Author |
Message |
mike hunter
Master Baiter
Joined: 11 Nov 2006
Posts: 199
|
Posted:
Fri Sep 28, 2007 4:05 am |
|
Someone had said that this attack is costly for the vlads... I am just wondering why that is. I am sure it is something obvious that I do not see. |
_________________ - "so whats the meaning of what you are saying?Are you out of your mind?" - Mike Davies
- "You are much more aware of the harm this will exhibit to the United States economy if you do not comply to the law binding this" - Jack McDonald Internal Revenue Service
x7 |
|
|
|
KeyserSoze
Elite Baiter
Joined: 06 Dec 2005
Posts: 1138
Location: Debo's pigeon coop
|
Posted:
Fri Sep 28, 2007 4:24 am |
|
Since I don't want to make my own thread (as I'm sure there are many already), I'll ask my own question also.
Is there a way to prevent this type of attack in the future, or do we just have to wait and hope that they get bored? |
_________________ "I was the head of the dradded occult menber in my university days.I have drank so many peoples blood physically if you dont know. so you people are too small for me ok?" - The soulless dunce cap lad
"WE HAVE REALLY SUFFERED GREATLY ON THIS 23 HOURS TRIP FROM IBADAN TO YOLA AND FINALLY TO MADUGURI. IT WAS A SERIOUS TERIBLE JOURNEY." - Kenny the healer - aprox 2500 miles
"I have worn your soul and I will Auction it to the land of the dead before 2 weeks. I laugh at your stupidity. I shall drink my early morning tea with your skull in the land of the dead by two weeks from now" - Cassidy the photographer -
x10 |
|
|
|
Rover
Site Admin
Joined: 13 Apr 2004
Posts: 16189
Location: North of the Limpopo
|
Posted:
Fri Sep 28, 2007 4:37 am |
|
Small to medium attacks, we can mitigate (not prevent) - large attacks like this one almost impossible. Personally I have been doing mental gymnastics examining the packets coming in trying to find a unique trait that would allow me to filter them out. I have had limited success doing this just as I think I have it! boom - a new lot of bots arrive.
Just to give you an idea here I have counted well over 3000 individual ip's attacking the server. I have no choice but to point the ip for forum.419eater.com to 127.0.0.1 (a loopback basically)
Currently on the eater server I have blocked all ip's stemming from Korea (the main protagonist of bots (on eater at least)) and Russia (well as many as I can) still hundreds get through - there is only so much one can do to mitigate this.
There are companies out there who charge thousands per month, with tons of bandwidth to mitigate it for you. We simply do not have that kind of money. Hate to say this but at the moment all you have is lil ol me! and I'm doing the best I can in between work / home life and various other sites that I help out with.
I think you ask a fair question, I'm sorry that I simply do not have the answer you would like to hear.
@Mike - to answer your question. Basically the Vlads are paying a "Bot Master" i.e a person who controls these thousands of bots to attack us. |
_________________ Rover
Latest Anti Fraud News | Email Header Analysis | Help keep Eater running | Join 419Eater on Facebook |
|
|
|
mike hunter
Master Baiter
Joined: 11 Nov 2006
Posts: 199
|
Posted:
Fri Sep 28, 2007 5:24 am |
|
So this really is not costing the vlads anything at all except to pay whoever controls the bots?
Is it poss to find out the computer controlling this and point the address at it? |
_________________ - "so whats the meaning of what you are saying?Are you out of your mind?" - Mike Davies
- "You are much more aware of the harm this will exhibit to the United States economy if you do not comply to the law binding this" - Jack McDonald Internal Revenue Service
x7 |
|
|
|
Red
Baiting Guru
Joined: 25 May 2007
Posts: 2543
Location: 6°27′11″N 3°23′45″E
|
Posted:
Fri Sep 28, 2007 5:42 am |
|
|
|
|
DrWho
Baiting Guru
Joined: 14 Jan 2004
Posts: 5486
Location: Where ever I go, there I am
|
Posted:
Fri Sep 28, 2007 5:53 am |
|
By "poss" I assume you mean possible.
Some of this is based on my understanding and how I would do it if I was to. IANAX
Bots are controlled by putting a command on a server somewhere. The program is designed to check this server for commands when the zombied computer logs into the internet. I doubt whoever controls it would use the same server every time. They would also be compromised servers. Also, I would set up the programs to help each other so a single server with thousands of computers trying to access it would not trigger any alarms.
You would need a sample of the bot running to watch what it does. Then what? Call the server owner? The compromised servers are probably run by people who could care less and who would do something about them? As fast as they are cleaned, new ones will come on line. The bots already have their instructions and will run until the owners clean their computers.
Ignorant computer owners are the biggest problem.
So the answer to your question is "no". |
_________________ "i think you people do not know whom you are talking of,i am not in any terrorist organization or planning any such of terrorist activities."
"i am not a terrorist and your america cia cna also investigate me."
"i am not a terrorist.send the shit stuff and let me get it fillied."
x12
"To Serve Man" |
|
|
|
SlayerFaith
Baiting Guru
Joined: 03 Mar 2005
Posts: 5778
Location: Vegas, baby!
|
Posted:
Fri Sep 28, 2007 5:58 am |
|
mike hunter wrote: |
So this really is not costing the vlads anything at all except to pay whoever controls the bots? |
Botnets don't come cheap, MH. Most DDoS attacks last a day or 2 and are directed at a single site; we (the anti-scam community as a whole) have been getting hammered for weeks now. You can bet it's costing the vlads a pretty penny to keep after us like this.
Rover wrote: |
Hate to say this but at the moment all you have is lil ol me! |
Lil ol you is doing an awesome job, Rover! |
_________________ x2 x24 x7 x5 x5 x96 x2 x2 x2 x2 x2 x2 x3 x3 x2 x2 (in a team effort)
ANIMAL,MY FRIEND MY PRAYER IS THIS,LET ALL MY ENEMIES BE IN TROUBLE LIKE CHRIST INGIGE,AND LAZY PEOPLE LIKE YOU BE LIKE WABARA.THANK YOU- Kelechukwu Nduka
"Did he say they have an inflatable pig? That's sick!"- Crash, Vegas 06
"You can be a right Bitch sometimes SF"- Cherrie, GenChat 07
Naked Mod pics!
|
|
|
|
mike hunter
Master Baiter
Joined: 11 Nov 2006
Posts: 199
|
Posted:
Fri Sep 28, 2007 6:35 am |
|
Ok well that goes to my question.... what are they paying for? The use of the botnet? The controllers time? I am not sure why you say it is costing a pretty penny. |
_________________ - "so whats the meaning of what you are saying?Are you out of your mind?" - Mike Davies
- "You are much more aware of the harm this will exhibit to the United States economy if you do not comply to the law binding this" - Jack McDonald Internal Revenue Service
x7 |
|
|
|
SlayerFaith
Baiting Guru
Joined: 03 Mar 2005
Posts: 5778
Location: Vegas, baby!
|
Posted:
Fri Sep 28, 2007 7:11 am |
|
The Vlads and/or Ivans behind this attack are paying for both the botnet and the botmaster's time. Botmasters (those who control and direct botnets) are criminals, hijacking thousands of unwitting victims' computers via virii that turn a regular home computer into a zombie bot that obeys the master's commands until, as Dr Who said, the owner wakes up and cleans the crapware from their system. Botmasters hire out their botnets and services to other criminals for a fee, usually for hosting illegal websites or for staging DDoS attacks like the one we are currently experiencing.
This takes quite a bit of effort (building the botnet, maintaining control, and programming an attack), for which the botmaster expects to be well paid. Like the "faker makers" who create many of the fake websites that attract the attention of the site killer crowd, botmasters are often "contractors", who do the technical dirty work for scammers who don't have the skills to do it themselves. That being the case, it's a fair bet that hiring a botmaster to stage a prolonged attack, via a botnet several thousand computers strong, on multiple websites defining an entire community, is certainly costing them more than a pretty penny. |
_________________ x2 x24 x7 x5 x5 x96 x2 x2 x2 x2 x2 x2 x3 x3 x2 x2 (in a team effort)
ANIMAL,MY FRIEND MY PRAYER IS THIS,LET ALL MY ENEMIES BE IN TROUBLE LIKE CHRIST INGIGE,AND LAZY PEOPLE LIKE YOU BE LIKE WABARA.THANK YOU- Kelechukwu Nduka
"Did he say they have an inflatable pig? That's sick!"- Crash, Vegas 06
"You can be a right Bitch sometimes SF"- Cherrie, GenChat 07
Naked Mod pics!
|
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Fri Sep 28, 2007 7:23 am |
|
It'll have cost the vlads thousands of USD, and will soon probably run in to the hundreds of thousands if the attack keeps up. A lot of trojan authors also sell their programs often for a couple of hundred dollars so it's a very lucrative business. The bigger the botnet the larger the cost, for example a 5,500 computer net would (according to a few online articles) cost about $350 for a day. The one attacking us is much larger and has been going on longer, so you get the idea.
Basically we're costing the vlads a bloody fortune and we're still here |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Tommo Shanter
Baiting Guru
Joined: 13 Jan 2006
Posts: 5378
Location: Whom the gods would destroy, they first make mad. - Euripides
|
Posted:
Fri Sep 28, 2007 8:35 am |
|
Rodus Longus wrote: |
It'll have cost the vlads thousands of USD, and will soon probably run in to the hundreds of thousands... |
Sadly, all financed by the proceeds of crime...check scams... love scams...racketeering...drugs...prostitution...human trafficking... etc etc. |
_________________ £1,052,334.30 (=US$2,121,125.60) lads fake cheques out of circulation (at 11/6/2008)
x135 (at 26/9/2008) x138
"i see your not interested in the transaction but catching your fun, calling names and my muckery of me." - Usman Bello
"You need to visit a good psychiatrist very fast, because some nuts are missing from your brain." - PROF.SOLUDO
"...it is very important you forward the your cycling proficiency certificate which by right belongs to you." - Prof Charles Soludo.
"note i can still change my mind to blow you off and whenever" - T0ny 'The Killerman' Erik
YOUR GENERATION WILL ROAST IN ABSTRACT POVERTY,BASTARD IDIOT -Daniel Mensah
|
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
Posted:
Fri Sep 28, 2007 9:08 am |
|
|
|
|
Tommo Shanter
Baiting Guru
Joined: 13 Jan 2006
Posts: 5378
Location: Whom the gods would destroy, they first make mad. - Euripides
|
Posted:
Fri Sep 28, 2007 11:30 am |
|
^^^^...and Premiership football clubs. |
_________________ £1,052,334.30 (=US$2,121,125.60) lads fake cheques out of circulation (at 11/6/2008)
x135 (at 26/9/2008) x138
"i see your not interested in the transaction but catching your fun, calling names and my muckery of me." - Usman Bello
"You need to visit a good psychiatrist very fast, because some nuts are missing from your brain." - PROF.SOLUDO
"...it is very important you forward the your cycling proficiency certificate which by right belongs to you." - Prof Charles Soludo.
"note i can still change my mind to blow you off and whenever" - T0ny 'The Killerman' Erik
YOUR GENERATION WILL ROAST IN ABSTRACT POVERTY,BASTARD IDIOT -Daniel Mensah
|
|
|
|
Morgul
Not quite a Newb
Joined: 10 Sep 2006
Posts: 59
|
Posted:
Fri Sep 28, 2007 11:35 am |
|
SlayerFaith wrote: |
You can bet it's costing the vlads a pretty penny to keep after us like this. |
And the beautiful thing is, they're just wasting their money! We're still up and running and they don't even realize it.
good job, Rover and company! Thanks for all your work! |
_________________ Click here to support 419Eater.com
"i am sorry .take me vas you take me before you know that i am a small gril." - Ei1m4 Wi11iams |
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Fri Sep 28, 2007 11:35 am |
|
It may have been financed by crime but the approximate amount of money contributed to the Russian economy by nefarious means is $20 billion a year. Most things there seem to be financed by dodgy money. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Mike
Master of Master Baiters
Joined: 30 Nov 2003
Posts: 721
Location: Dublin, Ireland
|
Posted:
Fri Sep 28, 2007 12:22 pm |
|
Tommo Shanter wrote: |
^^^^...and Premiership football clubs. |
|
_________________ With your behavior I don't think that I will work with you. We are talking of money and with your altitude if I transfer this fund in your personal account you will seat on top of this money.
|
|
|
|
Fo'andles
Elite Baiter
Joined: 06 Jul 2007
Posts: 1654
Location: busy doing nothing, somewhere
|
Posted:
Fri Sep 28, 2007 3:16 pm |
|
Just a thought,
Rodus Longus mentioned, this attack is costing about $350 a day, now if the idiots have bought a $10,000 package, then at $350 per day, this equals out about 28 and a half days.
CC reported that they have been under attack since the 2nd of September, then the 28 days would end as from this Sunday(31).
It could be that one site was chosen and other sites have been added to the original package. |
|
|
|
|
luckey
Moderator
Joined: 25 Jan 2007
Posts: 5672
Location: Check the lost and found
|
Posted:
Fri Sep 28, 2007 3:30 pm |
|
My company was an "ignorant computer owner" for a while. We were being used as a spam relay and since we had plenty of bandwidth and server space, our IT guys only noticed when our domain got blacklisted. This was some time ago, and we have new (better) IT guys now. My point is, there are a lot of computer owners out there that don't know what they don't know. Individuals and businesses alike.
Broadband is so prevalent now, and so many computers are on all the time, regardless of how often they are used, bot nets must be more potent than ever. |
_________________ Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased. |
|
|
|
bill2
Baiting Guru
Joined: 10 Sep 2006
Posts: 5495
Location: Yeah who can tell me where I am?
|
Posted:
Fri Sep 28, 2007 4:21 pm |
|
The next question, how can I tell I'm clean or what should I look for to make sure that.... Running all kind of anti virus and firewall things, but with no real knowledge I might as well be in the chain. Shutting the computer down when not used is one thing I do. But if they "hacked" an eatermember they might know all changes as they happen. Those things are getting too complicated for an entertainment center, cause all you can do with them is play |
_________________ I don't do bling, I just do lads |
|
|
|
windypops
Baiting Guru
Joined: 25 Jan 2005
Posts: 6059
Location: Planet X
|
Posted:
Fri Sep 28, 2007 4:32 pm |
|
All you can do is keep your anti virus database up to date and scan regularly.
From what I know, it's virtually impossible to keep on top of all the various flavours of trojans and stuff because they evolve so quickly.
It takes someone 'in the know' to notice what is going on first before a countermeasure can be developed.
I read in a pc magazine a while back that in a lot of cases, it can be six months or more before anyone has any idea they are infected with one.
The good guys are always playing catch up. |
_________________ "No amount of semen donation will save this situation" Sanny Sanny
"We must disagree to agree" Raji Musa
If it's LADS you want. GoTo: http://www.yopmail.com/
and sign in with either ladmail or kentbrockman
|
|
|
|
Ima Baeder
Baiting Guru
Joined: 03 May 2007
Posts: 18313
|
Posted:
Fri Sep 28, 2007 5:12 pm |
|
Back to Mike's question about pointing at the "boss" and taking him out:
From what I've read (disclaimer, I could be wrong) the botnet system isn't like one hive with one queen, where you can take out the queen and destroy and confuse the whole hive. It's more like several hives with several queens creating a superhive.
I've also read some scary discussions about the botnets becoming more sophisticated so that they can essentially "learn" and adapt
It would be helpful here if anyone has links to interesting/informative resources on botnets. I for one, would be glad to read them.
edit: fixed clunky wording |
_________________ 348 Fake Sites killed
x 100 2 Years |
|
|
|
swordfish
Master Baiter
Joined: 08 Feb 2005
Posts: 147
|
Posted:
Fri Sep 28, 2007 5:28 pm |
|
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Fri Sep 28, 2007 5:44 pm |
|
|
|
|
Zorro
419Eater is my life
Joined: 01 Feb 2007
Posts: 377
Location: In levitation
|
Posted:
Fri Sep 28, 2007 6:50 pm |
|
L'ill ol' Rover <-- s-i-g-h ... I guess we'll just have to manage with you
On a serious note, is there any reason for this sudden and sustained ddos? Did anything in particular happen in Aug or early Sep? |
_________________ Begin at the beginning and go on till you come to the end; then stop
There is one way to find out if a man is honest; ask him! If he says yes, you know he's crooked.
The only reason for time is so that everything doesn't happen at once. |
|
|
|
FireWyrm
Master Baiter
Joined: 09 Jun 2007
Posts: 213
Location: Caesar si viveret, ad remum dareris
|
Posted:
Fri Sep 28, 2007 8:52 pm |
|
Ima Baeder wrote: |
Back to Mike's question about pointing at the "boss" and taking him out:
I've also read some scary discussions about the botnets becoming more sophisticated so that they can essentially "learn" and adapt
|
My god, we're being attacked by an AI... Scary indeed |
_________________ Diagonally parked in a parallel universe
"SCHOOLS FOR THE DEAF/DUMPS" - Frank
"I will not live long since my ailment has defiled all forms of medical treatment" - Victoria
PLEASE IGNORE ANY FURTHER MESSAGE FROM CHARLES OR WHATEVER FOR GOODNESS SAKE.!!! - FRANK AGAIN
so how do you want me to beat trust in you now??? (I think I've annoyed him - Frank again)
|
|
|
|
|