Packet shaping + Disconnection from the network with a generic catch-all DNS redirect to a page with the virus cleaner would work quite well on mitigating the attack from the ISP's side. But what do they care, it's just their bandwidth:)
Some of the site's are using DNS records to point back to 127.0.0.1 and lowering their TTL so the botnet machines attack themselves. Easy way to defend (in some way) a DDoS. Don't count on the site(s) being up until the owners are sure more bandwidth / CPU cycles won't be wasted.
Doesn't that seem like a poor allocation of resources on behalf of the bot net controllers? I mean, how long could a DDOS attack possibly be carried on? A few hours? Maybe a day at most? I can see that, for a retailer, that sort of thing would seriously impact business but if these sites go down for a day, does that really matter? They could have it run for a month or two. With the lack of knowledge of PC users, and the mass-spreading technique, and the fact we have cable infected PCs and now have zombied Verizon FiOS machines, that's some serious bandwidth. This is just a slap on the wrists from the runners of the botnet, perhaps making a point?
Or you can always get the idiot PC users who download.exe's ,.pif's etc from email and get them a bloody virus scanner. Anyone think of attacking that end instead of putting the site on a damn quad-core w/ GigE uplink?
user@my-box:~$ host aa419.org
aa419.org has address 127.0.0.1 Actually this is the SMART thing to do.
If they're attacking the hostname of the website, any smart admin would change the DNS record to lower the TTL to update, and update their address to 127.0.0.1. This way the botnet boxes end up attacking themselves. I've done it before. Then once the attack is over you update your A name record to the actual IP.
Slashdot Mirror
Dick off, I asked a question, with the 'Web Host Gone' / this, it seems the stories are getting less "news worthy" - Even for the intertubes.
How is this news? /. does not equal Digg.
Or a lock box key...
He was just middle aged, I smell something wrong here. I suggest a full investigation into the causes of his untimely demise... Slow news day, huh?
Packet shaping + Disconnection from the network with a generic catch-all DNS redirect to a page with the virus cleaner would work quite well on mitigating the attack from the ISP's side. But what do they care, it's just their bandwidth :)
Exactly. Perhaps I'm not seeing the incredible technology here... Maybe if it had a calendar, or YouTube...
Google Earth + Touch Screen + Plasma = How many billion? Brilliant.
Some of the site's are using DNS records to point back to 127.0.0.1 and lowering their TTL so the botnet machines attack themselves. Easy way to defend (in some way) a DDoS. Don't count on the site(s) being up until the owners are sure more bandwidth / CPU cycles won't be wasted.
Or you can always get the idiot PC users who download .exe's , .pif's etc from email and get them a bloody virus scanner. Anyone think of attacking that end instead of putting the site on a damn quad-core w/ GigE uplink?