Growing DoS attacks
LeBlanc, Jason
Jml at ebay.com
Wed Jan 16 23:37:47 UTC 2002
Get in touch with these guys, ask about SLT Director:
Radware, Inc.
http://www.radware.com
Jason Harrison, Regional Sales Manager - Northern California
721 Emerson Court
San Jose, CA 95126
voice: 408.279.2310; fax: 408.279.2510
> -----Original Message-----
> From: Pascal Gloor [mailto:pascal.gloor at spale.com]
> Sent: Wednesday, January 16, 2002 3:13 PM
> To: nanog at nanog.org
> Subject: Re: Growing DoS attacks
>
>
>
>
> Since years, IRC (users and/or servers) gets dDoS... We also
> see a grow of
> the dDoS attacks. For example on Undernet some servers get
> attacked every
> day with 100+Mbps for a few minutes, and sometimes for long
> long hours...
> Those attacks are usually comming from users - IRC Operators
> conflicts,
> those users think they may ask anything to an OPER with the
> power of a dDoS.
> We try to provide a free service, and all of us know how it
> is hard to get a
> host with good connectivity for free and on the other side we
> see those
> young 'script kiddies' playing around with hundreds of
> compromised hosts
> like a game and they have no idea how much it costs to all
> the flooded
> networks... Unlikely I have to say that most of these 'script
> kiddies' are
> from Romania. I dont know why it's so many times comming from them....
>
> If you run an well dDoS'ed IRC Server on your network I have
> a solution for
> you... not the best one, but still technically working..
>
> get a /24 (be carefull that there is no bigger network
> announced which would
> include it!!! i mean like if you get 10.10.10/24, 10/8 would
> include it)
>
> Get a box, and run Zebra BGPD, which will announce that /24
> to your network.
> Then do a script which monitors the traffic to the irc
> server, and on a
> certain threshold, kill BGPD. wait a certain time, like
> 15minutes or so, and
> restart BGPD. It would be nice to check the traffic every
> minute and if 2
> consecutive checks are positive kill bgpd. That mean that you
> may be able
> to STOP dDoS to irc servers within 2-3 minutes...
>
> just my 0.00001 EUR
>
> Cheers..
> Pascal
>
More information about the NANOG
mailing list