Announcement

Collapse
No announcement yet.

FBI/DDoS Attacks are NOW ON MY NERVES

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ffaBen
    replied
    Originally posted by Asendin
    Where exactly are you using a 81.x.x.x IP ??
    Sorry for the late response... I'm in the south of England.

    Leave a comment:


  • Hooper
    replied
    Originally posted by Steve Machol
    That would be a monumental waste of time. There are hundreds, if not thousands of ISPs. Many are in China and Korea and could care less.
    I agree. This is a huge problem. The ISP's are not doing what they could do to clean up their network nodes. ISP's tend to look the other way well knowing how many sick machines are on their nodes. I took a sniffer and captured a few days worth of garbage on the lines and sent it to my ISP one time. They could care less. It's just about like a data center harbouring spam house clients.

    It appears to me that cleaning up the network nodes would show immediate benifits to the companies. But then again, how would you feel if your ISP sent you a letter letting you know that your winbox was infected with a trojan and is being monitored by them? Privacy issues are always a concern with ISP's and the liability may not be worth it.

    Leave a comment:


  • ShiningArcanine
    replied
    Have you tried the CIA? They handle international issues:

    http://www.cia.gov/cia/contact.htm

    Give them a call, tell them what is going on, you are sustaining over $5000 worth in damage and that the guy is in Saudi Arabia.

    Leave a comment:


  • Steve Machol
    replied
    That would be a monumental waste of time. There are hundreds, if not thousands of ISPs. Many are in China and Korea and could care less.

    Leave a comment:


  • ShiningArcanine
    replied
    Have you tried contacting ISPs? They should do something. After all, they are partially responsible for what is going in and out of their networks.

    Leave a comment:


  • RandomLove
    replied
    Thanks Raz for the explanation. If you do a netstat or have tcpview, you'll notice that the browser will do a SYN once it requests a page. What follows is something that I never researched .

    Leave a comment:


  • Raz Meister
    replied
    You might want to re-educate yourself on how the TCP/IP protocol works. SYN is not a port but part of the method to establish a TCP/IP link.

    To send a request via HTTP, low-level wise, the two computers need to handshake. If the IP is spoofed, the handshake cannot take place.

    Leave a comment:


  • RandomLove
    replied
    Originally posted by Raz Meister
    IIRC, you can't make an Apache request by spoofing an IP address. Only a SYN flood attack.
    Hmm, not sure about this. I guess once you can spoof the IP header, you can make any request. The case with http request spoofing is that the reply will not go back to the originator (since his/her IP is not there), but it will go so someone else. At the end the damage to your/my server has been done.

    I can assure you of this because my server is behind a Cisco PIX firewall and ALL ports all blocked (SYN/Ping included) but the 80 (http) and 22 (ssh). The flooding I suffered from for a year was http not SYN.

    Take care.
    R.L.

    Leave a comment:


  • Raz Meister
    replied
    IIRC, you can't make an Apache request by spoofing an IP address. Only a SYN flood attack.

    Leave a comment:


  • RandomLove
    replied
    Originally posted by _| () R | Z
    Just a question; isnt it possible to just block all traffic comming in from saudi arabia. im sure the attacker would stop one day if he wasnt able to see what damage he does?
    Good point, BUT, the problem is it doesn't work always; besides, as in most countries in the world, I'm sure that vB has good customer base in Saudi and I don't think it's good to block those good folks.

    Anyhow, let me tell you why it might not work (as someone who already suffered A LOT from DoS attacks I would like to offer my 2 cents ):

    Bad people can use two methods to bypass IP blocking by , 1- Using a proxy, 2- Using IP spoofing.

    That's why blocking a range of IPs doesn't work always. And that's why I'm using big machine (dual xeons 1GRAM etc) just to give those people the impression that my site is IMPOSSIBLE to bring down. After more than a year of DoS attacks and 400+GB/monthly transfer (and 50+ of CPU utilization) now they finally gave up and I'm back to the normal 15-20GB of monthly transfer!

    Best regards.
    R.L.

    Leave a comment:


  • Joe Gronlund
    replied
    Originally posted by ffaBen
    are any 81. IPs blocked? on the 81.101.67.0 range currently (VirginNet in the UK, which seem to use NTL), and can't access the site (can at the moment since I'm VPN'd into work so the site works there).
    Problem for me is I'm on a dynamic IP, so I doubt Jelsoft will remove a block on a Class B IP range just for one user.

    Hmm, was on an 81.101. range when typing this, but just got the 2 hour disconnect, and now I'm on a 81.103 range and still can't access vbulletin.com without using the VPN.
    Where exactly are you using a 81.x.x.x IP ??

    Leave a comment:


  • Raz Meister
    replied
    I think they have a few legitimate customers there. And it isn't that hard for a hacker (or anyone) to use a proxy to browse this site.

    Leave a comment:


  • _| () R | Z
    replied
    Just a question; isnt it possible to just block all traffic comming in from saudi arabia. im sure the attacker would stop one day if he wasnt able to see what damage he does?

    Leave a comment:


  • Wayne Luke
    replied
    Check your messages here.

    Leave a comment:


  • ffaBen
    replied
    Originally posted by Scott MacVicar
    if anyone is still blocked can you send your IP to [email protected]

    I think a portion of Comcast is being blocked off which is on the 24.1.0.0-24.15.0.0 range. Thats due to excesive DOS attacks from 24.16.0.0-24.255.0.0
    are any 81. IPs blocked? on the 81.101.67.0 range currently (VirginNet in the UK, which seem to use NTL), and can't access the site (can at the moment since I'm VPN'd into work so the site works there).
    Problem for me is I'm on a dynamic IP, so I doubt Jelsoft will remove a block on a Class B IP range just for one user.

    Hmm, was on an 81.101. range when typing this, but just got the 2 hour disconnect, and now I'm on a 81.103 range and still can't access vbulletin.com without using the VPN.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X