DDOS Attacking

Glacius

Glacius

Glacius

Associate
Joined
6 Dec 2013
Posts
500
Hey All,

I am basically posting this on behalf of a small gaming community and group of players but basically our dedicated server, gaming servers, website, IRC, Teamspeak has been under constant DDOS attacks for the last 4 months and not only our servers but others who are related to the game and even the people who made the game are having there site and services attacked, numerous measures and amounts of money have been put into trying to stop this guy and have done nothing, we have his IP/ISP and location (roughly).

He has null routed are dedicated server and doing it to various servers related to the game, is there anywhere at all we can report these kind of attacks and have something done, the community and game is at breaking point as as soon as a server has any players its attacked, he even has been on IRC and threatening people and trying to extort money to stop the attacks and acting like a smartass.

We have tried various server providers offering different types of security but this guy as managed to crash them all, we are getting UDP flooded at over 50GB's a second and thousands of connections .

Just need some advice as we really don't know what route to take now and if we can take this further legally.
 
Last edited:
How conclusive is your data on the individual you believe to be behind it? I doubt if he has a BN with that capability he is stupid enough to be tracked down to actual IP, but you never know with some of these muppets.

Depending on what data you have, and if you have directly spoken and been over this with your providers and they are not helping/resolving this what so ever, the next port of call is the police. At the end of the day, he isn't attacking only you guys privately, he is attacking your hosts infrastructure.
If you have the data on him/them and your logs coupled with logs and data from other parties affected, getting the hosts onboard will help, but the relevant law authority is the next step.

There isn't really a quick fix here.
 
Hiring a botnet is cheap and trivial to do.

Contact the police asap with the information you have. In the meantime all you can do is run mitigation against the attacks. Unfortunately DDoS mitigation is expensive if you want to buy it from a provider if the attacks can't just be null routed.

Glacius said:
he even has been on IRC and threatening people and trying to extort money to stop the attacks and acting like a smartass.
Click to expand...
The guy is a grade A idiot. That's plenty of information for the authorities to work with. You need to contact the police asap with the information you have.

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cyber-crime-unit
 
Sadly this guy seems to be hiring multiple bot nets not and hitting us with stupid amounts of UDP data, Thanks for the replies above as well, we have tried to talk to his own ISP and also the people who host our servers and only reply we get from both is "As this is not effecting a business system/server we are not able to take this any further" bare in mind this are all servers and providers in the USA which makes things more aqward.

In terms of his IP address/location this was all grabbed from IRC where there are he can't hide behind VPN etc.

Just getting really tiresome now... Have gone down the route of reporting to police etc but really don't seem that fussed.
 
Thanks for the reply KIA, we already have a dedicated box with OVH, and as good as there mitigation is the type of attacks this guy is using against us specifically is getting through there system.

This guy has been doing this to tiny communities for some time now.
 
So, the bottom line with DDOS attacks on community type sites today is, unless you're prepared to spend a lot of money to mitigate the attacks or you can get police interest in doing something about it then you're in a bind.

I have heard anecdotal stories that the best way to stop these attacks is to pay them off, I'm not suggesting that and I feel very uneasy knowing some people do it but from a purely economic standpoint, if the police aren't interested then it may well be cheaper to pay them off than to pay the mitigation costs for a 50/100/200Gbps attack.

But yeah, you're best bet is figuring out how to get the police interested, you can try getting a better host who cares more about your business and might help out in that regard (OVH etc are huge orgs who would rather loose you as a customer than spend time on helping you with stuff like this, it's just not worth the money to them).
 
Glacius said:
In terms of his IP address/location this was all grabbed from IRC where there are he can't hide behind VPN etc.
Click to expand...

Errr...no reason he can't hide behind a VPN on IRC...indeed there are IRC clients around with TOR integration too. IRC is completely trivial to be completely anonymous on...
 
bigredshark said:
Errr...no reason he can't hide behind a VPN on IRC...indeed there are IRC clients around with TOR integration too. IRC is completely trivial to be completely anonymous on...
Click to expand...

Indeed - I spent all my time on IRC behind a BNC with my own fancy "hostname" heh. (If you really wanted to mess with someone you could setup a vhost to look like a residential IP as well).

Dunno if the Amazon AWS or similar platform has anything that would be useful in this case - they are a lot harder to take down compared to the smaller companies that are basic 2-3 guys running it from home and a handful of rented dedis.
 
Last edited:
This is part of the problem aka the bandwidth this guy is using to attack us with we would need to spend a fortune hosting and firewall wise to try and mitigate it all and I know a lot of people in the community would help but its a lot to ask and no 100% guarantee he can't somehow find another way to crash the dedicated server which brings everything we host down.

As for paying him off as he wants we have no guarantee again that he will stop and not ask for more a few days later etc so it seems we are screwed if we do screwed if we don't at the moment.

We actually have 2 dedicated server and I am not that knowledgeable when it comes to this kind of thing but is it possible to setup a proxy or VPN tunnel from one server to the other and then try to some how filter out the thousands of connections he is sending our way aka different to real world connections??
 
Game begin with R and end with X?

I would move to a proper game hosting company. I would suggest Killercreation now known as Gaming Deluxe. Although they suffered last year from DDOS. This year they have been a lot better and suffered no further attacks. I have already talked to them when Goku mentioned problem to me. Perhaps ct could trail a dedi box for a month with them.
 
Last edited:
We don't know the person who's doing it personally no, just he does come onto IRC and talk (crap) about what he is doing and generally talks crap to people that's as much as we know sadly.
 
I think you're just going to have t o find a hosting company that can deal with attacks of this size :( try the larger ones.

Nox
 
You must log in or register to reply here.
Back
Top Bottom