Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
They are all bought, sold, traded, and fought over to build botnets for all kinds of purposes including DDoS. It's a thriving cottage industry.
I don't follow - do you mean the physical machines are "bought, sold, traded, and fought over"?? Who buys or sells from whom? Or do you mean that once the machines have been compromised, then their *facilities* (CPU or whatever) are given to someone else for $$ ??!! But....home users will have dynamic IPs, right? If a home user just finishes doing MS OFfice or whatever, and switches their computer off until tomorrow morning, then how will you locate that machine again when it's switched back on?
This is the kind of thing that sends chills down my spine. It's highly likely that my sites WILL be attacked in some way, I obviously want to keep them online.
The other question is - if it's this easy, then why doesn't someone take down things like ch**d pr0n on the internet? Those motherf**ers who put up things like that should be killed ANYWAY.....
I don't follow - do you mean the physical machines are "bought, sold, traded, and fought over"?? Who buys or sells from whom? Or do you mean that once the machines have been compromised, then their *facilities* (CPU or whatever) are given to someone else for $$ ??!! But....home users will have dynamic IPs, right? If a home user just finishes doing MS OFfice or whatever, and switches their computer off until tomorrow morning, then how will you locate that machine again when it's switched back on?
This is the kind of thing that sends chills down my spine. It's highly likely that my sites WILL be attacked in some way, I obviously want to keep them online.
The other question is - if it's this easy, then why doesn't someone take down things like ch**d pr0n on the internet? Those motherf**ers who put up things like that should be killed ANYWAY.....
Yeah, hacked machines are fought over by various black hat groups, and they rent out time on the bot farm to various bidders for a variety of purposes but DDOS has to be the most common. The infected machines will contact a master server or an admin somehow to let the hive know what the new IP is it has changed, that's how I'd write it at least.
Yeah, any machine accessible by the raw internet will eventually be investigated on some level for weaknesses. For the most part, unless you're a bank or something big most people won't specifically target you, what happens instead is a bot script on a server, or even machines infected already will seek out random machines and try to identify what OS it is or known ports. This knowledge becomes important because if you know of a certain flaw in either the program behind the port or the OS itself you can begin to automatically attack it in ways that are known to work. If you're really good you've personally discovered a "zero day" (a flaw that has been acknowledged but hasn't been patched yet) you can almost guarantee to do some damage and infecting.
That's my understanding of it all at least. Don't quote me on it.
It's probably also worth mentioning that DDOS'n can just happen when things go viral as well. I remember a long time ago Ellen (the talk show host) was talking about the Spanish version of Twitter, and so many people went to this specific in such a short that it was taken offline. I think it happens when your server is under powered and you are under prepared for high load.
Sorry, I don't follow.... - what is traffic "scrubbing"? And what is "Incapsula"?
It's where all your incoming traffic is routed through a third part service that profiles the traffic and "scrubs" out unwanted traffic, such as DDoS, Slowloris, etc. Sometimes up to WAF level of traffic to try and mitigate things like MySQL injection etc. Incapsula is https://www.incapsula.com/
Quote:
Originally Posted by resetreset
I didn't understand what you said - what is a "fully portable address space"? What does "DC neighbors being attacked" mean - what is a DC "neighbour"? (I really don't know too much about internet routing or whatever....)
Where your IP addresses can be routed over different ISPs rather than relying on a single provider. "DC Neighbours" would be other sites that are in the same data center who you share the connection with. For example if someone else in the same datacenter on the same physical networking or with the same ISP gets attacked then all that traffic is sharing the same infrastructure as your traffic and thus you'll be affected even if your websites themselves aren't the target.
Quote:
Originally Posted by resetreset
Or do you mean that once the machines have been compromised, then their *facilities* (CPU or whatever) are given to someone else for $$ ??!!
Yup, that's how botnets are used these days.
Quote:
Originally Posted by resetreset
But....home users will have dynamic IPs, right? If a home user just finishes doing MS OFfice or whatever, and switches their computer off until tomorrow morning, then how will you locate that machine again when it's switched back on?
The compromised system "phones home" to a Command & Control server whenever the IP address changes.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.