Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How do people DDoS? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do people DDoS?

2

Comments

  • A VPS used to DDoS would usually be detected and shutdown quickly. At least much more quickly than some random owned home PC.

  • chrispchrisp Member
    edited February 2014

    @ErawanArifNugroho said:
    may i ddosing using my 56kbps phone line?

    You can DDoS on a slow link. The cool kid today uses DNS/NTP attacks with high amplification factors. Basically how it works is you tell a server "give me a list of $foo" and then manipulate the ip you expect the server the answer to. That's it.

    In real life you would put a letter in many mail boxes containing really bad words against a person in the letter and then just sign with the victims name and see what happens.

    @sman said:
    Nobody else mentioned it here so I will. DDoS attacks exist because Windows is such an insecure PoS. If Windows was not so easy to infect with botnet software there would not be a DDoS problem. Something like 95% of all botnets are infected windows PCs.

    Not true. Windows itself is not insecure. Users are just more stupid than linux-users. They install shareware and click yes or no no matter what comes just to close some windows. I've also heard of a hacking experiment with a fresh installation of Windows Server against a Linux Server (don't know the exact distros, but was state of the art). The Linux box was hacked, the Windows box wasn't.

    Thanked by 3gkz tchen howardsl2
  • jmginerjmginer Member, Patron Provider

    In my opinion, 80% of DDoS attacks can be stopped on the carriers side (like Cogent, Level3, HE, NTT, etc...), it only need to block spoofed IP traffic. But why they dont block that spoofed traffic? Because the earn money when someone send a DDoS because the attacker is using the network and then, paying for the traffic used in the attack.

  • jmginer said: But why they dont block that spoofed traffic? Because the earn money when someone send a DDoS because the attacker is using the network and then, paying for the traffic used in the attack.

    I doubt it's that simple. To detect and effectively block attacks you would slow the entire network down to a crawl. Or maybe I'm wrong. Then again we have filtered IPs, Arbor Networks has a system, hardware firewalls, etc., but those are all data center/server side solutions.

  • jmginer said: In my opinion, 80% of DDoS attacks can be stopped on the carriers side (like Cogent, Level3, HE, NTT, etc...), it only need to block spoofed IP traffic. But why they dont block that spoofed traffic? Because the earn money when someone send a DDoS because the attacker is using the network and then, paying for the traffic used in the attack.

    Its not spoofed IP traffic. The IP's, most of the time, are legitimate residential connection IP's, and the owners have no idea that they are participating in a DDoS attack. Blocking the IP's would prevent the victims who's computers got infected by the botnet owners from accessing many other websites. Also, a DDoS attack rarely, if ever, downloads a file over and over again like shovenose, its more about the Gbps and PPS, so no, traffic isn't generally being consumed.

  • @rds100 said:
    A VPS used to DDoS would usually be detected and shutdown quickly. At least much more quickly than some random owned home PC.

    You would like to believe that.

    jmginer said: In my opinion, 80% of DDoS attacks can be stopped on the carriers side (like Cogent, Level3, HE, NTT, etc...), it only need to block spoofed IP traffic.

    Besides the fact that your post belies your ignorance of how IP routing works, the processing power required to do the necessary deep packet inspection without introducing significant latency to do this at the speeds of the links they are using is ridiculous. It takes government agency funding to do that kind of spying. What kind of equipment and load out am I going to need to do deep packet inspection on a 40 gbps link with less than 5ms of overhead? How much more is this going to cost me in setup costs and monthly costs? Could I build a second 40 gbps drop for the same price or would I just start building that 1.5 tbps drop that is going to replace my old link in 2-3 years?

  • A better question would be "Why do people DDoS?"

    Because you banned them from your minecraft server for griefing.

    Thanked by 2Mark_R Pwner
  • Mark_RMark_R Member
    edited February 2014

    @GIANT_CRAB said:
    A better question would be "Why do people DDoS?"

    Because you banned them from your minecraft server for griefing.

    Thats it lol.

    It is just a way to deal with anger for some people, but they burn their own money doing it.. just like the host that gets attacked who has to pay for all that extra bandwidth!

    everyone loses with it, except the guy that sells access to the DDoS network / booter.

  • No, the people who sell DDoS protection also make good money.

    Thanked by 1Mark_R
  • Mark_RMark_R Member
    edited February 2014

    @rds100 said:
    No, the people who sell DDoS protection also make good money.

    How could i forget about that.

  • That's why we should pass a law to legally prosecute individuals for having their PCs infected with Trojans used in DDoS attacks. I think it's time for people to start taking responsibility and not just play engineers using a technical device without reading the manual first. If you leave a gun on your table and someone steals it, shoots someone and returns it back without you even realizing it was missing, even if you didn't kill a man, you will still be held accountable for leaving your gun on the table unprotected like that.

    Thanked by 1dhamaniasad
  • @kontam said:
    If you leave a gun on your table and someone steals it, shoots someone and returns it back without you even realizing it was missing, even if you didn't kill a man, you will still be held accountable for leaving your gun on the table unprotected like that.

    Well obviously you're a lawyer.

    But no. The justice system doesn't operate on simplistic analogies.

  • Simplistic analogies? Well obviously you're a smartass.

  • @jmginer said:
    In my opinion, 80% of DDoS attacks can be stopped on the carriers side (like Cogent, Level3, HE, NTT, etc...), it only need to block spoofed IP traffic. But why they dont block that spoofed traffic? Because the earn money when someone send a DDoS because the attacker is using the network and then, paying for the traffic used in the attack.

    That makes no sense considering they peer.

  • tchentchen Member
    edited February 2014

    @kontam said:
    That's why we should pass a law to legally prosecute individuals for having their PCs infected with Trojans used in DDoS attacks.


    Most countries have a 'Unauthorized use of a computer' as part of their criminal code either at the federal or state level. Coordinating enforcement is a different matter.

    edit: Added reference: http://www.mosstingrett.no/info/legal.html

    edit: ugh, re-reading your post, I think I got what you mean now. I mistook it as something else. Nevermind.

  • @kontam said:
    That's why we should pass a law to legally prosecute individuals for having their PCs infected with Trojans used in DDoS attacks.

    But then it would become a fascist NSA-ran country? We should work on stopping them, not preventing them because that would be impossible.

  • chrispchrisp Member
    edited February 2014

    kontam said: If you leave a gun on your table and someone steals it, shoots someone and returns it back without you even realizing it was missing, even if you didn't kill a man, you will still be held accountable for leaving your gun on the table unprotected like that.

    Wow, really? Would you also punish people, whos cars got stolen, for the things a thief does with it..eg killing someone? The difference here is, that a gun is always intended to kill (people) and therefore is only made for a bad purpose. Now if computers get hacked / cars get stolen they are misused for purposes they are not intended for. So thats not a valid analogy..

    Thanked by 1Maounique
  • @kontam said:
    That's why we should pass a law to legally prosecute individuals for having their PCs infected with Trojans used in DDoS attacks.

    Passing laws is "easy". Enforcing them is the difficult part.

    Thanked by 1support123
  • @chrisp said:
    Wow, really? Would you also punish people, whos cars got stolen, for the things a thief does with it..eg killing someone? The difference here is, that a gun is always intended to kill (people) and therefore is only made for a bad purpose. Now if computers get hacked / cars get stolen they are misused for purposes they are not intended for. So thats not a valid analogy..

    Actually I know many political individuals who would argue that guns have more purposes beyond killing people, how about injuring people for self defense? Or hunting?

  • bdtechbdtech Member
    edited February 2014
  • BuyCPanel_Kevin said: Actually I know many political individuals who would argue that guns have more purposes beyond killing people, how about injuring people for self defense? Or hunting?

    Uhm no, they are meant to kill people, it's that simple.

  • jarjar Patron Provider, Top Host, Veteran

    One way you can ddos is to install a basic template to a vps, then let it sit online for a while. No work necessary.

    Thanked by 1tchen
  • GoodHostingGoodHosting Member
    edited February 2014

    Change your root password to 'root' and wait approximately 10 minutes.

    Bonus points if you're using a SingleHOP or IBM IP address, as these are "tried" far more often that the IP addresses of ColoCrossing, Level3, etcetera.

    Further bonus points if you change your root password to '' and edit your /etc/ssh/sshd_config file and allow EmptyPassword Yes. Note: passwd is smart enough to not let you set a blank password, you're going to have to do this one manually.

  • @jarland said:
    One way you can ddos is to install a basic template to a vps, then let it sit online for a while. No work necessary.

    Ya, I accidentally did that to poor nick at ramnode. A rebuild was going slower than usual that day and I got distracted and left it for a day or two. They sure work fast.

    Thanked by 1jar
  • @HardCloud said:
    Change your root password to 'root' and wait approximately 10 minutes.

    I actually was testing this. 1234 was hacked the fastest.

  • It pains me to know the bots even try that.

  • @jeffreywinters said:
    I actually was testing this. 1234 was hacked the fastest.

    Really? I installed 100 OpenVZ containers (each with 100B/s network constraints, to prevent any funny business) with various faked OpenSSH versions spat out, and tailed all the secure logs/pam logs for password attempts (with cleartext workaround to watch the attempts).

    root/root and admin/password123 were the most tried combinations (yes, "admin" was tested very heavily over SFTP for some reason.)

    On FTP the most attempted was root/rosebud ... people have been watching too many movies.

  • @HardCloud said:
    On FTP the most attempted was root/rosebud ... people have been watching too many movies.

    Haha.

    Anyway, in my (much smaller) testbed, the most used were root/1234 root/12345 root/password

Sign In or Register to comment.