BOFH-5 wrote: > > On Jan 31, 2008 5:41 PM, Lord Sporkton <[EMAIL PROTECTED]> wrote: > >> my question was not so much what can i do to mitigate the attack when >> its happening, its more what can i do after someone attacks to "stick >> it to them" >> > > What would you like to do to them? It all depends on how good you are at > tracking them down. If you have followed the news, you'll have heard > about > the Russian Business Network's links to top political figures in Russia, > and > how the RBN is very possibly behind one of the largest botnets. What are > _you_ going to do about it? Realistically, nothing. > > > i know with a DDoS im pretty much sol, but with a single origination >> point DoS(i dont just mean bandwidth based DoS i mean any DoS, be that >> clogging my firewall or clogging my server or what ever) i should be >> able to identify a offending ip and have logs to back it up, such as >> an ssh attack is usuaully(not always) from a single zombie node or >> script kiddy, i would see logs indicating such, so now i have an ip >> and logs, what can i do with them, who can i report them to other than >> the provider? > > > In the US, you can report it to FCC, and/or FBI, but with FBI, unless > there's some kind of terrorism related things, or is >$5k, iirc, they > don't > handle it. If you've mailed them check, the USPS can (and has) go after > them. Realistically therefore (if you live in .us): > > 1) From outside .us - I wouldn't bother > 2) Spam from inside .us - go read some of those hunt spammer and take > them > to small claims court sites > 3) Non-email issues, report to ISP, yours and theirs. > 4) If it's part of a company's range - call their help desk, they may > appreciate you reporting a bot. Or may not. > > Or, you can choose #5 > 5) Just say fsck it, and go do something more productive. > > > > -- > http://www.glumbert.com/media/shift > http://www.youtube.com/watch?v=tGvHNNOLnCk > "This officer's men seem to follow him merely out of idle curiosity." -- > Sandhurst officer cadet evaluation. > "Securing an environment of Windows platforms from abuse - external or > internal - is akin to trying to install sprinklers in a fireworks factory > where smoking on the job is permitted." -- Gene Spafford > learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related > > >
I doubt that the RBN will bother attacking individuals. They usually targets high profile companies. If the case is you are being ddos'ed it is probably launched by somebody who has hired a large botnet. Such attacks wouldn't last for long mainly because these individuals who hire these botnets can not afford more attacks or because the people running the botnet initiate a launch of an attack on some other target. If you've mailed them a check it would be way easier to track them and send the info to the FBI, don't forget that money is much easier to trace than IP packets. -- View this message in context: http://www.nabble.com/OT%3Awhat-can-be-done-about-attackers-crackers-tp15215598p15434500.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
