Re: DoS Kiddie

From: Abel Wisman (able@able-towers.com)
Date: Mon Jun 11 2001 - 11:40:02 PDT

Next message: John Oliver: "Re: DoS Kiddie"

Previous message: Portnoy, Gary: "Curious tidbits..."
In reply to: Jonathan C. Hamill: "DoS Kiddie"
Next in thread: John Oliver: "Re: DoS Kiddie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Besides the fact that it is bad news to get into a pissing contest with these 
kind off charachters, there are some things you can do.

first of all you can filter the attack at your own router

000: [ IP Filter "smurfin" ]$
000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$
000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$
000: deny 0.0.0.0/0 xxx.xxx.xxx.255/32 ip$
000: permit 0.0.0.0/0 0.0.0.0/0$
000: $
000: [ IP Filter "smurfout" ]$
000: permit 0.0.0.0/0 0.0.0.0/0 $

where the /32 ip is the ip under attack

this should work on most routers.

as far as shell accounts and bouncers goes:

a whois usually reveals who own the domain, said company might be willing to 
help you, since they are most prone to be attacked (or at least the ircd's 
they are selling)

regards

abel wisman

www.url.org
www.able-towers.com

On Sunday 10 June 2001 21:30, Jonathan C. Hamill wrote:
> This is some information I've been compiling on a DoS kiddie from
> irc.dal.net who goes by the handle cpio, these are the events that
> transpired and what happened as a result.  He's been using some hacked
> account's bandwidth to drop down tons of traffic on me from various
> misconfigured hosts which he probably got from netscan.org.  I'm being
> packeted even as I write this but he has yet to take down my connection
> completely, what I'm wondering is if there is anything I can do to make
> this stop, I realize that it's virtually impossible to find out where he's
> coming from as he always uses various shell accounts and bnc's on irc, but
> from previous conversations I know he lives in new jersey.  As it is a
> Sunday there is no one available at my local @Home offices and I can't
> think of anything else to do but wait it out, which as of this writing it's
> been 6 hours of continous packeting.  My numerous attempts to get a
> continual log of the attack have
> been thwarted by the volume of traffic which my OpenBSD 2.7 system's kernel
> keeps dropping most of and tcpdump/smurflog can't keep up and both crash
> after a few seconds.  I would appreciate any help anyone can offer me with
> this matter.
>
>
>
> Thanks in advance,
>
> Jon Hamill
> MCSE, A+, Network+
> Computer Consultant

Next message: John Oliver: "Re: DoS Kiddie"
Previous message: Portnoy, Gary: "Curious tidbits..."
In reply to: Jonathan C. Hamill: "DoS Kiddie"
Next in thread: John Oliver: "Re: DoS Kiddie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 20:38:57 PDT