Botnets

Provant · Post by **Provant** » Tue Jan 06, 2009 7:55 am

Someone threatened to DDoS me with a botnet? Does that even make sense LOOOOOOOOOL, oh noez my computerz gunna be slow for a few dayz, oo god grow a set. LOOOOOOL

BerryTheWest · Post by **BerryTheWest** » Tue Jan 06, 2009 2:14 pm

Provant wrote:Someone threatened to DDoS me with a botnet? Does that even make sense LOOOOOOOOOL, oh noez my computerz gunna be slow for a few dayz, oo god grow a set. LOOOOOOL

If they do, then you can just use WireShark and gain evidence and the information of internet protocol address and block them.

Don't waste time making a topic when solution is simple. Either prepare yourself or ignore a threat.

athlete501 · Post by **athlete501** » Tue Jan 06, 2009 5:52 pm

uh actually more can happen when you're dos/ddos'd...it simply crashes the system...which is a very vulnerable time..if they're good they can inject backdoors and what not without being detected. otherwise your internet not only will not be slow..but if it works..you just wont be able to use it

PaRaDoX · Post by **PaRaDoX** » Wed Jan 07, 2009 12:21 am

athlete501 wrote:uh actually more can happen when you're dos/ddos'd...it simply crashes the system...which is a very vulnerable time..if they're good they can inject backdoors and what not without being detected. otherwise your internet not only will not be slow..but if it works..you just wont be able to use it

you can call your isp while its happening and they have all the info about your connections, wireshark not required, the evidence will already be with them as well.

athlete501 · Post by **athlete501** » Wed Jan 07, 2009 2:25 am

well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker

PaRaDoX · Post by **PaRaDoX** » Wed Jan 07, 2009 3:23 am

athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker

true, but a quick investigation on each victim's comp reveals the hacker. of course, leave that to the police.

BerryTheWest · Post by **BerryTheWest** » Wed Jan 07, 2009 3:34 am

athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker

Incorrect

They can create their own communication and that call socket programming.
So they don't always control bots via irc.

PaRaDoX · Post by **PaRaDoX** » Wed Jan 07, 2009 11:31 pm

BerryTheWest wrote:
athlete501 wrote:well you understand that the hacker controls the bots via irc, right?...soo they'll get the irc server and then they have to get a log of who was on that channel at that time..then if the hacker used a proxy/vpn..more hassle is needed to discover the hacker
Incorrect

They can create their own communication and that call socket programming.
So they don't always control bots via irc.

lol@ first word. not like "thats not quite right", just INCORRECT. XD hits so much harder :3

athlete501 · Post by **athlete501** » Wed Jan 07, 2009 11:44 pm

waiiit a second...there's a difference between ddosing from one computer
and commanding a botnet to do it

if one computer ddos's..they're sending packets through more than one connection (instead of one which would just be dos'ing)

if a computer commands a botnet to do it...you have SEVERAL computers doing what that one computer was doing...but regardless..you're not going to get the commanders ip unless you netstat on one of the "slaves" and see where the command is coming from (which would work if they're directly sending the command..if through irc..it wont work..you'd have to again go to the irc server and get the ip logged in)

PaRaDoX · Post by **PaRaDoX** » Fri Jan 09, 2009 12:37 am

athlete501 wrote:waiiit a second...there's a difference between ddosing from one computer
and commanding a botnet to do it

if one computer ddos's..they're sending packets through more than one connection (instead of one which would just be dos'ing)

if a computer commands a botnet to do it...you have SEVERAL computers doing what that one computer was doing...but regardless..you're not going to get the commanders ip unless you netstat on one of the "slaves" and see where the command is coming from (which would work if they're directly sending the command..if through irc..it wont work..you'd have to again go to the irc server and get the ip logged in)

my exact point. find the slaves ip / isp, contact the isp, tell them to do the netstat on that computer while it happens and see what comes up.

athlete501 · Post by **athlete501** » Fri Jan 09, 2009 2:19 am

oh i thought you meant his own computer lol sorry

hacker.org

Botnets

Botnets

Re: Botnets