I was doing a guest show on the WARP Radio Network last night, and I hit 338 listeners within 30 mins of going on air, as we climbed the Shoutcast Directory it became evident that we were beginning to be DDOS attacked, causing the server to drop some listeners.

Anyone had this done to them before ? Any ideas who does these attacks? Spite or jelousy? Or boredom?

The ISP is currently dealing with it and will be reporting the offending IP to its ISP but has anyone else had experience with this happening to their streams?

Try doing a forum search (http://forums.winamp.com/search.php). I've seen lots on these kind of attacks.

yeah. seems to be common in the shoutcast world these days. even on some smaller stations ive seen it.

people just need to be prepared for this kinda thing is all.

Yep, it happened again last night. Slowly climbing up the directory, and then made the front page, eventually settling at number 14. All was well for about 30 mins, then going, going, going .... gone! The box was absolutly hammered and taken down, streams, website, IRC server the whole thing went. Its obvious whoever is initiating these attacks has a shed load of bandwidth to send these attacks.

What I also seem to have noticed is it happens to any station that makes it 'big' in shoutcast directory. I know for now, for a fact that it isnt just "Get the numbers and you will make front page" its more like, show your good, get the big listeners then be attacked. Either the bigger stations are doing this, or its standard practise for stations who have not paid out to be on the front page, so the only solution is to attack their boxes and take them down.

Surely this is in violation of applicable internet laws internationally, and I am sure the hosting company of the boxes used are sick of having their computers being attacked offline.

In my own personal opinion, it is known a presented 100% live show will win more listeners then an automated Winamp or OTS playlist, which the majority of streams seem to be these days (wheres the fun in that).

People who are not getting as many listeners, or feel threatned dont like it, so they bomb the opposition. I think its time the people who do this should grow up before they get into trouble from their ISP, or law enforcment.

In many cases like this the problem is either one of two things - either someone is intentionally trying to take you out or you have several listeners with ISP's with faulty equipment.

People trying to take you out usually originate from one IP or subnet (like a class C - example 123.45.67.*** as in several IP's from the same chain but differentaing end numbers) but instead of massive connections it's easier to do a massive ICMP flood which can kill in and outbound bandwidth).

The other would involve several connections from totally unrelated IP's but several connections from each and over several servers. These are faulty connections which lose connection, reconnect but the DNAS does not drop the old connections.

It's pretty clear which problem you have. Denial of service attacks can be traced and reported to the offending users ISP. Erratic connections usually cant.

Originally posted by Kev Atkinson
People who are not getting as many listeners, or feel threatned dont like it, so they bomb the opposition. I think its time the people who do this should grow up before they get into trouble from their ISP, or law enforcment.
let's try to keep from making accusations without proof in this topic. If you feel that you have proof then provide it. Too often discussions like this just end up going down in flames. If you guys start making accusations with no proof I will have no choice but to lock this thread.