Hacker News new | ask | show | jobs
by yeukhon 2962 days ago
I wonder if anyone has ever tried counter attack. The downside is in turn DoS the origin, which often are victims like infected host in a botnet. Double-edged sword. But it would be very interesting to see how quickly one could defeat the attack.

I also wonder why attack often last only a few hours.
2 comments
Analemma_ 2962 days ago
1. That would be just as illegal as the original attack; cybersecurity laws have no provisions for self-defense. (It's true that nations are attempting to negotiate clauses like that in international relations, but even if that pans out, it will definitely never be a privilege afforded to individuals)

2. Attack what? It's a distributed DoS, the calls are coming from all over. You mean going after every node sending traffic? What would "attacking them" even mean? It's not like you can shut them down.

3. All those nodes are innocent and being used unknowingly. Attacking them would be both illegal (see point 1) and pretty unethical: you're deliberately aiming at innocents and not the attacker (whom you have no chance of locating). Imagine if you took down a hospital attempting to stop an NTP flood on your dumb blog. Have fun explaining why that was necessary.

"Counter-hacking" sounds cool and sexy, but there are reasons why it is never done.

link
zerostar07 2962 days ago
I know next to nothing about botnets, but i wonder if you could divert traffic from botnets to a fake server that does nothing other than trying to keep the connection open for as long as possible (or being super slow in general) in order to increase the number of open connections from the bot's side, in order to stall it from opening new connections or make it slow in general.
link
yeukhon 2960 days ago
Usually one would setup a sinkhole to divert traffic away from real hosts, but I think to keep these connections running they are usually just sending packets and disconnect. smurf attack and SYN attack are very classic.
link
ceejayoz 2962 days ago
> I also wonder why attack often last only a few hours.

Using the botnets costs either money (if you're renting one) or opportunity (if you own one and could be renting it out).

link