This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

asking help for shell command

Help with usage of shell accounts and bouncers.
Post Reply
User avatar
qwek
Voice
Posts: 35
Joined: Tue Sep 21, 2004 7:51 am
Location: space

asking help for shell command

Post by qwek »

excuse me, how can i track / trace / scan from my shell if someone has doing ddos attack to my shell? what can i use (command on shell)? thanks

best regards,
qwek
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

are you root?
User avatar
qwek
Voice
Posts: 35
Joined: Tue Sep 21, 2004 7:51 am
Location: space

Post by qwek »

demond: nope, i'm just bought some shell from shell company and my bot always died without good reason (ping timeout) and after while im checking maybe my shell got something wrong and then i'm asking our admin and he said someone has doing udp packet into my account. suddenly the admin shell temporary closed my account for a while. i'm asking to admin what iphost has doing udp packets but he didnt replied me (until now). can i trace/track/scan from ssh/putty how to get those iphost (doing some udp packets?)
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

no, you can't; tracking those kinds of things requires root privileges
User avatar
qwek
Voice
Posts: 35
Joined: Tue Sep 21, 2004 7:51 am
Location: space

Post by qwek »

is there no other way to do? ok then. btw thanks for your help demond.

regards,
qwek.
User avatar
Alchera
Revered One
Posts: 3344
Joined: Mon Aug 11, 2003 12:42 pm
Location: Ballarat Victoria, Australia
Contact:

Post by Alchera »

qwek wrote:is there no other way to do?
In a way. If you have the IP(s) from your shell admin just run (in Windows) NeoTrace. I am not sure what benefit, if any, will be derived by the exercise though.
Add [SOLVED] to the thread title if your issue has been.
Search | FAQ | RTM
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

Alchera wrote:
qwek wrote:is there no other way to do?
In a way. If you have the IP(s) from your shell admin just run (in Windows) NeoTrace. I am not sure what benefit, if any, will be derived by the exercise though.
nope, that won't help

virtually all DoS-ing techniques have been using spoofed source IP addresses for many years now

tracing DoS (let alone DDoS) source is not an easy task even if you are root... if you are not, forget about it

and you definitely can't even detect DoS if you are not root, since you neither have access to your firewall's logging facilities nor you can run a packet sniffer software; of course, if you find it's difficult or impossible to log into your shell account and your bot tends to die with "Ping timeout" more often than not, there's pretty good possibility your host machine is being DoS-ed
User avatar
qwek
Voice
Posts: 35
Joined: Tue Sep 21, 2004 7:51 am
Location: space

Post by qwek »

what if i asking admin shell to added me as a root? do i allowed? i think this is impossible :P eheh
User avatar
Alchera
Revered One
Posts: 3344
Joined: Mon Aug 11, 2003 12:42 pm
Location: Ballarat Victoria, Australia
Contact:

Post by Alchera »

qwek wrote:what if i asking admin shell to added me as a root? do i allowed? i think this is impossible :P eheh
Oh very doubtfull unless you're a personal friend and then maybe not. And demond mentioned that even root access will not guarantee tracing the culprit(s). They will get bored however and leave you alone in the end. :)
demond wrote:nope, that won't help
I did mention I doubted there was any point. :P

There was one fool once that my admin and I were actually able to trace after a DoS-ing incident. Not all have brains.
Add [SOLVED] to the thread title if your issue has been.
Search | FAQ | RTM
Post Reply