Techwatch is back online following a sustained denial of service attack that left the digital TV news site unavailable for two days earlier this week. The botnet-powered assault was accompanied by blackmail demands posted on the site's forum through compromised zombie machines. These threatening messages claimed the site was …
Had this happen to a gambling related company I used to work for a few years ago. The script kiddie emailed us demanding a £12k ransom, we ended up purchasing a 30k/year service where our traffic was routed through a 3rd party server which filtered out the bad packets. The site was unavailable for about week causing a customer service nightmare, and interfered with our autmated feeds. Once the site came back online, we took a significant hit in our visitor stats which took months to recover from
Questions about the DDoS attach
I'd be curious to know what OS the computers involved in the DDoS were running and whether they are part of a government agency, crime organization, or simply hacked computers.
I'm gettin' my rant on
Troubles like this should come back to the computer owner and the software developer. The computer owner needs to be responsible for keeping the computer up-to-date with software patches. The software provider (OSs included here) needs to be responsible for developing, maintaining, and patching (in a timely manner, more often than monthly) a secure computing environment.
If a software provider cannot provide a secure computing environment then they should be responsible, economically, to those who suffer from their inability to do so.
Tell-tale signs for the non-log watchers
This is the type of behaviour that has been filing my dns logs several times a second, at times from different IPs, for weeks now. the blocked ip list on my firewall grows by at least 2 new ip addresses every day.
31-Jan-2009 03:35:45.214 queries: client xxx.xxx.xxx.xxx#65233: query: . IN NS +
31-Jan-2009 03:35:45.214 security: client xxx.xxx.xxx.xxx#65233: query (cache) './NS/IN' denied
I had just finished blocking one IP at 10:00PM PST, then this and two other IPs started hitting me 2 hours later. It sucks. My DNS server is being used to generate traffic back to the sites being attacked through root queries in the form of denied dns messages, and all I can do is just keep blocking IPs. It' not slowing my traffic down at all. It's just time consuming and frustrating.
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star
- New Facebook phone app allows you to stalk your mates
- Battle of the Linux clouds! Linode DOUBLES RAM to take on Digital Ocean