So recently we came across a user in our servers who was advertising a (D)DoS tool, he then tried to attack our server and failed pathetically because of the awesome DDoS protection at NFO.
I went to the website he was advertising, and it really is a publicly available, purchasable DDoS tool. They have plans ranging up to 3Gbit power and 60 minutes length.
The website says their tool is for "stress testing" connections to check their attack protection, but they sell the tool to anyone who has paypal/credit card, so anyone can use the tool to attack game servers or any other server.
Is there anything I as a user, or NFO can(if you have contacts or more knowledge in the field) do to get sites like these taken down? I realize they can just put another site up and do it all over again, but it just baffles me that sites like this exist.
I will not advertise the websites name, but if NFO knows how to deal with people like this, and has the time, I will give them the link in a ticket.
What can we do?
-
soja
- This is my homepage
- Posts: 2389
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri May 18, 2012 3:20 pm
What can we do?
Not a NFO employee
-
Vanderburg
- Former staff
- Posts: 1253
- Joined: Sat Nov 13, 2010 7:27 am
- Location: Dallas, TX
Re: What can we do?
The best bet would be to report it to their host, if you can figure that out. We can't personally do anything, but their host, if they are reputable, would surely find a fair use or ToS violation.
Re: What can we do?
Their IP traces to cloudflare, the CDN/ddos protection company......lol.....
Not a NFO employee
Re: What can we do?
I created a ticket with cloudflare alerting them what the website is selling, I don't think they will take any action though.
Not a NFO employee
Re: What can we do?
What you found is sometimes called a "booter". The software to run these is pretty widely available and there are lots of them out there, most with separate, tiny botnets (or even single compromised machines) used for the actual attacks. I've discovered multiple customers here trying to run the webserver components of these tools and always shut them down immediately when I see them.
If they're hiding their IP behind CloudFlare, you probably won't have much luck stopping this one, since CloudFlare is pretty bad about allowing abuse through its services. But, you could try to rope in law enforcement to get their attention.
If they're hiding their IP behind CloudFlare, you probably won't have much luck stopping this one, since CloudFlare is pretty bad about allowing abuse through its services. But, you could try to rope in law enforcement to get their attention.
Re: What can we do?
Here is what I would do:
Use a simple CloudFlare resolver (when you register with CF, they set default domains that aren't protected, this tool will simply see if they have not been removed)
http://socialengineered.net/getCF.php
Next, go to http://www.shodanhq.com/ and search their domain. If the domain has been around long enough it's real IP has probably been grabbed so it may pop up there.
Just my two cents :3
Use a simple CloudFlare resolver (when you register with CF, they set default domains that aren't protected, this tool will simply see if they have not been removed)
http://socialengineered.net/getCF.php
Next, go to http://www.shodanhq.com/ and search their domain. If the domain has been around long enough it's real IP has probably been grabbed so it may pop up there.
Just my two cents :3
-
CloseTalker
- New to forums
- Posts: 6
- Joined: Sat Sep 14, 2013 3:39 pm
Re: What can we do?
ya these people are everywhere it would be awesome to track all their ip's in a database so they would carry a red flag with them everywhere.. but of course proxyies
-
pinksandgreens
- New to forums
- Posts: 5
- Joined: Thu Aug 22, 2013 2:15 am
Re: What can we do?
Yes, you are right, I am agree with you.