Slashdot Mirror
DDoS Extortion Attempts On the Rise
John Flabasha writes "There's an excellent article that originated on the LA Times and was syndicated to Yahoo News about DDoS attacks on online gaming and one of the solutions out there. Since when did ISP null routes go out of style?" We've run a number of previous stories about DoS blackmail attempts, like this one or this one.
Pay up or I'll suggest a /. article about you, and you know the editors will accept it too!
If only it were that simple.
Support more choices in goverment-Vote 3rd party.
Noone's going to blackmail me into using DOS again...
was that MS-DOS TRS-DOS, or Apple DOS?
The school network here has been getting attacked about once a week for the last month. I am really tired of the internet going down and getting 60% packet loss this often.
I am not sure why we would be getting DoS attacks at a major university. The people who run resnet have a site that says what a current problem is. Their solution to DoS attacks appears to be waiting them out. When the problem becomes "solved" the "solution" normally states "DoS attack has finished." I wish they would try something that would prevent them. Stupid CIS...
Aston Games
"That's a nice StarCraft server you have set up there. Be a shame if anything happened to it."
Honestly, that's what I thought when I read "extortion" and "online gaming."
Don't blame me, I voted for Durga.
I don't have the link anymore, but MSNBC did a writeup on my mother who some russian jerkoffs tried to extort. They basically got her with a fish page, we caught on and shut down her accounts. Then they sent threats saying unless we sent money they would this and that, then when that didn't work they sent messages *BEGGING* for us to send them 150$ claiming they were poor and destitute and it was nothing to us.
Religion is a gateway psychosis. -- Dave Foley
Its amusing to note peoples reactions when they hear that XYZ is suffering a DDOS attack.
They invariably open the browser and attempt to open the site.
Its natural human instinct, they open it, say "Yup, its still down" and either click refresh a few times, or close it.
Watching how slash/fark folks handle flooding a site is similar.
liqbase
I agree - Null Routes aren't the answer here. But something that ISP's *can* do, and could have done all along but have yet to, is to incorporate anti-spoofing measures in their networks.
It's a fairly simple concept, but a lot of work to do it with routers. Every customer end-point should have ACL's on them that block any traffic coming out of their segment that isn't assigned to their IP space. This keeps end-points honest, regardless of what IP's they try to use, which also makes zombie isolation a lot easier. They have to use their own IP, or at least a valid IP on their network, just to affect the target they are trying to attack.
Apparently this is such a Herculean effort, however, that no ISP's I know of do this consistantly. There's really no upside for them anyway, except for a warm fuzzy that they're contributing to the health of the Internet.
Maybe if these sort of extortion schemes happen enough, proper pressure can be brought to bear on the ISP's to do this.
-AutoNiN
Just to clarify for everyone, this is extortion against online *gambling* companies, not online gaming.
:)
You can call gambling "gaming" in the offline world, but not the online -- "online gaming" is already taken
Or at least, I like to think I'm not very good. There's so much to know, and I only know a tiny part of it.
My boss keeps coming to me with printouts of articles just like this one. Then he likes to say, "What can we do to prevent this happening to us?"
I like to respond, "Nothing."
But it's never a satisfying response. What do the slashdot network gurus do to prevent DDoS attacks on their systems?
I would suggest the standard netowrk security tips - close off any ports that aren't needed, etc --
I would suggest a null route, but that only helps against a known attacking IP address. A DDoS comes from many IP addresses.
I woudl suggest blocking (or null routing) them ALL, but then the DDoS attacker will just go buy another set of zombie PCs and renew the attack. You can't win that one.
I would suggest getting a service provider with more bandwidth, but then the attacker will just get an equivalent number of more zombie PCs to attack from.
I would suggest a fancy setup with multiple servers at multiple Colos but then the DDoSer will just launch multiple attacks.
Is there any way to win?
Is there any way I can tell my boss something other than "nothing?"
Save me Slashdot! Pleeeeease!?
Another is WebMoney, mentioned on the spammer board SpamForum.biz. It's a anonymous money transfer service in Moscow. Elaborate crypto. Special downloaded applications. Schemes for transferring money between customers, and finally out into the banking system. Accounts can be in euros, dollars, rubles, or hryvnias. Address is supposedly 71 Sadovnicheskaya Street, Moscow, Russia, 115035. Same address as the "Three Monkeys", which is a gay nightclub.
There are a number of services like this. They come and go. There's Gold-Cash, in Latvia. There's EvoCash, at an undisclosed "offshore" location. (Well, there was EvoCash; they ceased operations on October 19th.) They even have a trade association, which rates services as "Platinum", "Gold", "Silver", "Copper", "Carbon", or "Chlorine", which gives a hint of the problems in this area.
Then there are brokers who transfer money between these services. These can be used to perform the "rinse cycle" in money laundering. But that's another story.
Pull your head out of your ass and check before you state a wild guess as a fact:
"The average Russian salary is about $245 a month, but most state sector workers earn only a little more than a half of that."
So an average Russian earns $1470 in 6 months. Well, you were only out by a factor of 15 - source.
You don't have anything to do with elections in Florida by any chance?
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism