January 4, 2005 - LinuxRulz Commercial was the target of a Distributed Denial of Service (DDoS) attack. The company had a dedicated server on ISP X, and after a week their Domain Name Service (DNS) server came under attack. The hacker used a botnet (or bot network) of approximately 10,000 computers that simultaneously sent huge amounts of requests to the DNS. The DDoS attack attempted to resolve some domain names including leet.nexhost.org, ns1.nexhost.org, ns2.nexhost.org, floop.m33pm33p.info, irc.k1hosting.net, and b0tn3t.elite-coders.org.
In a typical DDoS attack, the attacker has control over a botnet. A botnet is a network of enslaved personal computers (bots), under the control of one hacker or even a team of hackers. When the DDoS attack is launched, the cyber criminal makes every botnet computer send request after request to the target's DNS servers. When the DNS server is hit with the multiple requests, the amount of received data can be up to 10Gbps. This data floods the DNS server and makes the websites it serves go down.
To fight off the DDoS attack, the company changed the root.cache on their DNS servers. It was configured to resolve the DNS queries to 127.0.0.1. For one hour the change held off the DDoS attack however, the DDoS attacker then sent more attacks on port 5556, an unused port.
In response the company's owner sent abuse reports for more than 10,000 IP addresses. He grouped them by ISP and sent an e-mail containing the offending IPs to every ISP. The website did not go offline, but it received a constant 200Kbps amount of DNS traffic.
Source: Insecure.org
About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.