What DDOS and what can we do to help?

[ngenme]

First, voodoo told me they got ddos. Now it's bodis.

I am puzzled

1. Why would anyone do that? Competition? There are tons of competition already.
2. Why not just post the IP to polices? They can track things down. DDOS is illegal. You CAN'T spoof IPs. You can spoof many other things.
3. I don't think a $500 equipment can cause $100k damage. It must be a huge network doing it. Huge network have a lot at stake. Why not just tell using http://www.botsvsbrowsers.com/ or reverse whois http://reversewhois.domaintools.com/ to get the guy who did this. Contact the big network, which most likely not involved but can stop.
4. Why not just block the IP?
5. What can we do to help (the parking company, of course, to get stop and punish the DDOSers)?

It's far more profitable to just spend spam, for example, than ddosing someone, with this kind of fire power and hidden identity. It's far less politically costly. So it just puzzles me a lot.

 

[gt88hel]

great points and you should help to sent a email to [email protected]

 

[ngenme]

I already told Matt. No response.

 

[Twip]

You cannot block IP of a ddoser and you cannot track him down that easily. Because for ddos they use huge networks of zombie computers (infected with malware).

 

[ngenme]

Why would anyone bother using tons of zombie computers for ddos? Why not for spamming? The latter makes way more sense and more obviously lucrative.

Also why ddos parking companies? I can understand ddossing white house or al qaeda's computer. Parking company is just a business with few enemies. Why?

 

[Euforia]

Its the same as Why would hacker create some virus... I think that it is just a human nature... To destroy something.. It could be competition and it could be somebody who doing that just for fun...

 

[ngenme]

Okay, if that's the case. What do parking companies do to stop this? Why bodis.com hasn't been fixed properly for the last 10 days. Can't they just null routed bad IP?

 

[tonyk2000]

So who are that bad guys who are ordering DDOS attacks against Bodis? May there is some unknown "anti-parking" religious movement? Highly unlikely. Since we are in a small industry indeed, I'd guess that it is done by competitors. By another parking company. Which likely has friendly representatives right here on NamePros and/or another boards.
Who are they? Industry operators (like the owners of parking companies) likely know this already. We the customers can only guess. I'd suggest to take the following into account trying to figure out who might order DDOS (more criterias fullfilled -- more chances):

- this must be a parking company to begin with, and with "open" registration

- this parking company does not have a reputation of a best paying parking company and are losing existing customers

- they might did questionable things in the past, including but not limited to: whois spamming customers of other parking companies offering to switch, or paying top bloggers for posting good words about them and maybe overpaying some parking customers with top industry blogs awaiting for posts with good words about their experience

- they might have had some serious $$$ spendings recently, like announcing the platform upgrade or buy-back own shares etc so they urgently need more customers

- they might have some staff/management changes, resulting for example "account managers" leaving (thats what would be noticed by us the customers in the 1st place)

- they may have issues with their up-stream feed, like not receiving the best paying feed from google or trying to switch to yahoo

When I have time, I'll try to analyse what parking company (if any) more likely ordered DDOS against Bodis using the criterias above. Hope I am not their customer as I always prefer to deal with ethical companies only. Again, no doubts the owners of BODIS are likely already aware who is DDOSing them. I'd suggest that we the customers switch more domains TO bodis in the meantime, to show that we support healthy competition...

 

[ngenme]

NOT in the mean time. We should wait till bodis can recover first before switching to bodis. Otherwise Matt will have to replace money out of his pocket for non existent traffic.

If you want to spam whois, you can just promote hostgator and make tons.

 

[ngenme]

I used above.com. I turned off bodis.com for a while. Wait till bodis.com gets well. Turn on bodis.com again.

That way Matt doesn't have to pay all those replacements fund. In some domains, bodis.com will pay more. In some other, other will pay more. Above.com will automatically set things up.

Bodis.com pays most for many (if not majority of my domains). So this reduces my income. Get well soon Matt.

 

[buyselldoms]

First, voodoo told me they got ddos. Now it's bodis.

I am puzzled

1. Why would anyone do that? Competition? There are tons of competition already.
2. Why not just post the IP to polices? They can track things down. DDOS is illegal. You CAN'T spoof IPs. You can spoof many other things.
3. I don't think a $500 equipment can cause $100k damage. It must be a huge network doing it. Huge network have a lot at stake. Why not just tell using http://www.botsvsbrowsers.com/ or reverse whois http://reversewhois.domaintools.com/ to get the guy who did this. Contact the big network, which most likely not involved but can stop.
4. Why not just block the IP?
5. What can we do to help (the parking company, of course, to get stop and punish the DDOSers)?

It's far more profitable to just spend spam, for example, than ddosing someone, with this kind of fire power and hidden identity. It's far less politically costly. So it just puzzles me a lot.

1. It could be political or could just well be a foreign country wanting to cause financial damage.
2. Its difficult - ten years ago if you were traced back as being the person with an IP causing problems, it was likely 3 times out of 5 that you are guilty of the offense. Now, its more likely peoples PCs being hijacked with viruses and worms etc. controlled elsewhere, web servers that have been hacked etc. All hackers hide behind proxies these days as a basic rule so its never directly from their machine. The rise of faster mobile connection and wifi hotspots including sitting outside someones else in a car... gives opportunity to use someone elses network to attack from.
3. A DoS attack is one computer doing it. A DDoS is a network doing it.
4. Its much simpler to block a botnet on the same network or using the same network, than from different networks in different countries; as you can simply block a range of IPs
5. No modern network (especially where money is concerned) should have a basic network set up that is left to its own devices, such as basic routing, default firewall and servers. Firstly, there needs to some traffic shaping, could be intrusion protection, ACL, block bogus IPs, rate limiting etc. and secondly, you need engineers at the data centre monitoring the network and reacting to any issues such as blocking IPs, ports etc. Its very difficult to prevent a DDoS attack if the attack is done properly (i.e. tens of thousands of machines etc) but not all network providers help themselves with minimal configuration. I think these days most hackers etc. are caught from being reported or infiltrated than by basic tracing of computers.