Null Route DDOS attack on Windows Platform

By admin, February 22, 2012 19:30

This little trick only works for entry level hacker, it won’t stand a chance with advanced hacker, not to mention those DDOS with pure bandwidth consumption (I don’t think there is a way to mitigate this at all anyway, if you do, pls drop me a line).

First I tried the following intuitive command on Windows Server 2003 and found out it doesn’t work, somehow, Windows doesn’t allow route to 127.0.0.1.

route add DDOS_IP 255.255.255.255 127.0.0.1

* Assume DDOS_IP is the DDOS source IP Address.

The solution is to create a loopback (ie, fake) NIC by go to Control Panel, then Add Hardware > Network Card > Microsoft Loopback Adapter.

From Properties, Remove everything and leaving only TCP/IP, assign it a fake IP (say 192.168.80.8), disable WINS of course.

Finally, simply route the crap to this fake destination

route add DDOS_IP MASK 255.255.255.255 192.168.80.8

If you want to permanently add this DDOS IP, use route add –p parameter.

To remove it, type “route delete DDOS_IP”.

In additional, if you want to block the whole C-Class (ie, 256 IPs, mask /24) of DDOS source, then use:

route add DDOS_IP MASK 255.255.255.0 192.168.80.8

Finally, how do you know which IP is DDOS your server? Well, if you find a IP with many LAST_ACK from netstat, then this indicates a very high possibility that the IP is the DDOS attacker.

Examples

To display the entire contents of the IP routing table, type:

route print

To display the routes in the IP routing table that begin with 10., type:

route print 10.*

To add a default route with the default gateway address of 192.168.12.1, type:

route add 0.0.0.0 mask 0.0.0.0 192.168.12.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and the cost metric of 7, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and using the interface index 0×3, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if 0×3

To delete the route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, type:

route delete 10.41.0.0 mask 255.255.0.0

To delete all routes in the IP routing table that begin with 10., type:

route delete 10.*

To change the next hop address of the route with the destination of 10.41.0.0 and the subnet mask of 255.255.0.0 from 10.27.0.1 to 10.27.0.25, type:

route change 10.41.0.0 mask 255.255.0.0 10.27.0.25

很喜歡新款M. Benz CLS的尾巴

By admin, February 19, 2012 15:28

前一陣子才跟朋友談起現代的”大奔”已經完全失去了過往耀眼的光芒。記得70年代中的450SEL到80年代的380SEL & 560SEL是多麼的令人羨慕和嚮往。

但沉寂了多時的奔馳最近的新作令人眼前一亮,它就是嶄新設計的新一代CLS,尤其是尾巴,跑味濃厚,很科幻和有品味!

下午突然發現鄰居早已經等不及了,升級了去最新的CLS 350,尾巴的LED燈設計還真好看! 好靚仔!

cls350

迷你版的法拉利香水

By admin, February 19, 2012 14:21

今天她整理梳妝櫃的時候無意間發現了這瓶迷你版的法拉利香水,差點忘記了這個多年前的小禮物。既然重見天日,那麼現在就把它擺放在1比43Make Up法拉利F40的旁邊,覺得還挺不錯的。

IMG_6448

昨天在家附近又看見了一台全白色掛T牌的法拉利F458,感覺比紅色來的搶眼多了,連我也不禁發出一聲驚嘆。越來越喜歡F458從尾巴打斜45度角看過去的感覺(借用Volonte 59的圖片),很F355的傳統法拉利風范,但是還是不太接受F458車頭的設計,可能太前衛了。

F458 

那個法國瘋狂的法拉利車模收藏家Volonte 59,他的帖子現在居然已經去到了第337頁,而且多了很多場景和特殊的PS效果。 說真的,我每次看完他的更新後都會目瞪口呆,太不可思議了,實在為”神人”也!

2

1

Latest HP ProLiant DL380 (Generation 8)

By admin, February 18, 2012 22:06

The demo does look a lot like a transformer in action, it’s so cool!

Oh…it’s the world’s 1st server with PCIe 3.0 (1GB/s bandwidth?) and DL380 surprised me with a newly designed nice looking bezel (finally!), but it looks like a Poweredge now. :)

That’s why I love the latest innovative network, server and storage technologies, they have always been my biggest hobby and toy, so much fun to learn and play with.

Happy Valentine’s Day 2012

By admin, February 15, 2012 13:31

For you only, our 13th Valentine’s Day!

IMG_6421