Fireball ? Helping ? BobsKC , you really disappoint me, fireball is KNOWN for performing DDoS attack against users and servers, the fact that you even support him is something I do not understand knowing you a bit at all in this case. I already have had several attacks from him against my IP's wich also included taddpoles bots. Hence ask tad yourself since you do not believe me anyways. Furthermore I surely agree with nighty's statements about this. No further explanation on that needed I guess, nighty explained his points well.
One way to put a decent end on DDoS attacks needs to be fixed at the sources ISP side and or his transit providers. I had several conversations with Level3 about this issue since we use there transit and my box is a regular destination of attacks. They told me they are working on upgrading there networks and implement so called blackhole routers preventing spoofed packets getting transmitted through there lines. The system checks that the source MUST be in the known IP range of the origins system. Furthermore Level3 is upgrading there cisco's to provide customers with control over there traffic. I don't know how UUnet does it, but I heard they already provide such systems, maybe unet should utilize those as well only allowing traffic on known ports and block all other traffic towards there systems, TCP SYN Floods would have not much effect anymore since only the known ports (22, 6660-6669,7000) need to pass through (client servers connect to there hub auto, so they do not need to listen on port 4400 at all) The hubs might be save since there IP's are not public, but the endpoints are STILL vulnerable since there IP is known and needed for the clients to connect. (hence why the cfv-165 request to remove /map and /list is actually bullshit in my opinion, just hide the IP for christ sake). Little sidenote to fireball, 192.168.* is *NOT* microsofts lan default, they tend to use addy's in the 169.* section, just unhook your wintendo PC from the net and refresh the IP addy and you'll see. Kind Regards, Alexander Maassen aka OUTsider ----- Original Message ----- From: "BobsKC" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 28, 2002 10:34 AM Subject: [Coder-Com] FYI .. > I am passing this on from lb aka Fireball .. he seems to want to help > > Bob > > [1:29] <lb> anyway.. > [1:29] <lb> 21 BN-ag1.BN.net.DTAG.DE (62.154.66.46) 179 ms 180 ms 181 ms > [1:29] <lb> 22 192.168.0.2 (192.168.0.2) 188 ms 191 ms 184 ms > [1:29] <lb> 23 192.168.0.2 (192.168.0.2) 189 ms 185 ms 183 ms > [1:29] <lb> 24 195.243.61.88 (195.243.61.88) 193 ms 187 ms 185 ms > [1:29] <lb> check this out a bit.. :) > > ok > [1:30] <lb> 192.168.0.2 > [1:30] <lb> the microsoft lan default > [1:30] <lb> :) > [1:30] <lb> so the router's ip can't be seen.. > [1:30] <lb> if they do that to undernet servers.. > [1:30] <lb> it would be a lot harder to packet them.. > [1:30] <lb> a WHOLE lot.. >
