XSChris

Actually just change your mac address on your router to whichever you like, I just copy address from the PC I'm on and edit a few values. Most if not all dynamic IP cable ISP's should provide you with a new IP. thats what 3 steps? 1) Login to router admin panel 2) Go to page to change mac address of the routers uplink interface, do it to your liking 3) Reboot modem and router to get new IP address Your modem will grab the new mac and issue another IP most likely, atleast on Charter this works great and on a few other ISP's I know of, if you change the mac addy enough it'll change quite dramatically. I've also found Charter gives you same dynamic IP for months or till you change mac addy.

Went to store, came back, carefully setup DDoS blocking (If you just go wild on firewall scripts you'll just lock up the networking. 188.72.211.39 # lfd: 5 (sshd) login failures from 188.72.211.39 (DE/Germany/188-72-211-39.local) in the last 300 secs - Wed Aug 4 23:00:14 2010 76.2.158.240 # lfd: (CT) IP 76.2.158.240 (US/United States/nv-76-2-158-240.dhcp.embarqhsd.net) found to have 721 connections - Wed Aug 4 23:40:09 2010 75.167.207.105 # lfd: (CT) IP 75.167.207.105 (US/United States/-) found to have 607 connections - Wed Aug 4 23:40:11 2010 76.99.109.124 # lfd: (CT) IP 76.99.109.124 (US/United States/-) found to have 883 connections - Wed Aug 4 23:40:22 2010 69.233.137.145 # lfd: (CT) IP 69.233.137.145 (US/United States/ppp-69-233-137-145.dsl.irvnca.pacbell.net) found to have 807 connections - Wed Aug 4 23:40:33 2010 68.8.207.173 # lfd: (CT) IP 68.8.207.173 (US/United States/ip68-8-207-173.sd.sd.cox.net) found to have 668 connections - Wed Aug 4 23:40:51 2010 71.75.167.46 # lfd: (CT) IP 71.75.167.46 (US/United States/-) found to have 922 connections - Wed Aug 4 23:41:02 2010 69.231.72.52 # lfd: (CT) IP 69.231.72.52 (US/United States/adsl-69-231-72-52.dsl.irvnca.pacbell.net) found to have 264 connections - Wed Aug 4 23:41:05 2010 71.23.181.126 # lfd: (CT) IP 71.23.181.126 (US/United States/71-23-181-126.chi.clearwire-wmx.net) found to have 853 connections - Wed Aug 4 23:41:32 2010 24.5.24.171 # lfd: (CT) IP 24.5.24.171 (US/United States/-) found to have 511 connections - Wed Aug 4 23:41:49 2010 24.26.241.76 # lfd: (CT) IP 24.26.241.76 (US/United States/-) found to have 1034 connections - Wed Aug 4 23:42:19 2010 99.23.162.32 # lfd: (CT) IP 99.23.162.32 (US/United States/-) found to have 228 connections - Thu Aug 5 00:22:50 2010 70.76.98.58 # lfd: (CT) IP 70.76.98.58 (CA/Canada/s0106001346cd70ad.tb.shawcable.net) found to have 852 connections - Thu Aug 5 00:22:50 2010 184.56.224.10 # lfd: (CT) IP 184.56.224.10 (-/-/cpe-184-56-224-10.neo.res.rr.com) found to have 800 connections - Thu Aug 5 00:22:55 2010 173.26.31.74 # lfd: (CT) IP 173.26.31.74 (US/United States/173-26-31-74.client.mchsi.com) found to have 1120 connections - Thu Aug 5 00:22:56 2010 216.70.3.154 # lfd: (CT) IP 216.70.3.154 (US/United States/-) found to have 1028 connections - Thu Aug 5 00:22:57 2010 71.9.192.253 # lfd: (CT) IP 71.9.192.253 (US/United States/-) found to have 114 connections - Thu Aug 5 00:22:58 2010 58.7.155.161 # lfd: (CT) IP 58.7.155.161 (AU/Australia/dsl-58-7-155-161.wa.westnet.com.au) found to have 737 connections - Thu Aug 5 00:23:00 2010 24.205.242.119 # lfd: (CT) IP 24.205.242.119 (US/United States/24-205-242-119.dhcp.gvrb.ca.charter.com) found to have 831 connections - Thu Aug 5 00:23:00 2010 97.118.228.33 # lfd: (CT) IP 97.118.228.33 (US/United States/97-118-228-33.hlrn.qwest.net) found to have 910 connections - Thu Aug 5 00:23:01 2010 80.217.207.140 # lfd: (CT) IP 80.217.207.140 (SE/Sweden/c80-217-207-140.bredband.comhem.se) found to have 1086 connections - Thu Aug 5 00:23:02 2010 74.65.91.230 # lfd: (CT) IP 74.65.91.230 (US/United States/cpe-74-65-91-230.stny.res.rr.com) found to have 1040 connections - Thu Aug 5 00:23:03 2010 86.24.22.118 # lfd: (CT) IP 86.24.22.118 (GB/United Kingdom/client-86-24-22-118.midd.adsl.tesco.net) found to have 898 connections - Thu Aug 5 00:23:04 2010 98.171.179.149 # lfd: (CT) IP 98.171.179.149 (US/United States/ip98-171-179-149.sb.sd.cox.net) found to have 792 connections - Thu Aug 5 00:23:05 2010 71.75.101.165 # lfd: (CT) IP 71.75.101.165 (US/United States/cpe-071-075-101-165.carolina.res.rr.com) found to have 864 connections - Thu Aug 5 00:23:08 2010 65.185.170.92 # lfd: (CT) IP 65.185.170.92 (US/United States/cpe-65-185-170-92.neo.res.rr.com) found to have 861 connections - Thu Aug 5 00:23:09 2010 220.236.249.143 # lfd: (CT) IP 220.236.249.143 (AU/Australia/d220-236-249-143.dsl.nsw.optusnet.com.au) found to have 721 connections - Thu Aug 5 00:23:10 2010 175.144.244.115 # lfd: (CT) IP 175.144.244.115 (-/-/-) found to have 926 connections - Thu Aug 5 00:23:11 2010 173.19.110.173 # lfd: (CT) IP 173.19.110.173 (US/United States/173-19-110-173.client.mchsi.com) found to have 843 connections - Thu Aug 5 00:23:12 2010 24.14.27.96 # lfd: (CT) IP 24.14.27.96 (US/United States/c-24-14-27-96.hsd1.il.comcast.net) found to have 1349 connections - Thu Aug 5 00:23:13 2010 24.33.147.31 # lfd: (CT) IP 24.33.147.31 (US/United States/cpe-24-33-147-31.woh.res.rr.com) found to have 1015 connections - Thu Aug 5 00:23:15 2010 189.189.180.249 # lfd: (CT) IP 189.189.180.249 (MX/Mexico/dsl-189-189-180-249-dyn.prod-infinitum.com.mx) found to have 590 connections - Thu Aug 5 00:23:16 2010 68.99.103.6 # lfd: (CT) IP 68.99.103.6 (US/United States/ip68-99-103-6.hr.hr.cox.net) found to have 1112 connections - Thu Aug 5 00:23:17 2010 70.235.76.50 # lfd: (CT) IP 70.235.76.50 (US/United States/adsl-70-235-76-50.dsl.mrdnct.sbcglobal.net) found to have 670 connections - Thu Aug 5 00:23:18 2010 98.223.218.65 # lfd: (CT) IP 98.223.218.65 (US/United States/c-98-223-218-65.hsd1.in.comcast.net) found to have 1554 connections - Thu Aug 5 00:23:19 2010 66.36.144.193 # lfd: (CT) IP 66.36.144.193 (CA/Canada/dsl-144-193.aei.ca) found to have 873 connections - Thu Aug 5 00:23:20 2010 71.246.251.5 # lfd: (CT) IP 71.246.251.5 (US/United States/pool-71-246-251-5.washdc.fios.verizon.net) found to have 1749 connections - Thu Aug 5 00:23:21 2010 24.5.118.3 # lfd: (CT) IP 24.5.118.3 (US/United States/c-24-5-118-3.hsd1.ca.comcast.net) found to have 143 connections - Thu Aug 5 00:23:47 2010 66.249.71.227 # lfd: (CT) IP 66.249.71.227 (US/United States/crawl-66-249-71-227.googlebot.com) found to have 55 connections - Thu Aug 5 00:29:22 2010 This is why I don't run tight blocks if you notice the innocent google bot but I set it to 100 originally and it wasn't picking up ANY, will try 75 instead of 50 for a few days. Anybody else with a sharp eye notice their mostly on Comcast? Yall comcast users has viruz's yo - anyways I'll let this cute picture do the talking, who's the DDoS'er? As a host for over 4 years your botnet fails, that french asshole we had a few years ago did a much better job, then suffered with his main system root'd and the botnet stolen, redirected to his residential ISP.

I'm a noob at web hosting eh. I'll be blocking anyone related to these attacks shortly at the server level and pass it to our upstream provider to block at both locations network level. This DDoS is very ineffective & this is DDoS protected hosting, not all forms and methods of DDoS attacks can be filtered, or filtered properly at that. The systems putting up fine with the attack, whatever little kid is running this attack is just clogging up tubes for no reason. Edit: Jesus christ almost a thousand connections steady.

Yes Peaches, Those addresses do in fact look similar to the prior botnet attack. I'll try to find logs from the old system of addresses banned so we can push shaw on disabling his internet. He had his first strike now I believe they'll revoke his internet permanently. jmdalmighty- He has been caught, his ISP has served a formal abuse notice and only has 1 or 2 strikes left before he cannot buy internet again in Canada. This is why you don't run a botnet and let your residential ISP ip address be leaked out. Edit: Just pumping 100req/sec + :|

We will be fallowing up with Shaw Communications next time we hear some kid named ReDBaRz from around Alberta, Canada is even touching my web servers. XenServ Hosting is also currently looking into other action, I hope your parents are rich in the event one of our customers whom lost money due to their site being down want to take perfectly legal, action against your illegal, rude activities. Which is one of the only reasons you can take legal action over a (D)DOS, and thats a good dozen sites making quite a number daily.... oh and courts would demand restitution for our losses too but I'm sure everybody here knows how that works, a timely process indeed. Bottom line guys, if you can D/DDOS, you're so cool. Just remember it's prick to take down websites and you can face charges for damages, so why be a dumb script kiddie running a botnet you can buy from host booter, learn how to really hack or at least learn how to really DDOS. His attack just floods a system very weak and poorly executed, if I had a device that could filter the traffic we'd of been fine but those cost mucho. I used to know how to attack at excess of 100mbit/sec however years ago I learned only big flapping vaginas ddos and I never even had a use for that power, ReDFaGs attack was a measly few mbps as it's just http flooding LOL EDIT If you feel this case also consists of illegal activity, we encourage you to issue a formal complaint with your local Law Enforcement Authorities. ^^See that, I like Shaw's thinking, I'll just need them to hand over name and address, win.

http://uploadpla.net/thumbs/large/4648_ps3bu/lol-y-umad.png