IRC-Junkie.org – IRC News

GeekShed, the “free to use and family-friendly Internet Relay Chat network”, is currently suffering from a large scale DDoS attack that cripples their infrastructure consisting of 15 servers.

Even though those servers are in datacentres that offer DDoS-protection and are hosted with a number of large backbones they cannot seem to withstand the sheer volume of ICMP and UDP traffic directed at them.

Some of the servers have been null-routed by the hosting providers, others have been null-routed by GeekShed staff to “prevent damage to other machines and customers” according to network owner Phil.

Yesterday a group consisting of major Australian ISPs – amongst them are Optus, Telstra, Vodafone, AAPT, Virgin, Hutchison 3G as well as Facebook, Google and Microsoft – announced that they prepare “a voluntary industry code to come into force this year” which could mean that “Computers infected with viruses could be “expelled” from the internet”.

The Internet Industry Association, which is made up of over 200 ISP and IT-related companies, is preparing that code in response to an ultimatum of the federal government.

What many have suspected has now been confirmed – the root cause of the many netsplits on the freenode IRC network during the last days have been caused by ongoing DDoS attacks on their sponsors.

Freenode staffer JonathanD writes in their blogpost that they are experiencing a “heavy DDoS against several locations at which some of our servers are hosted. The attack is ongoing and cause a lot of disruption, both to users of the network and unfortunately to projects/companies/individuals whos infrastructure is hosted at the same locations as us” but also writes that they are “working hard to try curb the attacks as best they can.”

The folks at DroneBL discovered and analyzed a router-based botnet that is suspected to have DDoS’ed them for about 2 weeks.

The bot software, named “psyb0t”, is the “first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems”.

Exploiting routers is in some cases more “useful” than infecting PC’s – because “most people will keep the router on 24/7″ as opposed to their computers which “most people shut down [...] in the evening before they go to bed, or when they leave the office” nenolod writes.
In his paper (which was written back in 2006 and at that time he’s been “called looney for”) he also mentions another reason why targeting SOHO routers is a good idea:

Yesterday, the creator of a Botnet consisting of more than 100.000 Zombies has been arrested. The 19-year old Dutch and his 16-year old brother are said to be the botmasters of what once was a botnet peaking 150.000 compromised hosts…

Also arrested was a 35-year old Brazilian that wanted to buy the botnet for his malicious activities – at the price of 25.000€ (US$37.290). The bust was a cooperation between the Dutch High Tech Crime unit and other international forces such as the F.B.I.

The botnet spread on Windows Live Messenger without the help of exploits but using a social engineering approach.