OcUK DDoS attack - £10,000 reward

oldbag · 21 Jan 2009 at 19:41

If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.

Pilky01 · 21 Jan 2009 at 19:41

Chimerical said:
If thats the case try suspending Tefal, Dangerstat, Pilky01 and Yantorsen all at the same time for a week. This will fix the problem.

I take offence to that comment, all my posts are full of content, intellect and are very interesting.

-Ad- · 21 Jan 2009 at 19:41

Has someone got through your firewall with a CIP device.

Get Jack 'Tefal' Bauer onto it !!!!!

UL btw certainly someone/some people trying hard.

Cyber-Mav · 21 Jan 2009 at 19:41

Spie said:
With the greatest respect you have no idea of the facts involved. I do, hence the reward.

well i dont get it, you make a thread trying to find out who attacked the site yet you dont provide these "facts involved", im not sure who is actually going to be able to get an idea on this attack unless they were involved in part of the attack.

then again, looking at it from your point of view, if the facts you have are specific enough to pin point the suspect then i can see why you cant post them on here since as mentioned in a previous post suspect details cant be put down in this thread, contact has to be made via email or the other methods of correspondence posted above.

Housey · 21 Jan 2009 at 19:42

oldbag said:
If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.

That's just a noise mate :eek:

Solari · 21 Jan 2009 at 19:42

oldbag said:
If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.

Methinks the buffers would quickly become full in this scenario so probably wouldn't achieve much

asim18 · 21 Jan 2009 at 19:43

Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.

Cyber-Mav · 21 Jan 2009 at 19:43

2StepSteve said:
hmm there is always two ways to respond to a DDoS attack, could just keep quiet, but considering ocuk is losing money I don't think they would want to sit back and not saying anything. Spie said at the start of this thread the attack has been going on for 10 days, is a long time.

well thats what happens when someone on msn provides a link thats halfway through this thread and i just go off posting.

oldbag · 21 Jan 2009 at 19:43

Housey said:
That's just a noise mate

You what?

Rroff · 21 Jan 2009 at 19:44

I think the point was to try and make the attacker realise this is serious... if caught they face the possibility of a lot of jail time right now.

Is it really worth spending 10 years unable to sit down over some petty issue.

Solari · 21 Jan 2009 at 19:44

asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.

Read the thread - quite a few knowledgable people have already banged their heads against the wall trying to explain things

Housey · 21 Jan 2009 at 19:45

oldbag said:
You what?

An attempt at humour. All those acronyms lost my fragile little mind

benwoodcock · 21 Jan 2009 at 19:45

Good luck catching the culprit

Happy · 21 Jan 2009 at 19:46

I hope that you get this sorted asap, must have unfortuantly cost OCUK a fair bit if they are offering 10K

Best of luck.

oldbag · 21 Jan 2009 at 19:47

haha. ok.

The major hassle is the bandwidth you end up paying for because some idiot attacks you.

Rroff · 21 Jan 2009 at 19:48

asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.

This would only slightly mitigate the bandwidth impact but you'd still have 1000s of connections a minute to deal with.

You'd need to set this up with downstream carriers to really stand a chance of this having any serious dent in the attack - and they are an't exactly the most cooperative unless chased up by law enforcement.

Tom|Nbk · 21 Jan 2009 at 19:48

oldbag said:
If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.

Yea, erm I completely agree, ICMP packets yea go for that oh and CAR yea definetely.

Mr^B · 21 Jan 2009 at 19:48

asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.

erm, that's the first D of DDoS, it's not the same IP address making thousands of requests, it's thousands of IP addresses making thousands of requests.

Which is why it works. And why blocking a single IP address for making requests too quickly, and that sort of protection is standard even on £25 Mickey Mouse home routers.

It seems that this (with it's dearth of technical details) is a social engineering problem rather than a technical one. ie. they're hoping someone here will shop someone in.

I hadn't really noticed and just assumed that you were having server hardware problems!

Cyber-Mav · 21 Jan 2009 at 19:49

oldbag said:
haha. ok.

The major hassle is the bandwidth you end up paying for because some idiot attacks you.

hence why i said that 10 grand should be saved up for more than an tiscali 10gig a month limit broadband account.

QlimaxUK · 21 Jan 2009 at 19:49

an attack?! :eek:

and i thought that ocuk simply had lots of forum users

has anyone seen that movie 'eagle eye' it was one of those computers, can i have my 10k now?