being sent crashing

scooby3 · Post by **scooby3** » 11 Jul 2006, 16:33

complete newbie, so I apologise if the solution to this is really quite simple - I know little and have forgotten more. I am in truth just a casual comp user, but being 14000KM from home, the net helps me to keep in touch.

I have read a number of threads here but have not seen anything specifically about this. I have tried googling for info, but just got fed to dead end links, so I came here

Problem : I have a constant booter whilst in yahoo messenger and whilst I have tried to protect by stopping flooding, disabling services etc. i still get kicked, so my guess is that he is operating from outside the messenger environment. The booter uses any number of clones and generates logins as quickly as I can ignore them, so it does not help to just put the ID's in the iggy bin. As he is using multi ID's, is it possible to simply fire everything back to his own machine as the ISP would appear to be the single constant in the whole chain - a program to run alongside msgr perhaps.

I am usually quite a passive person, but am now going to sit down and read up on the stuff simply to secure myself, and also possibly to teach him the meaning of the line from 'the Big Lebowski'; "you don't fck a stranger up the ass."

Whilst I am learning, any help you could provide would be greatfully appreciated.
Thanks

LaBlueGirl · Post by **LaBlueGirl** » 11 Jul 2006, 16:57

If you are in Bangkok, you are limited in your queries/results:)

It is almost 1 a.m. here and I am about to crash, but just googling from Europe I found a few things.
Will respond more in the a.m. (as I am sure others will too)

Nice to meetcha

LBG

Post by **bad_brain** » 12 Jul 2006, 05:48

well, no matter how many clones or whatever the lamer uses (booting is lamer-only

) the source of the packets are his box....which means all data packets have the same source IP.
here´s what I would do:
use TCPview (can be found in our dl-section), let it run in the background and once you´re attacked open it and check for the source IP (should be easily to find because of the massive ammount of connections coming from the same source). once you retrieved the IP you can block it by your firewall (desktop or router-one, don´t matter, but router would be even better).
if it not works or you´re not fast enough to check the connections you can run a packetsniffer like Ethereal and analyze the captured packets (simply run a query for packets using YMSG or YHOO-protocols so you don´t have to search the whole log). this will also give you the lamers IP.
of course his IP might change from time to time (depends on his connection type), so you might do this regularly until he gives up.
to enforce it a little you should contact the ISP (of the attacker) once you retrieved the IP and tell them (in a friendly "business-man"-way) that one of their users is abusing their services to attack you and that you´ll HAVE TO (because it´s disturbing your business) start a law suit against the user AND against their company if they don´t take action (booting is labeled as "computer sabotage" (DoS-attack) and therefore a crime)....

there would be also a hardcore way, but you would need a *nix system for this:
-retrieve the IP as mentioned above
-setup a firewall rule using the MIRROR target, for example:

Code: Select all

iptables -I INPUT -s <attacker´s IP here> -j MIRROR

this would send all packets back to the attacker, which means he would bomb his own connection...

Post by **Gogeta70** » 12 Jul 2006, 13:04

Yeah, i know how getting booted sucks, happened to me a few times.

There's a program called Y!tunnel, that you can buy, or of course, get illegally online.

Check your private messages.

Post by **CommonStray** » 12 Jul 2006, 22:32

I would have to agree with bad_brain with this solution, this way if at anytime you are being attacked using another messenger, chat or whatever youll be able to counter it, without having to use Google, or trying to find a program for it

good luck

scooby3 · Post by **scooby3** » 13 Jul 2006, 14:26

Thanks to all for your help. When the lamer comes into the chatroom again, I will do my best to put everything in place; for now, just a case of waiting, but I have a lot more peace of mind now.

I hope you do not mind, but I have passed on your tips and information to trusted members of the room, and we are all hopeful that by presenting him with no opportunities to stimulate himself, he will go back to the porn sites, and his coloring book and sandpit.

I just wish I operated under Unix so I could shaft the lamer sideways, but his time will come I am sure.

For now, I am getting back to the manuals and hoping to one day in the not too distant future be able to provide assistance to other newbies, possibly on topics you forgot many years ago whilst still developing your own skills.

Once again, many thanks for your help.

Post by **bad_brain** » 13 Jul 2006, 15:26

no problem man, hope it helped....

this site might interest you:
http://www.helpbytes.co.uk/clients.php
alternative yahoo messengers which use the old YCHT protocol are very hard to boot I´ve heard...

suck-o.com

being sent crashing

being sent crashing

Well,

many thanks