I have some questions regarding bot-nets
1)is it possible to reverse attack the bots which is attacking us?
for example say if we got hit by some bots and we have logged their ip address,and instead of blocking them can we set our router to send the packets to them with-out being processes by our routers?Because i think it may also over load some of our band-width ,but at the same time the bots also getting attacked nah?
am i right? is it possible to do?how to configure the router to do such an task?
This is akin to asking: "Someone stole John Doe's gun and took shots at me. Is it ok for me to shoot at John Doe?"
Most botnets consist of machines that have been compromised. The end owners of those machines are unaware their machines are behaving badly. For you to counterattack these machines would be criminal point blank.
2) 90% of us may have this problem,
And also we are at the "receiving" end of the attack,instead of contacting isp's,law enforcing authorities for this (in reality they wont care about us much because it is a small attack for them)what are the steps we can do to trace back the attacker?
even tough it was some what complex i think it can be still possible to track them down...
It's not that law enforcement don't really care on the contrary they do care about these attacks. If you take note of the above comment I made, there is little they can do as it is difficult to track down who created a botnet.
As for ISP's taking a stand, some do, some don't. Same rules apply. Good ISP's take DDoS attacks seriously but they cannot go as far as blocking say an upstream because again, they're caught in the cross-fire.
We have some servers or some isp home connections,but when DDos Attacks happens on some "important" time and down our servers,we are trying to contact the hosting's-support team or isp whom are very very slow in responding to our questions,
And even they respond ,it is not suffuicient to us,And also most of the times unless the attackers stop the attack we can not do much things..
The issue with botnets is and forever will be the underlying issue of "people don't know their machines are behaving badly." Trying to send out thousand of emails to the different providers often yields little since it is likely they've been overwhelmed at the amount of e-mail they're receiving and or received already. Blacklisting works when done properly but if you could find the bullet-proof solution to this, I guarantee you that you will be a billionaire in no time. Many companies try and they all fail because the logic of countering is flawed. You can block N amount of machines until the cows come home but depending on someone's botnet, all the attacker has to do is jump onto a C&C and send from different hosts.
Counterattacking a botnet is not only criminal, it's outright stupid. You're already being saturated with traffic, why add more traffic on a counter attack. Load balancing helps as does BCP filtering however, if BCP filtering isn't done across the whole link, its useless.
Network Pen Testing : AIX Vulnerability Assessments
