Thread: OT Bombing attack
View Single Post
  #24   Report Post  
Old February 21st 05, 07:18 PM posted to uk.sci.weather
Gianna Stefani Gianna Stefani is offline
external usenet poster
  
First recorded activity by Weather-Banter: Nov 2004
Posts: 489
Default OT Bombing attack
cupra wrote:
Geoff F. wrote:

As I understand it, on Mon, 21 Feb 2005 18:53:07 +0000, cupra
reported this:


Geoff F. wrote:

As I understand it, on Mon, 21 Feb 2005 17:31:20 +0000, cupra
reported this:


Although some may see this as responding to the attacker and hence
making it worse, I've had a look and some other uk groups have
experienced attacks recently and thought I'd post my observations:

- They seem to start soon after 9am and end around 5pm.

- The attacker will be monitoring posts and modifies his/her bot
to get around message rules (keywords/message length/size etc)

- The from field seems to repeat so it may be possible to block
senders successfully to reduce the volume (although he/she may add
more)

- news.individual.net seems to quickly block messages on their
server so disruption is kept to a minimum

- the attack seems to last for 2/3 days, so expect more disruption

By the looks of it if this ng 'toughs it out' the attack will end.

p.s Does anyone know of a good filter add on for OE users?

FYI:
these are Hipcrime bots flooding the newsgroup.
http://c2.com/cgi/wiki?HipcrimeFloods

It's possible the headers are forgeries.
http://www.geocities.com/hcfaq/

Who is Hipcrime?
http://www.killfile.org/dungeon/why/hipcrime.html

HTH.

If the flood originates in the EU, is there anything the authorities
can do?

It's hard to say *where* they are originating from, & what
authorities are you referring to?


UK Police.... (*Computer misuse act ) - not sure how it covers spam, but
this seems more of a DOS attack (in that it's making the ng unusable for
some)



Perhaps the server to which he posted (wherever that was) might know the
real IP of the sender, but that assumes the operators of said server
cared, keep a log of connections, is in a place covered by misuse laws,
etc. etc.

Spoofing an IP is not *that* difficult. Sending untraceable spam is not
difficult. And DoS attacks against ISPs or indviduals is arguably easier
unless they have adequate protection. Fragmented packet attacks and
remotely telling other people's dialup modems to hang up are easy peasy.

--
Gianna Stefani

www.buchan-meteo.org.uk
Reply With QuoteReply With Quote