MozillaZine

Full Article Attached mozdev Downed by Denial of Service Attack

Saturday July 5th, 2003

Pete Collins of mozdev wrote in to tell us why the site has been unavailable since yesterday. It appears that mozdev was hit with a massive denial of service attack targetting the Bugzilla and CVSweb CGI scripts. Pete and the mozdev team are working hard to bring the site back up and they plan to report this incident to the FBI. If anyone has any information about the attack, get in touch with Pete at petejc@optonline.net.

Update! Pete writes in: "People are coming forward to help out from all over the globe. Some are providing some tips about the attackers, others analysis of the logs and possible exploit used. Once again the community rises up to help out.

"In the mean time I have mozdev here in my basement and am working on getting the data over to the new server which we just purchased w/ donations the community has given mozdev.

"The worst case scenario is I'll have mozdev back up in days (I hope) w/ CVS and some other minimal services. We can't use the old system anymore. It is running an OS that is very old and is the root of our problems."

Another Update! The German magazine Heise has a report on the attack. A rough English translation is available from Google.


#26 Re: I wonder if there is a tracking technology to

by wvh <wouter-mozzine@fort-knox.rave.org>

Tuesday July 8th, 2003 7:50 AM

You are replying to this message

That's not possible, really. You'd have to sniff and track all major internet backbones, trace it further to smaller routers, determine the ISP from a part of the originating packets, and hope for help. Most likely, you'd find a compromised server. And don't forget the packets in most DoS attacks are spoofed.

You can't just catch a hacker (/cracker). If he's smart, he'll connect through a bunch of hacked systems in several locations to shield himself off. Something that takes out a whole machine on a fast net connection, is most likely not just a dude with a broadband internet connection, from that home connection.

Even when you manage to trace him back all the way to the first system he uses to operate through, that would be a 'secure root' (a very low maintenance hacked box) that doesn't log his presence at all, and if he doesn't log into it anymore (he could be using proxies...), there's no way you'll ever track down his home ip.

That's ofcourse assuming it's a smarter individual, instead of a dumbass script kiddie... Still, a DoS attack of an opensource site is a pretty lame thing to do.