My first DoS attack

I experienced my first denial-of-service (ddos or dos) attack today. Out of the blue I got a message on IRC saying "You have one day to change your nick". Later the same person said he wanted to use my nick name and if I did not give it to him (he could not use it as long as I was using it) he would "ddos me" so I would lose my internet connection and he would be able to take my name. I politely told him I had used the name whenever possible since 1995 and had no intention of handing it over to someone who threatened to ddos me.

So he attacked me. I lost my connection. He took my name.

It really was that simple for a teenager somewhere to shut out a random user from the entire net.

I had no internet connection for two hours and although I don't care that much about a nick name I did care that some teenager can threaten me and shut me down like that and get away with it. And what bothered me most of all, was that he is able to do this thanks to an Austrian company called Freakshells.com that provides a "bouncer" account behind which he can hide and brag to me about how he ddossed me and will do it again if I try to take any legal action against him.

I contacted freakshells, explained the situation, included my conversation with their customer and asked if they would let him continue to threaten me and ddos me from behind the facade they provide him. They told me I was "wasting my time" as they claimed it is almost impossible to prove a ddos attack and that I too should buy a bouncer account to hide my identity and survive such ddos attacks.

Now, that is an interesting business idea. They sell account that their users can hide behind to stay anonymous while threatening random internet users and commit crimes - and then the company offers the same service to the victims as the only means of protection from their abusive customers.

I see no other meaningful use for their service than to provide an environment for abusive and illegal activities. Under their "news" section they even mention that they now offer their customers a new virtual host to hide behind: "abuser.be".

I am sure they follow the letter of the law and would shut down a customer if forced to by law enforcement, but they are certainly not following the spirit of the law as they seem to do their best to protect these customers and turn a blind eye to their customers illegal activities for as long as they can.

After a few days I check the randomly named irc channels where my "new friend" was and I noticed a lot of other users on those channels with serialized names, 8 character hexadecimal names, and remembered Steve Gibsons text about ddos attacks and dos-bots controlled trough irc. I asked freakshells to have a look at these obvious dos-bots that most probably where controlled trough their servers and they became quite upset with me, telling me they will no longer discuss the issue with me.

One of the machines that had been taken over by a dosbot was a computer in Finland so I informed the ISP in question about my finding and they took it seriously - after some initial investigation they conclude that it was indeed a dosbot so they asked CERT-FI to get all of the dosbots on the irc channel of the net. I don't know what happened next, but many of the bots where gone the following day, the recurrent DDOS attacks against me ended and a few days later my old nick was again available. I still don't know what happened to the teenager who ddos:ed me but hopefully he got in trouble with someone.