So over the past couple days, Weasyl has been sustaining on-and-off DDoS attacks. However, the techniques they were employing to do so were mitigated. In the aftermath of the DDoS (and now that I've got some down time at Further Confusion), I decided to take some time out to investigate the source of the attack.
Typically, attacks of this variety are carried out through botnets. Think about a thousand zombie computers all claiming a desire to make a connection to your system, but never following through. This is a classic type of DDoS attack, called a "SYN flood." However, nowadays, through an attack called DNS amplification, one doesn't necessarily need a botnet. All one has to do to carry out a DDoS attack of this variety is find a bunch of misconfigured DNS servers, then tell those DNS servers to query the utter-living fuck out of a victim domain.
DNS amplification can essentially be summarized as thousands and thousands of dickheads waiting in line for a question they give no fucks about the answer to. Not only are all these assholes asking these questions they don't care about the answer to, but equally, they're also asking way too verbose of questions. Imagine if instead of asking the question "where's the bathroom?" all these pricks instead decided to word their question as "excuse me mada'am, while this domecile is quite lovely, frankly, I have a very strong desire to relieve my bladder of its burden. Perhaps you can point me in the direction of the local facilities by which I can expunge this urine." As a result, you-- the user-- never get the answer to the question you actually want, which is the IP address behind the domain name. The result is effectively a denial of service, as no one can access Weasyl via its expected domain name.
Unfortunately, in the aftermath of the attacks and doing the reconnaissance on the addresses we were attacked by, we don't have any conclusions on who the attacker was. Because DNS amplification attacks require bouncing off of misconfigured DNS servers, the only way we can do any more investigation on the attack as to the "who" behind it (which is, perhaps, the most interesting part) is to control the servers themselves. Frankly, that's impossible. The DNS servers came from all around the world-- Taiwan, Brazil, the Netherlands, the United States and more. As a result, the DDoS attack on Weasyl was effectively anonymous, and not necessarily of the 4chan variety. Though if Anon thinks Weasyl is interesting enough to DDoS as some sort of test of wits, a tip of the hat to my fellow hackers! But try harder. Smurfing is lame. ;)
Summary: Weasyl was hit by a DNS amplification attack. Because of the nature of the attack, unfortunately, we cannot conclusively say who initiated the attack.
Well, there are inklings. My strongest suspicion as to who performed the attack, frankly, are some random Anons who thought it might be cute to try and start a war between the two furry sites because one of them is exploding in drama. Anon is a benevolent creature on the hunt for amusement-- and what better way to fan the flames of furries than to make the Hatfields and McCoy's fight each other for their own personal popcorn consumption. Based on the murmurs I've heard on the whats and why's of the various hacker-related attacks on furry sites, that's my current theory. But I have nothing conclusive just yet.
Frankly, though, I'm extremely fascinated as to who could have truly done it. So I'm doing as much investigation as I can. There are records of an earlier attack that I'm working on tracing right now.
Link
SiGe
Ah! I already thought it's one of those newer attacks that got to do with NTP which works similarly :/