PDA

View Full Version : Namedrive DDOS Attack Update II


jacksonm
24th August 2007, 04:19 PM
DDOS Attack Update II
August 24th, 2007

Hello everyone,

I’m not going to get euphoric, but the parking is up and running fast. This was our first priority. The homepage will follow suit.

Thank you all so much for your patience and support. We will certainly reward you and make sure that you don’t lose any earnings as a result of this.
I have a funny feeling that, once your compensation has been done, the last 26 hours may be the highest earning 26 hours of the week for you, if you know what I mean ;).
We don’t want you to bear the brunt of this attack.

To give you an idea of what we have been up against since 15.00 GMT yesterday, in addition to the 600K domains we have parked on our system, our servers were being hit by XX,XXX false connections per second for over 24 hours. The attack is increasing as we speak and has been since it began.

We estimate that just to keep up this attack, it has cost the aggressor at least five figures and possibly six figures to initiate and sustain. This wasn’t poor defenses on our part, it was the use of overwhelming force and financial resources on theirs. The mind boggles at who has the time or funds to invest in something so unnecessary.

I apologise again for the mess. Please bear with us while we get the homepage up and running today and the revenue correction done, which will take a couple of days to get right.

Mister B
-------------------

Note: It does not cost a master of a botnet a cent to launch a distributed denial of service attack like this. These guys are just trying to save face. They received the request for protection money and they declined to pay it. Now the threat is being carried out.


.

touchring
24th August 2007, 04:22 PM
I've always thought that there are ninja organizations for hire that conducts such attacks.

jacksonm
24th August 2007, 04:52 PM
I've always thought that there are ninja organizations for hire that conducts such attacks.

Nope. These guys are the mafia. You can't hire the mafia to shake down businesses for you - they only do it for themselves.

The large bot networks are controlled by organized crime. They mainly target online gambling sites, but they will shake down any site that visibly earns a lot of money via online operations.

.

mulligan
24th August 2007, 05:01 PM
Nope. These guys are the mafia. You can't hire the mafia to shake down businesses for you - they only do it for themselves.

The large bot networks are controlled by organized crime. They mainly target online gambling sites, but they will shake down any site that visibly earns a lot of money via online operations.

.

Eeek! Better sort your firewall out before they come across your sites ... :o:p

jacksonm
24th August 2007, 05:19 PM
Eeek! Better sort your firewall out before they come across your sites ... :o:p

Firewall doesn't help. They just attack your firewall/gateway/whatever.

The only thing that helps is if you have more aggregate bandwidth than the attacker's distributed network can generate, and your server(s) are strong enough to handle the increased traffic.

.

xxbossmanxx
24th August 2007, 05:52 PM
LMAO about how the attackers spent 5 or 6 figures. They talking pesos?

About the poker nets- pokerstars is now prob the strongest site in the world, they tossed tens of millions into stopping this bs.

Asiaplay
24th August 2007, 06:23 PM
To be honest this is common in the commercial online world and I personally am very anti people who carry out DDOS Attacks.
I have heard of too many cases here and I was subject to the fallout of one attack due to being on the same router as the company being attacked (however I supported my server supplier and know they did their best to solve this criminal activity - therefore I never asked for a cents compensation for downtime).

There is also very little a company can do once the attack starts, if those attacking have the resources (location based where it will not be stopped quickly) - rather than spending on servers to carry it out from.

Yes - some inconvenience for their customers, but personally I hope that everyone sticks with them and supports this problem which they have (giving into guys like those attacking them, leads to a downward cost spiral which no serious business can contemplate and ultimately if given into just causes customers to suffer as well).

I back their decision not to pay and hope those carrying it out just waste their time and do not gain one cent!!!

Cheers, Asiaplay

mdw
24th August 2007, 06:35 PM
I back their decision not to pay and hope those carrying it out just waste their time and do not gain one cent!!!
Absolutely right. If Ed & company start paying extortion money to faceless thugs on the net, then guess where that money has got to come from?

The real dilemma is a forensics challenge, and the guilty parties never seem to be held accountable. It's hard to prove the guilt of the cuprit since the requests come from victims, usually unaware that their machine is compromised and acting as a node in a botnet. The compromises surely took place at some time in the past and the actual evidence left on machines may be altered as part of the process of activating and attacking.

One thing's certain though, the attackers are scum who spend their effort like this instead of domaining and setting up networks of money-making websites. They're criminals attacking honest hard-working entrepeneurs.

touchring
24th August 2007, 06:40 PM
Yes, but being a target of an attack is an achievement by itself - means your web business is worth attacking. :o

jose
24th August 2007, 06:46 PM
I am puzzled when the say: "We estimate that just to keep up this attack, it has cost the aggressor at least five figures and possibly six figures to initiate and sustain."

How do they know the current prices of renting botnets?

I also can't believe they talking about bandwidht expenses, that would be a good laught, lol. A DOS attack can't easily be fight against due it's higly distribution nature.

Asiaplay
24th August 2007, 07:04 PM
Maybe they know and maybe they don't... to be honest a lot of these come out of China (and the source is known) - it is stopping it at the source which is difficult.

Expect 3 to 4 days downtime - but once is fixed we can be assured that at least they will have as much protection built in as possible (ie, multiple servers on different IPs throughout the world - so they can switch resources to limit attacks etc. etc.).

Of interest there will be one data centre in Hong Kong signing contracts soon which state they protect against DDOS attacks (will be a first here).
So will be interesting to see if the others follow suit (up until now China and Hong Kong has been open domain to the thugs and it has resulted in servers moving offshore - which is not a solution for those targeting China parking unfortunately).

Agree - getting an attack in one way is a good sign (means their business has a profit worth people chasing).

Cheers - Asiaplay

jacksonm
24th August 2007, 07:08 PM
Expect 3 to 4 days downtime - but once is fixed we can be assured that at least they will have as much protection built in as possible (ie, multiple servers on different IPs throughout the world - so they can switch resources to limit attacks etc. etc.).

Doesn't help one bit.

The botnet zombies are also on multiple machines throughout the world, and they all possess DNS resolvers.

The way to survive the attack is to buy more bandwidth than the attacker can saturate, high-tune your DNS servers, and put up a rack of clustered web server front-ends to your database. If they are not able to knock you out, they will eventually give up.

.

xxbossmanxx
24th August 2007, 07:46 PM
I got d doss'd once and the attacker even black mailed me for cash. I laughed in his face and told him to do his worst since I could tell he was low level with his puny attack that was easily countered.

jacksonm
24th August 2007, 08:25 PM
I got d doss'd once and the attacker even black mailed me for cash. I laughed in his face and told him to do his worst since I could tell he was low level with his puny attack that was easily countered.

How did you laugh in his face? You were with him? Did you tell him AIMFAI?

.

Drewbert
24th August 2007, 10:11 PM
I also can't believe they talking about bandwidht expenses, that would be a good laught, lol. A DOS attack can't easily be fight against due it's higly distribution nature.

Exactly. That they would even say this makes you wonder about the competnece of the people running Name Drive. Hopeful y that comment was by a marketing droid who failed to listen to the tech guys explanation of what was happening.

The bandwidth consumed sending out instructions to a globally distributed bot network is tiny.

The way to fix this shit is to make Microsoft liable for the security holes.

mdw
24th August 2007, 11:12 PM
Maybe the marketing guy got the story wrong?? Maybe "five or six figures" is what ND folks paid for the bandwidth necessary to keep the parked names up. That's a lot of money to spend on bandwidth, but I suppose they were desperate and paid top dollar? Just idle speculation here obviously.

jacksonm
24th August 2007, 11:17 PM
Maybe the marketing guy got the story wrong?? Maybe "five or six figures" is what ND folks paid for the bandwidth necessary to keep the parked names up. That's a lot of money to spend on bandwidth, but I suppose they were desperate and paid top dollar? Just idle speculation here obviously.

As far as I can tell, I can't access namedrive or any of my parked names at all.

They are off the radar, dropping connections. What else can they do?


[root@tokyo ~]# wget http://www.namedrive.com
--08:17:38-- http://www.namedrive.com/
=> `index.html'
Resolving www.namedrive.com... 216.8.177.27
Connecting to www.namedrive.com|216.8.177.27|:80... failed: Connection refused.



.

thefabfive
24th August 2007, 11:20 PM
A sampling of my parked pages are resolving.

The ND home page is still down though.

bwhhisc
24th August 2007, 11:37 PM
As far as I can tell, I can't access namedrive or any of my parked names at all.

Same, i can resolve parked pages, but can't get into homepage for namedrive.

burnsinternet
25th August 2007, 12:04 AM
Suggestion for everyone: Have your parked domains loaded and ready to go on Sedo or other. If this kind of thing happens again, just change your DNS until it is over. Leave a low performing site on ND to check the status.

Wot
25th August 2007, 01:29 AM
I notice that my Sedo parked names ppc is somewhat less the last couple of days, about 15%- surely it can't be that they are reducing payouts whilst one of their main competitors are down. ;)

Rubber Duck
25th August 2007, 05:33 AM
I notice that my Sedo parked names ppc is somewhat less the last couple of days, about 15%- surely it can't be that they are reducing payouts whilst one of their main competitors are down. ;)

Should actually work the other way. Google would be short of clicks so they are more likely to let you have access to top adverts.

It is possible I believe to experience an end of month effect, where advertisers budgets are completed for some high paying keywords, so these are replaced by lower paying Ads.

It is also not really true that there is no competition. ND is the be and end all of everything, and is still serving Ads even if you cannot access the interface.

burnsinternet
25th August 2007, 12:33 PM
Final (hopefully) update… (http://blog.namedrive.com/?p=79)

August 25th, 2007

Hi guys,

Just to give you an update on this. I am very sorry that the HP is not up yet. Our lead tech guy was up for 36 hours solid battling this thing. The two times he tried getting our HP back up again, the bugs were swarming all over the servers and he brought them down again. After 36 hours, he decided to go to bed so he can get things going with a clear head today.

I appreciate it is a massive inconvenience that you can’t log into your account, but that will hopefully be resolved asap today.

If your parking pages aren’t resolving, please contact me at ed@namedrive.com and I’ll try and work out what’s going on. Tech say that if you use URL forwarding, then restarting your computer and then viewing the pages may make a difference.

Just to reiterate, whether your pages are live now or not, we will make sure that you do not lose anything as a result of this attack.

Mister B

StopDDoS
25th August 2007, 04:11 PM
Jackson -

A quick note to see if our company can assist you in any way possible regarding the DDoS attack that namedrive.com has been receiving.

Firstly, let me tell you about Stop DDoS / DDoS Solutions (http://www.stopddos.org). We are based in the US and UK, and specialise in botnet attacks, tracing, mitigating and identifying the criminals behind them. We have years of experience in helping Law Enforcement (LE) and direct links within the government to speed up cases. Our unique skills and ability to trace botnets stem from over 10 years experience in the IT security sector that all of our employees have orginated from.

If you feel our services would be of use to you then please drop me an email. Just remember that DDoS attacks are often personal attacks done by someone you know (ex clients or competition are two examples), and it is somewhat useful to know who your enemies are in the ever growing world of ecommerce.

All the best,

Thomas Anderson
Chief Security Officer
Stop DDoS / DDoS Solutions
http://stopddos.org

touchring
25th August 2007, 04:33 PM
I just logon to see my account. The apologies on the homepage is nice, but more important, is whether the account will be adjusted for the slowdown on the 23th and 24th. :o

jacksonm
25th August 2007, 07:51 PM
Jackson -

A quick note to see if our company can assist you in any way possible regarding the DDoS attack that namedrive.com has been receiving.


I am not the owner of namedrive, I'm just a user.

Highly coincidental that you found this post on your first visit to this forum, though...

.

xxbossmanxx
25th August 2007, 08:08 PM
These guys search for ddos chatter, that is how they got here. I hope they are not like the "virus cleaner" companys who give out trojans with one hand then offer repairs with the other :mad:

jacksonm
26th August 2007, 06:16 AM
I hope they are not like the "virus cleaner" companys who give out trojans with one hand then offer repairs with the other :mad:

The thought has crossed my mind on occasion.

.

touchring
26th August 2007, 10:00 AM
The thought has crossed my mind on occasion.

.


I thought such spyware and search hijackers are a thing of the past? I remebered one in one of my customer PC that opens and closes the CDROM drive every few hours, and displays a "Your PC is infected, click here for a solution!". :o

StopDDoS
26th August 2007, 01:15 PM
Hi Guys,

We do look for DDoS attacks and you will see if you google "DDoS NameDrive" just how many sites have carried the story so obviously easy for us to see

The concern stated by

Originally Posted by xxbossmanxx
"I hope they are not like the "virus cleaner" companys who give out trojans with one hand then offer repairs with the other"

is illogical if you take time to look at our site because we are not eliminating a virus; we offer the service of finding a botnets control location if it is a generic botnet and also we offer a service that includes finding the real identity of the attacker. The company you mentioned was cleaning the virus they made and not identifying who made the virus so the comparison is absurd.

The post was for ed@namedrive.com or anyone with namedrive.com to read and meant as an offer to help not spam.

But of course feel free to give us a call and we will explain our company further using the number on the website.

All the best.

Anderson.