyone give us a hard time after that. I did have one guy who tried to break into one of our cars, and I caught him and arrested him on the spot. Turned out he was a 3-time loser from CA. I actually performed a public service!
Nothing wrong with being prepared, right? It's the same reason I carry a rollover cable in my laptop bag, you just never know when you will need to reconfigure a Cisco router.
Can't read the article (Score:3, Interesting)
Re:oblig Churchill (Score:3, Interesting)
Just a little historical note, both sides were going to renege on that alliance/truce. Except the germans though they could gain the upper hand by a decisive pre-emptive attack. Their intelligence reported russia was marshalling it's forces to attack germany.
They got bod down in russia in winter and they got crushed byt the combined might of the cold and the ruskies.
Re:Can't read the article (Score:2, Interesting)
Re:Good, some balls. (Score:2, Interesting)
It's not. But their right to live is greater than your right to kill them. Stop != kill. It may well be perfectly possible to stop someone stealing your router without shooting them in the back, if so great. If not, well, call the police. That's their job. If they're not able to catch the thief, look to your democratic process to get them better funded or whatever.
IMHO the right to life trumps pretty much every other right there is.
I use OpenBSD's pf (Score:3, Interesting)