ddos
Now since operation payback is going wild west style all over the net, I would like to get some info about how they do what they do.
Obviously, they are using DDOS attacks, yet as far as I know, DDOS attacks can be stopped by filtering traffic.
I am probably wrong about this, therefore I would appreciate it in case someone could provide me with some good reading material on advanced DDOS and DDOS protection?
cheers
there are thousands of different types of attacks. DDoS is just one of them. Yes every type of attack CAN be stopped. However, the systems need to have the correct programing in place to stop each attempt. The way people perform these attacks is they read up on how certain vulnerabilities work and then make a system that can execute this attack. There are those that just look for programs that are pre-coded but we do not like to talk about these people.
"The hacker told AFP that they recruit members from everywhere including imageboards , forums, Facebook, Twitter and so on. The members then download the botnet - a collection of software used to trigger the attack by activating all the systems which have downloaded the software to attack one site."
Voluntarily making your computer a part of a botnet? Sweet.
Dos attacks are kinda script kiddie attacks….you could make a dos attack program with batch…and all the dumb 4chan dildos are taking the credit for crashing mastercard..Fuck 4chan..anyway there isnt really protection from a dos attack but there is some website like google that it could not be shut down…what you do is overload the site/server with a bunch of crap..like packets of info. What you do to pull of an dos attack is have a tit load of computers attacking a site all at the same time. And stop watching Fox-News for your hacking news… And for you articles, http://www.hellboundhackers.org/articles/index.php this a good for articles. xD
Blackmercury wrote: Dos attacks are kinda script kiddie attacks….you could make a dos attack program with batch…and all the dumb 4chan dildos are taking the credit for crashing mastercard..Fuck 4chan..anyway there isnt really protection from a dos attack but there is some website like google that it could not be shut down…what you do is overload the site/server with a bunch of crap..like packets of info. What you do to pull of an dos attack is have a tit load of computers attacking a site all at the same time. And stop watching Fox-News for your hacking news… And for you articles, http://www.hellboundhackers.org/articles/index.php this a good for articles. xD
Let me elaborate.
en.wikipedia.org/wiki/Skiddie In hacker culture, a script kiddie, or skiddie, occasionally script bunny, skid, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks.
So. If a skiddie is a person who use other persons scripts and code to attack a computer system or network. Then how are they a skiddie if they make a batch script themselves?
Oh, and btw. The chance of a pinging batch script taking down any -real- target. Is probably the same as you not still living with your mother.
Furthermore. The batch script you are talking about, has absolutely nothing to do with DDoS.
As to protection against DoS attacks. There is. Lots. You clearly just know nothing of what you are talking about.
So please. Please. Be quiet.
depending on the size of the attack, there is no protection.
rejecting traffic still uses resources, so even if the sysadmin has configured everything to reject the traffic causing the DDoS… if theres enough, it will still potentially crash or slow down the system due to the resources used to reject the traffic. even if it doesnt reach the server, routers etc can still be targetted using the same princible.
correct me if im wrong.
the botnet collection used in operation payback numbers is in the 10's of thousands…. it will be interesting to see how amazons cloud network holds up in the pending attack(s).
Mr_Cheese wrote: the botnet collection used in operation payback numbers is in the 10's of thousands…. it will be interesting to see how amazons cloud network holds up in the pending attack(s).
I did a little coding trickery to get my own bot inside the IRC channel, and there's a lot less than 10's of thousands of clients. Much, much, less.
MoshBat wrote: [quote]perception wrote: All the current members of "operation payback" are downloading loic and using the combined efforts to ddos whatever target appears in the IRC channel. I'm pretty sure mastercard has already secured itself from this certain attack.[/quote]
Actually, a lot of people are using alternate tools like hping.
stealth- wrote: [quote]Mr_Cheese wrote: the botnet collection used in operation payback numbers is in the 10's of thousands…. it will be interesting to see how amazons cloud network holds up in the pending attack(s). I did a little coding trickery to get my own bot inside the IRC channel, and there's a lot less than 10's of thousands of clients. Much, much, less. [/quote] I read the other day that 'a few' LOIC clients would be enough to take websites offline like om.nl. (Dutch Public Prosecutor: openbaar ministerie) I also thought I read the number '5' somewhere, but I can't find that article anymore…
(I know it sounds like a ridiculously low amount, but perhaps the om.nl servers are just very crappy or the few DDoSers have had a LOT of bandwidth. Or both.)
GTADarkDude wrote: [quote]stealth- wrote: [quote]Mr_Cheese wrote: the botnet collection used in operation payback numbers is in the 10's of thousands…. it will be interesting to see how amazons cloud network holds up in the pending attack(s). I did a little coding trickery to get my own bot inside the IRC channel, and there's a lot less than 10's of thousands of clients. Much, much, less. [/quote] I read the other day that 'a few' LOIC clients would be enough to take websites offline like om.nl. (Dutch Public Prosecutor: openbaar ministerie) I also thought I read the number '5' somewhere, but I can't find that article anymore…
(I know it sounds like a ridiculously low amount, but perhaps the om.nl servers are just very crappy or the few DDoSers have had a LOT of bandwidth. Or both.)[/quote]
Well, om.nl was never an actual official target. It was up for debate, but Anonymous decided to go with Mastercard instead. If anyone was attacking om.nl, it was on their own accord, and not because of the botnet. It was up for debate attacking it because police in the netherlands arrested a 16 year old IRC admin from there.
Anyway, regarding Demons' original question, the LOIC software they are using has three attack methods: TCP, UDP, and HTTP. In the case of TCP and UDP, it opens a shitload of connections to the target host on various ports and spews out a message payload constantly. For HTTP, it opens a ton of web GET requests for a file named after the payload and appended with various random characters. The botnet was usually set to the TCP method.
There are also many other branches of the LOIC software, and a few rewrites. PyLOIC, JS LOIC, Java LOIC, HOIC, etc… Most of them are in development or have reduced functionality, though.
I don't know about the other LOIC software, but PyLOIC, JS LOIC, and the "stock" LOIC don't use any attempts to hide the user. Usually DDOS attackers can use IP spoofing, but LOIC didn't implement this as it enhances the ease of blocking the attacks or can be blocked by ISP's using basic egress filtering. However, the only two arrests that have been made were of that 16 year old IRC admin and another guy who attacked the Netherlands website in retaliation.
Either way, these attacks are easy to detect, especially the HTTP ones. But Mr. Cheese is right, doing DDOS protection results in DDOS'ing the machine that's doing the protecting. The best you can do is mitigate the attacks.
Hope that helps ;)