Handling Cyber l33ts

[OrganicOne]

I am sure some of you have been through this, however it is new territory for me. Basically I have received numerous threats from multiple users that they are going to breach one of my higher traffic domains.

I have already contacted my host, however I am curious what else is recommended; if anything. I am unsure of the sources abilities to orcastrate such an attack, however I dont want to be caught with my dick in my hand if it does go through.

 

[jryan21]

Get some mirrors set up and use different nameservers (spread them out). If you have people at your host(s) watching and they are competent, they can stop a lot of the script kiddie intrusion stuff. There's not a lot they can do for a well-orchestrated DDOS attack except shut down till they quit.

 

[xmcp123]

If they threaten you, you're running a 99% chance their full of shit.
Otherwise, what would be the point? There's no medal for "sportsmanlike conduct" in cracking.

 

[bb_wolfe]

Get some mirrors set up and use different nameservers (spread them out). If you have people at your host(s) watching and they are competent, they can stop a lot of the script kiddie intrusion stuff. There's not a lot they can do for a well-orchestrated DDOS attack except shut down till they quit.

It's not your hosts job to protect your site.

You're responsible for any vulnerabilities.

 

[moomycow]

It's not your hosts job to protect your site.

You're responsible for any vulnerabilities.

Hrm, don't know about that. Whilst DDOS attacks can be a massive pain in the arse, a heads-up in advance should be appreciated by the host; it's not like they want their routers going spastic. (I admit the likes of smurf attacks should be relegated to the past, but the same heads-up holds true).

As for other attacks, some probes can be blocked at the router level. Why would the ISP care? Because once your server has been taken over, someone else on the same subnet might be more trusting of semi-local traffic, and before you know it, the ISPs phonelines have lit up.

I realise this is all conjecture, but I really don't see what's wrong with a quick note to your host.

 

[LotsOfZeros]

Get some mirrors set up and use different nameservers (spread them out). If you have people at your host(s) watching and they are competent, they can stop a lot of the script kiddie intrusion stuff. There's not a lot they can do for a well-orchestrated DDOS attack except shut down till they quit.

How does this work, exactly? I guess just multiple accounts for the same domain and define each nameserver in your domain account - however, is the DNS system designed to roll over to the next available server?

 

[OrganicOne]

I have contacted my host, which didn't seem overly alarmed. Apparently bold hacking claims are commonplace, where as most serious ones come without warning.