complete newbie, so I apologise if the solution to this is really quite simple - I know little and have forgotten more. I am in truth just a casual comp user, but being 14000KM from home, the net helps me to keep in touch.
I have read a number of threads here but have not seen anything specifically about this. I have tried googling for info, but just got fed to dead end links, so I came here
Problem : I have a constant booter whilst in yahoo messenger and whilst I have tried to protect by stopping flooding, disabling services etc. i still get kicked, so my guess is that he is operating from outside the messenger environment. The booter uses any number of clones and generates logins as quickly as I can ignore them, so it does not help to just put the ID's in the iggy bin. As he is using multi ID's, is it possible to simply fire everything back to his own machine as the ISP would appear to be the single constant in the whole chain - a program to run alongside msgr perhaps.
I am usually quite a passive person, but am now going to sit down and read up on the stuff simply to secure myself, and also possibly to teach him the meaning of the line from 'the Big Lebowski'; "you don't fck a stranger up the ass."
Whilst I am learning, any help you could provide would be greatfully appreciated.
Thanks
being sent crashing
- LaBlueGirl
- Suckopithicus chickasaurus
- Posts: 513
- Joined: 22 Mar 2006, 17:00
- 18
- Location: Brussel
- Contact:
Well,
If you are in Bangkok, you are limited in your queries/results:)
It is almost 1 a.m. here and I am about to crash, but just googling from Europe I found a few things.
Will respond more in the a.m. (as I am sure others will too)
Nice to meetcha
LBG
It is almost 1 a.m. here and I am about to crash, but just googling from Europe I found a few things.
Will respond more in the a.m. (as I am sure others will too)
Nice to meetcha
LBG
"Hey, Crash!
Ever tried walking with no legs?
It's real slow!"
~Crunch, Crash Bandicoot TTR
Ever tried walking with no legs?
It's real slow!"
~Crunch, Crash Bandicoot TTR
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, no matter how many clones or whatever the lamer uses (booting is lamer-only ) the source of the packets are his box....which means all data packets have the same source IP.
here´s what I would do:
use TCPview (can be found in our dl-section), let it run in the background and once you´re attacked open it and check for the source IP (should be easily to find because of the massive ammount of connections coming from the same source). once you retrieved the IP you can block it by your firewall (desktop or router-one, don´t matter, but router would be even better).
if it not works or you´re not fast enough to check the connections you can run a packetsniffer like Ethereal and analyze the captured packets (simply run a query for packets using YMSG or YHOO-protocols so you don´t have to search the whole log). this will also give you the lamers IP.
of course his IP might change from time to time (depends on his connection type), so you might do this regularly until he gives up.
to enforce it a little you should contact the ISP (of the attacker) once you retrieved the IP and tell them (in a friendly "business-man"-way) that one of their users is abusing their services to attack you and that you´ll HAVE TO (because it´s disturbing your business) start a law suit against the user AND against their company if they don´t take action (booting is labeled as "computer sabotage" (DoS-attack) and therefore a crime)....
there would be also a hardcore way, but you would need a *nix system for this:
-retrieve the IP as mentioned above
-setup a firewall rule using the MIRROR target, for example:
this would send all packets back to the attacker, which means he would bomb his own connection...
here´s what I would do:
use TCPview (can be found in our dl-section), let it run in the background and once you´re attacked open it and check for the source IP (should be easily to find because of the massive ammount of connections coming from the same source). once you retrieved the IP you can block it by your firewall (desktop or router-one, don´t matter, but router would be even better).
if it not works or you´re not fast enough to check the connections you can run a packetsniffer like Ethereal and analyze the captured packets (simply run a query for packets using YMSG or YHOO-protocols so you don´t have to search the whole log). this will also give you the lamers IP.
of course his IP might change from time to time (depends on his connection type), so you might do this regularly until he gives up.
to enforce it a little you should contact the ISP (of the attacker) once you retrieved the IP and tell them (in a friendly "business-man"-way) that one of their users is abusing their services to attack you and that you´ll HAVE TO (because it´s disturbing your business) start a law suit against the user AND against their company if they don´t take action (booting is labeled as "computer sabotage" (DoS-attack) and therefore a crime)....
there would be also a hardcore way, but you would need a *nix system for this:
-retrieve the IP as mentioned above
-setup a firewall rule using the MIRROR target, for example:
Code: Select all
iptables -I INPUT -s <attacker´s IP here> -j MIRROR
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 19
many thanks
Thanks to all for your help. When the lamer comes into the chatroom again, I will do my best to put everything in place; for now, just a case of waiting, but I have a lot more peace of mind now.
I hope you do not mind, but I have passed on your tips and information to trusted members of the room, and we are all hopeful that by presenting him with no opportunities to stimulate himself, he will go back to the porn sites, and his coloring book and sandpit.
I just wish I operated under Unix so I could shaft the lamer sideways, but his time will come I am sure.
For now, I am getting back to the manuals and hoping to one day in the not too distant future be able to provide assistance to other newbies, possibly on topics you forgot many years ago whilst still developing your own skills.
Once again, many thanks for your help.
I hope you do not mind, but I have passed on your tips and information to trusted members of the room, and we are all hopeful that by presenting him with no opportunities to stimulate himself, he will go back to the porn sites, and his coloring book and sandpit.
I just wish I operated under Unix so I could shaft the lamer sideways, but his time will come I am sure.
For now, I am getting back to the manuals and hoping to one day in the not too distant future be able to provide assistance to other newbies, possibly on topics you forgot many years ago whilst still developing your own skills.
Once again, many thanks for your help.
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
no problem man, hope it helped....
this site might interest you:
http://www.helpbytes.co.uk/clients.php
alternative yahoo messengers which use the old YCHT protocol are very hard to boot I´ve heard...
this site might interest you:
http://www.helpbytes.co.uk/clients.php
alternative yahoo messengers which use the old YCHT protocol are very hard to boot I´ve heard...