[Full-Disclosure] DDoS and the right way to react...

From: van Helsing (vh_at_helith.net)
Date: 08/20/04

  • Next message: Mister Coffee: "Re: RE: [Full-Disclosure] Electronic Voting Machines - WinVote by Adv anced Voting Solutions"
    To: full-disclosure@lists.netsys.com
    Date: Fri, 20 Aug 2004 23:58:18 +0200
    
    
    

    I've a server and it's DDoSed for a week now.
    I informed the ISPs but they don't react so what else can I do to stop a
    damn DDoS attack?

    My server shows me about some houndrets entry like:

    tcp 0 0 62.8.206.154.80 129.125.220.178.2056
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2011
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 83.27.195.87.13242
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 129.125.220.178.2055
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2010
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 129.125.220.178.2054
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2008
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 129.125.220.178.2053
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2007
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 129.125.220.178.2052
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2006
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 129.125.220.178.2051
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 83.27.195.87.13240
    FIN_WAIT_2
    tcp 0 0 62.8.206.154.80 24.101.73.167.2005
    FIN_WAIT_2

    So what can I do?
    Or: Could somebody tell me how to contact the police in poland,
    netherland and the other country?

    Thanks for some tipps....

    vh

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: Mister Coffee: "Re: RE: [Full-Disclosure] Electronic Voting Machines - WinVote by Adv anced Voting Solutions"

    Relevant Pages

    • Re: Help improving IO::Socket script response
      ... below is to get the server type from a list of URLs. ... from 'mainurl' will be a url like "www.foo.com" ... I've googled for somehow using a timeout with IO::Socket, ... remove ISPs from the DB who either weren't in business anymore or didn't ...
      (comp.lang.perl.misc)
    • Re: SMTP Connector / Smart Host: I Need to get a smart host.
      ... > Verizon does require authentication. ... > settings, so I'm 99.999% sure it's accurate. ... > they want me relaying mail from my client's server through their server. ... Most ISPs don't do this. ...
      (microsoft.public.windows.server.sbs)
    • Re: Dedicated service servers
      ... Most ISPs I know will have a dedicated web server and ... Most ISPs need you to explicitly choose to use their free webspace or not. ... option triggers the setup of an actual account on the webserver ... ... I think the NFS mount will fail in that instance, ...
      (Fedora)
    • Re: dhcpd question for homemade linux router
      ... would be to configure your DHCP server to tell the clients that the Linux ... you are not using multiple ISPs, you could place the ISP's nameserver ... the only valid reason to be using dynamic addresses is if your computers are ...
      (comp.os.linux.networking)
    • Re: Probes on Port 135 and 445 continue
      ... where _some_ ISPs ignore complaints from the world about abuses being ... any server type function - whether a FTP site, a web page, or a streaming ... products, anti-virus products, and so on, and Microsoft can't or won't. ... made harder to control because Microsoft targets these clueless individuals ...
      (comp.security.misc)