OcUK DDoS attack - £10,000 reward

Status
Not open for further replies.
If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.
 
Has someone got through your firewall with a CIP device.

Get Jack 'Tefal' Bauer onto it !!!!!



UL btw certainly someone/some people trying hard.
 
Spie said:
With the greatest respect you have no idea of the facts involved. I do, hence the reward.
Click to expand...

well i dont get it, you make a thread trying to find out who attacked the site yet you dont provide these "facts involved", im not sure who is actually going to be able to get an idea on this attack unless they were involved in part of the attack.

then again, looking at it from your point of view, if the facts you have are specific enough to pin point the suspect then i can see why you cant post them on here since as mentioned in a previous post suspect details cant be put down in this thread, contact has to be made via email or the other methods of correspondence posted above.
 
oldbag said:
If you're using cisco you can using things like CAR to rate limit ICMP packets and rate limiting for SYN packets provided you know the rate when activity is normal.
Click to expand...

Methinks the buffers would quickly become full in this scenario so probably wouldn't achieve much :)
 
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.
 
2StepSteve said:
hmm there is always two ways to respond to a DDoS attack, could just keep quiet, but considering ocuk is losing money I don't think they would want to sit back and not saying anything. Spie said at the start of this thread the attack has been going on for 10 days, is a long time.
Click to expand...

well thats what happens when someone on msn provides a link thats halfway through this thread and i just go off posting. :o
 
I think the point was to try and make the attacker realise this is serious... if caught they face the possibility of a lot of jail time right now.

Is it really worth spending 10 years unable to sit down over some petty issue.
 
asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.
Click to expand...

Read the thread - quite a few knowledgable people have already banged their heads against the wall trying to explain things :D
 
asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.
Click to expand...

This would only slightly mitigate the bandwidth impact but you'd still have 1000s of connections a minute to deal with.

You'd need to set this up with downstream carriers to really stand a chance of this having any serious dent in the attack - and they are an't exactly the most cooperative unless chased up by law enforcement.
 
asim18 said:
Cant you implement some sort of flood protection?

Like if a single IP address makes more than 500 requests in a minute, they're automatically banned for an hour.
Click to expand...

erm, that's the first D of DDoS, it's not the same IP address making thousands of requests, it's thousands of IP addresses making thousands of requests.

Which is why it works. And why blocking a single IP address for making requests too quickly, and that sort of protection is standard even on £25 Mickey Mouse home routers.

It seems that this (with it's dearth of technical details) is a social engineering problem rather than a technical one. ie. they're hoping someone here will shop someone in.

I hadn't really noticed and just assumed that you were having server hardware problems!

:)
 
Status
Not open for further replies.
Back
Top Bottom