[Full-Disclosure] DDoS and the right way to react...

From: van Helsing (vh_at_helith.net)
Date: 08/20/04

Next message: Mister Coffee: "Re: RE: [Full-Disclosure] Electronic Voting Machines - WinVote by Adv anced Voting Solutions"

Previous message: David Vincent: "Re: [Full-Disclosure] Windows Update"
Next in thread: Steffen Schumacher: "Re: [Full-Disclosure] DDoS and the right way to react..."
Reply: Steffen Schumacher: "Re: [Full-Disclosure] DDoS and the right way to react..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Fri, 20 Aug 2004 23:58:18 +0200

I've a server and it's DDoSed for a week now.
I informed the ISPs but they don't react so what else can I do to stop a
damn DDoS attack?

My server shows me about some houndrets entry like:

tcp 0 0 62.8.206.154.80 129.125.220.178.2056
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2011
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 83.27.195.87.13242
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 129.125.220.178.2055
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2010
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 129.125.220.178.2054
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2008
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 129.125.220.178.2053
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2007
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 129.125.220.178.2052
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2006
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 129.125.220.178.2051
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 83.27.195.87.13240
FIN_WAIT_2
tcp 0 0 62.8.206.154.80 24.101.73.167.2005
FIN_WAIT_2

So what can I do?
Or: Could somebody tell me how to contact the police in poland,
netherland and the other country?

Thanks for some tipps....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: stored

Next message: Mister Coffee: "Re: RE: [Full-Disclosure] Electronic Voting Machines - WinVote by Adv anced Voting Solutions"

Previous message: David Vincent: "Re: [Full-Disclosure] Windows Update"
Next in thread: Steffen Schumacher: "Re: [Full-Disclosure] DDoS and the right way to react..."
Reply: Steffen Schumacher: "Re: [Full-Disclosure] DDoS and the right way to react..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Help improving IO::Socket script response
... below is to get the server type from a list of URLs. ... from 'mainurl' will be a url like "www.foo.com" ... I've googled for somehow using a timeout with IO::Socket, ... remove ISPs from the DB who either weren't in business anymore or didn't ...
(comp.lang.perl.misc)
Re: Dedicated service servers
... Most ISPs I know will have a dedicated web server and ... Most ISPs need you to explicitly choose to use their free webspace or not. ... option triggers the setup of an actual account on the webserver ... ... I think the NFS mount will fail in that instance, ...
(Fedora)
Re: SMTP Connector / Smart Host: I Need to get a smart host.
... > Verizon does require authentication. ... > settings, so I'm 99.999% sure it's accurate. ... > they want me relaying mail from my client's server through their server. ... Most ISPs don't do this. ...
(microsoft.public.windows.server.sbs)
Re: dhcpd question for homemade linux router
... would be to configure your DHCP server to tell the clients that the Linux ... you are not using multiple ISPs, you could place the ISP's nameserver ... the only valid reason to be using dynamic addresses is if your computers are ...
(comp.os.linux.networking)
Re: Probes on Port 135 and 445 continue
... where _some_ ISPs ignore complaints from the world about abuses being ... any server type function - whether a FTP site, a web page, or a streaming ... products, anti-virus products, and so on, and Microsoft can't or won't. ... made harder to control because Microsoft targets these clueless individuals ...
(comp.security.misc)