Saturday, April 25, 2009

Finding the author of the DoS

As I said, I know the IP address of the author of the DoS on our website and since he's located in Europe (Spain), it shouldn't be really hard to solve the case with the Computer Crime Unit.

However, I would like to try to solve it with him first. I just want him to contact me (tdotreppe@aircrack-ng.org) within 2 weeks to reimburse the bandwidth he generated and explain why he did it and I promise there will be no consequence, no complaint registered.

41 comments:

  1. I'd say post his IP and let everybody have at it...little prick!!! Time to get pwned!!!!!!!!!!!!!

    ReplyDelete
  2. was it just one computer that DoS'd you guys or was it a DDoS?

    ReplyDelete
  3. Also curious as to why; this hurt my study severely.

    ReplyDelete
  4. It's only one guy (so a DoS).

    I won't post his IP address because it's a dynamic one and maybe someone else use it now.
    Even if I'm really angry against this guy, I want to solve it legally with him.

    ReplyDelete
  5. I was trying for a week to get through to the site. I'm glad all is well now :). I didn't know what happened! Yes, post his IP(s) if possible... :) Well, i guess thats makes me no better than him

    ReplyDelete
  6. Can someone explain what is DoS??

    ReplyDelete
  7. Denial of Service: http://en.wikipedia.org/wiki/DoS

    ReplyDelete
  8. very cool you want to solve this the legal way....that says a lot about your character and ethics....my respect to you for your ability to be composed and restrain yourself....

    ReplyDelete
  9. i think you can not find him.

    ddossers use bots, zombie computers.

    ReplyDelete
  10. Prosecution is not an option. After all and since you're talking about an individual, you can't even be sure if this person used his own connection or for example cracked his neighbour's WEP key with aircrack and used this "alternative" connection. :) Possibilities of mistaking are endless.

    Also... European Union has some laws about hacking etc, but in Europe human rights and privacy comes first. Sometimes it's difficult even for the local police to get evidence from an ISP about a "crime suspect". And we'd better not talk about beaurocracy etc... :)

    You're not the first domain that has been DoS attacked and not the last for sure. Harden the security and not enlarging the issue is the ideal option in my opinion.

    Even if you consider it as a matter of great importance, your words about legal prosecution will eventually turn users against you. We are linux and aircrack users. Some of us are advanced users, others are just wannabe hackers with a medium knowledge and others are just n00bs who want to use aircrack in Windows with their new USB wifi dongle (doohh!). But we're all aircrack fans. Or maybe just "crack fans". Just think of that...

    Friendly,
    a Greek aircrack-ng user.

    ReplyDelete
  11. i think its called "bandwidth reap" and not DoS.

    regards
    lord-carlos

    ReplyDelete
  12. Mister_X,

    Your doing the right thing by giving him a chance to come clean. Hopefully he has the sense to come to you.

    ReplyDelete
  13. i think you can not find him.

    ddossers use bots, zombie computers.

    It was a single computer.

    ReplyDelete
  14. And if he used proxy? I think what hackers do first, is to be anonymous, so i hardly belive that you know where to find him and who is he, and as he have dynamic IP at this time his IP as you already said can be used by another user, and it will be, so to know who actually he is, you need to contact his ISP then request info on IP and time when it was used (DoS'ed your site).

    Forget him.

    ReplyDelete
  15. Just a thought.. I have been studying your program for a month or so now, as well as studying many other cracking techniques to expand the 'tricks up my sleeve' as a fairly green systems admin.. I find cracking as fun as the next guy, but i guess to get to my statement.. What the hell is the point of DoS-ing a site like this? its not like you are going to get this great credit, or people will think you are some awesome guy.. in fact, to me it shows a total lack of character and integrity, as well as a simple minded immature waste childish individual.. He could have better spent his time strapping on his helmet and licking the windows on the back of the short bus..

    Aircrack FTMFW!!!!!

    ReplyDelete
  16. I don't know if he used a proxy. If didn't get an answer, the police will check that. Unfortunatly, I can't go further than knowing who (its IP address) did that (even the provider don't want to give any information if it's not the police).

    ReplyDelete
  17. Did You think that It could be a newbie that got hacked? Maybe he got some help through IM from another one to help him at some tutorials and the another one took advantage from the newbie..and now if the police is searching his PC he can have a lot of hacking stuff but still it's possible his not the DoS author. Can you bet that behind the ip is exactly the owner of the ip?
    How can the ip owner prove that he didn't do it?..Once the police found hacking stuff on the pc they don't bother to find the real attacker anymore. This scenario is also possible.
    I hope you will find the right person.
    Thank You for the hard work made for this wonderful website!

    ReplyDelete
  18. Hi,

    Now that you've left it so long your gonna have a hard time having him prosecuted...

    Only if you told the CCU whilst it was hapenning did you really have any real chance of getting something done - here in Spain people are idiots. I live in a village where, sat here by the church, or even in my own living room I have access to four or five unencrypted or poorly encrypted wifi connections - all hooked up to adsl connections with dynamic IPs... All the same ISP too. Needle haystack much?

    ReplyDelete
  19. First a disclaimer: I don't believe a single person managed to bring down your site using a single PC. That's just rubbish. Having said that...

    I can see you have little experience dealing with the police. They won't even investigate it, let alone prosecute. Just suck it up and continue as usual.

    To be honest when I get grief from some prats I block the IPs from that conutry. It's usually some weird country like Hungary, Croatia, Italy or Usbekistan so I don't really care. It's difficult to get all the IP ranges for a particular ISP but it's easy to get all the ranges for the country. So I just block off the whole country and have done with it. Any requests from those IP ranges are just ignored. The reason is that going after an offender from an IP in Italy or somewhere like that is utterly pointless and not worth the hassle. ISPs ignore you and the Police doesn't care (although the latter is true in any country).

    Anyway I bet you a fiver you don't get the guy responsible to even say sorry let alone pay for the bandwidth. If you do I'll paypal you the fiver.

    ReplyDelete
  20. Maybe it wasn't a single computer but it was a single IP. It is not possible to block IPs on a such mutualized hosting.

    ReplyDelete
  21. CCU sucks. Like the above said, the cyber crimes division will investigate for maybe a couple of minutes, pack up and move on. There are bigger fish to fry out there, such as the confliker.

    I highly doubt someone using a DoS attack would be stupid enough not to mask his ip. If you reach the level of actually attacking to do damage (instead of just annoying), you know digital fingerprints, and you should know how to mask them. I doubt a noob did this. If they did, security definately needs to be worked on, especially on a site like this.

    I am sure someone who loves this site (like several mentioned above) would help you to prevent this from happening again.

    ReplyDelete
  22. Solving it seem to be a lost cause... :/

    ReplyDelete
  23. It is prossible to take down a site with a single PC.
    Maybe it was just a newb with a small ... and needs attention.
    And I read somwhere that privacy comes first (in Europe) - then go to Germany and try to survive as an IT-loving person :(

    Important sutff:
    I love your work on a-ng =)

    ReplyDelete
  24. i hope the guy has contacted you and apologized for his deed. Im an Indian and unaware of the laws of the EU to comment on anything but yes i can say that with the IP address and date and time of attack you surely can get closer to the culprit (if not catch him).

    Love your site and tools. Keep up the good work...

    Nishant

    ReplyDelete
  25. Maybe he/she used your software to crack someones wireless connection and then used that connection to DoS you. That way you might blame innocent people.
    ("He that takes the sword will perish by the sword.")

    ReplyDelete
  26. i dont know about europes ip system but i know in england that the ip's are a bitch to trace because they share ip's sometimes 2-3 blocks i use to be a chat admin and had some trouble makers so would block the ip only to lock out another 10 or so ppl in the process i think its best to ignore the whole thing and just make ur server rock solid so it wont happen easily in the future the guy is obviosly a lamer that found a nice tool

    ReplyDelete
  27. For the guy who deals with this kind of issue blocking IPs from the whole country: This is dirty and ugly harassment. I hope you review your position or assume for yourself that you are a racist. BTW, I'm not living in any of the countries mentioned, so it's not personal.

    ReplyDelete
  28. Just stumbled on your site, saw your comment on the attack, and thought I'd chime in. I've been at this a long time .... almost 30 years now ... there is no Jack Bower out there with magic software that can give you gps coordinates of someone with the click of a button ... to catch anyone takes hundreds of manhours and lots of hard work and foot work ... small attacks don't even generate reports (at least in the states, not possitive on EU, but seems likely to be the same). Most attacks are directed at very well known issues in unprotected systems .... just like aircrack does. Take the attack with a grain of salt (at least is wasn't a worm attack and you still have a system to run). Start a thread on security, put up a dummy site for people to fire on, have fun with it, and learn the other side of what people do.

    ReplyDelete
  29. About the blocking, it would just be temporary (if you have a better solution other than increasing bandwidth, I would be happy with it).

    ReplyDelete
  30. Aircrack-ng is not unprotected, limiting downloads is just a parameter we can't easily control since that part is on a mutualized hosting.

    BTW, I'm still in discussion with the provider to avoid that situation in the future (the discussion started a bit before the site was down)

    ReplyDelete
  31. This happens when hackers got hacked ^^ (But i am not the guy)

    ReplyDelete
  32. Crack writer crying about a DOS?
    I am not qualified to crack much..yet.
    Thank you for the software/site/docs.

    ReplyDelete
  33. i made the conflicker virus there not doing much... ill infect you when you are not usefull anymore btw im using about 8 proxie webs right now and am on someone elses wifi with a bs MAC address so dont evan try...

    ReplyDelete
  34. The only thing I wanted with this post is to know the reason behind that DoS.

    But I'll close comments on this ticket.

    ReplyDelete
  35. Do you really honestly think the DOS attacker is going to give you money for the bandwidth lost?

    Trust me; that's not going to happen.

    ReplyDelete
  36. On April 30 Anonymous said the following:
    "....when I get grief from some prats I block the IPs from that country. It's usually some weird country like Hungary, Croatia, Italy or Usbekistan so I don't really care"

    That kind of sums up the attitude of some of our dumber members. IE if your not from my country your weird. Mind you, I wonder how he would like it if other EU member nations started telling what they thought of his racist and arrogant british opinions.

    I find this site a pleasure to use, usually friendly but if this idiot is really a webmaster, he is not going to make much because in a matter of days he is going to close his site(s) off to the vast majority of the world, ie, the non-english speakers!

    Way to loose revenue pal, you go for it!

    If it wasn't for this site I wouldn't be able to block the morons like this from accessing my network.

    Is mise le meas,

    Thomas

    ReplyDelete
  37. "Do you really honestly think the DOS attacker is going to give you money for the bandwidth lost?"

    I was 99% sure that no but sometimes ppl could regret what they did, so ...

    ReplyDelete
  38. Perhaps it wasn't a single individual but a governing entity (read: some type of legal force) opposed to aircrack that Dos'd the site. My father works in law enforcement and I have heard stories. They can stoop just as low at times...

    ReplyDelete
  39. uhm....IP. what if he/she used TOR or any other proxy/ip-changer?

    ReplyDelete
  40. i doubt he used his real IP address! lol I dont think he'd be that stupid!

    There's nothing you can do about it... except report the IP address he used to attack you. That doesnt do much good anyways!

    ...and if you somehow do find out who it was, do you actually think he's going to say "OK sir, what's your paypal info and I will send you $$$ for bandwidth"???

    Anyways... I love aircrack! Works great! Keep up the good work!

    ReplyDelete
  41. I think you should still post the IP...

    Teach him a lesson the "old school" way.

    "Fire with fire"

    ReplyDelete