North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DDOS attacks lately?

  • From: Jason Slagle
  • Date: Sun Aug 20 12:22:45 2000

That is completly NOT the case.  Once they cannot take over channels they
just like to cause havoc.

We run a server on the Dalnet IRC Network and see SYN floods, Smurfs
(Decreasing in frequency), fraggle, modified varients of pepsi and a
number of other attacks.  Other servers have reported attacks upto 150mbs.

Only way to deal with it is with the FBI really.  You can't effectivly
filter it as it's normall spoofed.  Best you can do is drop udp and icmp
at the border (Even better if you can get your transit providers to drop
it to that host at their meeting point with you), and deny all traffic
locally on the machine except open ports.

Even doing this, we still get taken down for maybe 5 minutes once a month.


Jason Slagle - CCNA - CCDA
Network Administrator - Toledo Internet Access - Toledo Ohio
- [email protected] - [email protected] - WHOIS JS10172
Version: 3.12 GE d-- s:+ a-- C++ UL+++ P--- L+++ E- W- N+ o-- K- w---
O M- V PS+ PE+++ Y+ PGP t+ 5 X+ R tv+ b+ DI+ D G e+ h! r++ y+

On Sun, 20 Aug 2000, Shawn McMahon wrote:

> On Sat, Aug 19, 2000 at 08:27:13PM -0400, John O Comeau wrote:
> > 
> > Another interesting point to note is that lately, most attacks have been
> > for the age-old purpose of taking over IRC channels by knocking out
> > the host on which the operator's bot is running. At least, none of my
> > clients have seen their websites getting attacked lately. Maybe the calm
> > before the storm?
> Hence, if all the IRC networks would implement Chanserv, and educate users,
> these attacks would decrease.