I don't follow - do you mean the physical machines are "bought, sold, traded, and fought over"?? Who buys or sells from whom? Or do you mean that once the machines have been compromised, then their *facilities* (CPU or whatever) are given to someone else for $$ ??!! But....home users will have dynamic IPs, right? If a home user just finishes doing MS OFfice or whatever, and switches their computer off until tomorrow morning, then how will you locate that machine again when it's switched back on?


This is the kind of thing that sends chills down my spine. It's highly likely that my sites WILL be attacked in some way, I obviously want to keep them online.
The other question is - if it's this easy, then why doesn't someone take down things like ch**d pr0n on the internet? Those motherf**ers who put up things like that should be killed ANYWAY.....

Yeah, hacked machines are fought over by various black hat groups, and they rent out time on the bot farm to various bidders for a variety of purposes but DDOS has to be the most common. The infected machines will contact a master server or an admin somehow to let the hive know what the new IP is it has changed, that's how I'd write it at least.

Yeah, any machine accessible by the raw internet will eventually be investigated on some level for weaknesses. For the most part, unless you're a bank or something big most people won't specifically target you, what happens instead is a bot script on a server, or even machines infected already will seek out random machines and try to identify what OS it is or known ports. This knowledge becomes important because if you know of a certain flaw in either the program behind the port or the OS itself you can begin to automatically attack it in ways that are known to work. If you're really good you've personally discovered a "zero day" (a flaw that has been acknowledged but hasn't been patched yet) you can almost guarantee to do some damage and infecting.

That's my understanding of it all at least. Don't quote me on it.

It's probably also worth mentioning that DDOS'n can just happen when things go viral as well. I remember a long time ago Ellen (the talk show host) was talking about the Spanish version of Twitter, and so many people went to this specific in such a short that it was taken offline. I think it happens when your server is under powered and you are under prepared for high load.

It's where all your incoming traffic is routed through a third part service that profiles the traffic and "scrubs" out unwanted traffic, such as DDoS, Slowloris, etc. Sometimes up to WAF level of traffic to try and mitigate things like MySQL injection etc. Incapsula is https://www.incapsula.com/

Where your IP addresses can be routed over different ISPs rather than relying on a single provider. "DC Neighbours" would be other sites that are in the same data center who you share the connection with. For example if someone else in the same datacenter on the same physical networking or with the same ISP gets attacked then all that traffic is sharing the same infrastructure as your traffic and thus you'll be affected even if your websites themselves aren't the target.

Yup, that's how botnets are used these days.
The compromised system "phones home" to a Command & Control server whenever the IP address changes.

1 members found this post helpful.