North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Growing DoS attacks
Get in touch with these guys, ask about SLT Director: Radware, Inc. http://www.radware.com Jason Harrison, Regional Sales Manager - Northern California 721 Emerson Court San Jose, CA 95126 voice: 408.279.2310; fax: 408.279.2510 > -----Original Message----- > From: Pascal Gloor [mailto:[email protected]] > Sent: Wednesday, January 16, 2002 3:13 PM > To: [email protected] > Subject: Re: Growing DoS attacks > > > > > Since years, IRC (users and/or servers) gets dDoS... We also > see a grow of > the dDoS attacks. For example on Undernet some servers get > attacked every > day with 100+Mbps for a few minutes, and sometimes for long > long hours... > Those attacks are usually comming from users - IRC Operators > conflicts, > those users think they may ask anything to an OPER with the > power of a dDoS. > We try to provide a free service, and all of us know how it > is hard to get a > host with good connectivity for free and on the other side we > see those > young 'script kiddies' playing around with hundreds of > compromised hosts > like a game and they have no idea how much it costs to all > the flooded > networks... Unlikely I have to say that most of these 'script > kiddies' are > from Romania. I dont know why it's so many times comming from them.... > > If you run an well dDoS'ed IRC Server on your network I have > a solution for > you... not the best one, but still technically working.. > > get a /24 (be carefull that there is no bigger network > announced which would > include it!!! i mean like if you get 10.10.10/24, 10/8 would > include it) > > Get a box, and run Zebra BGPD, which will announce that /24 > to your network. > Then do a script which monitors the traffic to the irc > server, and on a > certain threshold, kill BGPD. wait a certain time, like > 15minutes or so, and > restart BGPD. It would be nice to check the traffic every > minute and if 2 > consecutive checks are positive kill bgpd. That mean that you > may be able > to STOP dDoS to irc servers within 2-3 minutes... > > just my 0.00001 EUR > > Cheers.. > Pascal >
|