DoS Attacks Persisting, On The Rise 287
thelizman writes "One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack. While not getting you any access to data on a machine, DoS attacks effectively shut down machines by making them inaccessable to others. CNN is carrying and IDG.net story about how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really
a pain.
DOS is dead (Score:5, Funny)
Re:DOS is dead (Score:2, Interesting)
Though I would agree that DOS is probably inhibiting people from getting data off certain sites off the net, they're talking about DoS.
Here's a question, though: Let's say a company does something that the Slashdot community doesn't like. A link is posted to that site so that people could visit it. Slashdot has enough visitors that most sites come down pretty quickly with that much traffic. Could a company make a case that Slashdot is a DoS attack?
I'm not asking on a moral ground, but could a Lawyer actually get that to court?
To be clear I'm not asking:
- Would they win
- Could they in the ideal world
- Would it be ethical/moral to
- Are they right in doing so
I'm asking if they could present a case and get it to court. Thoughts?
Re:DOS is dead (Score:3, Insightful)
probably not if the judge has any sense at all.
There's a fundamental difference between a DoS or DDoS attack and the so-called /. effect. In the first two cases, the attacks generally come from remote controlled machines or zombie machines and is instigated by a very few number of people, or even just one person. In the case of the /. effect, each and every viewing of the webpage is deliberately instigated by a separate human being.
While most analogies of /. suck, I'll add one more: It's somewhat akin to the difference between a half dozen people chaining themselves to the entrance of a Starbucks and stopping people from entering as a means of protesting globalization and a couple hundred people all trying to get in at once because a radio DJ points out that they're selling double-shot mochas for a penny each.
Re:DOS is dead (Score:4, Insightful)
But what if a Lawyer made an argument along the lines of: "Slashdot intentionally posted a link to their site knowing that an overwhelming increase of traffic would hit my client's servers."? What if Blizzard, for example, attempted to sue Taco because of being flooded with too many hits (or negative emails) from opinions posted on Slashdot?
The difference between Slashdot and a news site such as CNN is that more opinions make their way to the front page. For example, remember the article that said MS kicked Sony out of CeBit? That's not what happened, but that was the view it posted.
better get another lawyer! (Score:2)
That's called public discourse! Do something wrong, people will talk about you. Make a real monster out of yourself and they might stop and stare. People are free to say and think what they might. It's part of what free speech is all about.
If you don't want the public entering your web site, or building for that matter, you had better not make it public. If it's public, we might presume that you want visitors.
If your layer can't tell the difference between many people visiting a site and an attack of broken Windoze machines, they don't know the difference between a protest and rolling a bus into a building. They might not know their ass from a hole in the ground either. Find another one.
Re:DOS is dead (Score:2)
My paragraph about the difference between Slashdot and CNN was compressed down to 'CNN doesn't opinionate.'
Here is what I said:
"The difference between Slashdot and a news site such as CNN is that more opinions make their way to the front page. For example, remember the article that said MS kicked Sony out of CeBit? That's not what happened, but that was the view it posted."
Notice the sentence in particular where I said that Slashdot offers MORE opinions right away than CNN. I never, ever, EVER said that news sites don't provide opinions. If you had paid any real attention to what I said, you'd note that I made an example where a factual error was made in presenting the story. A very serious factual error. Instead of the headline explaining what really happened, it explained the submitter's point of view about it.
There is a huge difference between that and the stories you read on most places that carry any sort of journalistic integrity. They take extra care to not present details incorrectly.
In any case, thanks for grossly misinterpreting me. I'll give you credit, though. You did offere a very fascinating rebuttal to something I didn't say.
Re:DOS is dead (Score:2, Insightful)
Re:DOS is dead (Score:2)
I apologize for being rude in my response.
"How many times do you think a headline from CNN concerning topics such as the war in Afghanistan has been exaggerated or presented misleading facts because it makes the American government sound better?"
Hmm... You mean sensationalism? Fair point. I remember a couple of years ago, late in the year, that the news was keeping a running tally of students getting hurt in football games. They described it as an epidemic. They made it like the parents should be concerned as if YOUR KID MIGHT DIE!!
The injury tally, by the Octoberish time of year, was 7. Now 7 kids taken to the hospital between late August and October is a heck of a lot, I suppose. However, the number was 7 from January 1st. If memory serves, it was after the high school shootings media attention died down.
Basically, the media presented a potential result before establishing it's case. Yep, that's opinionated.
I do think my original idea does still carry some weight, but I understand what you're saying and it is a good rebuttal. Thanks, you expanded my perspective.
Re:DOS is dead (Score:2)
I am not a crate. Even if I was, I certainly wouldn't be a demo model. I demand an apology.
Re:DOS is dead (Score:3, Funny)
> Though I would agree that DOS is probably inhibiting people from getting data off certain sites off the net, they're talking about DoS.
I read in Discover about someone with damage his right frontal lobe that couldn't understand humor. I guess you've taken one too many shots to the forehead, huh?
Re:DOS is dead (Score:2)
If you read a little closer, I was attempting humor as well.
"Though I would agree that DOS is probably inhibiting people from getting data off certain sites off the net..." -- get it?
Maybe i should have said "...probably inhibiting A LOT of people..."
Oh well.
Re:DOS is dead (Score:2)
Re:DOS is dead (Score:2)
Let's try another scenario, though. What if a Slashdot article posted an e-mail address for somebody to write legitimate complaints to. If a small company recieved 300,000 emails, that'd be a bit of a problem. Could a judge see that as an attack?
Re:DOS is dead (Score:2)
You never know what'll get into court, or who will win. Mysterious and unjust things can happen there sometimes. That said, one possible defense for /. might go like this:
For a conventional DDoS attack, the script kiddie relies on other people's computers acting in a predictably (and automatic) bad way. Because the DoSing computers are doing something that is both automatic and justifiably enabled (e.g. ping reply), the users of those computers are not responsible for their ping replies. Having your machine reply to pings is not negligence on your part (whereas installing software known to be gratuitously dangerous and with a really bad reputation (IIS) may be). But if the ping-reply machine owners aren't responsible, then the person who made it happen (the script kiddie) is.
For /. effect, Slashdot is not automatically causing thousands of other computers to send a request to a site. Instead, the human users of those computers are consciously (depending on your attitude of human nature) clicking a link. Since those users made a choice to hit the referenced site they are responsible for the traffic they generate. Thus the responsibility really is distributed, and doesn't rest solely upon /.
Re:DOS is dead (Score:2)
Sure. As any lawyer will point out to you, you can sue anybody for anything. You might be liable for their attorney's fees if you lose, but you can sue anyone for anything and even make it to court.
well... (Score:2)
Re:DOS is dead (Score:2, Informative)
Nowadays, you can fit a class C worth of websites on a single machine and save a lot of money. So what if you don't survive one day of
If you are looking for specs of a
Regards,
Victor
Re:DOS is dead (Score:2)
To my mind that is a lot of traffic, but then my only firsthand experience is with "Mickey Mouse" servers that would probably melt under that load. (Assumming that the connection could actually carry that kinda volume in the first place.)
Re:DOS is dead (Score:3, Informative)
Re:DOS is dead (Score:2)
I don't think that they understand that the Simpsons makes fun of EVERYTHING. There was an episode only a week or two ago showing a CISCO router being held together with band-aids, etc, sort of implying that it was crap.
The reason that this particular case could actually turn into something is that they might make a claim that a show as popular as Simpsons could make people think twice about vacationing in Brazil. I know I wasn't terribly wild about the idea that I could get kidnapped and held for ransom.
I'm a little concerned that if media attention turns to DoS attacks, Slashdot could find itself in a bit of legal trouble for the same reason that the Simpsons is.
Re:DOS is dead (Score:2)
You know, I think you unintentionally brought up a good point. (Or maybe you did intentionally, heh) The Simpsons does that to EVERYWHERE they visit.
I can personally verify this. I've been to Australia, and the Simpsons made an amusing parody of it, but not one I'd take seriously because I know what's true about that episode and what isn't. I've been to Brazil, and know that monkeys don't invade schools and take children. Because of my real life experiences that the Simpsons has made a parody of, I have a basis to figure out when they're just being silly vs. illusrtating something that has at least some truth to it.
It's easy for me to see that the Simpsons doesn't let anybody get away unscathed. I think most people that really love that show feel the same way. They don't take it personally when the Simpsons makes fun of something that hits close to home.
That would be Slashdot's defense. "You can only take it seriously if you have no idea what it is you have wandered in to." I could understand a first time viewer of the Simpsons thinking Rio is a place where monkeys will take your children, but not somebody who has watched more than a couple of episodes.
Slashdot is the same way. Once you've invested a little time into it, you start to realize how much a statement can be weighted.
I hope the law takes that into account. Just because the Simpsons made a parody, doesn't mean that Rio can justifiably ask for damages.
Well that makes me feel better. I think the reason I started this discussion was that I'm concerned about Slashdot getting burned if the Media sets fire to the term "DoS".
Re:DOS is dead (Score:3, Funny)
What about Slashdot? (Score:2, Funny)
We even have our own word for it: "Slashdotted".
Re:What about Slashdot? (Score:2)
Re:The Slashdot Effect Solution (Score:2)
Already answered. [slashdot.org]
Wait until.. (Score:3, Insightful)
p2p is the biggest ddos mess waiting to happen. If there is a hole in the client, then who knows how far it could spread before stopping.
Re:Wait until.. (Score:3, Funny)
Re:Wait until.. (Score:2)
"You are not an assasin, you are just a grocery boy running an errand."
Kazaa is not a virus, it's just a billboard on an isecure platoform. It may do damage, but it's all due to incompetence and greed.
The biggest threat to the security of the web is Windoze XP. At it's very best, it strains the public net and bombard the happless user with Adverts and other garbage not requested. At it's very worst, the backdoors that are used for all of that shoving will be exploited by porn masters and other nasties. Just hope and pray that the public wrath will turn on those responsible. After 15 years, they give us this and do their best to prevent all other options? Great.
Re:Wait until.. (Score:2, Insightful)
The Kazaa and Gnutella networks are protocols. Protocols can't catch viruses.
A virus may travel via the network but it could travel equally well through email (which is a bit more popular, and more important, than the Kazaa or Gnutella networks). Now if you're talkinga 'bout attacking specific flaws in Kazaa client software, or Gnutella software, then so be it - but that's not the network!
Moderate this fool back to 1.
Re:Wait until.. (Score:5, Insightful)
And if that's not effectively spreading through the network, I don't know what would be. The parent of your post is not the fool - but you definitely failed to understand the post.
Re:Wait until.. (Score:2)
The parent of your post is not the fool - but you definitely failed to understand the post.
Who's the more foolish, the fool, or the fool who replies to him?
*shrug*
Too much 3AM Jedi Outcast...
Re:Wait until.. (Score:2)
C:\>rename "Britney Spears giving blowjob.mpeg" "Bill Gates does you anal.iso"
-
Slashdot is one BIG DOS attack (Score:3, Funny)
Or, maybe not...
Obvious... (Score:2, Redundant)
And what about causing them?
Re:so narrow minded heh? (Score:2)
Wow. Do you really believe everything you read?
I'll make you a deal, no strings attached. Quantify your "billions" figure and I'll give you a crisp $20 bill.
aka the Slashdot Effect (Score:4, Funny)
DOS, aka /. effect (Score:2, Redundant)
And create them inadvertently all the time.
They're about to come under one... (Score:2, Redundant)
DoS sucks (Score:5, Insightful)
Stephen Barkto? Is that you? (Score:2, Insightful)
Sure it does! Can't make Hotmail work right? Well, just blast away everything else from AOL to Yahoo with spam. Don't like what Slashdot is saying about your "product"? Just sign up 100 troll accounts and flood the comments with enough highly moderated garbage to try a saint. Denial of someone else's service is good when you are a twisted greedhead that wants to own everything and tell everyone what to do.
DoS as self-defense against "bad guys" (Score:5, Interesting)
Sometimes DoS can be a not-really-fine but very effective method of self-defense. In Germany we have a quite big problem with spam advertising dialers - little programs which redirect a w1nd0z3 box's internet dialup connection to an extremely expensive special number which is normally used for phone sex or premium services. One short connection can cost up to 900 € (that's no joke, there's no limit), and as some dialers hide well while replacing the default connection, some people got a phone bill of more than 10000 € at the end of the month.
During the second halfth of March, I got about five of these dialer spams each day. Other people got even more. The web hoster - a company [mainpean.de] selling these dialers [stardialer.de] - didn't act against any incidence of spam, the download accounts remained open for weeks regardless of any complaints. Their uplink... well, UUnet. As the discussion on the Usenet forum "de.admin.net-abuse.mail" went on, even the web hoster's boss himself joined and couldn't understand to be responsible for knowingly tolerating his customers abusing his service - of course he made a lot of money even by spamvertised dialers.
About a week ago, some spam victims were completely fed up. As the legal methods didn't work at all, the dialer should be made unavailable by distributed mass-downloading. The threat escalated in a clear message to the site maintainer - either go against your spamming customers or see your dialer being downloaded until the server blows the whistle.
The story appeared on Heise News [heise.de] which has a quite large reader base in Germany, to be read by lots of angry people whose inboxes were full of dialer spam. The "Heise effect" was enough for the site maintainer to become really scared - lots of DSL and broadband users started to download the dialer not only once but as often as they could. The web server became too busy to serve dialers even to people who would want it. The company selling these dialers didn't have any choice - either stop supporting spammers or have their dialer server slashdotted until it blows the whistle. Only a day later the company's boss agreed on getting rid of and seeking legal action against spamming customers.
A few days later, another spam went around, advertising a dialer hosted on an Eastern-European web server. Same game: the spam victims squeezed the dialer out of the web server as many times as possible. The site got hosed so badly that even a few hours after the spam incident, the dialer was no longer available.
As a result, if you really want to hit a spammer, DoS^H^H^H/.ing his web site - especially large files or CGI scripts - has finally proved as much more effective than blacklisting, LARTing or anything else (which still remains useful, though). Even big providers will notice a gigabyte-large traffic peak towards only one target.
Re:DoS as self-defense against "bad guys" (Score:3, Insightful)
And it sounds like a jolly good idea. Methinks I need to write a HowTo so people who are not that profficient in Linux/BSD admin can do it. Let's face it the relevant parts of Linux and BSD docs are nightmarish and they are not end-user material.
Brgds,
Re:DoS sucks (Score:2)
One point which I think has not been made: not all reports of DOS attacks are reliable. My company's Senior Director of Technology once told our upstream provider that we were being DOS'ed, when in fact we were simply getting more (legitimate) traffic than usual. It also doesn't help that some OSes ship with stack settings poorly chosen for a busy public webserver and a) effectively participate in their own DOS'ing, and b) report possible attacks when in fact no such thing is going on.
Attention Slashdot (Score:3, Funny)
Muwahahahaha!
Re:Attention Slashdot (Score:2)
Stupid script kiddies. (Score:4, Insightful)
It's not impressive to bring a system to its knees by DOSing it. You do, however have to respect the guy who discovers some huge hole that he exploits on some system and gains access.
You gotta respect him more if he tells you about it, and how to fix it.
Re:Stupid script kiddies. (Score:2)
Sure, a simple DoS attack is pretty rudimentary, and also not difficult to deal with, generally, but the really effective DoS attacks, DDoS attacks are much more impressive. As you yourself say:
DDoS attacks involve gaining access to a lot of machines and coordinating an attack.
The only DoS attacks that make news are DDoS attacks.
Well, DDoSers generally don't rise to this level of respect. :-)
Re:Stupid script kiddies. (Score:2)
But if the script kiddie is just using the same rootkit to exploit a bunch of poorly-maintained boxen on cable modems, that's just persistance, not skill.
Effective DOS attacks would make news too.... (Score:2)
For a brief description.... (Score:2, Informative)
-- dforce
At least... (Score:2, Informative)
Not about sophistication (Score:2, Interesting)
Save rather than beating each other senseless (which would be so, so much more preferable), they're compromising systems and using them as their weapons - costing users and admins hundreds of work-hours so they can prove something.
Hell, at least "tagging" doesn't take down the damn company server.
Starting to get into Commercialization (Score:4, Interesting)
Sometimes you have to wonder about some of the targets of these DOS attacks and how they are organised.
Some of the major ones are obvious, Microsoft, Ebay, Yahoo, etc. But when you start to get to the small to medium sized companies being hit by large DOS attacks, because their systems are sufficiently patched against break-ins, something begins to become worrying.
The questions range from why such a small target for such a large attack, and how the target was selected. Occasionally you get to hear stories about how some small ISP had their lines choked by a huge DDOS, meaning that customers started leaving and going to the competition. There is one other post elsewhere here that identified that a British ISP was put out of business because of the efforts of continous DOS attacks.
Spite sometimes is a factor, but it takes a certain degree of organisation to launch a continous attack such as that. Spite of someone will only get you so far. And there is not that much prestige in taking out a medium sized company. After all within the current climate, medium sized and some large sized companies are finding it harder to remain in business from an economic sense.
HOW CAN YOU BE LEET WITH DOS (Score:3, Funny)
Intentional? (Score:2, Funny)
Isn't an unintentional attack an oxymoron? Like an intentional accident?
Re:Intentional? (Score:3, Funny)
If I was doing a ballet move and slapped you in the face, would you rather label that as an accident or tell people that I used my powerful ballet technique to bitch slap you?
Unintentionals are still a problem (Score:3, Interesting)
Some DDOSer once cracked one of my DSL lab machines and was pinging home to his box at MIT - except it wasn't really MIT, he'd gotten the byte order wrong on his IP address somehow and was trying to phone home to Japan.
In related news... (Score:3, Funny)
what, no mention of dittrich? (Score:2, Insightful)
Harumph. An article about DOS/DDOS that doesn't mention Dave Dittrich.
There oughta be a law.
DrDoS (Score:5, Interesting)
http://grc.com/dos/drdos.htm
Looks nasty
Re:DrDoS (Score:3, Informative)
Steve Gibson is a kook and a crackpot. He's an alarmist, but unfortunately people not "in the know" tend to listen to him (most likely because he is an alarmist). He rails against raw sockets in XP, never bothering to notice that NT (which XP is based upon) has had raw sockets for a long time, and that it's possible to modify the Win9x TCP/IP stack to allow for raw socket-like abilities. Nevermind that raw sockets are only available to administrative users in NT, as with any *nix (problem -- too many users run with administrative rights on NT, which is the equivalent of running as root all the time. This is the true problem, not raw sockets, and should be the one that's addressed). His "Distributed Reflection" DoS is nothing new. Hax0rs and kiddies have been doing it for a while. His GENESIS [grc.com] project is basically poorly-implemented SYN cookie protection. And so on and so on ...
In short, the guy's a nut and only nut's pay attention to him. Try a real security site, like SecurityFocus [securityfocus.com].
Re:DrDoS (Score:3, Insightful)
Sure, SG is paranoid, but in a good way. He hasn't reached the kook level just yet. When he starts promoting cold fusion, then you can back away slowly.
Re:DrDoS (Score:3, Funny)
Unless he really is performing cold fusion, in case you should run away quickly or put on some lead pants.
Re:DrDoS (Score:5, Informative)
Gibson has a real overinflated sense of his own importance and loves to make it sound like all his discoveries are huge and that the consequences of not obeying his advice are dire. However you begin to notice that he is never mentioned in any of the big security news. He's a smart guy and a deceant programmer, no doubt, but he lets his ego get in the way of his good judgement and has a tendency to exegarate the truth.
Re:DrDoS (Score:2, Informative)
DRDoS vs. DR DOS (Score:2)
Distributed Reflection Denial of Service
Why do the names of these service-denial attacks tend to coincide with the names of 16-bit embedded PC operating systems? For example, the generic term "DoS" (denial of service) collides with "DOS" (disk operating system). The term "DRDoS" (distributed reflection denial of service) looks like "DR DOS" (Digital Research disk operating system [drdos.org]).
Re:DrDoS (Score:2)
Re:DrDoS (Score:2)
Windows XP! New and Improved! Now with FULL RAW socket support!
The author of the DrDos artical also has a summary [grc.com] explaining how he's been attempting to convince Microsoft *not* to include raw sockets in WinXP for about a YEAR! He even had a phone conference with Microsoft's top Windows XP executives and developers [grc.com].
For anyone not familiar with raw sockets:
When you use normal sockets any internet traffic you create contains a valid return address. Raw sockets allows you to fill in a fake return address. This makes an internet attack much more dangerous, harder to block, and very difficult to trace back to its source.
Before WinXP, operating systems either did not make raw sockets available, or restricted their use to "privileged" programs. WinXP makes raw sockets freely available to everyone.
-
Re:DrDoS (Score:2)
Re:DrDoS (Score:2)
WinXP is used by gramma who is going to run the screen saver attachment on her E-mail. Umpteen million home users. And usually only Root/Admin has access to raw sockets. In XP everyone runs as Admin.
Just imagine if the next E-mail virus hits and several million home computers start flooding the web with packets with forged source addresses. Good luck getting gramma to remove the virus and apply a patch.
-
Re:DrDoS (Score:2)
Re:DrDoS (Score:2)
Yep, and that's the problem. Everything runs as admin.
-
To what end? (Score:2)
What better reason to sniff all the traffic, on the backbone? Oh yes, they'll get the mails also, but hey - nobody's gonna read it...
MS-DOS (Score:3, Funny)
WRT this [slashdot.org]: If someone 0wned the Windows Update server and used it for a DoS attack on other servers, would that be called an MS-DoS attack?
Re:MS-DOS (Score:5, Funny)
I th1nk the reas0n tha+ hackerZ d0n't use M$ s0ftware iZ +hat m0st 0f everyth1ng they wr1te w0uld have squ1ggly lineZ under it.
The future of DDoS as told by Gibson (Score:4, Interesting)
In effect, Gibson tracked down the 13 year-old attacker by dissecting the zombie program (aka, trojan bot) used in the attacks and created his own version of the undercover bot to monitor the hacker's IRC channels and conversations. As I said before, an extremely interesting read. It really brings out the urgency of Gibson's alerts as to the future of DDoS attacks.
Re:The future of DDoS as told by Gibson (Score:5, Informative)
hrm, more bandwidth for the consumer? (Score:4, Informative)
I don't think there can be.
If you look at the TCP/IP, and most importantly IP protocol, there is nothing you can do.
Some would say have a 'supersmart' router that would kill all packets that are from the same host.. but what's the point.. what if the router fills up its buffer?///...
It's like McDonalds at lunch... everyone gets there at the same time.. they all want something, they're going to pay (in a DoS attack, this is what it *looks*like, but its really one person doing this) so the lines get long.. Poor me can't get lunch as fast a possible..
there's nothing we can do to solve the problem unfortunately.
The only real solution is to beef up security on as many systems as possible. Once this is done, a hacker can't get the resources in order to launch a big DoS attack.
This is a really hard task, of course... but maybe security should be more of a main focus on the home desktop systems, especially since broadband is getting so easy to obtain.
Another reason why M$ needs to get their thumbs out of their a$$e$ and release more secure OS's... Open Source is already trying to actively take care of the problem
Whee
-Sase
Re:hrm, more bandwidth for the consumer? (Score:2)
It certainly seems a big step up from what we have now.
Poorly managed networks are a problem too. (Score:4, Interesting)
One mid-sized ISP I worked for had been operating for 5 years prior to my employ and the network operators had never heard of monitoring tools like MRTG [ee-staff.ethz.ch], RRDTool [ee-staff.ethz.ch], Netsaint [netsaint.org] or Big Brother [bb4.com] etc etc!
"We do it to ourselves and that's what really hurts" -- Radio Head.
-- Steve.
Academically boring (Score:4, Informative)
But just passing mention of DOS attacks - these are boring to academics because they are easy to do and impossible to counter so there's no research to do and no papers to write.
(I paraphrase slightly, and I probably remember the details wrong anyway, so any flaming should be directed at me, not Roger.)
Man are you wrong (Score:2)
As just one example that made its way into the popular press see this
Geez.
--Seen
Here's the god DOS attack (Score:2, Interesting)
Just think if someone made a P2P client that allowed you to send browser commands through their computer
Our own webserver (Score:3, Interesting)
We have been lucky that we run Apache on a Linux box, which also happens to be on a DSL line, limiting upstream bandwidth. And although 3k hits is minimal, there are only about 10 regular users of the website, which is maintained for downloading test files for music production inside our group only. All the exploits are rediculously similar, each one trying to access C:\ or D:\ or a Windows NT directory. I'm sure that this must be very common... and I can't image what these major sites must deal with on an hourly basis.
I find it sad though, that altogether too many webservers are managed by people who just aren't worried about this type of happening. The web remains the wild-west of the electronic frontier, brothels
Re:Our own webserver (Score:2)
um..
It's called "Nimda".
It has nothing to do with a DDoS.
It's become one of the incessant background white noises of the internet.
Hell, I get more than 3000 of those a month, at home on my dialup...
t_t_b
Re:Our own webserver (Score:2)
Why always blame the scriptkiddies? (Score:4, Informative)
I mean it takes some cunningness to 0wn a couple of hundred machines with a simple dail-up aol account..
Some companies hire blackhat people to DOS their competitors once in a while, think of mail-servers. Other groups DOS certain sites because of their ethical/political/religious backgrounds. So now all of a sudden every "malicious" computer user is a scriptkiddie?
The only scriptkiddies in these stories are the journalists that form their conclusions according to a certain script that's allways used when it's a story about something "evil" with computers.
Don't be a scriptkiddie yourself by making these hollow statements
Re:Why always blame the scriptkiddies? (Score:3, Informative)
I mean it takes some cunningness to 0wn a couple of hundred machines with a simple dail-up aol account..
Some one needs to brush up on thier definitions:
Script Kiddie n. (skript kiddee): A person who uses software tools written by someone else to exploit known security exploits in operating systems and/or server software. A person who poses as being knowlegeable about computers and how these exploits affect said computers. See JeffK.
And cunningness? To use Goolge [google.ca]? Come on. 3 pages into that search and I'd be in fear of my NT machines, were they not patched and behind an industrial strength firewall.
Some companies hire blackhat people to DOS their competitors once in a while, think of mail-servers. Other groups DOS certain sites because of their ethical/political/religious backgrounds.
So you want me to think that groups like these morons [aryan-nations.org] are capable of formulating a root exploit in order to DOS thier enemies? Right.I don't know of anyone who has half a brain that would help them do such a thing. Ergo, if they've zombied servers for DOS attacks, they're 5kr1p7 k1dd13z.
So now all of a sudden every "malicious" computer user is a scriptkiddie?
Not all, but most are. There are a few Black Hats out there who can pick apart any system they choose with tools of thier own creation. Those are the people who can strike terror into a network admin's heart - they find things that aren't known security holes, and are therefore almost impossible to stop.
The only scriptkiddies in these stories are the journalists that form their conclusions according to a certain script that's allways used when it's a story about something "evil" with computers.
See the definition above.
Geez, you're defensive. Wonder why....
Soko
Hmm.. (Score:3, Funny)
After publishing a story on DOS attacks it is receiving a DOS attack on the story about DOS attacks...
EGRESS FILTERS are STILL not implemented by ISPs (Score:5, Insightful)
Best Current Practice recommends egress filtering for all networks. Are yours in place?
The big problem with DOS and DDOS is the untraceability provided by networks who do not prevent address spoofing with egress filters. If traffic is traceable, criminals get caught.
Before anyone's knee jerks, let me point out:
1) this is not a performance issue. Routing hardware and software (LRP for example) is widely and cheaply (compared to line costs) available that can implement egress filtering without any noticeable effect on line speed. Face it, processors are faster than telecommunications.
2) Egress filters do not improve a repressive regime's ability to finger political dissidents.
3) Egress filters are unlikely to impact privacy - unless what you are trying to keep private is destructive activity. Post a real example if you disagree.
4) I know it's not a cure-all. It's a necessary first step, though.
While Congress milks the entertainment industry for campaign funds in exchange for "digital rights management" facism, they ought to be mandating specific monetary penalties for businesses that do not implement egress filters, and for ISPs that do nothing about hundreds of Code-Red infected nodes on their cable farms. I shouldn't have to pay Comcast if my bandwidth is being principally used by criminals to fill my firewall logs.
I post this every time the subject comes up; next time I'll just make a flippin' link to the BCP RFCs. I'm sure you'll all be relieved.
--Charlie
Need power to get ISP's to cooperate (Score:5, Interesting)
We had major DOS attacks on our site for ages. But when the customer of a major national ISP is the source of it, try getting ahold of someone at that company to track the problem. They just won't respond to these things, in our experience.
I think that for any company to provide internet service, they should be *required* by law, to cooperate in tracking and stopping DOS attacks from their customers. There needs to be a consistent, predictable, and workable national policy for this.
If someone calls me with threatening phone calls, I *know* it's possible to get the phone company to cooperate, track, and isolate the problem, even if it originates with another phone company. The same should be true with ISP's.
./configure make ping MS (Score:3, Funny)
Just a thought....
God bless K5 (Score:2, Insightful)
"One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack.
You mean the hacker term or the Denial of Service term? Clarify.
-1
While not getting you any access to data on a machine,
And since when is this the bastard hacker term meant to be? Hacker, by the media, would mean "cracker", and crackers don't want "information". Hackers do, crackers want to cause confusion (unless information == fast money/recognition)
-1
DoS attacks effectively shut down machines by making them inaccessable to others.
Yeah? And how does this happens? Another assumption I understand all anacronyms out there.
-1
CNN is carrying and IDG.net story about
No comments.
-1
how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really a pain.
Oooooh, finally the meat. That's what the news is about, not the opinion from who whatever wrote/published this article.
-1.
Grammar errors from me are a bonus.
Re: (Score:2)
Band-aid for Spoofed IP addresses (Score:2)
A router for an ISP is resonsible for (typically) routing to/from a certain range of IP addresses.
Configure the router to simply not route packets coming "from" the local network interface that's not in the designated IP range!
So if it's coming from ISPs network, the return address on the IP packet had better be one of ISPs network addresses, or the packet goes to the bit bucket, better yet logged.
This step ALONE, which costs almost NOTHING in latency or price would make dealing with DDoS or actual hack attempts SO MUCH EASIER!
Of course, you could "spoof" a neighbor computer, but at least you could trace things down to the ISP and neighborhood...
-Ben
3 UK ISPs have been DOSed off the net (Score:2)
This year, 3 ISPs and a web hosting firm in the UK have been DOSed off the net
First, in January was Cloud Nine [theregister.co.uk]. They said it was so bad it trashed firewalls, and the network had to be rebuilt.
This was quickly followed by Tiscali [theregister.co.uk]. (Although they're such a spamhaus, the net probably only noticed because the amount of spam from the UK dropped)
Then soon after Donhost [theregister.co.uk], a web hosting firm had 2 client web servers taken out in January.
Finally, yesterday, edNET [theregister.co.uk] was attacked, which caused, according to them a "catastrophic network failure". The attack here was via telnet ports.
self regulate (Score:2)
We need to stop DoS attacks [and defacements], we need to educate the script kiddies into being more responsible and professional.
The script kiddies conducting DoS attacks think they are being clever and aiding the movement towards Internet Freedom and Openness, however they are playing into hand of the establishment.
DoS attacks are perpetuating the view amoungst the establishment that the internet is a wild unregulated place, that must be controlled, that it must be regulated.
Legislation like the DMCA in the US, and pressures for similar laws in the EU are a direct result of this type of threat.
If we truely value our freedom and the openness of the net, we need to self regulate otherwise the situation will get worse for all geeks and not just the grey/black hats.
Re:Taco, why do you say such things? (Score:3, Insightful)
Because the 'media' is a representation of the entire news broadcasting world and not the individual author?
Re:Local Mirror (Score:2)
Slashdot should cache pages to prevent the Slashdot Effect!
Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.
Answered by: CmdrTaco Last Modified: 6/14/00
Re: (Score:2)