Re: [ISN] DDos attack knocks out - for good?

From: InfoSec News (isnat_private)
Date: Wed Sep 19 2001 - 11:43:05 PDT

  • Next message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"

    Forwarded from: Darren Reed <darrenrat_private>
    You know, after reading about how the FBI has been able to get in on
    the "inside" of hacking circles, I wonder if maybe it is "white hats"
    who are starting attacks like this.  Why?
    a) hack a site, get your hack onto a defacement archive.  The more web
       sites you do, the better you are.  By discouraging people from
       archiving web sites which get defaced there is no longer an archive
       of hackers' work, nowhere for them to say "look at all the web
       sites I hacked".  In a way the psychology here is similar to why it
       is good to clean away grafitti (which you can't easily archive,
       aside from taking photos).
    b) people don't want permanent reminders of how they screwed up their
       web server security.
    If people want to keep, online, an archive of hacked web sites then
    maybe the answer is to make it distributed so that a DDoS attack
    cannot be concentrated on any one particular target.  Maybe in doing
    things like that there are solutions for other web sites in avoiding
    DDoS attacks. For example, using Akami servers for real content.
    In some email I received from InfoSec News, sie wrote:
    > By John Leyden
    > Posted: 17/09/2001 at 15:28 GMT
    >, the well known defacement archive, is once again looking
    > for a home after a deal to move from its ISP fell through in the wake
    > of a debilitating hack attack.
    > Three weeks ago, Alldas was subjected to a week-long distributed
    > denial of service attack which knocked the site - and its ISP Kvalito
    > - offline.
    > Kvalito introduced filtering and the DNS record of was
    > updated so that prospective hackers would be throwing attacks at the
    > site against their local host instead.
    >'s contract with Kvalito already on the point of expiry and
    > worse followed when the ISP to which it planned to move dropped the
    > hosting deal. This has left unavailable at a time of
    > heightened interest in hacking activity.
    > Fredrik Ostergren, a spokesman for, told us the site was
    > looking looking for a new hosting service, but he was far from
    > optimistic. "I hope we will be back up soon but it looks dark," he
    > said.
    > In June this year, weathered a Syn-flood attack that had a
    > knock-on effect on Kvalito's other customers, throwing some of them
    > online. received its notice to quit.
    > At the time, made clear its requirements from a prospective
    > future landlord.
    > The ISP should be able to handle a growing volume of traffic that has
    > reached 300GB/month, deal with 10 flames per month about port scanning
    > - though has offered to answer those on its own - and
    > tolerate the occasional DDoS attack.
    > After decided to get out of the defacement archiving
    > business this summer (when it decided it was too much hassle to
    > continue as a hobby), became the main game in town.
    > and do record defacements but their
    > service is not as comprehensive as that of
    > Any ISPs out there keen to save's service can email them
    > directly. Press <pressat_private>
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 14:19:21 PDT