Feeds

back to article Miscreant menaces Meetup, minuscule money mania mashed

Meetup.com has gone public with one of the most paltry ransom demands The Register has seen – but rather than pay up to end a distributed denial-of-service (DDoS) attack, the klatch organizer instead put up with its site being repeatedly hosed offline, we're told. The website said its woes began on Thursday when it received a …

COMMENTS

This topic is closed for new posts.

Why do I get the feeling that somewhere there is a high school computer lab which isn't sufficiently monitored?

1
3
Silver badge

It's easy enough

to rent a botnet. And not exactly difficult to build one.

A high school computer lab is not required... An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server. It only takes a few seconds to run a prepared script, it could be done whilst driving past without stopping.

No I didn't down vote you.

2
0
Bronze badge

Re: It's easy enough

"An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server."

True enough, but if every ISP actually configured their network properly, such an attack would be more difficult to pull off with spoofing. A spoofed MAC address is one thing, but one has to have an IP. Many spoofers still spoof an IP that is not part of the ISP network, hence should not have routing accepted.

0
1

Re: It's easy enough

You're usually behind a NAT gateway when connected to a wifi connection, so all you need is for the local router to accept your MAC address, which it has no reason not to.

The ISP network only talks to the local router, which has a correct IP and MAC address.

0
0

Re: It's easy enough

> not exactly difficult to build one

It's trivial to DDoS. You download the software, insert the IP or URL to hammer, and go. I said high school because like universities they often have gigabit networks, and unlike unversity students the culprit might feel that $300 was a lot of money. Plus the target was Meetup.

> An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server

You are seriously overestimating the amount of effort (or planning) needed to DDoS a third-tier site like Meetup.

>I didn't down vote you

I don't mind downvotes. Until The Reg implements a "user X has replied to your post Y" function it's the best way to tell that a post may have garnered replies.

1
0
Silver badge

'Give me your wallet'

It's just coward-grade mugging. There's not even the skill, art or finesse of a good security breach, it's just thuggery.

To think, the internet used to be such a nice place before the public and ad men were allowed in.

0
0
Bronze badge

Re: 'Give me your wallet'

"To think, the internet used to be such a nice place before the public and ad men were allowed in."

It's funny, I actually found a Viagra ad in my spam folder. I chuckled over it after I deleted the rubbish.

We used to build stories out of SPAM captured by our mail filters. Such as enjoying our all expense paid vacation in the Virgin Islands, enjoying the fruits of our Nigerian investments and enjoying our discounted Viagra, with assorted additions to make the story flow better, but all from that crap inundating our filters.

One finds stress relief somehow, as we can't shoot the bastards out of a cannon and into a midden heap.

0
0

Involve the cops pronto

Get the police involved, then agree to pay the money. Sort out some means of paying that is trivially traceable, and set Plod off to sniff down the blackmailers; pretty soon, exit crminial numpties stage left.

3
0
Bronze badge

An alternative would have been ....

..... 'I will give you $500 for documented proof of who hired you' then hand over to the police if he agrees hopefully getting DDOS'r and his client in one.

0
0
This topic is closed for new posts.