Security Incidents mailing list archives
Re: DoS Kiddie
From: Abel Wisman <able () able-towers com>
Date: Mon, 11 Jun 2001 13:40:02 -0500
Besides the fact that it is bad news to get into a pissing contest with these kind off charachters, there are some things you can do. first of all you can filter the attack at your own router 000: [ IP Filter "smurfin" ]$ 000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$ 000: deny 0.0.0.0/0 xxx.xxx.xxx.xxx/32 ip$ 000: deny 0.0.0.0/0 xxx.xxx.xxx.255/32 ip$ 000: permit 0.0.0.0/0 0.0.0.0/0$ 000: $ 000: [ IP Filter "smurfout" ]$ 000: permit 0.0.0.0/0 0.0.0.0/0 $ where the /32 ip is the ip under attack this should work on most routers. as far as shell accounts and bouncers goes: a whois usually reveals who own the domain, said company might be willing to help you, since they are most prone to be attacked (or at least the ircd's they are selling) regards abel wisman www.url.org www.able-towers.com On Sunday 10 June 2001 21:30, Jonathan C. Hamill wrote:
This is some information I've been compiling on a DoS kiddie from irc.dal.net who goes by the handle cpio, these are the events that transpired and what happened as a result. He's been using some hacked account's bandwidth to drop down tons of traffic on me from various misconfigured hosts which he probably got from netscan.org. I'm being packeted even as I write this but he has yet to take down my connection completely, what I'm wondering is if there is anything I can do to make this stop, I realize that it's virtually impossible to find out where he's coming from as he always uses various shell accounts and bnc's on irc, but from previous conversations I know he lives in new jersey. As it is a Sunday there is no one available at my local @Home offices and I can't think of anything else to do but wait it out, which as of this writing it's been 6 hours of continous packeting. My numerous attempts to get a continual log of the attack have been thwarted by the volume of traffic which my OpenBSD 2.7 system's kernel keeps dropping most of and tcpdump/smurflog can't keep up and both crash after a few seconds. I would appreciate any help anyone can offer me with this matter. Thanks in advance, Jon Hamill MCSE, A+, Network+ Computer Consultant
Current thread:
- DoS Kiddie Jonathan C. Hamill (Jun 11)
- Re: DoS Kiddie Abel Wisman (Jun 11)
- Re: DoS Kiddie John Oliver (Jun 11)