ddos help?

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

Hey folks. I've never had to deal with something as serious as this and so I am not really sure how I should go about handling the situation. A few of my websites, and a server is under ddos attacks. I have some logs of the attacker commanding a botnet to perform the attack. The log does include the IP Address and ISP information of the attacker, so I do have ability to contact the ISP regarding the matter.

I contacted the ISP, and they said there is nothing they can do, that I'd need to call local authorities, which I really don't want to do, because authorities here in my area aren't very tech savvy and wouldn't know what a ddos attack is, and surely wouldn't really know how to deal with something like this, and I'm unsure how to explain it to them. Other than that, the ISP also asked me if there's anyway I could get my hosting provider to stop the attack somehow. DDoS is something that can't really be stopped unless they were to null route the IP, or something as I've explained to them, and that doing that would cause my service to be unavailable, costing me a lot of money. I also told them I don't see how they can't do something about it, perhaps suspending the internet access.. But, I guess ISP's don't care that their users use their service for illegal purposes..

So, I've come here to SearchIRC, to ask you folks (as I'm sure you've all been exposed to DDoS attacks at one time or another), what do you recommend I do?

greg27 · Idler Joined: 07 Oct 2006 Posts: 255 Location: Australia

that's a pretty crappy response from the isp - surely they could view their logs to confirm your story, so it seems to me as if they are quite happy to allow their clients to ddos.

it can't be much of an attack if your server is still online so the skiddie doing it will probably get bored eventually, but getting your ip null routed is pretty much all you can do. i've heard from other forums that the fbi won't do anything unless a certain amount of monetary damage has been caused (thousands of dollars) so they probably won't be of much use.

one thing to remember is you will generally only get attacked if you piss off the wrong person - so if you have some sort of controversial blog running or whatever, i'd recommend moving it to its own server :]

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

Yea.. The ISP told me that they rent the internet service so its like they get on a highway, where the ISP no longer has any control over them, and that any illegal activities of the sort are to be resolved with the FBI, which only happens if its $10,000+ loss.. He went on to say that its not a violation of their terms of service, as they aren't permitted to look at any of the logs or packet data or monitor them.. I asked him where I can find a copy of their Terms of Service, he said they are not publicized... After getting off the phone, I went to look around their website and I found their Terms of Service.. He lied to me about that.. And he lied to me about not being allowed to monitor the data, as the TOS states that they have full rights to do so and that they will do so from time to time..

It also states that accessing or attempting to access without permission the computer systems of others, or to penetrate the security measures of any other computer system, or to attempt to transmit uninvited communications, data or information, or engage in other similar activities, including denial of service attacks, spam, etc.., then it is a violation of the TOS, and can result in termination of service, so he lied to me about that also.. Funny....

greg27 · Idler Joined: 07 Oct 2006 Posts: 255 Location: Australia

call the isp back, ask to talk to the supervisor, then quote their tos to them and then ask why they are openly letting their users violate it. refuse to get off the phone until they do something.

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

been trying to call back now a few times, seems they blocked me from calling lol..claiming that number is only for users of their service... ahh well, looks like i'll take this further, wonder if the BBB would help with that part?

youngblood · Newbie Joined: 17 Apr 2008 Posts: 66

put there ip's on firewall that another way to stop them and the countrythey r coming from

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

that's a great idea if they use their home connection and just one ip address, but typically, a ddos attack is conducted with thousands of bots, part of a botnet, from different machines, usually rooted servers.

Anarchy · Posted: Oct 13, 2008 3:45pm Post subject:

i just laugh when i get ddos, cause i know out there some one is not getting laid tonight!

and when i get internet connection i watch mages video again on internet people and laugh

maddog906 · Lurker Joined: 08 Mar 2005 Posts: 164

Most USA ISP provider a multi-ip address like, Verizon Internet Services Inc. They provider 8 ip-address or more. Get a good router and a dead box (some thing like FreeBSD open to all ports) reroute all the bad traffic to the dead box, My dead box has FreeBSD 6.2 with webmin / ourmon and munin network/Bandwidth monitor on it here in the uk we get 8 ip-address and most of the ddos attack are at a single ip-address, so I have been lucky, I have a netgear cable router with a (adsl) phone line backup from the same isp provider. And I have not pissed any one off. I ran a private business and run a few back up servers at home. Some people just do it for the hell of it, nothing better to do with their time, plus they know they can do it and get away with it. It took 3 days to stop the ddos attack , only after phoning the isp every hour on the hour , and only then did they provider me with a new block of ip-address .All I can say is hang in there they don’t ddos forever

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

My webhosting provider terminated my account, as that is their "ddos" policy. Get ddos'ed = terminated.. So, I guess I'll be on the lookout for a new webhost

Anarchy · Posted: Oct 14, 2008 3:40pm Post subject:

thats gay i would be getting my money back on that crap

Akoshia · Lurker Joined: 27 Sep 2005 Posts: 165 Location: Florida

i know this is a late post , but if u still have the logs and info of the attacker , keep them , then , call ur local FBI office and ask for Cyber crimes Div. tell them who u are , and whats going on , they will assign an investigator he will contact u and get the information. it works

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

Doesn't it have to be at least $10,000 in damage, or $10,000 lost before they do anything?

Akoshia · Lurker Joined: 27 Sep 2005 Posts: 165 Location: Florida

only if ur seeking compensation for damages then yes. they investigate where the bots are , who they belong to , who controls them, how often they have been used , providers, isp's. dos bots are illegal no matter what. doesnt matter if they never use them , they are infecting hundreds of machines , and they dont go lightly on it , most script kiddies start off dos'n irc nets , then they start tryin websites , bigger websites and on and on ,as long as u have proof that these bots exist and where they are , they wont say no, they never have to me.

i would also let them know that thier isp is letting it happen

darkwarrior · Lurker Joined: 02 Aug 2008 Posts: 194

Is it typically better to go through that Internet Cyber Crime website, or actual local FBI? I wonder if they'd even know what IRC is and if they'd even check IRC.