It is currently Wed Sep 20, 2017 1:23 am




 Page 1 of 2 [ 18 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Undernet / CService - a dog without teeth?
PostPosted: Mon Aug 28, 2006 11:32 pm 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
Recent experience would say yes, and I have a fresh example.

Some random guy with a botnet decided he liked the same nickname I've been using for a while and thought he'd just grab it because hey! He has a botnet, right? Sense of entitlement, you know how that goes. My penis bigger than yours, step aside thank you very much. Now before you say it's rather ironic I'm raising this issue, you should know that I consider nicknames fair game. You're offline, it's up for grabs. It just so happens that I never go offline and seeing this, it determined the said random guy with the botnet to start flooding me. At first he caught me with my pants down and got me to disconnect.
I whois-ed all 105 of his bots because my mIRC does so automatically.
I sent an e-mail first to username-abuse because the same guy has at least 4 CService usernames that he uses. A week went by, no reply. I joined #abuse and reported this. The response I got back was awesome:
"CService staff has to take note first of the abuser before action will be taken"
Oh ... ok. So even though I raised a red flag, apparently they can't be bothered to at least look into it.

Then I sent another e-mail, again complete with logs, this time to abuse@undernet.org to report his botnet. Two days go by, I just happen to get the nickname again and once more I'm attacked. However, this time I was prepared and I didn't go down. My connection goes down 2 days later due to a heavy storm and he grabs the nickname but this time, and this is the funny part, he made sure around 10 bots are actively attempting to take it. I've noticed this because every now and then I whois it and I've seen at least that many different IPs.
Up until now it's been nice and quiet. No one from the Undernet side though got back to me about the botnet and to this day it still stands, probably doing mischief on other unsuspecting victims.

Don't get me wrong, this has nothing to do with the nickname "war" itself if you wanna call it that way because it seems that's what this guy thinks it's become and if it did, he's fighting it by himself. In no ways am I looking to retaliate, but the moment you start flooding me, the gloves come off and I ignore you no longer.

Now if I was a dick I could easily do the following: start talking to another random guy with a huge botnet and start throwing insults at him just to get him riled up. Then I could claim I'm the first guy with the botnet and provoke him into a head-to-head fight while I sit back, laugh, and the Undernet servers take a hit. And if I was an even bigger dick, I suppose I could get 4 of these idiots to fight each other.

This guy is Romanian. I'm also Romanian. It's crap like this that confirms my stand on the issue, that Romania DESERVES the reputation it gets online. Nothing but fraud, floods and script kiddies. 419 scams aren't just for Nigerians anymore folks!

Now if you want specifics, I have them too.
The usernames that are used on compromised machines are at least these:
LoveYouCriss
Robi
deeloc
b1gdunker
Joxer

You want logs? I've got all 105 of them. You can see the nice botnet if you join #Joxer, and that's not even the half of it.

How do I know the above usernames are the same guy? They're parked in the same channels most of the time, with nearly identical idle times and the nicknames used CTCP-ed me. Not to mention identical away messages, same format, same color, same lame Romanian insult.
How do I know the above nicknames are running on compromised machines? Because they go down once I report them to their network admins. I've been fetching the IPs when not logged to CService and been notifying the right folks.

So I ask you this. On issues such as this one, what does the Undernet staff/commitee/admins do? Because so far, absolutely not a damn thing. It is EXTREMELY tedious to sit there, use Superscan to whois each IP and write e-mails. I don't have the tools and means like the ones people in charge of stuff like this do, I'm just the little guy here. Am I condemned to be flooded at random times and especially when I happen to fetch said nickname?
And don't tell me to inject a silence script into my IRC client. I've already done that, but to say so is like a cop saying "ma'am, I know there's been a lot of rapes on this side of towm, so why don't you just lock yourself in the house for now. Kthxbye". I know Undernet is a free service and it's most likely understaffed and overworked, but there's a difference between my pleads and your typical "oh noes, I don't know how to log onto CService".

My shell provider has told me twice now that their machine[s] have been hit pretty good, luckily they have good DDoS protection. However, I wonder how long it will be before they decide to end my membership because I'm sure they're getting sick of this too.

My determination is unflinching. I will NOT yield to a loser like this.
Now, it just so happens I will be flying to Romania in about 3 days for a 2 week visit [so my activity on this topic may be lacking a bit during this time]. Maybe I should find out where he lives and go see him, lol.

Thanks for letting me vent. Hope someone here will take note of this topic and help me out.


Offline
 Profile  
 
 Post subject:
PostPosted: Tue Aug 29, 2006 12:44 am 
Cservice Official
User avatar

Joined: Tue Sep 28, 2004 8:15 pm
Posts: 276
Location: Bucharest
Just some quick reminders.
- #abuse is not official in any kind, nor a part of the Abuse solving committees on this network
- abuse@undernet.org handles glines, klines and oper abuse. Drone attacks go to abuse-exploits@

As for your issue, make sure you notify the proper persons (lists above) about it.
I have taken the first step and asked the person in charge to take a look at the abusive usernames you mentioned and a few others the system showed up at a closer check-up.



_________________
Etherfast
Offline
 Profile  
 
 Post subject:
PostPosted: Tue Aug 29, 2006 1:17 am 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
Awesome, thanks for the initiative!
Seems that this was a case of barking up the wrong tree after all.
I'll keep you posted.


Offline
 Profile  
 
 Post subject:
PostPosted: Wed Aug 30, 2006 7:14 am 

Joined: Sun Dec 12, 2004 12:08 am
Posts: 47
Eh...what can they do after all? should they gline all the drones, bots and their owners? Well, if they would do something like this i am pretty sure that undernet wouldn't be in top10.
Undernet is not what is was some time ago. It is now full of bots, drones, script kiddies, lamers, etc...



_________________
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Wed Aug 30, 2006 10:22 am 
Cservice Official
User avatar

Joined: Tue Sep 28, 2004 8:15 pm
Posts: 276
Location: Bucharest
I'd rather see a clean Undernet than an Undernet in top10, honestly.
That's not the only stop. There are huge botnets around, and their owners won't hesitate to ddos the servers if something happens.



_________________
Etherfast
Offline
 Profile  
 
 Post subject:
PostPosted: Wed Aug 30, 2006 2:04 pm 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
I'm curious myself what measure will be taken because I'm sure there's something they can do. So far, no change.
As far as being in top ten ... I'm more for quality than quantity.
You know, I wonder if a nickserv would take care of many of these back and forth fights.


Offline
 Profile  
 
 Post subject:
PostPosted: Wed Aug 30, 2006 3:31 pm 

Joined: Tue Aug 29, 2006 1:59 am
Posts: 22
Location: South Of India
its not always necessary to have a botnet to do a DoS attack. you people should try to get the actual Ip of all the people who carry out these attacks and report it to their ISP than thinking about a g-line.



_________________
Anonymity is a Right!... but abusing it is illegal!!
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Thu Aug 31, 2006 12:12 am 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
Most times it is required to have a botnet, otherwise how are you going to carry off your c&c's? Emphasis on most times, I know there are exceptions.
Quote:
you people should try to get the actual Ip of all the people who carry out these attacks and report it to their ISP than thinking about a g-line.

Show me how to establish the one person that controls the entire botnet and I might think about it. Then there's the problem of reporting all 100 some machines. THEN there's the problem the guy responsible is hiding behind a CService account STILL because nothing is being done. No transparent IP, what are you going to report?


Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 2:26 am 

Joined: Tue Aug 29, 2006 1:59 am
Posts: 22
Location: South Of India
Quote:
Show me how to establish the one person that controls the entire botnet and I might think about it. Then there's the problem of reporting all 100 some machines. THEN there's the problem the guy responsible is hiding behind a CService account STILL because nothing is being done. No transparent IP, what are you going to report?



Stop being stupid. Even if you report abuse about the 100 hacked machines ( IPS ) Nothing is going to happen cos they are hacked. What i was talking was about the person's ip. And dude Opers can see their IP even if they are logged in a Cservice account. These Idiots mostly use a bouncer or their own real ip if it gets k-lined, plus they dont take the pain in using a proxy because its very slow. (put the guy's nick in ur notify list, so that as soon as he logs in u can see his ip.but if he uses a BNC its not going to help you much)

ps:- there is nothing you can do, only 1 thing you can do is ask the help of an Oper. But they are not going to help without any Logs? Plus 75% of them wont help you even if you got logs, cos they are busy with their own work.



_________________
Anonymity is a Right!... but abusing it is illegal!!
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 7:37 am 

Joined: Sun Dec 12, 2004 12:08 am
Posts: 47
The conclusion: fight for your nickname as everybody does on undernet
There should be a "nickserv" also or a new service similar to it. I guess that this would not be a problem. This will stop a lot of persons to make bots, this will stop also a part of flood actions. Why? Because a lot of script kiddies has bots to get some nicknames. When there not able to get them, they start flooding that user or bot that has that nickname. Also there are guys who flood some undernet`s server just for this reason: the server goes down, the nickname is free, i'll take it and maybe some new and nice nicknames. If you think that this is odd, trust me, it's not. I know some persons like this...



_________________
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 10:46 am 

Joined: Tue Aug 29, 2006 1:59 am
Posts: 22
Location: South Of India
whats with a nick? you can have thousands of nicknames, i think registering nicknames is quiet dumb, and flooding nicks to get those nicks is just insane.



_________________
Anonymity is a Right!... but abusing it is illegal!!
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 10:51 am 
Cservice Official
User avatar

Joined: Tue Sep 28, 2004 8:15 pm
Posts: 276
Location: Bucharest
dragonelle wrote:
whats with a nick? you can have thousands of nicknames, i think registering nicknames is quiet dumb, and flooding nicks to get those nicks is just insane.


Tell that to people who flood for a living.
I have never seen a nickname that represents a Romanian name, free and not taken.


Last edited by Etherfast on Fri Sep 01, 2006 10:55 am, edited 1 time in total.


_________________
Etherfast
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 10:54 am 

Joined: Tue Aug 29, 2006 1:59 am
Posts: 22
Location: South Of India
yeah sure. whats in telling if they cant stop? :roll:



_________________
Anonymity is a Right!... but abusing it is illegal!!
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 3:25 pm 
User avatar

Joined: Sun May 23, 2004 7:43 pm
Posts: 323
Location: Nowhere
Regarding the thread topic:
Image
Image



_________________
I'm an angel, honest! The horns are just there to keep the halo straight
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 01, 2006 4:09 pm 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
dragonelle, no need to be insulting or treat me like I don't know what I'm talking about. I'm affraid you didn't understand my post. When I said identify the "mastermind" I meant just that. Cut the head and the body will fall as well. Now as far as the compromised machines go, so far 70% of the ones I've reported I've seen fall off the face of IRC. Trust me, ISPs and the owners of those IPs hate botnets just like everybody else and when they start seeing packets go out like crazy, they take a stand. The problem is your occasional Korean, Chinese or Taiwanese ISP that doesn't give a flying crap.
In any event, I know it's near impossible to take down a botnet, but at the very least I'd expect someone to take a peek at those usernames. And maybe issue some g-lines

Wolfyx, haha, great stuff.


Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 2 [ 18 posts ]  Go to page 1, 2  Next


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: