back to article Techwatch weathers DDoS extortion attack

Techwatch is back online following a sustained denial of service attack that left the digital TV news site unavailable for two days earlier this week. The botnet-powered assault was accompanied by blackmail demands posted on the site's forum through compromised zombie machines. These threatening messages claimed the site was …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    title

    Had this happen to a gambling related company I used to work for a few years ago. The script kiddie emailed us demanding a £12k ransom, we ended up purchasing a 30k/year service where our traffic was routed through a 3rd party server which filtered out the bad packets. The site was unavailable for about week causing a customer service nightmare, and interfered with our autmated feeds. Once the site came back online, we took a significant hit in our visitor stats which took months to recover from

  2. Anonymous Coward
    Flame

    Questions about the DDoS attach

    I'd be curious to know what OS the computers involved in the DDoS were running and whether they are part of a government agency, crime organization, or simply hacked computers.

    I'm gettin' my rant on

    Troubles like this should come back to the computer owner and the software developer. The computer owner needs to be responsible for keeping the computer up-to-date with software patches. The software provider (OSs included here) needs to be responsible for developing, maintaining, and patching (in a timely manner, more often than monthly) a secure computing environment.

    If a software provider cannot provide a secure computing environment then they should be responsible, economically, to those who suffer from their inability to do so.

  3. Andrew Jackson
    Unhappy

    Tell-tale signs for the non-log watchers

    This is the type of behaviour that has been filing my dns logs several times a second, at times from different IPs, for weeks now. the blocked ip list on my firewall grows by at least 2 new ip addresses every day.

    31-Jan-2009 03:35:45.214 queries: client xxx.xxx.xxx.xxx#65233: query: . IN NS +

    31-Jan-2009 03:35:45.214 security: client xxx.xxx.xxx.xxx#65233: query (cache) './NS/IN' denied

    I had just finished blocking one IP at 10:00PM PST, then this and two other IPs started hitting me 2 hours later. It sucks. My DNS server is being used to generate traffic back to the sites being attacked through root queries in the form of denied dns messages, and all I can do is just keep blocking IPs. It' not slowing my traffic down at all. It's just time consuming and frustrating.

This topic is closed for new posts.

Other stories you might like