Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.
John
Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/. We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)
The thing with these DOS extortionist is that unlike the mafia or other groups they do not protect you from other extortinist. If you pay them thay can stop their attact, but if someone else try to attack you they cannot do anyting.
But like I said, he's cleaned up his act in recent months, so I no longer have a beef with him. Some folks, on the other hand, still hold this against him--which isn't an entirely unreasonable position to take.
Obliteracy: Words with explosions
Starting Feb 2004, my site was hit by a powerful DDoS attack. It knocked out my web server and it nearly took out my web host's switch in the data center. I never got any demands or letters or figured out who caused it.
Anonymizer.net tried to help me by putting my domain behind a series of rotating proxy servers. Their whole network crashed after 6 hours and they had to stop helping me.
Finally my web host hit on the right idea. I set up a half dozen virtual private servers (VPS) at Globalservers.com (same company that hosts about.com and freeservers) and my host installed a proxy server on each one called twhttpd and set them all to route traffic to and from my web server at his data center.
Then I set up an account at ZoneEdit and added all the IPs for the proxy servers with a failover system. Every time the bastards knocked out one of the proxy servers, ZoneEdit would detect that the server was borked and switch to another one. With the load reduced, the dead proxy came back on its own a few minutes later.
After about 6 months of this, they finally gave up and I won.
Only on
When they fire that warning shot, you dump all the attacking IPs to a log and circulate the list to AHBL, Spamhaus, CBL etc so that the extortionist's zombie network is now worth half of what it was before. Zombies are only worth anything if they are novel. And you tell the extortionist that for each additional shot, their botnet monetary value will decrease by 10% or whatever.