This is pathetic. Someone asks for help and you demean them with jokes. Logic? Network Operators provide the ammo, Operating systems the guy, and script kiddies the finger. Ebay, Etrade, Yahoo, etc all got SMOKED by some unknown attacker and I've yet to see a good fix that stops this kind of attacking. Why, because right now there isn't one. What do the powerless do? They resort to poking fun, illogical behavior. I think you might do better discussing, testing, planning how to prevent this type of thing on your own network. However, I'm concluding from the type of behavior displayed that most of you manage nothing larger than a couple T-1s. There is no solution to this problem. This guy asking for help provided a perfect case where you could have learned something, asked questions and generally ACT AS YOU WOULD LIKE TO BE TREATED. Both of you are in my shitheads for life book and the only way to get out is to apologize to the poster, CC: nanog and ask a good question about the attacks so that we might all learn something. Sooner or later another big attack like the last one is going to hit us. Don't kid yourself. During the last one all those companies got lucky that the attacker decided to turn it off. On 11-Jul-2001, Richard A. Steenbergen wrote:
For the last few days, I have experienced a series of DDoS attacks on various targets around the globe. The general target is the EFNet irc network, and servers have been attacked all through Europe, USA, Canada, Israel, and such.
Wow, EFNet is being attacked? That's never happened before. Someone should alert the media.
Due to the various attacks, more than half of the servers on the network were black holed (null routed). The others which hold 1/3 of the client count, are attacked, or going to be attacked soon.
Perhaps because there are only 5 servers which actually accept clients?
If this keeps on going, this irc network will cease to exist.
Oh the humanity.
In this time of need, it would be a great help if the large carriers would be helpful in tracing the traffic.
Hrm you may have an idea there. Since so many attacks are related to EFNet, and there are so many possible reasons for it to be impacting the rest of the internet, I propose we introduce a new ICMP type, ICMP EFNet. This message type could be used to convey all kinds of important information about why things are broken, for example:
ICMP EFNet code 1 - Smurfing ICMP EFNet code 2 - SYN Flooding ICMP EFNet code 3 - Channel takeover ICMP EFNet code 4 - Warring botnets ICMP EFNet code 5 - Dianora
and many other useful messages.
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)