Comments on: Botnets / DDoS http://geekmontage.com Reviews, Games, Guides, Hacks. Anything and everything geeky Thu, 24 May 2012 15:22:47 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: V.H. http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-20243 V.H. Wed, 23 Mar 2011 14:57:15 +0000 http://www.geekmontage.com/?page_id=54#comment-20243 Good writing and good article!! Good writing and good article!!

]]> By: DarkKnightH20 http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8161 DarkKnightH20 Thu, 03 Jun 2010 18:29:22 +0000 http://www.geekmontage.com/?page_id=54#comment-8161 If you use a proxy that has high anonymity, then the person will get the IP address of the proxy rather than yours (if the person manages to get your IP at all that is). If the proxy does end up getting DDoSed, the proxy will be the one taking the damage instead of you, since the entirety of the botnet will be focused on flooding packets to the proxy specifically and not your IP. The proxy *could* go down if the attack is heavy enough, in which case you would disconnect from mIRC because the proxy can no longer handle the legitimate data you're sending. Your connection would still remain in tact though, which is the important part :) Unfortunately, it does mean you'd have to switch to another proxy if that is the case, or wait for it to go back up. If you use a proxy that has high anonymity, then the person will get the IP address of the proxy rather than yours (if the person manages to get your IP at all that is). If the proxy does end up getting DDoSed, the proxy will be the one taking the damage instead of you, since the entirety of the botnet will be focused on flooding packets to the proxy specifically and not your IP. The proxy *could* go down if the attack is heavy enough, in which case you would disconnect from mIRC because the proxy can no longer handle the legitimate data you’re sending. Your connection would still remain in tact though, which is the important part :) Unfortunately, it does mean you’d have to switch to another proxy if that is the case, or wait for it to go back up.

]]> By: sarah lee http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8136 sarah lee Thu, 03 Jun 2010 08:20:10 +0000 http://www.geekmontage.com/?page_id=54#comment-8136 i did have dcc and dcc filesharing enalbed, i have now disabled that. i am well protected against Attacks, but i am sure this person is getting my ip from mIRC client, if i use a proxy, does this mean hi will not be able to get my ip or my proxy ip? also if he does somehow get my proxy ip and decide to ddos it will this effect me and will i have to change my proxy ip again? as long as i can stop this person from getting my ip then i shouldnt have a problem. i did have dcc and dcc filesharing enalbed, i have now disabled that. i am well protected against Attacks, but i am sure this person is getting my ip from mIRC client, if i use a proxy, does this mean hi will not be able to get my ip or my proxy ip?
also if he does somehow get my proxy ip and decide to ddos it will this effect me and will i have to change my proxy ip again?
as long as i can stop this person from getting my ip then i shouldnt have a problem.

]]> By: DarkKnightH20 http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8101 DarkKnightH20 Wed, 02 Jun 2010 20:21:33 +0000 http://www.geekmontage.com/?page_id=54#comment-8101 There are services that offer secure shell hosting, which can be used to host your own private BNC. I don't know of any off the top of my head, but run in to them from time to time. The mode $me mode $nick are identical. If you use mIRC, they specifically recommend SOCK proxies, which are harder to find, but HTTP proxies work too. When is it that you type in the /mode $nick +x command? Do you have a script that automatically does it for you? The reason I ask is because commonly what happens is people have "auto join" enabled so that when they login, they immediately join the room they're interested in, and unfortunately that usually occurs before the +x privacy is activated, thus allowing everyone to see your information unmasked. For that reason, it's best to ensure the +x is enabled far before the auto joining of a specific channel. Proxies can be very effective on IRC if they're NOT transparent. You'll be masked instantly just like a BNC. A combination of both would be even more effective if you can find a secure place to setup a BNC and use a well-made BNC script. Here's some information on both host masking (which you do already) and setting up a proxy with mIRC-- http://www.ehow.com/how_6056576_hide-ip-irc.html I should have mentioned this earlier -- but do you have DCC enabled? If so, disable it immediately. Disable both DCC chat and DCC file sending, as they can be used to grab your IP address. Hope that helps! If not, sorry I'm not being very helpful, as I've never run into the issue myself. Are you positive that you're not infected with anything like a keylogger as well? Just thought I'd ask. There are services that offer secure shell hosting, which can be used to host your own private BNC. I don’t know of any off the top of my head, but run in to them from time to time. The mode $me mode $nick are identical. If you use mIRC, they specifically recommend SOCK proxies, which are harder to find, but HTTP proxies work too.

When is it that you type in the /mode $nick +x command? Do you have a script that automatically does it for you? The reason I ask is because commonly what happens is people have “auto join” enabled so that when they login, they immediately join the room they’re interested in, and unfortunately that usually occurs before the +x privacy is activated, thus allowing everyone to see your information unmasked. For that reason, it’s best to ensure the +x is enabled far before the auto joining of a specific channel.

Proxies can be very effective on IRC if they’re NOT transparent. You’ll be masked instantly just like a BNC. A combination of both would be even more effective if you can find a secure place to setup a BNC and use a well-made BNC script. Here’s some information on both host masking (which you do already) and setting up a proxy with mIRC–

http://www.ehow.com/how_6056576_hide-ip-irc.html

I should have mentioned this earlier — but do you have DCC enabled? If so, disable it immediately. Disable both DCC chat and DCC file sending, as they can be used to grab your IP address. Hope that helps! If not, sorry I’m not being very helpful, as I’ve never run into the issue myself. Are you positive that you’re not infected with anything like a keylogger as well? Just thought I’d ask.

]]> By: sarah lee http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8100 sarah lee Wed, 02 Jun 2010 20:01:47 +0000 http://www.geekmontage.com/?page_id=54#comment-8100 thanks for reply. yes i do have dynamic but they've ddossed me 3 times now on. i use //mode $me +x on mirc which i think is maybe similar to the '/mode $nick +x' that you mentioned but obviously it isn't good enough. im assuming now that the bnc is not secure enough considering they have the capability to hack into it, the password was very random and im not sure what password cracking involves.. how exactly does hosting work? and how affective are proxies against hackers? some proxies are also not allowed to be used on irc servers. I'm just trying to do my research on finding something completely secure and that can prevent my ip from being found and having the same recurring issue. thanks for reply. yes i do have dynamic but they’ve ddossed me 3 times now on. i use //mode $me +x on mirc which i think is maybe similar to the ‘/mode $nick +x’ that you mentioned but obviously it isn’t good enough. im assuming now that the bnc is not secure enough considering they have the capability to hack into it, the password was very random and im not sure what password cracking involves.. how exactly does hosting work? and how affective are proxies against hackers? some proxies are also not allowed to be used on irc servers. I’m just trying to do my research on finding something completely secure and that can prevent my ip from being found and having the same recurring issue.

]]> By: DarkKnightH20 http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8094 DarkKnightH20 Wed, 02 Jun 2010 19:23:44 +0000 http://www.geekmontage.com/?page_id=54#comment-8094 Hi and thanks for the comment! Sounds pretty rough. Do you have a dynamic IP address or a static one? If your IP doesn't change, then you can easily be targeted. Some IRC servers offer privacy options built-in to the server itself where you simply write "/mode $nick +x" (substituting "$nick" with your nick) to hide your IP address. This on top of a secure BNC helps tremendously. I know that QuakeNet has this feature, but have never used ausnet so it may not have such a feature. If your BNC was hacked into, I'd suggest finding another BNC service elsewhere. Some people find free hosting for such services and setup their own personal BNC through such. Others use proxies pure proxies, as you mentioned. If you'd like to go through proxies, find high anonymity proxies through online proxy lists (opposed to transparent ones that don't hide IPs) and run them through a proxy scanner to see which ones really work and which ones don't. As for the comment about hacking infected computers, that means that the user who is infected likely does not update their system with security patches and therefore may possibly be hacked again easily (this is a big variable though, since the user infected could easily patch their system after being infected). On a side note, be sure to use highly secure passwords on any account you're using in case the attacker simply password cracked your information. Good luck! Hi and thanks for the comment! Sounds pretty rough. Do you have a dynamic IP address or a static one? If your IP doesn’t change, then you can easily be targeted. Some IRC servers offer privacy options built-in to the server itself where you simply write “/mode $nick +x” (substituting “$nick” with your nick) to hide your IP address. This on top of a secure BNC helps tremendously. I know that QuakeNet has this feature, but have never used ausnet so it may not have such a feature. If your BNC was hacked into, I’d suggest finding another BNC service elsewhere. Some people find free hosting for such services and setup their own personal BNC through such. Others use proxies pure proxies, as you mentioned. If you’d like to go through proxies, find high anonymity proxies through online proxy lists (opposed to transparent ones that don’t hide IPs) and run them through a proxy scanner to see which ones really work and which ones don’t.

As for the comment about hacking infected computers, that means that the user who is infected likely does not update their system with security patches and therefore may possibly be hacked again easily (this is a big variable though, since the user infected could easily patch their system after being infected). On a side note, be sure to use highly secure passwords on any account you’re using in case the attacker simply password cracked your information. Good luck!

]]> By: sarah lee http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-8070 sarah lee Wed, 02 Jun 2010 10:59:49 +0000 http://www.geekmontage.com/?page_id=54#comment-8070 Hi I have recently been getting ddossed on an irc (ausnet) server. i then got a bnc which is meant to be secure and serves the purpose of hiding an ip, but the same ppl somehow accessed the bnc and linked email address too and changed the password. irc also has open ports so im not sure if that plays a part in it. Ive heard that a vpn which is similar to a proxy is a good method of protection but i am still not sure and need some advice on how to protect my ip while using irc? also could you elaborate on this\'If that computer was so easily infected with a backdoor, chances are, that you too may be able to hack it and grab the bot client. After doing so, you can do a number of things, such as send a copy to your ISP/authorities or even reverse engineer it to grab the password/server info/etc. I'd love to hear from you, thanks:) Hi I have recently been getting ddossed on an irc (ausnet) server. i then got a bnc which is meant to be secure and serves the purpose of hiding an ip, but the same ppl somehow accessed the bnc and linked email address too and changed the password. irc also has open ports so im not sure if that plays a part in it. Ive heard that a vpn which is similar to a proxy is a good method of protection but i am still not sure and need some advice on how to protect my ip while using irc? also could you elaborate on this\’If that computer was so easily infected with a backdoor, chances are, that you too may be able to hack it and grab the bot client. After doing so, you can do a number of things, such as send a copy to your ISP/authorities or even reverse engineer it to grab the password/server info/etc. I’d love to hear from you, thanks:)

]]> By: Sammy http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-1258 Sammy Tue, 01 Dec 2009 03:26:58 +0000 http://www.geekmontage.com/?page_id=54#comment-1258 lol! Sounds like dkraft doesn't know what DOS'ing is. NOOOB! lol! Sounds like dkraft doesn’t know what DOS’ing is. NOOOB!

]]> By: DarkKnightH20 http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-1257 DarkKnightH20 Tue, 01 Dec 2009 01:20:48 +0000 http://www.geekmontage.com/?page_id=54#comment-1257 Yes, illegal. Especially if the bots are people infected against their own will. References? I don't know too many people who reference themselves, but if you want me to I'll be more than gladly to do so. I didn't use Wikipedia, but thank you for your comment and sorry to hear you disliked my article. Yes, illegal. Especially if the bots are people infected against their own will.

References? I don’t know too many people who reference themselves, but if you want me to I’ll be more than gladly to do so. I didn’t use Wikipedia, but thank you for your comment and sorry to hear you disliked my article.

]]> By: dkraft http://geekmontage.com/texts/botnets-ddos/comment-page-1/#comment-1255 dkraft Mon, 30 Nov 2009 21:08:50 +0000 http://www.geekmontage.com/?page_id=54#comment-1255 illegal ? How about some supporting references ? so far all you've done is requote wikipedia. http://en.wikipedia.org/wiki/Ddos#Distributed_attack illegal ?
How about some supporting references ?
so far all you’ve done is requote wikipedia.
http://en.wikipedia.org/wiki/Ddos#Distributed_attack

]]>