Techwatch is back online following a sustained denial of service attack that left the digital TV news site unavailable for two days earlier this week. The botnet-powered assault was accompanied by blackmail demands posted on the site's forum through compromised zombie machines. These threatening messages claimed the site was …
Had this happen to a gambling related company I used to work for a few years ago. The script kiddie emailed us demanding a £12k ransom, we ended up purchasing a 30k/year service where our traffic was routed through a 3rd party server which filtered out the bad packets. The site was unavailable for about week causing a customer service nightmare, and interfered with our autmated feeds. Once the site came back online, we took a significant hit in our visitor stats which took months to recover from
Questions about the DDoS attach
I'd be curious to know what OS the computers involved in the DDoS were running and whether they are part of a government agency, crime organization, or simply hacked computers.
I'm gettin' my rant on
Troubles like this should come back to the computer owner and the software developer. The computer owner needs to be responsible for keeping the computer up-to-date with software patches. The software provider (OSs included here) needs to be responsible for developing, maintaining, and patching (in a timely manner, more often than monthly) a secure computing environment.
If a software provider cannot provide a secure computing environment then they should be responsible, economically, to those who suffer from their inability to do so.
Tell-tale signs for the non-log watchers
This is the type of behaviour that has been filing my dns logs several times a second, at times from different IPs, for weeks now. the blocked ip list on my firewall grows by at least 2 new ip addresses every day.
31-Jan-2009 03:35:45.214 queries: client xxx.xxx.xxx.xxx#65233: query: . IN NS +
31-Jan-2009 03:35:45.214 security: client xxx.xxx.xxx.xxx#65233: query (cache) './NS/IN' denied
I had just finished blocking one IP at 10:00PM PST, then this and two other IPs started hitting me 2 hours later. It sucks. My DNS server is being used to generate traffic back to the sites being attacked through root queries in the form of denied dns messages, and all I can do is just keep blocking IPs. It' not slowing my traffic down at all. It's just time consuming and frustrating.
- IT bloke publishes comprehensive maps of CALL CENTRE menu HELL
- Nine-year-old Opportunity Mars rover sets NASA distance record
- Prankster 'Superhero' takes on robot traffic warden AND WINS
- Analysis Who is the mystery sixth member of LulzSec?
- Comment Congress: It's not the Glass that's scary - It's the GOOGLE