Posts by PandaMan

Quote

Originally posted by phileditin
These are called SYN attacks, similar to DoS - Denial of service.

More info

The SYN flood attack sends TCP connections requests faster than a machine can process them.

* attacker creates a random source address for each packet
* SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address
* victim responds to spoofed IP address, then waits for confirmation that never arrives (waits about 3 minutes)
* victim's connection table fills up waiting for replies
* after table fills up, all new connections are ignored
* legitimate users are ignored as well, and cannot access the server
* once attacker stops flooding server, it usually goes back to normal state (SYN floods rarely crash servers)
* newer operating systems manage resources better, making it more difficult to overflow tables, but still are vulnerable
* SYN flood can be used as part of other attacks, such as disabling one side of a connection in TCP hijacking, or by preventing authentication or logging between servers.

Display More

SYN flooding is one variant. It is also one of the easiest to defeat. Flooding does not mean SYN floods. It can be ping, malformed packets, port-specific, or even application specific. In all cases (these and more), flooding is referring to exceptionally large counts of whatever is being sent. A SYN flood can be stopped VERY efficiently, from layer 4 on up, or by simple use of Access Control Lists, firewall rules, or an active IDS system.

TLR was not likely a victim of SYN flooding. I'd be more apt to believe it was an inside job, and an attack would make for a good cover up for the embarrassment. since I have seen an attorney worth tens of millions with his login and password known by 10 ppl (2 of which were disgruntled former IT staff), I can authoritatively say that many places that use strong security to the outside, are soft and juicy vulnerable targets for inside attacks. If you have firewall, server and network security, but 4 year old passwords, you have NO security.

Quote

Originally posted by Blaster
maybe we should buy the domain and link it to swat its only parked

sure, but you'll have to wait until April of 2010, assuming they don't renew their ownership. It's redirected, via DNS records, back to the Registry co. (GoDaddy).

Removing their custom DNS pointers will direct any name based flooding back to a company capable of not only handling the volume, but of tracking, and probably prosecuting those behind it. Flooding is a very ineffective tactic, usually, and typically easily throttled down, or even halted altogether. I have seen evidence of automated download attacks that, if a site isn't properly secured and hardened, can imitate normal download activity but at extreme bandwidth use.

Hacked could mean a lot of things. Flooded usually has to do with preventable methods of bandwidth saturation or cost creation. And no, other than at a simple packet level, I am not aware of exactly what method you use to prevent download or page hit flooding. The tools are out there. I don't know the specifics of them.

Their actual registered IP address does return pings:

Pinging 68.178.232.100 with 32 bytes of data:

Reply from 68.178.232.100: bytes=32 time=65ms TTL=11
Reply from 68.178.232.100: bytes=32 time=67ms TTL=11
Reply from 68.178.232.100: bytes=32 time=65ms TTL=11
Reply from 68.178.232.100: bytes=32 time=66ms TTL=11

Ping statistics for 68.178.232.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% lo
Approximate round trip times in milli-seconds:
Minimum = 65ms, Maximum = 67ms, Average = 65ms

This could be via redirection, by another device, to demonstrate uptime. It could also be their indirect DNS provider, domainsbyproxy.com, responding.

Here is the NSlookup for their IP:
Name: parkwebwin-v01.prod.mesa1.secureserver.net

Telnet and FTP don't respond. Due to potential legal issues in performing unsolicited probes, I am stopping at this point.

Let's just hope Lancer's comes up, and becomes the site it was a few years ago.

the hole it has left only reinforces my belief that the community needs SEVERAL sites of high calibre to ensure continuity when one falls.