asking help for shell command

qwek · Post by **qwek** » Fri Aug 19, 2005 7:14 pm

excuse me, how can i track / trace / scan from my shell if someone has doing ddos attack to my shell? what can i use (command on shell)? thanks

best regards,
qwek

demond · Post by **demond** » Fri Aug 19, 2005 7:51 pm

are you root?

qwek · Post by **qwek** » Fri Aug 19, 2005 11:29 pm

demond: nope, i'm just bought some shell from shell company and my bot always died without good reason (ping timeout) and after while im checking maybe my shell got something wrong and then i'm asking our admin and he said someone has doing udp packet into my account. suddenly the admin shell temporary closed my account for a while. i'm asking to admin what iphost has doing udp packets but he didnt replied me (until now). can i trace/track/scan from ssh/putty how to get those iphost (doing some udp packets?)

demond · Post by **demond** » Fri Aug 19, 2005 11:47 pm

no, you can't; tracking those kinds of things requires root privileges

qwek · Post by **qwek** » Sat Aug 20, 2005 1:51 am

is there no other way to do? ok then. btw thanks for your help demond.

regards,
qwek.

Alchera · Post by **Alchera** » Sat Aug 20, 2005 2:29 am

qwek wrote:is there no other way to do?

In a way. If you have the IP(s) from your shell admin just run (in Windows) NeoTrace. I am not sure what benefit, if any, will be derived by the exercise though.

demond · Post by **demond** » Sat Aug 20, 2005 3:20 am

Alchera wrote:
qwek wrote:is there no other way to do?
In a way. If you have the IP(s) from your shell admin just run (in Windows) NeoTrace. I am not sure what benefit, if any, will be derived by the exercise though.

nope, that won't help

virtually all DoS-ing techniques have been using spoofed source IP addresses for many years now

tracing DoS (let alone DDoS) source is not an easy task even if you are root... if you are not, forget about it

and you definitely can't even detect DoS if you are not root, since you neither have access to your firewall's logging facilities nor you can run a packet sniffer software; of course, if you find it's difficult or impossible to log into your shell account and your bot tends to die with "Ping timeout" more often than not, there's pretty good possibility your host machine is being DoS-ed

qwek · Post by **qwek** » Sat Aug 20, 2005 10:36 pm

what if i asking admin shell to added me as a root? do i allowed? i think this is impossible

eheh

Alchera · Post by **Alchera** » Sat Aug 20, 2005 11:05 pm

qwek wrote:what if i asking admin shell to added me as a root? do i allowed? i think this is impossible eheh

Oh very doubtfull unless you're a personal friend and then maybe not. And demond mentioned that even root access will not guarantee tracing the culprit(s). They will get bored however and leave you alone in the end.

demond wrote:nope, that won't help

I did mention I doubted there was any point.

There was one fool once that my admin and I were actually able to trace after a DoS-ing incident. Not all have brains.