Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
Neph - if you were referring to me, I read exactly what happened, at the start of this thread you'll see someone asked for the abuse/contact info, so I just provided it. As well as a tool to anyone else who may be hit by this. Information is power. Original Message Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers From: Allan Button To: Half-Life dedicated Win32 server mailing list Date: 1/25/2010 6:34 PM > "Reading comprehension is low on this list." > > I wonder why people don't jump to help people anymore. > > > -Original Message- > From: hlds-boun...@list.valvesoftware.com > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Nephyrin Zey > Sent: January 25, 2010 6:04 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers > > Reading comprehension is low on this list. "I'm emailing an abuse report > to his host now". I also sent a update about my conversation with his > host to this very thread. I *also also* mentioned his host was cet.com - > he registered his domain through dreamhost, nothing more. > > - Neph > > On 01/25/2010 02:33 PM, Michael Secord wrote: >> It doesn't matter. You have the ISP's abuse contact info. That's who you >> want to have shut him down...domain name means jack in this case... >> >> --Original Message-- >> Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival >> servers >> From: Kevin b er >> To: Half-Life dedicated Win32 server mailing list >> >> Date: Mon, Jan 25, 2010 4:11:01 PM -0600 >> >>> Not really "FTW". >>> >>> The illegal actor is hiding behind proxy registrations. >>> >>> On Mon, Jan 25, 2010 at 3:56 PM, Michael >>> Secordwrote: >>> >>> >>> >>>> http://centralops.net/co FTW :) >>>> >>>> Address lookup >>>> canonical name st3gaming.com. >>>> aliases >>>> addresses 208.113.196.53 >>>> Domain Whois record >>>> >>>> Queried whois.internic.net with "dom st3gaming.com"... >>>> >>>> Domain Name: ST3GAMING.COM >>>> Registrar: NEW DREAM NETWORK, LLC >>>> Whois Server: whois.dreamhost.com >>>> Referral URL: http://www.dreamhost.com >>>> Name Server: NS1.DREAMHOST.COM >>>> Name Server: NS2.DREAMHOST.COM >>>> Name Server: NS3.DREAMHOST.COM >>>> Status: ok >>>> Updated Date: 19-nov-2009 >>>> Creation Date: 18-nov-2008 >>>> Expiration Date: 18-nov-2010 >>>> >>>>>>> Last update of whois database: Mon, 25 Jan 2010 21:54:18 UTC<<< >>>> >>>> Queried whois.dreamhost.com with "st3gaming.com"... >>>> >>>> Legal Stuff: >>>> >>>> The information in DreamHost's whois database is to be used for >>>> informational purposes only, and to obtain information on a >>>> domain name registration. DreamHost does not guarantee its >>>> accuracy. >>>> >>>> You are not authorized to query or access DreamHost's whois >>>> database using high-volume, automated means without written >>>> permission from DreamHost. >>>> >>>> You are not authorized to query or access DreamHost's whois >>>> database in order to facilitate illegal activities, or to >>>> facilitate the use of unsolicited bulk email, telephone, or >>>> facsimile communications. >>>> >>>> You are not authorized to collect, repackage, or redistribute the >>>> information in DreamHost's whois database. >>>> >>>> DreamHost may, at its sole discretion, restrict your access to >>>> the whois database at any time, with or without notice. DreamHost >>>> may modify these Terms of Service at any time, with or without >>>> notice. >>>> >>>> +++ >>>> >>>> Domain Name: st3gaming.com >>>> >>>> Registrant Contact: >>>> st3gaming.com Private Registrant >>>> st3gaming@proxy.dreamhost.com >>>> A Happy DreamHost Customer >>>> 417 Associated Rd #324 >>>> Brea, CA 92821 >>>> US >
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
"Reading comprehension is low on this list." I wonder why people don't jump to help people anymore. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Nephyrin Zey Sent: January 25, 2010 6:04 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers Reading comprehension is low on this list. "I'm emailing an abuse report to his host now". I also sent a update about my conversation with his host to this very thread. I *also also* mentioned his host was cet.com - he registered his domain through dreamhost, nothing more. - Neph On 01/25/2010 02:33 PM, Michael Secord wrote: > It doesn't matter. You have the ISP's abuse contact info. That's who you > want to have shut him down...domain name means jack in this case... > > --Original Message-- > Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival > servers > From: Kevin b er > To: Half-Life dedicated Win32 server mailing list > > Date: Mon, Jan 25, 2010 4:11:01 PM -0600 > >> Not really "FTW". >> >> The illegal actor is hiding behind proxy registrations. >> >> On Mon, Jan 25, 2010 at 3:56 PM, Michael Secordwrote: >> >> >> >>> http://centralops.net/co FTW :) >>> >>> Address lookup >>> canonical name st3gaming.com. >>> aliases >>> addresses 208.113.196.53 >>> Domain Whois record >>> >>> Queried whois.internic.net with "dom st3gaming.com"... >>> >>> Domain Name: ST3GAMING.COM >>> Registrar: NEW DREAM NETWORK, LLC >>> Whois Server: whois.dreamhost.com >>> Referral URL: http://www.dreamhost.com >>> Name Server: NS1.DREAMHOST.COM >>> Name Server: NS2.DREAMHOST.COM >>> Name Server: NS3.DREAMHOST.COM >>> Status: ok >>> Updated Date: 19-nov-2009 >>> Creation Date: 18-nov-2008 >>> Expiration Date: 18-nov-2010 >>> >>> >>> Last update of whois database: Mon, 25 Jan 2010 21:54:18 UTC<<< >>> >>> Queried whois.dreamhost.com with "st3gaming.com"... >>> >>> Legal Stuff: >>> >>> The information in DreamHost's whois database is to be used for >>> informational purposes only, and to obtain information on a >>> domain name registration. DreamHost does not guarantee its >>> accuracy. >>> >>> You are not authorized to query or access DreamHost's whois >>> database using high-volume, automated means without written >>> permission from DreamHost. >>> >>> You are not authorized to query or access DreamHost's whois >>> database in order to facilitate illegal activities, or to >>> facilitate the use of unsolicited bulk email, telephone, or >>> facsimile communications. >>> >>> You are not authorized to collect, repackage, or redistribute the >>> information in DreamHost's whois database. >>> >>> DreamHost may, at its sole discretion, restrict your access to >>> the whois database at any time, with or without notice. DreamHost >>> may modify these Terms of Service at any time, with or without >>> notice. >>> >>> +++ >>> >>> Domain Name: st3gaming.com >>> >>> Registrant Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Administrative Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Technical Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Billing Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >&g
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
Reading comprehension is low on this list. "I'm emailing an abuse report to his host now". I also sent a update about my conversation with his host to this very thread. I *also also* mentioned his host was cet.com - he registered his domain through dreamhost, nothing more. - Neph On 01/25/2010 02:33 PM, Michael Secord wrote: > It doesn't matter. You have the ISP's abuse contact info. That's who you > want to have shut him down...domain name means jack in this case... > > ------Original Message-- > Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival > servers > From: Kevin b er > To: Half-Life dedicated Win32 server mailing list > > Date: Mon, Jan 25, 2010 4:11:01 PM -0600 > >> Not really "FTW". >> >> The illegal actor is hiding behind proxy registrations. >> >> On Mon, Jan 25, 2010 at 3:56 PM, Michael Secordwrote: >> >> >> >>> http://centralops.net/co FTW :) >>> >>> Address lookup >>> canonical name st3gaming.com. >>> aliases >>> addresses 208.113.196.53 >>> Domain Whois record >>> >>> Queried whois.internic.net with "dom st3gaming.com"... >>> >>> Domain Name: ST3GAMING.COM >>> Registrar: NEW DREAM NETWORK, LLC >>> Whois Server: whois.dreamhost.com >>> Referral URL: http://www.dreamhost.com >>> Name Server: NS1.DREAMHOST.COM >>> Name Server: NS2.DREAMHOST.COM >>> Name Server: NS3.DREAMHOST.COM >>> Status: ok >>> Updated Date: 19-nov-2009 >>> Creation Date: 18-nov-2008 >>> Expiration Date: 18-nov-2010 >>> >>> >>> Last update of whois database: Mon, 25 Jan 2010 21:54:18 UTC<<< >>> >>> Queried whois.dreamhost.com with "st3gaming.com"... >>> >>> Legal Stuff: >>> >>> The information in DreamHost's whois database is to be used for >>> informational purposes only, and to obtain information on a >>> domain name registration. DreamHost does not guarantee its >>> accuracy. >>> >>> You are not authorized to query or access DreamHost's whois >>> database using high-volume, automated means without written >>> permission from DreamHost. >>> >>> You are not authorized to query or access DreamHost's whois >>> database in order to facilitate illegal activities, or to >>> facilitate the use of unsolicited bulk email, telephone, or >>> facsimile communications. >>> >>> You are not authorized to collect, repackage, or redistribute the >>> information in DreamHost's whois database. >>> >>> DreamHost may, at its sole discretion, restrict your access to >>> the whois database at any time, with or without notice. DreamHost >>> may modify these Terms of Service at any time, with or without >>> notice. >>> >>> +++ >>> >>> Domain Name: st3gaming.com >>> >>> Registrant Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Administrative Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Technical Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Billing Contact: >>>st3gaming.com Private Registrant >>> st3gaming@proxy.dreamhost.com >>>A Happy DreamHost Customer >>>417 Associated Rd #324 >>>Brea, CA 92821 >>>US >>>+1.2139471032 >>> >>> Record created on 2008-11-18 20:08:30. >>> Record expires on 2010-11-18 20:08:30. >>> >>> Domain servers in listed order: >>> >>>ns1.dreamhost.com >>>ns2.dreamhost.com >>>ns3.dre
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
It doesn't matter. You have the ISP's abuse contact info. That's who you want to have shut him down...domain name means jack in this case... --Original Message-- Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers From: Kevin b er To: Half-Life dedicated Win32 server mailing list Date: Mon, Jan 25, 2010 4:11:01 PM -0600 > Not really "FTW". > > The illegal actor is hiding behind proxy registrations. > > On Mon, Jan 25, 2010 at 3:56 PM, Michael Secord wrote: > > >> http://centralops.net/co FTW :) >> >> Address lookup >> canonical name st3gaming.com. >> aliases >> addresses 208.113.196.53 >> Domain Whois record >> >> Queried whois.internic.net with "dom st3gaming.com"... >> >>Domain Name: ST3GAMING.COM >>Registrar: NEW DREAM NETWORK, LLC >>Whois Server: whois.dreamhost.com >>Referral URL: http://www.dreamhost.com >>Name Server: NS1.DREAMHOST.COM >>Name Server: NS2.DREAMHOST.COM >>Name Server: NS3.DREAMHOST.COM >>Status: ok >>Updated Date: 19-nov-2009 >>Creation Date: 18-nov-2008 >>Expiration Date: 18-nov-2010 >> >> >>> Last update of whois database: Mon, 25 Jan 2010 21:54:18 UTC <<< >> >> Queried whois.dreamhost.com with "st3gaming.com"... >> >> Legal Stuff: >> >> The information in DreamHost's whois database is to be used for >> informational purposes only, and to obtain information on a >> domain name registration. DreamHost does not guarantee its >> accuracy. >> >> You are not authorized to query or access DreamHost's whois >> database using high-volume, automated means without written >> permission from DreamHost. >> >> You are not authorized to query or access DreamHost's whois >> database in order to facilitate illegal activities, or to >> facilitate the use of unsolicited bulk email, telephone, or >> facsimile communications. >> >> You are not authorized to collect, repackage, or redistribute the >> information in DreamHost's whois database. >> >> DreamHost may, at its sole discretion, restrict your access to >> the whois database at any time, with or without notice. DreamHost >> may modify these Terms of Service at any time, with or without >> notice. >> >> +++ >> >>Domain Name: st3gaming.com >> >>Registrant Contact: >> st3gaming.com Private Registrant >> st3gaming@proxy.dreamhost.com >> A Happy DreamHost Customer >> 417 Associated Rd #324 >> Brea, CA 92821 >> US >> +1.2139471032 >> >>Administrative Contact: >> st3gaming.com Private Registrant >> st3gaming@proxy.dreamhost.com >> A Happy DreamHost Customer >> 417 Associated Rd #324 >> Brea, CA 92821 >> US >> +1.2139471032 >> >>Technical Contact: >> st3gaming.com Private Registrant >> st3gaming@proxy.dreamhost.com >> A Happy DreamHost Customer >> 417 Associated Rd #324 >> Brea, CA 92821 >> US >> +1.2139471032 >> >>Billing Contact: >> st3gaming.com Private Registrant >> st3gaming@proxy.dreamhost.com >> A Happy DreamHost Customer >> 417 Associated Rd #324 >> Brea, CA 92821 >> US >> +1.2139471032 >> >>Record created on 2008-11-18 20:08:30. >>Record expires on 2010-11-18 20:08:30. >> >>Domain servers in listed order: >> >> ns1.dreamhost.com >> ns2.dreamhost.com >> ns3.dreamhost.com >> DreamHost whois server terms of service: >> http://whois.dreamhost.com/terms.html >> >> Get a 14-day free trial of unlimited everything from DreamHost Web Hosting. >> Includes A FREE domain registration! http://www.dreamhost.com/ >> Use promotional code "WHOIS" for an additional $50 off any plan! >> >> >> Network Whois record >> >> Queried whois.arin.net with "208.113.196.53"... >> >> OrgName:New Dream Network, LLC >> OrgID: NDN >> Address:417 Associated Rd. >> Address:PMB #257 >> City: Brea >> StateProv: CA >> PostalCode: 92821 >> Country:US >> >> NetRange: 208.113.128.0 - 208.113.255.255 >> CIDR: 208.113.128.0/17 >> NetName:DREAMHOST-BLK6 >> NetHandle
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
ost.com 14400s (04:00:00) > st3gaming.com IN SOA > server: ns1.dreamhost.com > email: hostmaster.dreamhost.com > serial: 2009080200 > refresh:15642 > retry: 1800 > expire: 1814400 > minimum ttl: 14400 > 14400s (04:00:00) > st3gaming.com IN MX > preference: 0 > exchange: aspmx.l.google.com >14400s (04:00:00) > st3gaming.com IN A 208.113.196.53 14400s (04:00:00) > st3gaming.com IN NS ns3.dreamhost.com 14400s (04:00:00) > st3gaming.com IN NS ns2.dreamhost.com 14400s (04:00:00) > 53.196.113.208.in-addr.arpa IN PTR > apache2-igloo.boxster.dreamhost.com 14400s (04:00:00) > > -- end -- > > Original Message > Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS > rival > servers > From: msleeper > To: Half-Life dedicated Win32 server mailing list > > Date: 1/25/2010 3:44 PM > > > I think Neph did? Somebody post up their admin/abuse contacts. > > > > > > On Mon, 2010-01-25 at 01:02 -0600, Cc2iscooL wrote: > >> Has anyone sent an abuse notice to their provider? > >> > >> On Jan 25, 2010 12:16 AM, "Mike Stiehm" wrote: > >> > >> We just got hit by this guy.. > >> > >> -Original Message- From: hlds-boun...@list.valvesoftware.com > >> > >> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of John Sent: > Sunday, > >> January 24, 2010 10:46 ... > >> > >> Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival > >> servers You mean an ACL. Ro... > >> ___ > >> To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
http://centralops.net/co FTW :) Address lookup canonical name st3gaming.com. aliases addresses 208.113.196.53 Domain Whois record Queried whois.internic.net with "dom st3gaming.com"... Domain Name: ST3GAMING.COM Registrar: NEW DREAM NETWORK, LLC Whois Server: whois.dreamhost.com Referral URL: http://www.dreamhost.com Name Server: NS1.DREAMHOST.COM Name Server: NS2.DREAMHOST.COM Name Server: NS3.DREAMHOST.COM Status: ok Updated Date: 19-nov-2009 Creation Date: 18-nov-2008 Expiration Date: 18-nov-2010 >>> Last update of whois database: Mon, 25 Jan 2010 21:54:18 UTC <<< Queried whois.dreamhost.com with "st3gaming.com"... Legal Stuff: The information in DreamHost's whois database is to be used for informational purposes only, and to obtain information on a domain name registration. DreamHost does not guarantee its accuracy. You are not authorized to query or access DreamHost's whois database using high-volume, automated means without written permission from DreamHost. You are not authorized to query or access DreamHost's whois database in order to facilitate illegal activities, or to facilitate the use of unsolicited bulk email, telephone, or facsimile communications. You are not authorized to collect, repackage, or redistribute the information in DreamHost's whois database. DreamHost may, at its sole discretion, restrict your access to the whois database at any time, with or without notice. DreamHost may modify these Terms of Service at any time, with or without notice. +++ Domain Name: st3gaming.com Registrant Contact: st3gaming.com Private Registrant st3gaming@proxy.dreamhost.com A Happy DreamHost Customer 417 Associated Rd #324 Brea, CA 92821 US +1.2139471032 Administrative Contact: st3gaming.com Private Registrant st3gaming@proxy.dreamhost.com A Happy DreamHost Customer 417 Associated Rd #324 Brea, CA 92821 US +1.2139471032 Technical Contact: st3gaming.com Private Registrant st3gaming@proxy.dreamhost.com A Happy DreamHost Customer 417 Associated Rd #324 Brea, CA 92821 US +1.2139471032 Billing Contact: st3gaming.com Private Registrant st3gaming@proxy.dreamhost.com A Happy DreamHost Customer 417 Associated Rd #324 Brea, CA 92821 US +1.2139471032 Record created on 2008-11-18 20:08:30. Record expires on 2010-11-18 20:08:30. Domain servers in listed order: ns1.dreamhost.com ns2.dreamhost.com ns3.dreamhost.com DreamHost whois server terms of service: http://whois.dreamhost.com/terms.html Get a 14-day free trial of unlimited everything from DreamHost Web Hosting. Includes A FREE domain registration! http://www.dreamhost.com/ Use promotional code "WHOIS" for an additional $50 off any plan! Network Whois record Queried whois.arin.net with "208.113.196.53"... OrgName:New Dream Network, LLC OrgID: NDN Address:417 Associated Rd. Address:PMB #257 City: Brea StateProv: CA PostalCode: 92821 Country:US NetRange: 208.113.128.0 - 208.113.255.255 CIDR: 208.113.128.0/17 NetName:DREAMHOST-BLK6 NetHandle: NET-208-113-128-0-1 Parent: NET-208-0-0-0-0 NetType:Direct Allocation NameServer: NS1.DREAMHOST.COM NameServer: NS2.DREAMHOST.COM NameServer: NS3.DREAMHOST.COM Comment: RegDate:2006-04-12 Updated:2007-11-01 OrgAbuseHandle: DAT5-ARIN OrgAbuseName: DreamHost Abuse Team OrgAbusePhone: +1-714-706-4182 OrgAbuseEmail: ab...@dreamhost.com OrgNOCHandle: ZD69-ARIN OrgNOCName: Network Operations OrgNOCPhone: +1-714-706-4182 OrgNOCEmail: net...@dreamhost.com OrgTechHandle: MNA53-ARIN OrgTechName: Nagel, Mark OrgTechPhone: +1-714-706-4182 OrgTechEmail: mna47-a...@dreamhost.com # ARIN WHOIS database, last updated 2010-01-24 20:00 DNS records nameclass typedatatime to live st3gaming.com IN NS ns1.dreamhost.com 14400s (04:00:00) st3gaming.com IN SOA server: ns1.dreamhost.com email: hostmaster.dreamhost.com serial: 2009080200 refresh:15642 retry: 1800 expire: 1814400 minimum ttl:14400 14400s (04:00:00) st3gaming.com IN MX preference: 0 exchange: aspmx.l.google.com 14400s (04:00:00) st3gaming.com IN A 208.113.196.53 14400s (04:00:00) st3gaming.com IN NS ns3.dreamhost.com 14400s (04:00:00) st3gaming.com IN NS ns2.dreamhost.com 14400s (04:00:00) 53.196.113.208.in-addr.arpa IN PTR apache2-igloo.boxster.dreamhost.com 14400s (04:00:00) -- end -- ---- Original Message ---- Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoSrival servers
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
I think Neph did? Somebody post up their admin/abuse contacts. On Mon, 2010-01-25 at 01:02 -0600, Cc2iscooL wrote: > Has anyone sent an abuse notice to their provider? > > On Jan 25, 2010 12:16 AM, "Mike Stiehm" wrote: > > We just got hit by this guy.. > > -Original Message- From: hlds-boun...@list.valvesoftware.com > > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of John Sent: Sunday, > January 24, 2010 10:46 ... > > Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival > servers You mean an ACL. Ro... > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
Has anyone sent an abuse notice to their provider? On Jan 25, 2010 12:16 AM, "Mike Stiehm" wrote: We just got hit by this guy.. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of John Sent: Sunday, January 24, 2010 10:46 ... Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers You mean an ACL. Ro... ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
We just got hit by this guy.. -Original Message- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of John Sent: Sunday, January 24, 2010 10:46 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers You mean an ACL. Routing is destination-based. A null-route would send traffic _to_ that attacking IP to the "null" device, but it wouldn't prevent incoming traffic _from_ that IP from coming to him over the pipe. He could ask for a null-route of his server IP to keep traffic off the circuit, but it doesn't sound like that's what he's looking for. Some NSPs/ISPs won't apply ACLs, but will apply null-routes (to your IPs only). The better ones will do both. You are right that he should talk to his provider about this, and hope that his provider will be willing to throw up an ACL. Blocking an attack that floods the circuit is entirely in their hands. -John -- From: "DLinkOZ" Sent: Sunday, January 24, 2010 5:49 PM To: "'Half-Life dedicated Win32 server mailing list'" Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rivalservers> Right, so call your provider, ask to put in the null route and enjoy your > weekend. I honestly did not think I'd have to go into such obvious detail > to make a simple statement. If you aren't in a position to perform such a > task, then you make a phone call. I suppose I assumed that was obviously > simple and didn't need explanation... > > > > -Original Message- > From: hlds-boun...@list.valvesoftware.com > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter > Sent: Sunday, January 24, 2010 2:42 PM > To: hlds@list.valvesoftware.com > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival > servers > > > Uh, null routing is simply a routing rule that indicates that packet > should > be dropped without any further processing. > > The suggestion was to " just null route the source and enjoy the weekend". > You can't do it at the ISP level unless you talk to your ISP. > > >> From: dlin...@fragonline.net >> To: hlds@list.valvesoftware.com >> Date: Sun, 24 Jan 2010 14:28:56 -0600 >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS > rival servers >> >> Seriously? Do you not know what null routing is? It's exactly what you >> said later in your email. Your bandwidth provider routes that source >> straight to the nowhere. Not sure why you think it's done on the server. > >> >> >> >> -Original Message- >> From: hlds-boun...@list.valvesoftware.com >> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter >> Sent: Sunday, January 24, 2010 2:08 PM >> To: hlds@list.valvesoftware.com >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival >> servers >> >> >> Uh, because the packets come over the wire and your NIC has to handle >> them >> all regardless of HOW you handle them? >> >> You can NOT solve a DoS attack through ANY use of firewalling or routing > at >> the target end. >> You MUST cut the attack off as close to the source as possible. >> >> An attack like the one described here is simple enough to fend off >> because >> it's coming from a single source over a relatively low bandwidth pipe. >> Your ISP should be able to block it at their border routers and the > constant >> knocking shouldn't put any load on their equipment. >> If it continues, and if they get around to it, they can then report the >> activity to their peering partners (other ISPs) to get them to block the >> traffic at their end. If the behavior persists, this continues until >> eventually the source is cut off. >> >> A distributed attack is much harder to cut off, because it has many > sources. >> A distributed attack can bring down major connections. >> >> >> >> > From: dlin...@fragonline.net >> > To: hlds@list.valvesoftware.com >> > Date: Sun, 24 Jan 2010 13:43:57 -0600 >> > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS >> rival servers >> > >> > Why not just null route the source and enjoy the weekend? >> >> _ >> Hotmail: Powerful Free email with security by Microsoft. >> http://clk.atdmt.com/GBL/go/196390710/direct/01/ >> _
Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
You mean an ACL. Routing is destination-based. A null-route would send traffic _to_ that attacking IP to the "null" device, but it wouldn't prevent incoming traffic _from_ that IP from coming to him over the pipe. He could ask for a null-route of his server IP to keep traffic off the circuit, but it doesn't sound like that's what he's looking for. Some NSPs/ISPs won't apply ACLs, but will apply null-routes (to your IPs only). The better ones will do both. You are right that he should talk to his provider about this, and hope that his provider will be willing to throw up an ACL. Blocking an attack that floods the circuit is entirely in their hands. -John -- From: "DLinkOZ" Sent: Sunday, January 24, 2010 5:49 PM To: "'Half-Life dedicated Win32 server mailing list'" Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rivalservers> Right, so call your provider, ask to put in the null route and enjoy your > weekend. I honestly did not think I'd have to go into such obvious detail > to make a simple statement. If you aren't in a position to perform such a > task, then you make a phone call. I suppose I assumed that was obviously > simple and didn't need explanation... > > > > -Original Message- > From: hlds-boun...@list.valvesoftware.com > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter > Sent: Sunday, January 24, 2010 2:42 PM > To: hlds@list.valvesoftware.com > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival > servers > > > Uh, null routing is simply a routing rule that indicates that packet > should > be dropped without any further processing. > > The suggestion was to " just null route the source and enjoy the weekend". > You can't do it at the ISP level unless you talk to your ISP. > > >> From: dlin...@fragonline.net >> To: hlds@list.valvesoftware.com >> Date: Sun, 24 Jan 2010 14:28:56 -0600 >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS > rival servers >> >> Seriously? Do you not know what null routing is? It's exactly what you >> said later in your email. Your bandwidth provider routes that source >> straight to the nowhere. Not sure why you think it's done on the server. > >> >> >> >> -Original Message- >> From: hlds-boun...@list.valvesoftware.com >> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter >> Sent: Sunday, January 24, 2010 2:08 PM >> To: hlds@list.valvesoftware.com >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival >> servers >> >> >> Uh, because the packets come over the wire and your NIC has to handle >> them >> all regardless of HOW you handle them? >> >> You can NOT solve a DoS attack through ANY use of firewalling or routing > at >> the target end. >> You MUST cut the attack off as close to the source as possible. >> >> An attack like the one described here is simple enough to fend off >> because >> it's coming from a single source over a relatively low bandwidth pipe. >> Your ISP should be able to block it at their border routers and the > constant >> knocking shouldn't put any load on their equipment. >> If it continues, and if they get around to it, they can then report the >> activity to their peering partners (other ISPs) to get them to block the >> traffic at their end. If the behavior persists, this continues until >> eventually the source is cut off. >> >> A distributed attack is much harder to cut off, because it has many > sources. >> A distributed attack can bring down major connections. >> >> >> >> > From: dlin...@fragonline.net >> > To: hlds@list.valvesoftware.com >> > Date: Sun, 24 Jan 2010 13:43:57 -0600 >> > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS >> rival servers >> > >> > Why not just null route the source and enjoy the weekend? >> >> _ >> Hotmail: Powerful Free email with security by Microsoft. >> http://clk.atdmt.com/GBL/go/196390710/direct/01/ >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, > please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds > > _ > Hotmail: Free, trusted and rich email service. > http://clk.atdmt.com/GBL/go/196390708/direct/01/ > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://