nanog mailing list archives
Re: DOS Attacks - Almost Caught One!
From: Quark Physics <meuon () highertech net>
Date: Sun, 22 Oct 2000 10:28:31 -0400 (EDT)
We do get this sort of crap daily at least 5 times a day, distributed tcp/ack, tcp/syn, etc, over 40-50Kpps+ sometimes.. my list of over ~230 slave networks (in /24 format). Kids are after taking CPUs in routers out and not killing you with hundrends and hundreeds of Mbps, high-pps attacks are also very nasty, and of course everything is over some stupid IRC issue.
We have found two hacked Linux boxen (on customers boxes) recently that have been used as DDOS creators. Both were older (Redhat 6.0) and were well hacked, replacing ls,find,ps,login,wtmp.. etc... and they installed a small IRC proxy server (BNC ala bnc.com) and then some tools for sniffing and apparently creating DDOS. We were unable to find traces of the originating IP's in logs or other files. I saved some of the programs (t0rnD, stachel..)
Current thread:
- DOS Attacks and reliable network contact data. Jason Slagle (Oct 21)
- Re: DOS Attacks and reliable network contact data. Basil Kruglov (Oct 21)
- Re: DOS Attacks - Almost Caught One! Quark Physics (Oct 22)
- Re: DOS Attacks and reliable network contact data. Joe Shaw (Oct 22)
- Re: DOS Attacks and reliable network contact data. Jason Slagle (Oct 22)
- Re: DOS Attacks and reliable network contact data. Joe Shaw (Oct 22)
- Re: DOS Attacks and reliable network contact data. bmanning (Oct 22)
- Re: DOS Attacks and reliable network contact data. Brian Wallingford (Oct 22)
- Re: DOS Attacks and reliable network contact data. Kevin Houle (Oct 23)
- Re: DOS Attacks and reliable network contact data. Bruce Campbell (Oct 23)
- Re: DOS Attacks and reliable network contact data. Jason Slagle (Oct 22)
- Re: DOS Attacks and reliable network contact data. Basil Kruglov (Oct 21)
- Re: DOS Attacks and reliable network contact data. Bryan Bradsby (Oct 22)
- Re: DOS Attacks and reliable network contact data. Mark Milhollan (Oct 24)
- <Possible follow-ups>
- RE: DOS Attacks and reliable network contact data. rdobbins (Oct 21)