# Denial of Services Attack under way....



## Bob Hubbard (Nov 27, 2004)

Since the start of the US Thanksgiving Holiday, the data center which houses the majority of our sites has been undergoing what is known as a Distributed Denial of Services Attack.  The short english translation of this is that thousands of computers are flooding the network with bogus traffic, preventing legitimate traffic from going through.  They are working on the problem and blocking the attackers as fast as possible.

 MartialTalk is NOT under attack, being located in a different datacenter. However our DNS servers are housed in the center under attack, so you will experience some 'brown outs' until the situation is resolved.

 Please, make certain your system is clean of spyware and viruses.  The leading source for these attacks are infected PCs.  

 More information on how to protect yourself from these and other threats is available in my article [font=Verdana, Arial, Helvetica, sans-serif]Computer          Viruses (Originally Published September 2003 MartialTalk Magazine).


 Resources:
[/font]  [font=Verdana, Arial, Helvetica, sans-serif]*Anti            Virus Software Vendors:*
           · AVG Anti-Virus Free antivirus software. www.grisoft.com
           · F-Protect www.f-prot.com
           · Norton : www.symantec.com
           · Mcafee : mcafee.com
           · Panda Software Antivirus : www.pandasoftware.com
           ·Trend Micro: www.trendmicro.com[/font]

           [font=Verdana, Arial, Helvetica, sans-serif]            Windows Update: windowsupdate.microsoft.com[/font]

           [font=Verdana, Arial, Helvetica, sans-serif]*FireWalls:*
           Zone Alarm: http://www.zonelabs.com[/font]

           [font=Verdana, Arial, Helvetica, sans-serif]SyGate:            http://sygate.com/[/font]

           [font=Verdana, Arial, Helvetica, sans-serif]*SpyWare            Removal:*
           Ad Aware:http://lavasoft.de[/font]

           [font=Verdana, Arial, Helvetica, sans-serif]SpyBot            : http://www.safer-networking.org/[/font]


----------



## jfarnsworth (Nov 27, 2004)

As soon as they catch these people they should serve jailtime!


----------



## Bob Hubbard (Nov 27, 2004)

There are lyrics in a BloodHound Gang song that speak on how I feel towards DDOSers....


----------



## Satt (Nov 27, 2004)

Good post Kaith. Thanks a lot. I went through the other day and wrote down all the current "processes" on my computer. I have allways wondered what they are. So I took some time and typed them all into google and read about each one. It turns out that there were like three or four "bad" programs running and they were taking up a lot of space too!!! Now I just have to find out how to remove them all.


----------



## Bob Hubbard (Nov 27, 2004)

Try adaware, then spybot.


----------



## bignick (Nov 27, 2004)

That sucks.  DDoS's are big trouble because there is no real good way to protect agaisnt them and all the forms they can take...


----------



## Ping898 (Nov 27, 2004)

jfarnsworth said:
			
		

> As soon as they catch these people they should serve jailtime!


They'll never be caught unless they brag about it.  That's the beauty of most DoS attacks.  You can use zombie machines to do all the work and unless you are stupid the trail will never lead back to you.


----------



## cashwo (Nov 27, 2004)

X-Cleaner is great too. I use ad-aware, x-cleaner, and Zone Alarm.  Hate to hear about the DOS attacks.  People should find better things to do with there time.


----------



## bignick (Nov 27, 2004)

if only they would use their talent for good...oh well...i think my signature sums it up


----------



## Dr. Kenpo (Nov 27, 2004)

jfarnsworth said:
			
		

> As soon as they catch these people they should serve jailtime!


Well, then turn yourself in!


----------



## Bob Hubbard (Nov 27, 2004)

I've put some tweaks in, and am looking into a few more that will hopefully help smooth things out.  Some should kick in now, and others will take 24-72 hours to work through the system.  BAH.


----------



## cashwo (Nov 27, 2004)

bignick said:
			
		

> if only they would use their talent for good...oh well...i think my signature sums it up


I agree with this 100%


----------



## Ping898 (Nov 27, 2004)

bignick said:
			
		

> if only they would use their talent for good...oh well...i think my signature sums it up


Not going to happen though.  Half the attacks that happen aren't even from people that design them.  It is someone that goes out, finds the code on the net and runs it without knowing any of the details of how it works.  They don't have any real talent.  They are nothing more than bored script kiddies.


----------



## RRouuselot (Nov 27, 2004)

Another way to cutdown on crap getting into your PC is Mozzilla or Firefox as your browser instead of Internet Explorer.....since most Interent junk/viruses are set up to attack Explorer. 
Since I switedched to Firefox I never get "popups" or have yet to get any spyware.


----------



## Bob Hubbard (Nov 27, 2004)

I use about 4-6 different browsers regularly.  FireFox is definately the best of the bunch.
- Built in Popup blocker
- built in hook to various search engines
- reads RSS feeds
- Has a ton of cool add-ons
etc.


If you don't have it, theres a button link down on the bottom of every forum page.


----------



## bignick (Nov 27, 2004)

gotta love the open source movement


----------



## Bob Hubbard (Nov 28, 2004)

*Update:*

We appear to be past the worst of it.  I've had several messages indicating that things are in the cleanup stage, and haven't seen a timeout on my email (which was pretty much inaccessible all weekend) since 1AM.

I've put in some additional redundancies and server tweaks that should help lessen future attacks.

These attacks were not against our server, or the server that MartialTalk is on.  We just got squeezed out as collateral damage.

What is a DDOS?
"Distributed denial-of-service attacks are ones in which the hacker plants malicious code on numerous, scattered and usually unwitting, servers. Those servers, known as zombies then flood a single IP address with packets so it is driven offline, unable to handle the volume. "

How many computers are attacking? Alot. 10,000+ is often times not a large number here as various groups stage contests to see who can compromise the most systems, and make the biggest splash.

Why did it take so long? No 2 attacking systems have an identical profile, the attacks are designed to mimic legitimate traffic, and there are a lot of them. It takes time for both the techs and their hardware to learn enough to block the crap, while still allowing legit traffic through. No system is 100%.

For those looking for a bit more 'geeky-meat' : "The people with a clue most certainly are on-site, they are the NOC engineers and they have been working on the UDP floods for four days straight. What is important to remember is a DDoS is a distributed denial of service attack which means the origin and type of data is constantly changing. It is not a matter of setting up a simple "if-then" rule and letting it go. This has been a hands-on issue for four days with people manually working on ever-changing floods from all over the place."

Hopefully, things will be smoother here on out.


----------

