OcUK DDoS attack - £10,000 reward

Status
Not open for further replies.
Garp said:
That you know of. It's easy to spot the bad malware, you start getting problems. The decent stuff, like the ones behind Storm, are completely invisible to users. You won't even know its there.
Click to expand...

I would notice the activity on my network...
 
Out of interest, could the malware be placed in a image? I noticed at work I was getting block notifications from a JPG hosted on members.lycos?
 
I'm going to have to say a prosecution for a DDOS attack is unlikely to happen.

Unless OcUK have suspicions that its someone in the UK it isn't happening full stop, and even if it is, its very hard to gather enough evidence for serious action to be taken.
 
I've found info stating that it is a lot of sites that are being hit, its not specific to OcUK apparently.

Edit: False alarm, old news from a previous attack :/
 
Trifid said:
Out of interest, could the malware be placed in a image? I noticed at work I was getting block notifications from a JPG hosted on members.lycos?
Click to expand...

Think you are referring to Iframe DDoS attacks, yes DDoS attacks can be carried out through images too, by using an iframe and a meta refresh.

There are hundreds of different ways.
 
Garp said:
These days it takes a lot more than a single PC, plus if the attack is coming from a single PC it's easier to track, even with a fake address. Networks guys at ISPs despise DoS attacks and actively track unusual traffic patterns, working in conjunction with colleagues at other ISPs.

Filtering out the attack traffic is difficult to achieve as it looks exactly like any normal handshake transaction. Most anti-DoS systems, such as the ones produced by Riverhead Networks (now part of Cisco) analyse the traffic headed to the targetted server and look for unusual patterns and filter out those bits. The cost for such solutions can often be rather prohibitive, and is only useful if it has an idea of what a 'normal' traffic pattern looks like. Typically you'd want to run one for 24 hours watching a server during normal load for it to be able to filter out attack traffic effectively.
Click to expand...

Not these days, our edge IDP is exceptionally effective at filtering out DDOS attacks, even without a prior snapshot of traffic levels. A few years ago TopLayer led the market for these sort of products (and they were much as you say - expensive and limited in usefulness) but it's come on leaps and bounds now the big boys have products out there.

We've started about three months ago offering DDOS protection as standard on all hosting solutions and it's glanced off a few attacks without breaking a sweat, very impressive stuff.

One of those attacks was opening close on 100k new sessions every second and the server response time stayed consistent with it's normal levels. I was surprised it was so effective!

I am mildly surprised that OCUKs hosts don't have some protection in place to be honest.
 
JimAroo said:
Think you are referring to Iframe DDoS attacks, yes DDoS attacks can be carried out through images too, by using an iframe and a meta refresh.

There are hundreds of different ways.
Click to expand...

I meant the malware to infect unsuspecting clients to participate in the attack.
 
Mr^B said:
Yes, unfortunately to "learn stuff" requires one to "read stuff".

There is no other generally accepted way of getting information into one's brain.
Click to expand...

Err, ok captain obvious.

Also, just for your information; I'm not an ignorant idiot that doesn't know squat about anything.

Infact, today, I was shocked when a 17 year old girl in my IT class didn't know what a g-spot and ovaries were.
 
AcidHell2 said:
of course, but what does that have to do with anything?
Click to expand...

Well, I'm just saying, it's not like anybody will be punished (so what harm offering a reward) and given it's an easy attack these days and pretty safe to be behind it, you could say it's a little dumb having no protection.

I'd liken it to being mugged for your mobile, sure it's a serious crime but there's little risk of being caught for the criminal, as a result you tend to be careful about taking your phone out in dodgy areas. It's being careful.

Or put another way, £10k would have been better spent on protection against these sort of attacks up front.
 
Trifid said:
I meant the malware to infect unsuspecting clients to participate in the attack.
Click to expand...

don't even take malware can be something as simple as an image from ocuk hidden on some compromised web page, every user who enters this web page will then be unknowingly refreshing this hidden image which is sat in an iframe. don't sound like much but it all adds up.
 
As a network security guy, have you considered getting a CISCO firewall?
They are now call ASA5000 Security Appliance.

They cost about 2 to 3 thousand pounds but are well worth it.

They can automatically detect a DDoS attack before the packets reach the server and let them fall into a "black hole" while the legitimate packets (me building my dream system over and over again) get through.

Had many of these over the years and the Cisco firewalls can easily deal with DDoS attacks. There is a reason why some hardware firewalls cost £200 and some cost £2000.

If you're interested in finding these guys send me a private mail and I can tell you how to set-up some stuff on your end to catch them red handed.
 
keyvan said:
As a network security guy, have you considered getting a CISCO firewall?
Click to expand...

As a "network security guy" (seriously, network security guy? is that a job role?), surely you realise that "hosted in a datacentre" means that OcUK aren't directly responsible for the leading edge firewall.

keyvan said:
They are now call ASA5000 Security Appliance.
Click to expand...

No, they aren't all called ASA5000's, the ASA5000 is called the ASA5000.
 
Status
Not open for further replies.
Back
Top Bottom