Growing DoS attacks

LeBlanc, Jason Jml at ebay.com
Wed Jan 16 23:37:47 UTC 2002


Get in touch with these guys, ask about SLT Director:

Radware, Inc.
http://www.radware.com

Jason Harrison, Regional Sales Manager - Northern California
721 Emerson Court
San Jose, CA 95126
voice: 408.279.2310; fax: 408.279.2510

> -----Original Message-----
> From: Pascal Gloor [mailto:pascal.gloor at spale.com]
> Sent: Wednesday, January 16, 2002 3:13 PM
> To: nanog at nanog.org
> Subject: Re: Growing DoS attacks
> 
> 
> 
> 
> Since years, IRC (users and/or servers) gets dDoS... We also 
> see a grow of
> the dDoS attacks. For example on Undernet some servers get 
> attacked every
> day with 100+Mbps for a few minutes, and sometimes for long 
> long hours...
> Those attacks are usually comming from users - IRC Operators 
> conflicts,
> those users think they may ask anything to an OPER with the 
> power of a dDoS.
> We try to provide a free service, and all of us know how it 
> is hard to get a
> host with good connectivity for free and on the other side we 
> see those
> young 'script kiddies'  playing around with hundreds of 
> compromised hosts
> like a game and they  have no idea how much it costs to all 
> the flooded
> networks... Unlikely I have to say that most of these 'script 
> kiddies' are
> from Romania. I dont know why it's so many times comming from them....
> 
> If you run an well dDoS'ed IRC Server on your network I have 
> a solution for
> you... not the best one, but still technically working..
> 
> get a /24 (be carefull that there is no bigger network 
> announced which would
> include it!!! i mean like if you get 10.10.10/24, 10/8 would 
> include it)
> 
> Get a box, and run Zebra BGPD, which will announce that /24 
> to your network.
> Then do a script which monitors the traffic to the irc 
> server, and on a
> certain threshold, kill BGPD. wait a certain time, like 
> 15minutes or so, and
> restart BGPD. It would be nice to check the traffic every 
> minute and if 2
> consecutive checks are positive kill bgpd. That mean that you 
>  may be able
> to STOP dDoS to irc servers within 2-3 minutes...
> 
> just my 0.00001 EUR
> 
> Cheers..
> Pascal
> 



More information about the NANOG mailing list