It’s 144 days since I last posted on my blog. My US VISA got rejected and I was completed disturbed and engaged in other activities like exploring NIXI and building a (REDACTED) Management Panel. That rejection on the positive side helped me gain more prespective on the limited I have.
Today’s topic is DDoS and Internet hogging. I have been hit with a good DDoS only once with 2Tbps on a 1Gbps Port. I consider that good because it’s was a first for me(and my server was up if that’s what you’re wondering). The issue of hogging bandwidth wasn’t that big enough for me until I had a person X(pretending to be a hacker) going for my managed servers. He was using a Russian VPN to mask his IP Address but he forgot to remove his details on RIPE WHOIS which gave a pretty good idea who he was. He is in the same industry but I won’t take his name. My client’s servers received about 300000req/sec SYNFLOOD attack on all of my servers everyday for about half an hour.
My datacenter has a 22Tbps capacity but no real Firewall. My only friends were CSF and iptables. I was not able to mitigate quickly and as a result, servers went down everyday for about 2min and this kept happening for a week. I kept telling my client that the attacker is this person X and he just told me that person X does not do this kind of stuff. I have a friend who confirmed the same that person X was behind this attack but my client like an idiot did nothing and asked me to mitigate. I am a technical person, not the mighty internet God that can manipulate this traffic. The funny thing is that my client without telling me gave the server access to that person X who then removed my access!!! I do not have a problem with that but I made up my mind that he will be my client no more.
Raging IT Warfare has become so common nowadays that people do not realise what level of threat it is. DDoS is short for distributed denial of service is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. It’s just the big brother of DoS but with multiple threads. Sophisticated DDoS attacks don’t necessarily have to take advantage of default settings or open relays. They exploit normal behavior and take advantage of how the protocols that run on today’s devices were designed to run in the first place. In the same way that a social engineer manipulates the default workings of human communication, a DDoS attacker manipulates the normal workings of the network services we all rely upon and trust.
Finally back to the story. After 2 days, the client called and told me that the attacks had stopped and person X is doing a great job. Really M*ron!!! You still couldn’t figure it out. Person X now has the server access that he always wanted and my client like a fool is trusting him. What happened when his earlier server under person X got hacked and X was not able to recover any of the data. That’s right, you suspect correctly but my client is still a fool. When even 4 system administrators could not recover any data, I was the one who recovered most of the databases from crashed deleted server which was infact unbootable because it’s Kernel and Filesystems were wiped clean!!!!! and you went behind my back. I can guarantee you this, I will be there when this new server will also get hacked and I’ll be there laughing at him doing nothing…
I do not consider myself as a hacker or an expert in Cybersecurity but atleast I know how this Internet world works!!! I am not a blogging person, I’ve got 7 drafts in the last 143 days but still couldn’t figure out what to tell you about my life. Don’t people get bored from writing. Programming is much more interesting and boring at the same time but it has got “interesting” in it so that’s something. TRY PROGRAMMING!!! Another topic for another day… GOODBYE!