Botnets

Discussion about hacker.org's server
Post Reply
User avatar
Provant
Posts: 9
Joined: Tue Jan 06, 2009 7:35 am

Botnets

Post by Provant »

Someone threatened to DDoS me with a botnet? Does that even make sense LOOOOOOOOOL, oh noez my computerz gunna be slow for a few dayz, oo god grow a set. LOOOOOOL
BerryTheWest
Posts: 205
Joined: Sat Nov 29, 2008 3:19 am

Re: Botnets

Post by BerryTheWest »

Provant wrote:Someone threatened to DDoS me with a botnet? Does that even make sense LOOOOOOOOOL, oh noez my computerz gunna be slow for a few dayz, oo god grow a set. LOOOOOOL
If they do, then you can just use WireShark and gain evidence and the information of internet protocol address and block them.

Don't waste time making a topic when solution is simple. Either prepare yourself or ignore a threat.
The Assistant of the Clan. The White Orders.
athlete501
Posts: 147
Joined: Tue Jul 03, 2007 2:00 am

Post by athlete501 »

uh actually more can happen when you're dos/ddos'd...it simply crashes the system...which is a very vulnerable time..if they're good they can inject backdoors and what not without being detected. otherwise your internet not only will not be slow..but if it works..you just wont be able to use it
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

athlete501 wrote:uh actually more can happen when you're dos/ddos'd...it simply crashes the system...which is a very vulnerable time..if they're good they can inject backdoors and what not without being detected. otherwise your internet not only will not be slow..but if it works..you just wont be able to use it
you can call your isp while its happening and they have all the info about your connections, wireshark not required, the evidence will already be with them as well.
Image

~You are a glitch in my reasoning.
athlete501
Posts: 147
Joined: Tue Jul 03, 2007 2:00 am

Post by athlete501 »

well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker
true, but a quick investigation on each victim's comp reveals the hacker. of course, leave that to the police.
Image

~You are a glitch in my reasoning.
BerryTheWest
Posts: 205
Joined: Sat Nov 29, 2008 3:19 am

Post by BerryTheWest »

athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker
Incorrect

They can create their own communication and that call socket programming.
So they don't always control bots via irc.
The Assistant of the Clan. The White Orders.
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

BerryTheWest wrote:
athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker
Incorrect

They can create their own communication and that call socket programming.
So they don't always control bots via irc.

lol@ first word. not like "thats not quite right", just INCORRECT. XD hits so much harder :3
Image

~You are a glitch in my reasoning.
athlete501
Posts: 147
Joined: Tue Jul 03, 2007 2:00 am

Post by athlete501 »

waiiit a second...there's a difference between ddosing from one computer
and commanding a botnet to do it

if one computer ddos's..they're sending packets through more than one connection (instead of one which would just be dos'ing)

if a computer commands a botnet to do it...you have SEVERAL computers doing what that one computer was doing...but regardless..you're not going to get the commanders ip unless you netstat on one of the "slaves" and see where the command is coming from (which would work if they're directly sending the command..if through irc..it wont work..you'd have to again go to the irc server and get the ip logged in)
User avatar
PaRaDoX
Posts: 708
Joined: Fri Aug 22, 2008 5:52 am
Location: In your fridge, waiting to pop out and scare you.

Post by PaRaDoX »

athlete501 wrote:waiiit a second...there's a difference between ddosing from one computer
and commanding a botnet to do it

if one computer ddos's..they're sending packets through more than one connection (instead of one which would just be dos'ing)

if a computer commands a botnet to do it...you have SEVERAL computers doing what that one computer was doing...but regardless..you're not going to get the commanders ip unless you netstat on one of the "slaves" and see where the command is coming from (which would work if they're directly sending the command..if through irc..it wont work..you'd have to again go to the irc server and get the ip logged in)
my exact point. find the slaves ip / isp, contact the isp, tell them to do the netstat on that computer while it happens and see what comes up.
Image

~You are a glitch in my reasoning.
athlete501
Posts: 147
Joined: Tue Jul 03, 2007 2:00 am

Post by athlete501 »

oh i thought you meant his own computer lol sorry
Post Reply