Greetings to all;

I apologise in advance for posting this on the main messageboard but I'm guessing the majority of experts look here if anywhere first and right now I need some help.

For the last 2 weeks my site has come under very heavy and sustained attack from lamer(s) attempting to halt the router using DoS attacks (sound familiar?), its a very simple method and as fravia+ found out, its not fun to try and defend against.

Unfortunately the attacks over the last 2 weeks (I hate to say it) have been pretty successful in bringing the router to its knees, sometimes killing the site for 12hrs a day (and they are still continuing :-( ).

With this in mind my first request is for any advice from those of you who have experience in dealing with this sort of problem. I can furnish more technical information as required.

On a second note, perhaps more importantly (I'm VERY angry) and I have a good idea who the individuals are behind this, since the attacks co-incided with the exact same day I started frequenting a particular IRC channel. Yes, I'll be sure to start my search in Germany.

I'll not issue any more veiled threats on this post, right now I just want to contain these morons, since they use pretty dull and unintelligent techniques, although I'm also pretty sure they read these msgboards too.

Any advice would be welcomed in the first instance.

Regards and thanks in advance (this applies to the many good people who frequent this board and the scene).

CrackZ.

Unfortunately, there isn't too much you can do personally. The best you can do is find out what you're being DoS'd with (ICMP, UDP, invalid TCP packets, etc) and contact your upstream provider. They should be able to contact the appropriate upstream provider that they use and relay the info to them. Essentially the traffic has to be traced back to it's origin one step at a time. As long as the DoS they are using requires obscene amounts of traffic or a bizarre packet type, it can be singled out amongst all the other traffic and the source pinpointed. You just have to hope that all the upstream providers will cooperate in order to track them down. If even one link in the chain refuses to help, you're screwed.

If you happen to know the source's service provider, simply talk to them instead. Any ISP should be able to determine if a DoS is originating from one of their customer's links assuming they have someone who knows anything about network monitoring.

Hi crackz, we can also try something very easy :
I have enough place here to temporary host you if you want, you
move the site here, update your links.
Believe me on this : this place's admins are very efficient against those sort of attacks.
mail me directly if you're interested.
regards,

+Tsehp

Hiya crackz,
checkout http://grc.com/r&d/nomoredos.htm
I saw something about DOS and stuff. Maybe it might be useful.

Regards
EB

Dear friend CrackZ,
in my (personal) experience such attacks are mostly performed by rogue crackers paid by dongle companies (read Haladdin in most cases*:-).

Your best retaliating chances are NOT through reverse tracking (wont work coz one of the rings will always fail, alas)... in my opinion you will be better served trough social reversing approaches (luring, faking, stalking, see my actual site at searchlores.org for a starter on these aves)

I suggest you build a fake avatar, then play it loose for a while, offering a lot, then infiltrate, discover, punish, destroy.

Such an approach takes quite some time -sure- but, believe me, revenge is a speciality that tastes better if served cold... and believe me, the moment when you find out and locate them 'phisically' is quite a nice experience, ehehe... at vindicta bonum vita iucundius ipsa...

Many of those, among +Tsehp's readers, that have really useful sites (and will THEREFORE be attacked soon or later) will experience similar problems, as +Tsehp and many other +HCUkers have.

You should actually be proud. No real knowledge site has ever existed without being HEAVILY attacked soon or later.

Fravia+

Greetings to Fravia+ & EB.

Just a very quick note of thanks to both of you for taking the time to respond, I'll be certain to follow up your advice :-) and I have a feeling its going to be quite a chase.

Regards

CrackZ.