site attack

[Anonymous]

Tell me dear, how likely is it to find a person who arranges DDoS attacks on my site? Then who is needed from the experts: IT-person or detective? Or a certain symbiosis of them?

 

[Group-IB]

Good afternoon, Nikolai OOS! Any IT specialist, in particular an information security specialist, combines the qualities and, sometimes, the knowledge of many professions, including a detective. So information security experts are right for you to solve your problem.

 

[Anonymous]

But can he receive real punishment?

 

[Group-IB]

Of course. 273 of the Criminal Code

 

[частный детектив Кременчуг]

Tell me dear, how likely is it to find a person who arranges DDoS attacks on my site? Then who is needed from the experts: IT-person or detective? Or some kind of symbiosis?

This type of activity is also prohibited in the territory of Ukraine and is prosecuted by law. In practice, they write a statement to the police (you yourself or the hosting provider). Then the militia is engaged in this business. The detective can also take on this matter. Just take into account DOS attacks are usually carried out through proxy servers that are located abroad and getting information from these companies is not so easy or using random addresses of unsuspecting people. Here you already need to contact providers providing Internet for subscribers.

Dos attack

 

[Vlas]

If this makes a dropout student then it is possible to find him. And if a professional - then it is almost impossible. It all depends on each case.
I'll start with the theory - how does connecting one computer to another generally work.
Any computer that works with the network sends and receives requests to connect to its services over the network. In simple terms, this happens: Computer A sends a request to computer B on a specific port with a request to connect to it. Computer B, having received the request, looks for a service that serves connections on this port and passes it the parameters of the received request. The service digs through its settings and, depending on them, gives an answer - is it possible to connect computer A or not. If a firewall is installed (from the English FireWall - "fire wall" - a program that monitors, checks and configures any network connections of a computer), it also rummages through its settings and either allows the requesting computer to connect or blocks these attempts. If the connection is approved, computer B sends an invitation to computer A. We omit further.
Accordingly, all these actions consume computer resources: processor time and memory. The more connections, the more resources it takes to process them.
Now what is a DDoS attack. DDoS is an abbreviation for English "Distributed Denial Of Service", which means "denial of service". Simply put, this is an action aimed at "throwing" the attacked server with connection requests to such an extent that its services "gobble up" all the resources and the server can no longer work - it refused to serve incoming requests. It is clear that since the servers have much more resources than ordinary client machines, it is impossible to score them with pings or anything from the client machine: it is the same as trying to break a tractor by shoving matches into its tracks. In order for DDoS attacks to be successful, attackers create the so-called “botnets” (for more details, see here: https://www.interface.ru/home.asp?artId=17243 ) In fact, a botnet is just a lot (from several tens to several millions) of ordinary computers infected with special Trojan programs. actions that an attacker can control over the Internet. And in this case, "knocking down" almost any server is easy enough - you just need to command this computer together to begin to "break" on it with requests. Then everything depends on the server itself - its resources, is there enough of them to handle all this disgrace or will it just hang, the software and its settings.
Imagine that several hundred people addressed you at the same time with different questions ...
If such an attack is detected, then when tracking the location of the attacking computers, as a rule, ordinary cars are found and their owners are wildly surprised, who did not even suspect the second side of life from their favorite toy ...