-1

My service is seeing a fairly sophisticated attack that is distributed across multiple IP addresses. I have a list of 'rogue' IP addresses. They are distributed all around the world. Is there some way I can figure out if there is a botnet / service for hire that is sending these attacks?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Manish
  • 189
  • 1
  • 3

1 Answers1

1

So using the logs you've gathered you can identify what IPs were sending these attacks right? So I guess there are two possibilities:

1) These IPs are part of a botnet, in which case you can only identify what fridge/toaster/tv (delete where appropriate) is sending you the overflow of packages. You can't do much if this is the case because presumably there could be hundreds of these; it's a waste of resources informing hundreds of families that their smart washing machines have been enslaved into a botnet and how to escape the network. You will not be able to trace the organiser's IP through one of the bots.

2) The hackers themselves are sending the packages, however, I doubt you would find their IPs because they would be hidden behind something like a VPN or using their ISP's unused IP addresses. So either way, you would have to get a court order to identify who used the services.

But despite these odds, you found the hacker's actual IP address(es). So what do you do now?

Well, you personally couldn't do anything apart from reporting the offending IP addresses to your local authority or maybe to your ISP. I know the FBI has a form you can fill out for cybercrime - though you may not be from the USA, sorry. Even still your local authority may not actually care unless the attack caused serious damage financially or is part of a more widespread threat. Remember to send detailed logs of everything you know about the attack if you go down the reporting route.

Another great thing to do would be to prepare. Get trained staff and emergency technicians etc. that can help get services back up as quick as possible. Also look at getting better infrastructure and software that can deal well with DDoS attacks up to a point.

SOURCES:

http://www.webtorials.com/content/2012/07/tracking-hackers-down---then-striking-back.html

https://www.fbi.gov/tips

adam
  • 226
  • 1
  • 5