DjMadness-
Newbie
Joined: 10 Jan 2004
Posts: 70
|
 Posted: Dec 05, 2004 9:55am Post subject: drones |
 |
|
the last couple weeks, we have recieeved 3 botnet/drone attacks by the same owner.
nr 1.
Pattens:
They all connected with random nicks, changed nick after about 1 min to something like _whois _channel _mIRC and so on
All had same realname
Ident was same as nick when they connected
easy removed by an sgline.
nr2. & nr.3
They all connected with random nicks, changed nick after about 1 min to something like _whois _channel _mIRC and so on
Every bot had random ident/realname.
First off we did not have +l we put that +l on then they were limited.
But its like the bots have some connection to eachother, becuase they pm even though they are not in any channels.
What they do exactly the same.
They join the largest channels on the network.
They ping everyone, send version request, time request
Flood the Channel, Flood users in pm
OPSB gets a few of theese apon connecting, but 75% still stays on.
Its mainly Comcast.net users & dialin that are joining/flooding.
And they connect like 3-400 at a time, witch makes it hard to find a patteren of removing them, other than a manual kill/akill.
Anyone that has an idea on what this type of drone attack is ?
and maybe a possible solution into stopping them before its too late ?
I am currently waiting for the next attack, trying to be ready, but the times they come varry, first time it was 1 am, 2. time 14pm, 3. time 8 am. Makes work harder to acheive, sense we also need sleep  |
|
Register
Log in
