Yeah, I've been learning a lot about this the last couple of days. Been talking to a guy who specializes in mitigating DDoS attacks, and I asked him what kind of cretins do this sort of thing. Here's his reply....
Quote:
Hi, ddos is very easy to do, all kinds of idiots can run botnets. You would be suprised. I guess its what crowd you hang with as to what kind of tools or bots to get. Most botnets are IRC based, meaning the bots have to connect to an irc,. Now teh russians have the storm worm and other insanely complicated bots which use p2p and other means,. Even my guy or stopddos cannot stop tehse people. Not even the feds. Then you have dns amplification atatcks which are probably the worst as far as bandwidth, some can send as much as 50gb,
Here is average bot-herder in US or UK,
--------------------------------------------------------------
You have a ****ty social life, get beat up at school, girls wont date you. Sometimes you have flamboyant homosexual tendencies as you have gave up on the female species as means to have sex. You masturbate frequently to internet porn and stay in your room or mother's basement nearly 24/7. You have no kind of power or control over anything in your life. So you develop an internet personality and world where you do have power over things, you try to hurt people. This makes you feel better about yourself and makes you feel powerful. You probably play online games in which you use hacks and cheats in and claim it is skill. You hang out in IRC chats and hacking forums, make new friends like yourself. You decide you would liek to have even more power, you want to take revenge on everyone you feel has wronged you, or you simply want to hurt other people by destroying their
online assets.
So you ask your new friends for the new bot source everyone is using. One of them walks you through the steps of compiling it. You purchase a domain or use a free dns service to program each bot to connect to. You can use an ip as well but if the ircd gets shut down you will lose all your bots so you use dns for this.
You compile your bot, get your ircd running and start spamming, suing p2ps, and scanning ranges of third world countries that use pirated or outdated windows, you scan for remote exploits so you can infect the computers with your bot. The bots start coming in your ircd, then they start spreading themselves over and over. Eventually you end up with a good size botnet.
Now you have some real power, you make a new nickname like Theg0d or M4st3r, You start ddosing all the sites you do not like and taunting the owners. You find out eventually that you can make money with your newly obtained power so you go on the underground and find ddos for hire jobs. You open an rgold account so you can accept the money and be untracable.
You are approached by Ricardo of Ricardosclassifieds.com he offers you $500 to ddos fuanaclassified, you take on the job and start ddosing them. Now the admin of fauna is in a bad situations and looking for a solution.
---------------------------------------------------------------------
The the rest of them are usually peopel who live in 3rd world countries like russia, nigeria, and brasil. they do this for a living.. SO it is most likely competiton or some enemy.
On my site www.nix101.com there are some tips and tutorials for mitigating ddos on your own. You can very well do this if you put your mind to it, use that info and google for more.
Feel free to share my average botherder story lol. I was taking a break from some things and got into that and done typed too much before I realized.
good luck, lemme know if you need more help
|
I then asked him how many of these clowns get caught and prosecuted. His reply was NOT encouraging:
Quote:
they are every rarely prosecuted and 9 times outta 10 they ar eback doing the same stuff the same day they are arrested. they hardly never get jail. Ive actually never heard of anyone getting jail.
As far as stopddos, that is gonna cost you a pretty penny there. You are better off paying for the mitigation and usually teh atatcker wilol give up after a few blocked attacks.
Also on prosecuting someone you have to show that you suffered over $5000 in damages. I tell you how ridiculous the situation is, ok there wa sthis one kid who got busted in the last Bot Roast by the fbi where they round up bot herders. Ok that was 3 months ago maybe. Now the same guy is extorting people again. i currently host one of his victims, ive succesfully blocke dthe attack but he keeps trying cause he thinks he is costing the victim andwidth money which is stupid. I talked to an fbi agent about this, apparantly they have an investigation going but the agent told me he was not sure if it was
worth the fbis time as he had not extorted any big victims lately. So they are not even gonna pursue it and we have all the evidence even chat logs of teh guy extorting and bragging.
So dont really count on a prosecution. I can come up with a deozen instances where people got caught doing this and still are terorizng the net to this day. You ar ebetter off getting their info and suing them or going to their house and kicking their ass lol.
I know it sounds bleak and hopeless but thats the info Ive gathered in
my 2-3 years of doing this
|
Kind of makes you wonder about the FBI. This sort of thing is extremely damaging to commerce on the net, yet they do nothing at all about it, even when they nab someone. Yeah some are going to be minors and many will likely be out of the country, but a few examples need to be made. Set up sting operations to catch the people who actively solicit these kinds of "services" for malicious purpose against their competitors.
Sometimes I just feel sick to death of this entire world we live in.....