DDoS attacks

Fri Jul 13 06:31:56 UTC 2001

The main problem with this kiddies is not _law_. It is _communication between ISP_
and _their ability to trace something_.

In theory, any attack can be traced to it's origins. You need is a lot of time,
yoou need good IP accoounting,  a few filters; then you need to find
zombied computers and install your own trojans to trace  back hackers who use this
zombies. It is easy to do it in such ciountry as Russia - I always could call my
collegues from another ISP, ask them something, ask computer owner to allow me
installl my own software in his, zombied, system, etc etc. When this traces lead
us out to the  Europe, everything became slower but _yet_ possible (it was 2 or 3
years ago). When traces came into the USA, you was sticked  with 800-th phone,
_Enter your account number / all our representatives are busy / brainless support
engineers of the first level and unability to find someone skilled / privacy
concerns, etc etc...

I can get a very good example here. A lot of kiddies used 'ftp.technotronyc.com'
as a store for the trojan packets. If someone investigate logs of this ftp and
look _where /I mean IP addresses/ linux trojan kit 3 (for example)_ was
downloaded, he definetely had a chance to find approximately 100 - 200 zombied
systems over the world (because every time _this particular hackers_ broke into
some linux, they downloaded lrk3, sniffers and other toold directly from this ftp
server). If someone install his own trojan into the pre-build sniffers , they
could have a chance to receive a notificatuion about broken and sniffered systems
over the world. Etc etc. Guess, if we ever could find any person from
ftp.technotronic.com? of course, we could not...

Just the same thing was about Exodus and home pages hackers keep on it - no any
chance to been understood... We never asked to give us this information, we asked
only to collect it and investigate it (and we never dream FBI can participate and
help).

Talking about _law_. I know Russion law, it's not problem to prosecute a hacker if
you have an evidences. And you even don't need a lot of them. In my understanding,
it's more communication problem, not legislation one and not technical one...

Alex Roudnev.

----- Original Message -----
From: <up at 3.am>
To: <nanog at merit.edu>
Sent: Thursday, July 12, 2001 1:07 PM
Subject: Re: DDoS attacks

>
>
> That's obviously a big issue, but not unaddressable...most countries have
> laws against this sort of thing.  At some point, somebody's going to deal
> with an unresponsive government by blackholing entire regions...certain
> APNIC blocks come to mind.  Any network where DDoS perpetrators can
> operate with impunity will eventually be considered too dangerous to NOT
> blackhole.
>
> We haven't arrived at that point yet because A) DDoS attacks haven't
> gotten so out of hand that it's stopping big businesses in their tracks
> continuously (but it may, soon) and B) At this point, NONE of the
> governments (including the US) are sufficiently responsive to the point
> where any particular region could be blackholed (but this will change as
> point A changes) to any effect.
>
> On Thu, 12 Jul 2001, Alexei Roudnev wrote:
>
> > One important notice - most of this kiddies are not from USA.
> >
> > ----- Original Message -----
> > >
> > > > I can't help but believe that if even 20% of them
> > > > were caught and had to spend just a little time (even hours) with the
> > > > cops, and had their peecees confiscated, you'd not be seeing
> > > > nearly the problems we are now.
>
> James Smallacombe       PlantageNet, Inc. CEO and Janitor
> up at 3.am     http://3.am
> =========================================================================
>
>