Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

More DoS Attacks: CNN, Amazon, eBay, 672

gatech writes "After hitting Yahoo yesterday those crackers set their sights on several more sites including,, and Here is the story at"

Comment: 02/08 23:26 by michael : So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.

This discussion has been archived. No new comments can be posted.

More DoS Attacks: CNN, Amazon, eBay,

Comments Filter:
  • Packet Monkeys, Script Kiddies.. are all the scourge of the Internet.. yeesh.. groups that do nothing but DoS people.. thats something to call home about.
  • by Anonymous Coward
    What if the attacks were aimed at the root name servers? Having most if not all of DNS severely impacted would really suck.
  • by PD ( 9577 )
    How about altavista? No response as of 22:25 CST.

    And what about Yahoo today? Their site has been dog slow all day long, with mail unavailable for several hours.

  • by sallgeud ( 12337 ) on Tuesday February 08, 2000 @07:22PM (#1293362)
    To take down a site that serves as much as does, you'd have to have a VERY heafty attack... I'm thinking that it will be fairly obvious from where the attacks were originating. access logs anyone?

    Last time I checked, most everyone who knows enough to do a distributed attack had a static IP and just the right amout lacking in knowledge to get caught...

    It's hard enough for one man to keep a secret, so how do you suppose dozens could?
  • If every ISP would filter spoofed packets out of their outgoing traffic, that would stop these attacks cold. All the really heavy duty DOSes rely on spoofed packets -- otherwise they're easily traced to their originator.

    Filtering spoofed packets involves setting up a few simple rules on your router. Maybe some legislation to require ISPs to do this in the US and other countries is in order.

  • Adobe's main webservers and product registration have been unreachable
    since about 9:30 ET, at least that's how it looks from here.

    The packet storms continue... :[


  • I agree. I figure it's only a matter of time before the crackdown begins, though. So, that's a good thing at least. Hopefully whoever is pulling this off will go to prison for a long long long time.

    <i>The opinions expressed are my own, no one elses. The email address is an anonymous one, but I do read it from time to time.</i>
  • What's the point of this? Its lamer then a web page crack, these people don't even get there names on the page.

    I mean, anyone can do this, its not like it takes any talent or anything. Basicaly it's like saying "were to lame to crack this site, so were going to DoS it".

    [ c h a d o k e r e ] []
  • Perhaps the most disturbing thing about these attacks is that they still don't know who did it.
    I may be wrong, but it seems that usually when we see a high-profile media 'hacker' story, it's about some website that was cracked, and some script-kiddie who left behind graffiti. Or, in recent cases, people who wanted money. But, with these latest rounds of extremely-effective DoS attacks, nobody's stepped forward. It's bad enough that this sort of thing is happening, but it's perhaps even worse that we dont even know why.

  • by Smack ( 977 ) on Tuesday February 08, 2000 @07:34PM (#1293402) Homepage
    basically, the hackers scan large groups of IP addresses looking for known vulnerabilities. The goal here is to get root on a few hundred systems, or more. It doesn't matter if they have nothing of value on them. On each of these systems, they install a copy of their client. They can then wait as long as they want before moving onto the actual DOS attack. When they're ready, they use a "master" program to initiate the attack from all the hundreds of clients. Big attack, very hard to stop.

    Dozens of PEOPLE don't need to keep the secret. Dozens of COMPUTERS do. And 1 person.
  • by GenChalupa ( 150051 ) on Tuesday February 08, 2000 @07:34PM (#1293403)
    I have to say that as an engineer at a large firm, I've logged quite a number of hours researching ways to sucessfully defend our technology against such attacks. It seems that as technology proliferates, and the Internet becomes a global interchange, things like this will increase exponentially. This is not good for eBusiness, as it leads to increased government regulation.

    Last month I got with an old college roommate of mine (Hi Jimbo!) who now works at a major hardware powerhouse, and we threw ideas around that may help combat the problem of crackers and l33ts nailing systems to the wall. I suppose this is as good a place as any to publicly gather feedback.

    Our first idea was for a "safety net" of sorts, gathering IPS and validating DNS, packet info, etc before return transmitting data. The system, the Gathering, Researching, Intelligent Transport System (GRITS) could theoretically decrease the DoS attack exponentially.

    One problem we found with GRITS was its effect on servers running Apache. We dubbed the problem the Nailing Apache Transport Access Line Interface Expansion, or NATALIE. It seems that GRITS petrified the NATALIE port, man.

    Our next theory was pretty clever, if I do say so myself. Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative. So to counter DoS, we developed the Transit Rerouting Of Low-Level Systems, or TROLLS. TROLLS worked well, as not only did it prevent GRITS from petrifying the NATALIE port, man, but it eliminated cracker attacks.

    I hope this helps. I am always glad to assist fellow engineers here on good old /.

    General Chalupa
  • distributed

    go read about it... Cert warned about this TWO MONTHS ago... didn't do much good, eh?

    and it's not THAT easy... they're spoofed IPs...
    I'm thinking a lot of this is from schools... they don't pay their tech people enough, they're overworked, and don't have as much knowledge... they have huge bandwidth... and open systems. Right there is cause for trouble. Then all these attacks are comming from Spoofed IPs, which are prob. changing as the attack is continuing.

    So basically they've gotta block out a moving target... and 50 (or more) of those moving targets from the distributed attack. like the article says... at one point over 1GB/s of traffic... that's frickin' intense... lets ponder that number for a moment... 1GBit/s... (I'm hoping bit and not byte) t3 = 45Mbit/s == 22 t3s... that's some amazing bandwidth being shoved in there...
  • If it was gone before, is up now. is up and alive too.
  • by adraken ( 8869 ) on Tuesday February 08, 2000 @07:40PM (#1293431)
    I was watching ZDTV just a few seconds ago and realized something: even the technically "savvy" news people seem to be confused. They said "denial of service attacks have been around for years, but the tools to do distributed denial of service attacks have only come around in the last 6 months or so." This just nags at me. I seem to remember this (first?) distributed denial of service attack: smurf.

    This probably is a little different from what people are theorizing, but it works essentially the same way (or even better). Basically the perpetrator sends out a few spoofed ICMP packets with the victim's IP as the source address. These packets have subnets as their destination, so theoretically thousands of machines reply to these false ICMP packets towards an unwitting victim while the perpetrator only sent maybe a few packets.
  • What precautions has Slashdot taken to protect itself from attacks, and keep us informed on the bleding edge geek news?

  • by swordgeek ( 112599 ) on Tuesday February 08, 2000 @07:42PM (#1293446) Journal

    I've spoken out against the brainless JDs currently known as "Script Kiddies" (known a generation ago as "vandals") on numerous occasions. I've also spoken out repeately against the bloodthirsty commercialisation of the web (and by extension, the whole 'net).

    Now the vandals are attacking the bloodthirsty marketers, and using the most non-damaging method they can. More than that, they're doing it in an organised and persistent manner, from the looks of it. This is the equivalent of a blockade--a formal, organised protest. Not throwing rocks through windows so much as linking arms in front of a police line.

    For the past year, I've been saying that a massive revolution was in the works (echoing my beliefs of 15 years ago, when as a high school student, I belived I'd see the next social revolution in my time).

    I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.

    I kid you not, folks. There is a slight (ever so slight) chance that last night, with the crippling of Yahoo, we witnessed the very beginning of history's next social revolution.

    Of course, this could all blow over in three days, when the MPAA announces that they own Sony, as well Microsoft, Netscape/AOL, and Time-Warner. I could be entirely full of shit here.

    But, the fact still stands. We _will_ see a real revolution in our day, and it will probably start right here, online.

    Hold onto your hats kiddies. It's going to be a bumpy ride.

  • After reading the original /. posting that Yahoo was taken offline, I think most /. users must be checking to make sure all they're websites are still working. This massive group traffic is clearly what's responsible for the order of magnitude increase in traffic to these sites. We better hope the FBI doesn't come knocking on Rob's door. He is organizing all this right?
  • A very interesting question is whether these attacks were simultaneous or discrete. Is a single malicious cracker moving their single target IP from place to place just for fun? An hour at ebay, an hour at Amazon, 2 hours at, etc. can cause a lot of havoc that is impossible to miss, but does not actually require any more resources than the initial yahoo attack took.
  • by Jon_Katz ( 150096 ) on Tuesday February 08, 2000 @07:48PM (#1293463)
    Slashdot is down so much and when it is up it is dog slow. It DoSes it's self.
  • What if you did this the day BEFORE your IPO?
    Actually,'s IPO was today, and they were DoS'd this morning. The stock closed at 25 1/8 from an opening price of 13.
  • by / ( 33804 ) on Tuesday February 08, 2000 @07:53PM (#1293487)
    We don't need criminal laws saying ISPs must do the appropriate filtering. What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked. If I were to have a cache of weapons left lying around my backyard and someone were to hop my low fence, steal one, and kill someone with it, you can be sure that there'd be a civil action (properly) initiated against me. Leaving your network available to others to exploit and cause mayhem isn't readily distinguished.

    Either get a legislature to enact new tort legislation or get some enterprising judges to extend the common law. Either way, you won't need an overseeing regulatory agency. Ronald Dworkin would approve, I suspect.
  • Nah, no new laws needed, especially since those wouldn't affect ISPs outside of the USA (if the US gov passed them.)

    We basically need to get all backbone providers and ISPs to include allowing spoofed packets, harbouring spammers, and other offenses on their no-no list, so that the backbone provider can shut down sites that allow this. We saw how effective the UDP was on @home, and being on the RBL makes ISPs comply PDQ. Something similar where allowing DOS attacks simply got the whole network blacklisted until the attack stopped or the bugs were fixed would be good.

    If it was part of the standard agreement then it wouldn't require government intervention and would be applicable worldwide, not just in some countries.
  • I can't seem to get to AMD [] as well.
    I think they're getting hit also.

    The Tick - "Spoon!"
  • I can't seem to get to AMD [] as well.
    I think they're getting hit also.

    The Tick - "Spoon!"
  • Here what they say:

    "During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems....

    Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks."

    Here is the site:

  • "To counter FUD or not to counter FUD, that is the question. Wether it is nobeler in the mind to suvver the slings and arrows of increased NSA funding and wiretapping, or to take arms against a see of NSA anti-hacker FUD and by opposing end them."

    Seriously, why is no one talking about the update which proposes that this is an NSA stunt to increase their power and funding. I know people don't want to talk about conspiracy theories, but there is a really good reason to take action: The NSA will use this to their advantage even if it were to turn out to be just a network hickup, so we should lauch a premptive strike and tell all the news people that there is a good chance the NSA is behind this. It would mean a FUD attack against the NSA, but it may be warented since they are about to do it to us. I would like to hear some other people's views before Istart calling the more fringe libratarian talk show hosts in my area.


    BTW> it is possible that this is MS's fault, i.e. remember the WebTV thing?

  • "Or, is it the safest method that they can? Speaking for myself, I would choose the way that was less likely to get me caught."

    Nah. There's not really any substantial difference in personal security between launching a DoS and, for instance, a defacement.

    "Where's the statement of intent then? A protest without any aim is just similar to throwing rocks through any old window"

    You're right, of course. HOWEVER, yesterday this was just a huge DoS against Today it appears to be more organised. Maybe tomorrow or Friday or next week, we'll get a formal statement from (whoever). Who can say from where we sit right now that it won't happen?

    Again, remember that I freely admitted I could be full of shit, this time, but someday it's going to happen for real.

  • Good idea, but lets say, I'm just some guy who has a cable modem, who runs linux, but not well enough to know how to impliment complete security. Some hacker breaks into my computer, and uses it to spoof out and start of DoS attacks. While a cable modem might not be the best tool, I'm sure there are examples of high speed bandwidth where there person isn't running an ISP and such, and really shouldn't be held liable. Atleast not to the extend that tort law would create. Personally I see this as a nightmare for small private networks, and schools who really can't afford to hire network experts. (Though maby it would increase some jobs, but then again, I don't like the idea of creating a law just to try and help out one or two industry sectors)
  • What do you want to bet ethier the 'culprits' will never be found, or that they are found and there will be insufficient evidence for conviction.

    Give me a break! 50 ~possible~ addresses? I've worked on a large network (approx 10k nodes) and it never took more that 1/2 hour to find a NIC that was spewing garbage, or one with a duplicate IP. And that was with an old 386 laptop running an old 1992 packet sniffing program!

    I'm sorry, but I know what some of these 'companies' are capable of, and they would have to be totally inept to take 4 hours to narrow it down to 50 IP's, and then lose the trace! Only to have it pop up again the next day! Oh! Look there it is again! Hit it with the fuzzy hammer!

    It cannot be co-incidence that Prez Clinton wants broader powers for law inforcement; that backdoors will not be included in new internet protocols and that these attacks are ocurring!

    These attacks are costing these companies millions and they can't narrow it down!?! Because the man doesn't want it narrowed down!

    That's how it begins kids! Fear group X, and let's hunt them down and parade them through town square tarred, feathered and GNU zipped!

  • by MrEd ( 60684 ) <tonedog.hailmail@net> on Tuesday February 08, 2000 @08:26PM (#1293576)
    Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users (whether they be NSA agents, script kiddies as you claim, or international Men of Mystery) exploiting the vulnerabilities of TCP/IP to overload prominent websites. It's not a revolution. And it's not "the equivalent of a ... formal organized protest", it's a Denial of Service. The virtual people going to sell their souls to the capitalist god on Yahoo aren't seeing any virtual protesters, they're simply getting a blank screen and an annoyed look on their faces. It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters.

    I won't try and tackle your label of "Bloodthirsty marketers" in full. You're going to have to accept that we live in a capitalist society, and given the technology to organize businesses on a large scale, large companies are going to form for the exclusive purpose of making money. That's the way it is. Nothing will eliminate the Big Evil Corporations save for complete social reform, which doesn't look too likely (communism's not looking too hot as a replacement). And reform will certainly not stem from the Internet, we're just all too rich! Look at yourself! Do you own the computer you're reading this with? Do you have a job? Your own house? Congratulations, you're safely ensconced in capitalism. You can whine and kick and scream, but knocking down web sites is not going to touch off any revolution. All it'll do is give the Powers That Be excuses to implement more security to protect the livelyhood of the folks at yahoo, eBay, Amazon, and CNN. This effort is counter-productive. You know of better ways to educate people about the problems of North American society than this! Please don't support the script kiddies (if that is who did this, the NSA's not ruled out for sure).

    Moderators, realize that not every message with "Moderate me down if you must" deserves to be moderated up! Ignore that trash!

  • Okay, I don't approve of what you are doing. But as long as you're doing it, why go after some basically inoffensive companies with DoS? I mean, Yahoo? Why not vandalized your local library's card catalog? Instead, go slam Disney, Viacom, Time-Warner, News Corp., etc. -- you know, the guys behind the MPAA, the DCMA, and DVD CSS. At least then you're going after people who, in some sense, deserve to be DoSed.

    Steven E. Ehrbar
  • If I were to conduct a large-scale DoS, I'd remember the ancient chinese wisdom I received from my Sensei while reflecting on the virtues of confusician network Kung-Fu in my Rice Paper(tm) meditation shack:

    "Wise man may write Trin00 but any idiot with backhoe on Fiber Optic lines cause much packet loss."

  • Trolls post shit just to get a reaction. They rarely get more than three or four people to bite. These clowns are raking in hundreds of replies. Looks like it will be a tight race between them and Linuxone for Troll of the year.
  • "Do we have people maliciously jamming up freeways with their cars 'just because they can'? Because there aren't any 'safeguards' to stop their traffic?"

    Nope, and I've said the same thing many a time. If we used the same defense in the real world, then we'd all have to have Fort-Knox level security for our houses. Personally, I would NOT be thanking the first person to come along and point out to my sleepy town how stupid it is that we trust each other with unlocked doors. (to borrow an analogy from Cliff Stoll once again)

    But there's something about this that <i>feels</i> different. it feels like something is in the air, and if it doesn't come to a head this time, then maybe next time.

    Bottom line--it doesn't feel like 'just because we can' is the underlying reason for this one.

  • Take a look at the targets, friends. Someone already mentioned that pillars of morality like,, etc. aren't (yet -- big yet) being taken down. It's your upstarts who've launched a thousand-squared newbies onto the net, a thousand-squared clueless idiots.

    • Started as a nice little index running in a dorm room. Now? Collects marketing statistics first and foremost and THEN runs an index on a server farm.
    • ABC. Owned by Disney. (Nuff said.... no offense, Rob.)
    • eBay. Relatively okay company, but they won't allow outsiders to provide searches into their pages. Not a good thing.
    • CNN. I don't have a bone to pick with CNN. I'm guessing this is a notierity issue.

    Take a look at the rest of the list of currently downed servers then ask yourself, "Who have they pissed off recently?" Judging by other sites others have mentioned prior to this post, it looks as though someone is going after the companies that are pervasively commerializing the Web -- the companies which have fenced off their portion of the commons, and pissed on whatever parcel they left the rest of us.

    (And who the hell moderated the original post as a troll? Would somebody please mark it insightful? It'll get fixed in meta-mod., hopefully))

  • All the articles have said that the outages occured earlier today. eBay, for instance, went down around 3PST/6EST this afternoon. ABC news, as far as I know, was never down; it was just hosting a story on the outages. The only sight that has been mentioned as being down that I still can't get to is Adobe [].
  • by jacobm ( 68967 ) on Tuesday February 08, 2000 @08:35PM (#1293595) Homepage
    Okay, I'll get crucified for this, but I'll bite: the Internet as a social phenomenon didn't exist before Yahoo. Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days. I'll go one step bolder: Yahoo invented the modern Internet. They made it possible for normal people to find the web sites they wanted to go to, which was the big spark that made the Internet useful to ordinary people. (Obviously if Yahoo hadn't been the first big popular web index, it would've been one of the others, but that's not the point. It was Yahoo.) And Amazon and eBay were also pioneers in their respective fields, Amazon in particular. It seems that you don't like their fields- well, that's good for you, you can ignore them. But as for what the Internet is defined by how people use it- they're as important as it gets. Ever bought anything online? Thank Amazon and eBay. Ever found a website without looking through one of those archaic internet yellow pages? Thank Yahoo. Get your internet access at home through roadrunner for cheap? Thank all three of them, and, and, and every site that ever made the internet a place where normal people wanted to be.

    Don't like the fact that the Web is a "corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument, sorry. The whole wide Internet world got massively bigger in the last ten years, as you've probably noticed. I'd say it's reasonably certain (though I can't prove it) that there is an order of magnitude more free interesting non-corporate content on the Internet now than there was ten years ago. And, surprise, where people went commerce went too. But if you think of as the Internet, do you also think of the real world as just a big Barnes & Noble bookstore? Just like in the real world, there's lots of room on the Internet for big corporations to spread out and make themselves look big and important. (Think of all those TV ads and billboards with URLs as one big cyber-Champs Elysees.) Also just like in the real world, if you spend all your time hanging out there, you'll end up unsatisfied. And also like the real world, there's a place for commerce and a place for community.

    Unfortunately, also like the real world, there are people who absolutely refuse to play nice. But on the Internet it's worse, because it's so easy to ruin systems and there's no repurcussion for doing so. There are no social or legal rules, so people do what they please, and some people like to break things. (Hi there trolls! Have fun storming the castle!) It has been that way for the history of public networking, it's not something that just got invented with Slashdot trolls and the DoS attacks this week- CommuniTree (aka Slash version .0000000000001) had the same problems back in the romantic days of networking.

    And the anarchic solution is the romantic notion that people always seem to argue in these circumstances, and as you are arguing now. Guess what? It doesn't work on the Internet. There's more net.abuse than there has ever been, and vigilante groups haven't ever really been effective in combatting them. Assuming you're right about the DoSers' motives, and they don't turn around and DoS your favorite site tomorrow, do you think that it will make all the bad people go away? I doubt it.

    This is the part that the freedom lover in everyone hates: the only solution that mankind has ever come up with that works is to make rules and enforce them. That's what governments are for. That's why they were invented. The wild west is a fun, romantic place, but we can't live there forever, because given enough time the outlaws will always outnumber the sheriffs and Billy the Kid is only fun to hang out with for so long.

    Far from your argument that the DoS attacks represent that the Internet community is somehow rejecting a bad part of itself, I'd say that the DoS attacks signal the end of the free Internet era. It was fun, yep, I was there for a little bit of it too and I know. But oh well. We have to grow up someday. =(
  • Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers?

    This isn't so crazy. If any of you have ever read the books by Phillip Agee (Inside The Company) and John Stockwell, men who were actual CIA operations directors, you would be surprised at the horrible things these organizations do to "encourage" trends in the US and our allies.

    According to some reports, the CIA has been known to plant bombs in airliners... naturally these types of events are always blamed on middle eastern countries and terrorists, and we certainly DO like to hate middle-eastern countries.

  • Imagine that I'm Joe ISP. How the hell do I protect myself from this? Asking everyone on the net to do their job and filter spoofed packets ain't a reasonable answer. It is simply not enforcable, not on an international scale.

    Stopping a server-level DoS attack (e.g. grinding my servers into the ground with dynamic pages, DB lookups, etc) should be possible; identify the source(s) and block at the firewall for example. The catch is identifying the sources, but it is at least possible.

    But if it is a network-level DoS attack, in other words, too much is being forced down my pipe, I don't have much of an option but call up my provider and beg them to filter. I can't see this as a reasonable solution. Providers aren't going to be happy adding filter rules to their routers every time a customer gets nailed. It is too much overhead on their routers and on their administrative staff.

    So what is a long term solution to this problem? This is only going to become a bigger and bigger problem as the common user's pipe gets bigger and bigger.

    Imagine: an email-spread trojan horse, set to pound the hell out of at a certain time a month from now. Let it spread to a couple thousand unspecting newbies (wow, cool, look at the fireworks!, lets send that to tom, dick and harry)... Insert your distributed DoS attack method here.

  • Apple was really petty decent about getting the patch out. I presume that most of the users that have MacOS 9.0 have had their Macs for awhile or were upgraders: the iMacs and iBooks didn't start shipping with MacOS 9.0 for about 2-3 weeks after its initial release. (Apple included a coupon in the box for a free copy of OS9). And I'm guessing that most people who jumped to a G4 desktop were upgrading or supplanting an existing Mac.

    Anyway, just a random bit of nonsense on my behalf. (Oh, my Mac isn't fruit-flavored. It's beige. An old beige clone.)

  • I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.

    But it isn't just the bloodthirsty marketers that they are targetting. Those just happen to be the ones who get the publicity.

    They cause *huge* problems for the people who run, for example, IRC servers. These people are paying out of their own pockets to provide a free service, and are getting hammered for it. What's the purpose in that?

    And they aren't using their own resources for these attacks. They're using resources stolen from other people. My university went through a period of time last year when there were so many hacked accounts being used for outgoing DoS attacks that we'd be dropped off the internet for hours at a time.

    And do you think they were truly doing this as an attack on the bloodthirsty businesses? Or just to show off that they have the power to take down such a large site?

  • It may be a foreign agency, lame script kiddies or talented network engineers that are causing these attacks.

    The point is that at least people are finally taking notice of the effects lax filtering is causing on the internet as a whole.

    CERT was formed to provide rapid responce to exploits, it's time an agency was formed by the major backbone providers (and NOT any government body) to enforce filtering agaist outgoing spoofing traffic.

    The consequence of being the source of a DoS should be simple, fix it within an 30 minutes or your upstream pulls the plug until _you fix it_.

    There is just _no excuse_ for tolerating this anymore. This means being the source of spoofed
    packets _or_ a network that responds to broadcast icmp/udp/whatever with more that X (16?) number of replies (DoS amplifier) should be grounds for removing your clueless hide from the ether until you prove your connectivity is not a hazard to the rest of the net.

    Justifying no filtering to maintain speed is bogus, and I think this week has pretty much proven that action needs to be taken quickly and the penalties enforced quickly and severely enough to force accountability.

    God save us all. :)
  • by swordgeek ( 112599 ) on Tuesday February 08, 2000 @08:51PM (#1293631) Journal

    "Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users..."


    "It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters."

    Yeah, but as Red Green (OK, and a thousand others before him) said, 'first you have to get their attention.'

    I said that this could be the beginning of a revolution. This isn't the revolution by itself, and in fact may be nothing.

    As for the bloodthirsty marketeers, I won't deny capitalism, or even that it's a (fairly) good thing. However, we're starting to see the results of the gross abuses of capitalism, as it runs smack into the power of the Information Age(tm).

    I'll be the first to admit it--I'm living well. I rent an apartment and drive a 20-year old beater, but I own my computer, have a good (and fun!) job as a sysadmin, and was drinking outrageously good wine last weekend (Yalumba Octavia, 1990 was the highlight for anyone who cares). Capitalism Is Not Inherently A Bad Thing(tm).

    But that said, I'm starting to fear for my privacy more and more; and so are others. Look at the (serious) WTO protests. Listen to the cynicism growing in people. Look at the number of Americans who are starting to venerate Richard Fucking Nixon, because they don't believe that they've seen anyone less corrupt since then!!! The middle class is gradually dissappearing. I honestly and truly believe that revolution is in the air, and will start on the internet. (specifically, on the web, since that's most of the internet these days). Maybe not today, but in my life. However, I don't think it'll be a revolt against capitalism, as much as a revolt against abuse.

    As for the moderators, don't worry. They've moderated me down almost exactly as much as they've moderated me up on this post. :-)

  • You've been on the net since '94? Give me a break. You don't even know what the old days are. Sheesh, you arrived after the Web existed. You never knew the internet in the pre-Web, pre-graphics, pre-PPP "everyone has their own IP" days

    And by the way, Slashdot and Bluesnews *make money* and the owners are Slashdot are easily millionaires now.

    Furthermore, the internet is interconnected, and by pissing in the water, your spoil if for everyone. If you try to take down Yahoo, you end up taking down lots of intermediate networks that host your beloved moral, commercial free,hippie sites. However, no one ever accused socialists/anarchists of logical thinking.

  • Many cable providers (as well as many other end user non business ISP's) block spoofed packets at a router downstream (out of a certain allowable range). In other words, I can probably only smurf someone or syn flood directly within a certain range of IP addresses. I know shaw, rogers and at least parts of TCI/ATT does this on their cable networks.

    I remember hearing about 2 years ago that smurf attacks would be completely phased out due to tier 1 (and to a lesser degree smaller) ISP's filtering at their borders -- but apparently this has not happened yet, as there are plenty of broken networks around and plenty of unfiltered networks that are able to exploit these vulnerabilities.
  • Well, all home users AND small networks use a provider to get their access. Their upstream provider should be filtering their connections.
  • Rememeber the stories everyone hears about Orson Welles Halloween broadcast of War of the Worlds? This is sounding strangely similar to me. There are some real crashes going on, but I am seeing a lot of reports of sights being down that are, as near as I can tell, still entirely up and running. Some big sights went down today, and now every time that someone can't load a webpage, or hits a server that blocks pings someone claims that they've been crippled by a DOS.

    Someone mentioned earlier that Adobe may have taken themselves down because they were afraid they might get hit next (as of 09/02/2000 12:53 EST, I can get to the page; it did seem to be down earlier). I wonder how many sites are unplugging or blocking partial traffic out of fear of a hit. Whatever else is going on tonight, we're getting a good view of the power of the Internet as a rumor mill and propigator of memes. Pretty impressive.

  • As the saying goes: Never attribute to malice that which an be explained by ignorance.

    While I'm as willing to blame the guys with the black choppers on this as the next guy, the fault lies with poor network administration.

    Not that the targets have any choice about landing hard on their knees when beaten over the head with a DoS. There are things they can do... As has been elloquently pointed out in this post []. In a nut-shell, shut down unused ports, shut down unneeded services, filter out the offending networks (would you rather limit your availability, or end it?), and most importantly LOG IT ALL.

    Logging is crucial when you are being beaten. You may not be able to prevent it, but you CAN collect evidence.

    As for the poor network administration... Universities, small/midsize ISPs and break-neck businesses leave far too many doors open. These are the people to blame - unwitting accomplices.

    Legislation may help, but it has to be careful. It must require proof - and in cases such as these it's hard.

    The conspiracy theory does bring to mind an interesting scenario though. What if all 1 billion Chinese, all running Linux, suddenly started pinging all of the US biggest eCommerce sites? Global slashdot effect levied directly against our infrastructure, and indirectly against our fast-movers on Wall Street. And no amount of legislation would get our servers off their knees.

  • The net has been pretty slow for me, and these "attacks" are either very widespread and very undetectable, or they aren't attacks at all.

    Remembering The Hacker Crackdown once again, what started the whole nasty thing were widespread phone service outages that were blamed on hackers. The problem was eventually traced to a cascading phone switch bug, but the damage was done even then, and many hackers and crackers had their equipment (unlawfully?) seized by the government. After the DeCSS fiasco and now this, I don't want to see a world-wide repeat of this travesty.

    So what can we do to check this out, guys?

    pb Reply or e-mail; don't vaguely moderate [].
  • by Bishop ( 4500 ) on Tuesday February 08, 2000 @09:03PM (#1293658)

    For a good distributed DoS you don't need spoofed packets. It is much more devestating to use real addresses. Using real addrs you can establish connections and request files to download. You can chew up far more bandwidth, processor time, and RAM this way then simply flooding the link with bogus traffic. If you want to be particularly nasty you start screwing around with the packets you (should) send back to the server. That is left as an execise for the reader as well the guestimate for how many attackers you need. (hint: not that many)

    Although I do agree that it would be nice if ISPs would start dropping spoofed source packets. It is trivial to do. It is a standard feature for most routers and can be done on the cheap with OpneBSD or Linux boxes. I don't however think a law is need. I hate legislateing common sense.

  • Simple. It goes down on its own enough that if it were ever DoS'ed, we'd never notice.
  • Well, as I wrote in RFC 970 [], back in 1985:

    It is worth noting that malicious, as opposed to merely badly-behaved, hosts, can overload the network by using many different source addresses in their datagrams, thereby impersonating a large number of different hosts and obtaining a larger share of the network bandwidth. This is an attack on the network; it is not likely to happen by accident.

    That's the fundamental problem; there's no way in IP to validate source addresses. There's IPsec [], which provides cryptographic authentication at the IP level, but nobody uses it yet. This new attack may result in a move to implement IPsec more broadly. This is the proper technical fix.

    A related problem is that attacks based on taking over a large number of unsecured hosts and using them as zombies to attack a single site is indistinguishable from heavy load. If the zombies simply make legitimate HTTP requests, the traffic looks completely normal.

  • by Spasemunki ( 63473 ) on Tuesday February 08, 2000 @09:24PM (#1293686) Homepage
    Sure this is a revolution. One on par with Woodstock '99, when a bunch of semi-drunken and/or stoned kids burned a bunch of trailers and tore the stage apart, occasionally mouthing something about being anti-materialist while robbing a gift shop. What we've seen today is nothing more than vandalism. Sure, there may be some sort of political ideology behind the choice of targets, and maybe there is some sort of organised group involved. But you neeed more than that to constitute a revolution. A real revolution is about taking apart old ideas that don't work and replacing them with new ones that do. These actions make no attempt to do that; they're just someone trying to cause people problems. If this is a protest, it is a very shallow and cowardly protest, and maybe even one that works against its stated goals. It reminds me of the masked "anarchists" in Seattle, proving their coolness to the world by commiting acts of "revolutionary terrorism" against unoccupied Starbucks coffe shops. If these people want to effect changes (and frankly, there has been no indication that they do; they may just get off on taking sites down), than they've picked a very superficial way to try and go about it.
  • Yes, but at least when the hippies and civil rights activists linked arms around police chains the media wasn't treating it like they where crippling major cities.

    I remember the media and government going batshit when antiwar activists threatened to shut down Washington D.C. with demonstrations and blockades on major roads and bridges. The police and National Guard made mass arrests of everyone who was perceived to be a threat to public order, around 10,000 people were arrested.

  • Went over to CERT
    They claim they've been finding a client called Stacheldraht on compromised hosts, sometimes with up to 100 connections to other compromised hosts.
    This is consistent with security claims at Dave Dittrich's site at U Wash []
    Basically, someone uses known remote root exploits (lpr, named, ssh, to name a few recent ones) and compromises hosts. Then he synchronizes them to DoS some target from someplace very safe. One person can thus appear to be a few hundred clients all attacking some target simultaneously. By making a trivial change he could move his target.
    This is NOT a large synchronized group of people. It is one or at most a few good crackers just having a good time, hardly believing how much damage they are doing so easily.
    The report names linux and Solaris as the machine types with makefile rules defined in the program, and the program has only been seen on Solaris 2.* in the wild.
    German for "barbed wire".
  • by Cid Highwind ( 9258 ) on Tuesday February 08, 2000 @09:51PM (#1293709) Homepage
    Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days.
    And we're supposed to be thankful for this??

    they made it possible for normal people to find the web sites they wanted to go to
    Because they invented the search engine? Oh...wait, they didn't. Veronica and WebCrawler were cataloging categorizing, and searching the web before Yahoo was around.

    And Amazon and eBay were also pioneers in their respective fields
    Stupid patent lawsuits and black market kidney sales, respectively?

    Don't like the fact that the Web is a corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument
    No, it's a sad commentary on the direction the internet is taking. Radio used to be an exciting new technology, promising instant communication, like the net.hype promises today. Then it was dominated by large corporations, and today it is nothing but top-40 crap and insipid talk shows. Anything creative or thought-provoking has been squeezed out in favor of safe, easy to digest, bland, boring, profitable pablum.

    the only solution that mankind has ever come up with that works is to make rules and enforce them
    I don't see what you're driving at here, there are already laws against this.

    There are no social or legal rules
    Tell that to Kevin Mitnick, or the DeCSS defendants.

  • MIDS [] shows that between 8 and 10 PM, something was going on with the Internet to cause reachability to drop like a rock.

    Interestingly, it looked like the Internet was doing slightly better than average during the Yahoo attack.

    Could some backbone actually have been attacked?
  • not be a killjoy... but why? What's different? That's it's amny commerical sites. It's a really really simple form of attack- one person could have pulled it off. And even if they get caught (which they wouldn't if they did it right), it's a great publicity stunt. Perhaps if it's someone from another country? Osma Bin Laden on a laptop?
  • by mrgoat ( 143500 ) <mdafds@yahoo . c om> on Tuesday February 08, 2000 @09:57PM (#1293720) Homepage
    I guess my earlier post in last forum was we go:

    First off, you have to consider that most servers are NOT going to have the capability of participating in this kind of attack.

    1. Bandwidth - um...50 servers, over t-1 or less links? Nope. They HAVE to be located at a Tier 1 provider (running on the Tier 1 provider's LAN, or on colo sites that are generally capped at 10 - 100 megs). That Tier 1 provider HAS to have private peering established over large pipes - this kind of attack would have melted down PAIX.

    2. The colo customers would have to be completely blind to the fact that their sites are running up bandwidth charges (charged per meg/s), but getting NO hits for services offered. Also, their security would have to have been completely compromised - ie, bypassing load-balancing proxies in advance, compromising firewalls, bypassing access-lists.

    3. ALL of the above would have had to have happened in a coordinated fashion, such that traffic would have to be sent to a DoS client on the servers in question, enable the attack, which said attack would bypass then aforementioned barriers and smack down Yahoo! for more than 1Gig of damage.

    Now, how many machines do you have to compromise AND install clients on AND run without being caught, taking up sizable chunks of bandwidth which generally WILL be noticed, and still make the attack possible to occur without making yourself a huge effing target?

    Possible, but not very credible - though my hat is off to anyone who could compromise much more than 50 sites and hide the massive amount of work that would have to be done to set this up and make this work. Of course, I don't think that it is likely, since we would have seen multiple reports at CERT and Bugtraq from pissed off sysadmins about some boosheet DoS client hidden on their systems.

    Consider the alternatives instead. Consider that some of these outages -especially the eBay outage- were not caused by DoS attacks, but by faulty equipment/software from proprietary vendors - a certain network equipment manufacturer comes to mind on that one. Consider that none of these businesses have to suck up the cash damage if these were "unforseen" occurrences.

    1. The Yahoo "DoS" attack may not have been the kind of attack they admitted to. There is always the possibility that equipment upstream was b0rked, causing packets to be sent promiscuously all over the network. I've seen it happen before, just not to Yahoo.

    2. Consider that the eBay problem MAY have been a DoS attack, but not the kind you think. I know of at least one showstopper bug that has come up with no less than TWO different major router vendors that could cause the crash they had.

    3. I've been able to reproduce similar problems in a lab environment with one vendor's equipment that I was demo'ing. Many of these "DoS attacks" can usually be chalked up to a configuration that the vendor never bothered to test or consider.

    I am not calling ANY of the companies mentioned liars, or defaming their stories. I am just pointing out that they may be mistaken, or that their public relations people may be using "evil hackers" to point people away from problems that may have been alleviated but still exist. Please consider that these events could have been caused more by ignorance and greed than by a heretofor unknown elite cadre of super 'net ninjas.

  • by SuperKendall ( 25149 ) on Tuesday February 08, 2000 @10:01PM (#1293723)
    One suggestion I haven't seen here is that when one finds one of these DoS clients, to replace it with a version of the client that will report to you who is controlling it - I'm not at all familiar with how these are really written so they might have a hierarchy that you'd have to go back up through but at least you might get a lead on them...

    Of course, no-one will ever see this post buried hundreds of messages down but with any luck they'll at least find a few of them.
  • Earlier a few people (myself included) theorized that this whole issue is about enacting a bit of vengence [] upon those who have "wronged" the Internet.Based on that supposition, here's an off-the-top-of-my-head list to see who might be next:

    • Network Solutions
    • MPAA (or is it MPA? Hmmm...)
    • RIAA
    • Real
    • AOL if their system can't handle the attack
    • US Justice Department
    • (If it was me...)
    • Doubleclick
    • Alexa
    • LinuxONE

    Feel free to add or challenge the above>

    Sites that very likely won't be attacked:

    • EFF
    • W3C
    • ACLU

    Again, feel free to add or challenge.

  • > so make this -1

    That's six syllables, dolt.
  • Alrightly. I'm a clueless net admin. Our company has a Linux box that the whole world can see, it runs our little website and a few other things. We have a security maintenance contract with our ISP - they're supposed to keep the box patched up to spec, no security holes. Other than that, what can I do to check to make sure that our little box isn't being abused?
  • If the parent comment got an "Informative" then the counter deserves it too - esp. this one which seems quite well reasoned for Slashdot.

  • Indeed.. it should in this case not be the owners of the cars. Rather, this would be a GRAVE mistake by either the cardealer
    or the manufacturer for providing an unsafe lock.
    This would equate to not the company being responsible per se, but rather those who
    supply/setup the servers and software.
    On a sidenote.. the FBI in this? I'd say this is like 700 people picketing in front of some store,
    making it impossible for everyone to get in. picketing isn't illegal, is it?

  • by XNormal ( 8617 ) on Wednesday February 09, 2000 @03:15AM (#1293796) Homepage
    The goal here is to get root on a few hundred systems, or more

    One of the most frightening things about these kinds of attacks is that there is no need to get root. In most cases any user account will do. Think about the big hosting providers: they have machines with excellent connectivity with thousands of users connecting with telnet, ftp and pop3 exposing their passwords to snooping. It doesn't help if the system has excellent local security against gaining root access and and the administrators use only ssh. The attacks look exactly like regular web traffic - connections from unprivileged ports to port 80 - any user can initiate such connections.

  • by Ralph Bearpark ( 2819 ) on Wednesday February 09, 2000 @03:22AM (#1293797) Homepage
    they still don't know who did it.

    Yeah, I'm sure it's just a coincidence that these DoS attacks start up just after Kevin is let out of jail.


    Regards, Ralph.

  • This is long overdue and comes as no surprise.

    The Internet's infrastructure has a number of flaws, and the way the Internet has developed and grown over the years, coupled with the fact that the individual nodes which make up the 'Net are, no the whole, not as secure as they should be, means that an individual or group of people, with the right knowledge, the right skills, and the right opportunity, could cause the 'Net some serious damage.

    I'm not even going to hint at how to do it, because that would be pretty damned irresponsible.

    Why hasn't this happened yet? Well, firstly, the 'Net is so large now, the resources which would be required, in terms of man-hours, is not insignificant. It isn't something that could be done in a single night.

    Secondly, the knowledge and skills required aren't common and they're generally accompanied by intelligence. Therefore the people who possess the knowledge and skills are more likely to spend their time making shedloads of money working in the Internet industry, instead of attempting to destroy it.

    Everyone hears about hackers and thinks "Well, they don't really cause much damage...", but that's a misperception. The hackers you hear about are the stupid ones and the ones who get caught. The really good hackers don't deface webpages or ransom lists of credit card numbers, for one of two reasons - either they're too busy carrying out hacks which don't get detected, or they've decided that the Risk:Reward ration isn't good enough, so they stick to legal pursuits.

    However, there is a caveat. There's a risk that the knowledge and skills will end up in the brain of someone who, for whatever irrational reason (anti-capitalism, religious, whatever) decides that the world is better off without the Internet, and decides to use his skills to bring the whole thing crashing down.

    I've got an anarchist streak in me, and every so often, I fantasise about instigating Infocalypse and watching the stock markets crash as hundreds of billions of dollars worth of Internet companies suddenly become worthless.

    Sometimes, when I'm being REALLY evil, I think about how the world's economy is shifting more and more towards an Information Economy, and how that could be rendered invalid, totally changing the way we live our lives...

    But then I think about life without Slashdot, and that kind of tips the balance in favour of my allowing the world to continue as normal. ;-)

    But, seriously, I've been expecting something like this for a long time. I've drafted plans and scenarios on how to do it, and, from those models formulated methods of defending against and preventing such an attack. It's basically an information warfare scenario, and, at the moment, there are few defences.

    The Dodger

  • Maybe not a revolution so much as retaliation. Remember Pirates With Attitude (PWA)? They got raided February 4th, and the story was covered at [], amoung other places. I would imagine that those that didn't get swept up, along with PWA sympathizers, took exception to law enforcement's feeling of success and decided to give as well as they got. Of course, that's just my opinion...
  • > no more 2330.flame haikus for you!

    Gods, can I never be free of you people and your tumescent lobster posts ?
  • You forgot to mention, unless I missed it, what the hell they're fighting for. I find it entirely too ironic that you say:

    The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.
    Umm.. hello? These stupid rebels attacked CNN. Why? For the hell of it. That's so phenomonally obvious that it's nauseating to see your comment rated a 5 when it's such hogwash. I am increasingly amazed at how little it takes to impress the Slashdot moderator. Maybe I'm overreacting; about 10% of me thinks that your post is sarcasm.

    Social revolution against lame web sites? Give me a break. That's like blowing up Burger King because lots of stupid people in your town eat there.

    Your assertion that they aren't throwing rocks at windows, but rather protesting is also entirely absurd. Let's see.. this analogy should be a tough one to come up with. Try this on for size: Sending packets to break a service is analogous to throwing rocks to break a window. Wow, that's complex. They are breaking companies' web sites. In addition, they broke's on the day they went public.

    You don't think there's anything wrong with silly kiddies running around the Internet breaking random web sites in the name of .. let's see .. absolutely nothing? Give me (and us) a break.

  • Yeah, it became available again about midnight.

    The Tick - "Spoon!"
  • Take a look at the targets, friends. Someone already mentioned that pillars of morality like,, etc. aren't (yet -- big yet) being taken down. It's your upstarts who've launched a thousand-squared newbies onto the net, a thousand-squared clueless idiots. Started as a nice little index running in a dorm room. Now? Collects marketing statistics first and foremost and THEN runs an index on a server farm.
    ABC. Owned by Disney. (Nuff said.... no offense, Rob.)
    eBay. Relatively okay company, but they won't allow outsiders to provide searches into their pages. Not a good thing.
    CNN. I don't have a bone to pick with CNN. I'm guessing this is a notierity issue.

    Now, let's take another look at the targets. Yahoo, CNN, ABC, Disney...the connection I see is that they are all high profile sites. You're right, and didn't get hit, that's because, in general, no one would give half a shit. Do you think these kiddies would have made every major news program for taking down Not a chance. Just because these sites are the "pillars of morality" on the internet doesn't mean people care about them. If went down, how many people would notice? Maybe a tenth of the people the noticed Yahoo or Ebay being down (and that's being generous). You say yourself you can't find a reason for CNN being attacked, using your reasoning. That's because there is no reason other than these kiddies can see more of their handy work on the TV.

  • Kris:

    Couple of things of the top of my head:

    make sure you're using tcpwrappers to secure any services that are running - ftp especially.

    Abacus portsentry: sits on well-know ports and blocks/logs any unauthorized activity - even scans.

    Turn off any unneeded services - if you don't use portmapper - turn it off - turn off all rpc services.

    If you need to access the box remotely, use ssh.

    Make sure you're running the latest apache server.

    That's a start.
  • by Skip666Kent ( 4128 ) on Wednesday February 09, 2000 @06:10AM (#1293851)
    Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative.

    Exactly. The solution lies in what I like to call the Primary Array Network Transaction Service, a wrapper of sorts for the GRITS subsystem. When you put the GRITS into the PANTS, you'll find that most of your DoS woes disappear, to be replaced by a sensation of warm satisfaction.

  • by Rabbins ( 70965 ) on Wednesday February 09, 2000 @06:13AM (#1293855)
    The problem is, is that you are only speaking from your own perspective.

    There are countless others out there (way more than you and anyone else you speak of), that are going to be starting a revolution of their own kind. And I am speaking a subtle revolution...

    A lot of people are scared to death about this, about Columbine, about Seattle, about guns, about pornography and about the internet in general. They are "concerned" about their children. They read the news and believe it. They want more control. They demand less freedom. They need more protection.

    I am going to go out on a limb and make a guess that you are twenty-something. Well, we are quite the minority right now, and are not taken seriously. How much respect does the "Slacker Generation" get? :) Personally, I do not think the Seattle protests accomplished a damn thing... same thing as this (if it is indeed an organized protest). Sure, it grabbed headlines, but all of it is going to be lumped together with the "protests" at Woodstock '99. It all looks so immature from the outside.

    I too believe we are starting to lose a lot of our freedoms, I really do. It genuinely frightens me when I see this shift away from people taking responsibility for their own actions. But that is what the majority of people want right now.

    The problem with the movement that you advocate (and so do I), is the way it comes across to these people. We want to watch porn, do drugs, crash systems, listen to songs and play games endorcing benevolent violence, build plastic explosives, vandalize and corrupt children... but it's all in the name of freedom. I think this is what a lot of people see. What we are fighting is a lot more difficult to see and understand than, say, the civil right's movement. There is an instance where a young generation actually made a difference... but they were not fighting for porn and violence!!!

    The trouble is going (and always has been) to be trying to get people to see around that.

    And someone will say, "And your point was?"

    I have absolutely no idea.

  • Me go college (from above link)

    "Once you're done," says student ***** **, "you push 'submit.' They ask, 'Are you sure?' and you say, 'Yes, submit.' And then, one minute later, they send the score right back to you because it's all automatic."
  • Consider that we may not yet be 'out of the woods' in regards to Y2K / Leap-year issues, which could well be incremental. Details? I have none, for I too, lack a Clue....

  • The sysadmins in question haven't taken the appropriate (and well known) steps to lock down their systems. And these highbandwidth servers aren't exactly common-place -- a better analogy might be to keeping a dangerous animal in a residential neighborhood; if you're going to do it, you'd better do it correctly. Tort litigation is all about "did the person exercise the same care that the average similarly situated person would/should have exercised", and here the "average similarly situated person" is a sysadmin of a high-profile website, not the average schmuck on the street with a passenger car. If I try to erect a 200 foot obelisk in my back yard and it falls and hurts someone, I'd be liable for not exercising the care exercised by the average architect/construction-worker, not by the average joe-sixpack.

    By all means, hold the commercial OS manufacturers at fault also. There's too much shoddy work on all sides, and it's time to shift the burden of that shoddiness back onto the people with the most power to prevent its occurrence and away from the innocent bystanders.
  • Well....I also try to dismiss paranoia but...
    the ocasional paranoid delusion can provide some
    entertainment anyway :) It can be fun. Hell
    its not like worl dgovernments haven't
    given us enough real examples of abuse of power
    to be distrustful of their motives.

    > 2.An act of the United States government against
    > its own people, possibly for the reasons
    > described in the post michael linked.

    Ok as was mentioned...this apears to be a HUGE
    smurf attack of some sort (possiibly a new
    variation on the smurf theme that sliips through
    many of the old fixes)

    Just looking at the logistics of it...a direct
    government attack doesn'r makes sense. While
    yes 1 GB/s of bandwidth would probably limit it
    to government if it were a single point attack.
    However, a single point attack would saturate
    everything between the originator and the
    target. This would mean that it would be easy to
    trace back through the route to a government

    However, from hundreds of machines all over the
    net, each with fairly differnt yet all high
    bandwidth paths....1 GB/s would be easy to

    So for the super paranoid delusion. Consider this
    scenario... (the most likely of the far out of
    left feild ideas)

    1) NSA or equivalent figures a way to crack
    into some systems, and at least get user
    accounts, and a client that can be used to
    mount an attack from the machine remotely.

    2) (optional) they break into a bunch of machines
    and install the client.

    3) they obscure their starting adress with said
    acounts and other stuff...they get on irc and
    find som estupid script kiddies. Give them the
    "tools". and set them to work.

    now...the script kiddies launch some attacks on
    high profile sites for shits and giggles.

    The advantages:

    1) no way to prove direct government involvement
    2) script kiddies who can take the fall for the
    incidents, and don't even know themseleves that
    they were given the tools by the NSA (or equiv.)

    There...nice model for a paranoid delusion.
    Just as Hitler burned down the Reichstaag, its
    actually a viable way to get public support
    behind the theings they wish to acomplish.

    Of course...its much more likely that a bunch
    of script kiddies are doing this just for
    "shits and giggles". Then again, it could be
    a small band of hackers who are hopeing to
    raise awareness about these things and
    scare network admins and sysadmins into
    beefing up security internet-wide.
    (kind of a "propaganda by example" of sorts)

    However...its more "fun" to blame it on evil
    agents with political such, Carp's
    law is applied which states, "Whichever
    possibility is the most fun to assert as true
    should be asserted as true"

  • make sure you're using tcpwrappers to secure any services that are running - ftp especially.
    Even better: Get xinetd (or have your maintenance guys do it)... think regular inetd + tcpwrappers + configurable logging + no extra process overhead for all this functionality.... no, I don't have the URL, but it should be on freshmeat, rpmfind, and such like....

    Even comes complete with a tool for converting your /etc/inetd.conf file to its own format... c'est cool.

    Authority, hell, question reality.

  • Think about that for a moment. Let's say they had some grand political motive here. So, they decide they want to announce to the world that they did it. Here's the magic question for you:

    How do they claim responsibility in a way that people will know it is them without revealing enough information to land them in Jail?

    If you deface a website, you can at least leave your message behind. With a DOS, you don't get that opportunity so there is no direct association between the attack and the related political message.

    All of the targets have been the big names in commerical internet sites. CNN was probably targeted over other news sites because it is part of the AOLTimeWarnerTurner cabal. So, it would seem that this attack was launched by either people with issues against commercial sites, or it was part of a government conspiracy. I lean towards the latter, but then look at my e-mail address and it will become self explanatory :)


  • > This particular law would be justified and only
    > hurts the evildoers. No one has a legitimate
    > reason for sending packets out with the wrong IP
    > address.

    I don't mean to rant...but i can't stand that
    attitude. So i guess I am gonna rant.

    Why is it that as soon as a problem or possible
    soultion to a problem is identified, someon
    invariably says "lets make a law". Forget trying
    to use social force or suggestion to get all
    or most ISPs to adopt the policy, jump right
    to law making.

    Do you realize that when you say "We should make
    a law", you are really saying "If someone doesn't
    do this, they deserve to have men with guns apear
    at their house and take them away". I am sorry
    but I don't think that a person who runs an ISP
    deserves to be strong armed by the threat of
    physical force into application of configs at
    his router.

    The "lets make a law" mentality is responsible for
    the fact (to paraphrase shulgin) a person who
    can read war and peace in a week, would have to
    read at that same rate for 25,000 years to read
    all of the laws of the Unites States that are
    in effect as I write this (actually that figure is
    several years old...its probably somewhat larger

    Now, I agree that generally speaking, there is
    little reason to allow IP spoofing. Yes, ISPs
    can and generally should block it. Why not
    do it in a similar way to UDP (Usenet Death Pen.)
    Get a bunch of organizations together, and when
    there is a problem with users spoofing from an
    ISP, threated with routing death penalty.

    I think that ISPs would generally be glad to
    impliment such protections, if it was presented
    in a sane manner, and peopl epresenting it were
    willing to help them get it implimented.

    Hell, they could stop spoofed packets right at
    the PPP interface. Or better yet...log all spoofed
    packets and contact anyone sending them.

    Believe it or not...som epeopl emay have a reason
    for sending spoofed packets (or may not even be
    aware something "bad" was going on from their

    Maybe I am a network admin and want to test my
    own anti-spoofing stuff at my router, so i want
    to go home and send spoofed packets to my router
    at work using spoofed intenal adresses, that way
    I can make sure it works.

    Once I sent spoofed packets because a friend asked
    me to demonstrate something on his box (so I sent
    some spoofed packets that crashed his box)

    as such I think a much better way to aproach the
    subject is just ask ISPs to set up monitoring
    for spoofing. Ask them to make a policy on it and
    enforce it. If ISPs logged all spoofed packets
    through them and the user sending would
    make finding these people EASY.

    No laws required.
  • ZDNet was hit this morning by the exact same type of attack. See the story here []. After seeing all the anti-Linux FUD on ZDNet, maybe there is something to the "revolution" theory?

    Oh yeah...for what it's worth, ABCNews did an analysis [] of these attacks; an analysis which I find refreshingly honest. To sum: people who whine about these outages have unhealthy, unrealistic expectations of their technology.

  • Um. There was no community before yahoo? What? Yahoo made the web synonymous with the Internet? well, for the folks who weren't around before. Most of my best net acquaintances and experiences happened outside of the Web; they happened in old telnet and dialin BBSes, MUDs/MOOs/etc., IRC, or just people talk and ytalk ing on the local unix machines. Communities exist in USENet, listservs, and all other more interactive areas.

    Great,so the web made connectivity popular and faster. Fine. wonderful. Yahoo was instrumental. Fine. Wonderful. They have a nice, no-frills interface compared to most other portal sites. (which is why I rarely use portals, but hey)

    But Yahoo did NOT begin communities online. Maybe you haven't bee around long enough to know what a shell account is, or to remember what connecting from home was like without your very own TCP/IP stack. Maybe you were never good friends of Veronica, Archie, or Eric.

    That the Internet is so handy and ubiquitous is a great thing. But the original point of the poster was that the Internet is still, despite pressure against it, a place where all soapboxes can be equal.

    That being said, I'd rather this newfound dDoSes be used for good rather than hitting high-profile sites (whatever happened to hactivism?), but even this will possibly spawn increased security awareness. L0pht claimed they could take the 'net down in 30 minutes. Most of us believed 'em, now maybe the rest of the world will figure out that this is indeed possible and not limited to the exclusive knowledge of the l0pht crew.
  • This article [] asserts that the mass DoS attacks have moved on to E*Trade and Datek Online.

    What is becoming clear to me is that someone has been planning this out very carefully. I'm wondering if there have been any quiet blackmail messages sent to site owners -- "Send us a cool half milliion or you're next."

  • As a network/sysadmin, this kind of stuff scares the shit out of me.

    As a citizen of an ever-encroaching big-brotherlike planet, this kind of stuff makes me sleep better at night.

    To whoever is pulling off these attacks:

    You're our well-armed militia. I think it's important that people can do this if necessary. I think it's crucial to the freedom of future inhabitants of this planet that people have the ability to do this.

    The more you pull stuff like this off, the better their defenses are going to be. Every time you whack a site, they're gonna analyze every move you made and figure out ways to defend. Don't give them the bits they need to put it all together.

    I can't stress enough how important it is that the people have the ability to do this in an age when government surveillance is reaching ludicrous bounds. Our cell phones and cars will be tracked, our movements will all be known, and it's not too much of a leap to see that all of this will be done electronically. It is absolutely essential that the people have the ability to throw off the system if need be.

    I'm not even pro-militia in the sense of today's publicized militias... I'm not some wing-nut, I don't even own a gun, or even like them. I just realize the importance of the people's ability to defend themselves from oppressive governments or "New World Orders" if push comes to shove.
  • ...or at least experiencing difficulties. Going to the main site [] yields a page which says

    [an error occurred while processing this directive]

    with a last updated stamp of 01/01/97.

  • Government employees generally don't rank high on the trust or confidence scales. Sometimes, a few of the high-ranking ones get caught doing something illegal. But the vast majority of government employees, IMO, have two major concerns in their day-to-day work experience: "When do I get off of work?" and "How can I cover my own ass?"

    And you're basing this on WHAT? Your friend the postman?


    Killing their own citizens or costing their country's corporations millions of dollars are not on the agenda.

    That's just naive. How do you explain the CIA projects that our government has ADMITTED TO wherein the CIA injected people with horrible toxins and exposed them to horrible amounts of radiation to see what would happen?

    I'm not even factoring in that much-rediculed characteristic, patriotism, which would keep a lot of folks from taking part in such plans.

    Patriotism is the reason people DO this stuff. I remember a former government employee being asked questions about a nuclear test in the deserts of nevada. They KNEW fallout would land on this particular town (I forget which one) and the interviewer accused this guy of being a criminal for exposing american citizens to ratiation and not telling them. He said, "I did it for my country, how else were we going to beat Hitler and Japan?"

    That sounds like blind patriotism to me.

    Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.

    I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.

    But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something.

    Noam Chomsky has a great phrase to explain these kinds of arguments.

    They're true because they have to be. No reason, they just have to be.

  • FYI:

    I'm listening to Talk of the Nation right now on npr. They've opened a forum to talk about the recent DoS's. They have two guys - security fellas - didn't catch the names. They are covering pretty much what's been discussed here, but it's still neat to listen to.
  • Would it really be that easy?

    Here's my take on the extreme case, disclosing first that I don't know backbone capacities, and the point may be moot if they're adequate.

    Since after all, the internet was designed to withstand a nuclear war, with all the damage and (possibly) EMP issues that go with it.

    There's a quote by Robert(?) Reinhold (from Virtual Communities): "The Internet interprets censorship as a failure, and routes around it."

    Well, considering that, the 'ping tidal wave' (tm) would just go the other way, wouldn't it? China would effectively sever itself from the internet, but in the process cut all westbound links from the Americas, and all the eastbound links from EurAsia and Africa... (Yeah, they can do that with a backhoe too) The trans-Atlantic links would buckle under the added strain of valid traffic... Mayham.

    I guess my question becomes: Just how reliant/dependant are we (we being variable) on their (again variable) infrastructure.
  • Then again, it could be
    a small band of hackers who are hopeing to
    raise awareness about these things and
    scare network admins and sysadmins into
    beefing up security internet-wide.

    You just have to look at who benefits mosts. Seems to me it could either be the gov't (hoping for more surviellance rights), a hacking group (l0pht is for profit now, eh?), or even some really enterprising young geek pissed at the world or just curious about it.

    I just hope folks don't panic, but watching CNN's talkback live (an interview with Mitnick no less, what a dork) it seems like thats where the media wants to push it, surprise, surprise. If no other news happens this week, expect a whole bunch of idiots to spread a whole buncha FUD about the whole thing.
  • No, you missed my point. I was actually around (for a bit, anyway) before Yahoo- I actually did quite a bit of BBSing, some usenet, and some pre-W^3 internet stuff (Gopher- the 8-track of the Internet! Remember the thing?). Yes, I know that there was online community before late '94 when yahoo started. However, until then, the community wasn't normal people- it was people who cared a whole lot about computers and talking to other people who cared a lot about computers. The people who cared enough to wade through huge techological messes to network with each other. What I was trying to say was that Yahoo was the site that made it possible for people who didn't care about computers to connect with other people in the same way that computer geeks had been doing for decades. True, Yahoo wasn't the only way to do it, but it was the way that people did it, overwhelmingly. In short, Yahoo deserves mad props.
  • Just saw the news report on this on ABC, and they hav Kevin Mitnik on to comment. So he did find work that doesn't involve him using computers... i guess most slashdotters were off on this. Now everytime a new MS-Virus is released, or some major site/network is cracked, we are gonna hear from him.
  • Aaah!

    We have no idea what kind of people are behind this or what their actual agenda is. Until they do we shouldn't try to make judgements about:

    1. Who They Are

    2. Why They're Doing It

    Honestly, no one is going to like it if it turns out it was members of an underground cult called "The Fourth Reich" operating out of Austria to celebrate the Freedom Party's victory and crush the United States.

    I refuse to own these people until I know who they are. I much prefer people who speculate the NSA is behind it, because that would have a more positive outcome if revealed.

    Ok, suppose it turns out the they are all freedom-loving Libertarians who love Lunar: Eternal Blue and have decided to take the battle to "the Man?" All that means is that I've now got to worry about being interrogated by Secret Service agents (since I'd fit the profile) and that eBusiness leaders are not going to have much sympathy for hackers. Oh, and Jack Valenti is sure to mention it in his next Op-Ed Piece about the "strange hacker ideology."

    I wouldn't be surprised if this turned out to be entirely different than people's speculations about it, so let's keep the "Vivé Le Revolucion" comments to a minimum until we know what "revolution" we are are supporting, ok?

  • By "real", I intended to imply "ideal". A revolution in the ideal, optomistic sense. And the definition I offered is probably what people involved in a revolution would say was at stake, wether or not it is the reality. Whoever perpetrated these attacks makes no attempt at offering an ideological justification for their actions, or any manner of replacing the system they are trying to harm.

    Real revolutions in the sense of historical revolutions have usually meant a lot of people dieing for someone's pocket book or ego, while backed up by some sort of political dogma. I'm not a big advocate of them myself.

  • But the traffic to/from those home computers has to pass through the routers at the ISP. There's no reason for the packets not to be filtered at that location.
  • The "gross abuses of capitalism" could be better explained by someone like, oh, Jon Johansen.

    Remember him? Arrested? Detained? Property seized? All at the behest of the movie industry in a foreign country?

  • <p>Hell, it's three days later, probably no one's still reading, but I can't resist another comment. This has been one interesting bit of discussion!

    <p><i>"It's true, the middle class is gradually thinning out, the wage gap between rich and poor is widening, and things are starting to become slightly tense here and there... But don't underestimate the power of greed and desire. The poorer North American citizen (who is not really poor in comparison to the rest of the world, don't ever forget that) will, 95% of the time, it seems, stick to his job, buy lottery tickets, anything to try and achieve the material opulence that commercials tell us is desireable."</i>

    <p>The crucial point is that historically as the middle class gets smaller (they split into richer or poorer), the lower class gets poorer. By the time the middle class is gone, the lower class is _really_ lower class, usually subsistence level or below. That's when revolution starts.

"An entire fraternity of strapping Wall-Street-bound youth. Hell - this is going to be a blood bath!" -- Post Bros. Comics