Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DoS Kiddie

From: Abel Wisman <able () able-towers com>
Date: Mon, 11 Jun 2001 13:40:02 -0500
Besides the fact that it is bad news to get into a pissing contest with these 
kind off charachters, there are some things you can do.

first of all you can filter the attack at your own router

000: [ IP Filter "smurfin" ]$
000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$
000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$
000: deny 0.0.0.0/0 xxx.xxx.xxx.255/32 ip$
000: permit 0.0.0.0/0 0.0.0.0/0$
000: $
000: [ IP Filter "smurfout" ]$
000: permit 0.0.0.0/0 0.0.0.0/0 $

where the /32 ip is the ip under attack

this should work on most routers.

as far as shell accounts and bouncers goes:

a whois usually reveals who own the domain, said company might be willing to 
help you, since they are most prone to be attacked (or at least the ircd's 
they are selling)

regards

abel wisman

www.url.org
www.able-towers.com

On Sunday 10 June 2001 21:30, Jonathan C. Hamill wrote:

This is some information I've been compiling on a DoS kiddie from
irc.dal.net who goes by the handle cpio, these are the events that
transpired and what happened as a result.  He's been using some hacked
account's bandwidth to drop down tons of traffic on me from various
misconfigured hosts which he probably got from netscan.org.  I'm being
packeted even as I write this but he has yet to take down my connection
completely, what I'm wondering is if there is anything I can do to make
this stop, I realize that it's virtually impossible to find out where he's
coming from as he always uses various shell accounts and bnc's on irc, but
from previous conversations I know he lives in new jersey.  As it is a
Sunday there is no one available at my local @Home offices and I can't
think of anything else to do but wait it out, which as of this writing it's
been 6 hours of continous packeting.  My numerous attempts to get a
continual log of the attack have
been thwarted by the volume of traffic which my OpenBSD 2.7 system's kernel
keeps dropping most of and tcpdump/smurflog can't keep up and both crash
after a few seconds.  I would appreciate any help anyone can offer me with
this matter.



Thanks in advance,

Jon Hamill
MCSE, A+, Network+
Computer Consultant
Previous By Date Next
Previous By Thread Next

Current thread: