Results 1 to 12 of 12
  1. #1
    Join Date
    Jul 2002
    Location
    Your computer
    Posts
    268

    Post How to report an individual who is DDOSing?

    We basically have a hacker that continuously DDOS attacks our servers. He is openly admitting he is doing it.

    Some investigation revealed he is from Romania. Have a name and number and IP address but no other information.

    What is the best way to report this individual? Obviously Romania is a foreign country to me and i do not speak Romanian.

    Also, what is the best way to prove this person is DDOSing? Aside from admitting he is doing it, there is really no other hard proof because the computers he is using to launch the DDOS is coming from other infected computers from all over the world.

    Sorry if this is the wrong forum to post to but I am not sure where to put this question.

    Thanks in advance.

  2. #2
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Two problems:

    1) It's close to impossible to extradite and prosecute anyone in Romania.

    2) Even if they were in the U.S. and you had an exact street address, a law enforcement officer has to have first hand knoweldge of the facts involved. Your testimony is not evidence. Local agencies do not have the resources to investigate this type of crime and Federal agencies only involve themselves with the worst of the worst DDoS cases.

  3. #3
    Join Date
    May 2008
    Posts
    117
    Quote Originally Posted by IRCCo Jeff View Post
    Two problems:

    1) It's close to impossible to extradite and prosecute anyone in Romania.

    2) Even if they were in the U.S. and you had an exact street address, a law enforcement officer has to have first hand knoweldge of the facts involved. Your testimony is not evidence. Local agencies do not have the resources to investigate this type of crime and Federal agencies only involve themselves with the worst of the worst DDoS cases.
    This much sums it up. Pretty sad that they are working on idiotic things like ACTA and PIPA but wont do anything against the real problems.

  4. #4
    Join Date
    May 2004
    Posts
    354
    I know people who have literally flown to another country, punched a DDoSer in the face (as they opened the door), and flown back.

    Seemed effective

  5. #5
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,276
    How much loss is he causing you with these DDoS attacks? If it's big enough maybe it could warrant hiring someone (for instance someone from Ukraine) to go and deal with him face to face.

  6. #6
    Good day:

    If you have the IP address, you can look up the data center or ISP who has authority over the IP address.

    Then you report the abuse to them asking them to either stop the abuse or terminate the client.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  7. #7
    Join Date
    Mar 2009
    Posts
    3,816
    Quote Originally Posted by dynamicnet View Post
    Good day:

    If you have the IP address, you can look up the data center or ISP who has authority over the IP address.

    Then you report the abuse to them asking them to either stop the abuse or terminate the client.

    Thank you.
    This is not going to actually do anything..

  8. #8
    Join Date
    Jul 2002
    Location
    Your computer
    Posts
    268
    Quote Originally Posted by quantumphysics View Post
    This is not going to actually do anything..

    That is true...wont help much because they would just move onto another ISP.

    I guess getting a local person to contact the authorities to have a talk with his daddy might be the best option.

  9. #9
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Is this a DOS or a DDOS? A DOS can come from one IP, a DDOS comes from many - often thousands. You're not going to be able to report the IP of a DDOS

  10. #10
    Good day:

    Quote Originally Posted by quantumphysics View Post
    This is not going to actually do anything..
    Based on our experience, it can be helpful; but a lot does depend on the country involved, the data center involved, and if the abuse emails are actually working.

    We've been doing security snitching for years as we review log files and security reports.

    Some data centers and ISP's have close to a 100% track record of cleaning up abuse within 48 hours... others like Rackspace.com seem to love sharing "fanatical support" about every thing BUT working with clients to clean up hacked servers (of note, Rackspace.com does eventually get the hacks cleaned up... but it may take weeks).

    Oh, and there are some data centers like ServInt that if you send them abuse reports, well they end up black listing the report sender; so I guess they would rather have hacked servers than hear about it.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  11. #11
    Join Date
    Jul 2002
    Location
    Your computer
    Posts
    268
    Quote Originally Posted by brianoz View Post
    Is this a DOS or a DDOS? A DOS can come from one IP, a DDOS comes from many - often thousands. You're not going to be able to report the IP of a DDOS


    Its a DDOS coming from thousands but we have him admitting what he's doing. Sorry to bring an old thread up but he is at it again. I am now looking to hire someone from Romania to go and "punch him in the face" or something similar.

  12. #12
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by dynamicnet View Post
    We've been doing security snitching for years as we review log files and security reports.
    Despite your efforts, the problem continues to grow exponentially. It is our job as security professionals to develop technology to defend against attacks rather than wait for others to assist.

Similar Threads

  1. Replies: 19
    Last Post: 10-29-2010, 01:47 PM
  2. Detecting IP address' Ddosing server
    By justdosit in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-18-2010, 10:24 AM
  3. Urchin CGI Report. Error Encountered (1006). No Permission to view Report.
    By ExtremeIS in forum Hosting Security and Technology
    Replies: 4
    Last Post: 01-21-2004, 06:06 PM
  4. someone DDOSing me?
    By Yong in forum Dedicated Server
    Replies: 16
    Last Post: 09-26-2003, 06:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •