Top Mud Sites Forum Return to TopMudSites.com
Go Back   Top Mud Sites Forum > MUD Players and General Discussion > Tavern of the Blue Hand
Click here to Register

Reply
 
Thread Tools
Old 07-29-2002, 02:56 AM   #1
Molly
Senior Member
 
Join Date: Apr 2002
Location: Sweden
Home MUD: 4 Dimensions
Posts: 566
Molly will become famous soon enoughMolly will become famous soon enough
Currently we have a pretty big problem with our mud, and I wanted to seek the advice of this board, to see if anyone has any ideas about how to deal with it.

Apparently someone with access to a large amount of computers is constantly sending partial packets to our server, which the router has to process. This overloads the router and it crashes. Since a lot of different computers are used, normal ‘spam filters’ do not work.

We have a pretty strong suspicion about who is doing it, a player with a hacker/cracker background, who once told me that he had about 20 computers. He has done a similar thing before. And also uttered some recent threats on the mud. But as far as the coders tell me, there is no real proof to the identity. We also haven’t any valid e-mail address to this person, just one of the ‘free-from-the net’ ones, where you don’t have to reveal your real identity, and he logs on from a number address that changes each time.

But surely there must be some way to track the culprit down, to make him stop his nuisance, and possibly bring charges? I’ve been told that you always leave traces on the net. And what he does must surely be illegal and should be punishable by law?
Molly is offline   Reply With Quote
Old 07-29-2002, 03:33 AM   #2
Dre
Member
 
Join Date: Jun 2002
Location: the Netherlands
Posts: 65
Dre is on a distinguished road
Heya,

Physical attacks are always rather inconvenient. Though if it's one person with more computers he won't have a different ip range from every package unless he spoofs his host constantly.
To your question: There are ways to backtrace an ip adress, and can be done to trace the route as far back as it goes. All other ips he passes will be recorded and he won't be able to spoof those.
Anyway that's as much as I know about it, there are people far more experienced in this stuff, and best changes are another hacker...

Greetings Dre
Dre is offline   Reply With Quote
Old 07-29-2002, 04:45 AM   #3
thelenian
Member
 
Join Date: Apr 2002
Posts: 122
thelenian is on a distinguished road
Actually, it's impossible to pin a DRDoS (which seems to be what you're describing) to a real person if that person has even half of a functioning brain (i.e. a pre-pubescent 5|<riP7 |<idD13 will do nicely).  Anyone who claims otherwise doesn't know what he/she is talking about.  Sure, you can trace the packets back to the source, but the source is usually a zombied windows box, and the trail ends there.  Period.

Quote:
Originally Posted by
a player with a hacker/cracker background, who once told me that he had about 20 computers
Those 20 computers are almost certainly windows computers compromized by sub-7, back orifice, or whatever the current generation of DRDoS/remote admin trojan bots are called, and not owned (they're 0\/\/n3d ) by the person.

GRC has some good reading for people unfamiliar with the subject.
thelenian is offline   Reply With Quote
Reply


Thread Tools


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

All times are GMT -4. The time now is 10:28 PM.


Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Style based on a design by Essilor
Copyright Top Mud Sites.com 2014