• Got the Contributing Memberships stuff finally worked out and made up a thread as a sort of "How-To" to help people figure out how to participate. So if you need help figuring it out, here's the thread you need to take a look at -> http://www.corvetteflorida.com/forums/showthread.php?t=3581 Thank you, everyone! Rich Z.

Computer cretins.........

Rich Z

Rich Z

Internet Sanitation Engineer
Staff member
Dammit.......... I have a pretty big site I run called FaunaClassiifeds.com which has a Board of Inquiry forum that is very popular in the reptile industry for exposing scammers and crooks who otherwise escaped unnoticed. Well evidently one of them who got outed has the knowledge to launch a DDOS (distributed denial of service) attack on my server, and has effectively shut down that site. The server host company I am with seems unable to do anything about it so I am moving the server to another host who says they can deal with such things.

But here's the rub. Apparently there is no effective way to track down the person responsible for this sort of activity. So in effect, each and every web based business is at the mercy of a single cretin who can effectively shut you DOWN at the drop of a hat. Yeah, there are solutions, but most can be VERY expensive to implement. I got one quote for $1K per MONTH to run DDOS filtering for my server. And that wasn't the most expensive one.

With all of the computer technology available, you would think SOMETHING would exist to track these clowns down and either put them away in jail for a long stretch, or have someone locate them late one night and break their fingers for them with a sharp warning that things will get MUCH worse if they continue their evil ways.

Anyway, just venting. I'm looking at the possibility of a website I have put a lot of time, money, and effort into going down the tubes and I'm about to start gnawing on my desk........... :banghead:
 
You would think that disrupting Inter-State commerence would be a federal crime and investagated by the FBI. :shrug01:
 
Rich, I installed a unit called Allot NetEnforcer (AC-1010 & AC-1020) at my father’s two Cable TV Companies. It will manage and shape all network traffic. These units are not cheap.

Allot NetEnforcer

Entry Level Traffic Management Devices

Allot NetEnforcer AC-402 and AC-404 traffic management devices are especially suitable for small to medium enterprise networks and broadband service provider networks. Using deep packet inspection (DPI) technology with QoS enforcement capabilities, they provide the granular visibility network operators need to monitor and control bandwidth usage, and to optimize service delivery.

Main Features of the NetEnforcer AC-400 Series

2 or 4 ports
Range of operation speeds: 2, 10, 45 and 100 Mbps (full duplex)
Identifies hundreds of applications and protocols out-of-the-box
Advanced signature and behavior-based recognition
Dynamic QoS, prioritization/shaping based on policy definitions
Proactive alarms
Automatic mitigation of malicious traffic
Supported by NetXplorer centralized management system
Easy upgrade to higher speeds and more policies
Fail-safe performance


netenforcer-ac-404.jpg


ac400_big.gif
 
This probably isn't going to do me any good. My server is located in a data center in Atlanta. Soon to be in Michigan. And yeah, all this stuff is pretty high priced.

Quite honestly, I am rethinking this entire internet thing. I don't like being at the mercy of some anonymous cretin that can end all my efforts with the click of a button. Obviously ANY website is at jeopardy.

I have filed a complaint with the FBI's Internet Crimes Division about this, since it is obviously a crime involving interstate commerce and within their jurisdiction. I doubt they will do anything, but maybe if this complaint is one of many, eventually something will be done about it.
 
I have a program from school called ethereal. logs any incoming and outgoing network traffic. kinda illegal to use on a home basis from what ive been told cause well, it logs every keystroke in plain text. idk if a business type setting can use it or not.

what im going to school for right now, information security heh. and the better the service the more its gonna cost, mainly cause what we have to pay to learn this stuff.
 
LS2POWA said:
I have a program from school called ethereal. logs any incoming and outgoing network traffic. kinda illegal to use on a home basis from what ive been told cause well, it logs every keystroke in plain text. idk if a business type setting can use it or not.

what im going to school for right now, information security heh. and the better the service the more its gonna cost, mainly cause what we have to pay to learn this stuff.
Click to expand...


Yes.. a ddos (distributed denial of service)... means just that. Distributed. Generally a trojan gets downloaded to unsuspecting users computers, then the bad guy sends a command to all the infected machines to slam your server traffic. Therefore the attack is coming from many different ip addresses. That's why it's almost impossible to find the real culprit.
 
Last edited:
Well that SUCKS Rich!:willy_nilly: I still can't understand why these people would do this to someone whom they've never met.:shrug01:

It sure would be nice of these A-holes, if found, were turned over to the people who they've affected with their viruses!:yesnod:

JAT.. Why don't these Scumbags put their viruses to good use and shut down some Terrorist and child porn websites?!!!:D
 
Yeah, I've been learning a lot about this the last couple of days. Been talking to a guy who specializes in mitigating DDoS attacks, and I asked him what kind of cretins do this sort of thing. Here's his reply....

Hi, ddos is very easy to do, all kinds of idiots can run botnets. You would be suprised. I guess its what crowd you hang with as to what kind of tools or bots to get. Most botnets are IRC based, meaning the bots have to connect to an irc,. Now teh russians have the storm worm and other insanely complicated bots which use p2p and other means,. Even my guy or stopddos cannot stop tehse people. Not even the feds. Then you have dns amplification atatcks which are probably the worst as far as bandwidth, some can send as much as 50gb,

Here is average bot-herder in US or UK,
--------------------------------------------------------------
You have a shitty social life, get beat up at school, girls wont date you. Sometimes you have flamboyant homosexual tendencies as you have gave up on the female species as means to have sex. You masturbate frequently to internet porn and stay in your room or mother's basement nearly 24/7. You have no kind of power or control over anything in your life. So you develop an internet personality and world where you do have power over things, you try to hurt people. This makes you feel better about yourself and makes you feel powerful. You probably play online games in which you use hacks and cheats in and claim it is skill. You hang out in IRC chats and hacking forums, make new friends like yourself. You decide you would liek to have even more power, you want to take revenge on everyone you feel has wronged you, or you simply want to hurt other people by destroying their
online assets.

So you ask your new friends for the new bot source everyone is using. One of them walks you through the steps of compiling it. You purchase a domain or use a free dns service to program each bot to connect to. You can use an ip as well but if the ircd gets shut down you will lose all your bots so you use dns for this.

You compile your bot, get your ircd running and start spamming, suing p2ps, and scanning ranges of third world countries that use pirated or outdated windows, you scan for remote exploits so you can infect the computers with your bot. The bots start coming in your ircd, then they start spreading themselves over and over. Eventually you end up with a good size botnet.

Now you have some real power, you make a new nickname like Theg0d or M4st3r, You start ddosing all the sites you do not like and taunting the owners. You find out eventually that you can make money with your newly obtained power so you go on the underground and find ddos for hire jobs. You open an rgold account so you can accept the money and be untracable.

You are approached by Ricardo of Ricardosclassifieds.com he offers you $500 to ddos fuanaclassified, you take on the job and start ddosing them. Now the admin of fauna is in a bad situations and looking for a solution.

---------------------------------------------------------------------


The the rest of them are usually peopel who live in 3rd world countries like russia, nigeria, and brasil. they do this for a living.. SO it is most likely competiton or some enemy.

On my site www.nix101.com there are some tips and tutorials for mitigating ddos on your own. You can very well do this if you put your mind to it, use that info and google for more.

Feel free to share my average botherder story lol. I was taking a break from some things and got into that and done typed too much before I realized.

good luck, lemme know if you need more help
Click to expand...

I then asked him how many of these clowns get caught and prosecuted. His reply was NOT encouraging:

they are every rarely prosecuted and 9 times outta 10 they ar eback doing the same stuff the same day they are arrested. they hardly never get jail. Ive actually never heard of anyone getting jail.

As far as stopddos, that is gonna cost you a pretty penny there. You are better off paying for the mitigation and usually teh atatcker wilol give up after a few blocked attacks.

Also on prosecuting someone you have to show that you suffered over $5000 in damages. I tell you how ridiculous the situation is, ok there wa sthis one kid who got busted in the last Bot Roast by the fbi where they round up bot herders. Ok that was 3 months ago maybe. Now the same guy is extorting people again. i currently host one of his victims, ive succesfully blocke dthe attack but he keeps trying cause he thinks he is costing the victim andwidth money which is stupid. I talked to an fbi agent about this, apparantly they have an investigation going but the agent told me he was not sure if it was
worth the fbis time as he had not extorted any big victims lately. So they are not even gonna pursue it and we have all the evidence even chat logs of teh guy extorting and bragging.

So dont really count on a prosecution. I can come up with a deozen instances where people got caught doing this and still are terorizng the net to this day. You ar ebetter off getting their info and suing them or going to their house and kicking their ass lol.

I know it sounds bleak and hopeless but thats the info Ive gathered in
my 2-3 years of doing this
Click to expand...

Kind of makes you wonder about the FBI. This sort of thing is extremely damaging to commerce on the net, yet they do nothing at all about it, even when they nab someone. Yeah some are going to be minors and many will likely be out of the country, but a few examples need to be made. Set up sting operations to catch the people who actively solicit these kinds of "services" for malicious purpose against their competitors.

Sometimes I just feel sick to death of this entire world we live in.....
 
Rich I know how you feel......:mad:
We were having DDOS attacks all the time at least 3 a year, that’s why we ended up buying the Allot units. When we were being attacked we had to shut down all the servers, routers, and microwave links for at least 10+ minutes for the pinging to stop. How about when our email servers got attacked with 100,000,000.00 emails with 100MB of junk attachments that was not designated for our servers.............:banghead:
 
You must log in or register to reply here.
Back
Top