Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DoS Kiddie

From: John Oliver <joliver () connectnet com>
Date: Mon, 11 Jun 2001 12:43:43 -0700
"Jonathan C. Hamill" wrote:


This is some information I've been compiling on a DoS kiddie from
irc.dal.net who goes by the handle cpio, these are the events that
transpired and what happened as a result.  He's been using some hacked
account's bandwidth to drop down tons of traffic on me from various
misconfigured hosts which he probably got from netscan.org.  I'm being
packeted even as I write this but he has yet to take down my connection
completely, what I'm wondering is if there is anything I can do to make this
stop, I realize that it's virtually impossible to find out where he's coming
from as he always uses various shell accounts and bnc's on irc, but from
previous conversations I know he lives in new jersey.  As it is a Sunday
there is no one available at my local @Home offices and I can't think of
anything else to do but wait it out, which as of this writing it's been 6
hours of continous packeting.  My numerous attempts to get a continual log
of the attack have
been thwarted by the volume of traffic which my OpenBSD 2.7 system's kernel
keeps dropping most of and tcpdump/smurflog can't keep up and both crash
after a few seconds.  I would appreciate any help anyone can offer me with
this matter.


@Home isn't going to help you at all.  Guaranteed.  Here's how to fix
the problem:

1) Ask @Home to assign you a new IP address.

2) Change your IRC nick and/or stay away from channels you know this
cpio hangs out in.

3) Try not to piss off script kiddiez in the future.

Sucks, don't it?  But there's literally nothing else you can do.  Well,
there *are* things that could be done, but if they were within your
capabilities (no offense intended), you wouldn't be asking here... you'd
be posting a report of how you dealt with it.

Like Steve Gibson says, there's *nothing* you can do when a 13-year-old
brat with nothing better to do decides to knock you off the 'Net. 
Forget the big stick part... just walk around very, very quietly.

If you insist on provoking this character more in IRC (some people just
*can't leave it alone, and have to try to have the last word), then do
so from a throwaway dialup.  

-- 
John Oliver, System Administrator        http://www.allegiancetele.com
ConnectNet, an Allegiance Telecom company    http://www.connectnet.com
6370 Lusk Blvd. Ste F103                                (858) 638-2020
San Diego, CA. 92121                               FAX: (858) 623-1505
Previous By Date Next
Previous By Thread Next

Current thread: