Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet

Linux Blamed for DDoS Attacks 585

jd writes "In this article, Linux and Solaris were blamed for the DoS attacks. The claim was that rogue code could be inserted onto these systems, causing them to attack other machines. The article also claims that this cannot happen with Windows machines. Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchestrated the entire thing? " Update: 02/11 07:36 by CT : the article has been pulled due to 'flagrant inaccuracies.'
This discussion has been archived. No new comments can be posted.

Linux Blamed for DDoS Attacks

Comments Filter:
  • by Anonymous Coward
    I think you're on the wrong site buddy. The last thing I'd do is to defend Captain Burrito, but blantant simple statements like this generate more discussion than cautious well thought-out ones.
    He's just using statements appealing to the majority of this crowd.

  • by Anonymous Coward
    Linux is a cracker's dream. Windows, apart from being more stable, does not allow you access to the source code. This means it is far less vulnerable to attacks. All these people running their cable modems on Linux are just exposing themselves to outside exploits. With the new connection sharing in Windows, there is no need to run Linux at all anymore. After Win2000 comes out, Linux will suffer greatly.
  • Moderators: Please moderate the parent message up.

    If you want to flame me, do so here [slashdot.org].
  • I haven't read the article yet (server appears /.'ed), but I know that the security on a default Linux install is very low. We have been bugging distributors for quite a while now to bring down the number of services turned on in a normal installation. Hopefully this will change someone's mind.

    Of course, in the Windows world, I know that people send each other .exe files left and right, whether by e-mail, ICQ, or anything else. A perfect way to send viruses or remote-access software. I'm really glad I don't have to worry about that side of things.
    Stop the MPAA [opendvd.org]
  • I finally read the article, and if anyone would be to blame for a conspiracy, I'd say it's the security/anti-virus companies like Network Associates. I shouldn't say that they actually did do this, but I would say there is a possibility.

    The anti-virus companies in particular have a vested interest in keeping Windows the dominant platform -- viruses are far less common on Linux and other Unix-like OSes.

    Of course, I still say that the distributors of Linux should really work harder to make the administration of various services easier to do and understand. CAEN Linux is one good option, plus I see that Bastile Linux (a script for hardening a default RedHat 6.0/6.1 install) is being actively maintained.
    Stop the MPAA [opendvd.org]
  • Although this article was amusing, it was inaccurate or just plain wrong on almost every single point. I don't think there's much point in doing a point-by-point rebutal; obviously the author had absolutely NO idea about any of the subjects covered in the article, so why bother?

    And I don't think it was funded by Microsoft. They are smart enough to actually find *real* flaws (however small) in the targets of their propaganda and then write about them with a reasonable level of grammar. This article looked more like a five-year-old got ahold of a computer on a bad day. (Actually, I guess that's being a little harsh on five-year-olds...)

    My favorite part was the bit about "as many as one million" users of Solaris and Linux, put together. *giggle*
  • I can't get to their site right now. That begs the question, what is the difference between a distributed Denial of Service and not having enough bandwidth to handle your traffic? Could Slashdot be held liable if a site was slashdotted, and "real customers" could not get to a site?

    Something to think about...
  • If anybody has the old version (before they pulled the article) in their browser/proxy cache, could you please post the old article somewhere?
  • Sure, having kernel modules might make it easier to participate in a DDoS, but it certainly isn't necessary. It can be done from userland, in fact.

    Of course, even if it did require kernel access, windows will happily grant such access to anyone who sits down in front of it. Write your own "third party" device driver that does DoS, and bobsyouruncle, you're DDoS'ing.

    So just because it seems unlikely that windows was involved in this case doesn't mean it couldn't be in this, future, or other attacks. And while we're at it, how about the proliferation of "wingates" behind which conservatively 100% of the world's skript kiddiez hide when performing their various oh-so-1337 activites? On operating systems with access control, setting up such a thing would require root access and some clues. The lack of such measures makes it easy for anyone to do it on any old dos box.

    So microsoft is distorting the truth to try and make themselves look good. Bully for them. Probably because we don't even read about the hundreds of NT/IIS sites that get 0wn3d every day any more. Everybody enjoys not being the culprit at some point. When the tables are turned, we'll be doing the same thing.

    Bottom line: misconfigured systems, of any type, can easily be cracked and used for nefarious purposes. Regardless of what specific type happened to be prevalent in the latest well-publicized attacks.

  • This is a thinly veiled attempt at boosting myCIO.com's advertising revenue. Go look at the article, it's got all the hallmarks of classic FUD, including nonspecific terms and pseudotechnical gobbletygook. And my favorite part, about how Linux and Solaris systems can't ever be permanently fixed, you have to have your enterprise servers scanned over and over again.

    Oh well, this is just a "consultant" screwing over gullible CIO's. I guess it's no different than a televangelist screwing over old ladies. Except that good operating systems don't get smeared by televangelists...
  • This is going to cause someone to write a windoze virus or trojan to do the same thing, just to prove it's not a Unix problem.

    Any takers :)
  • Who is to say that either Linux or Solaris were used in these attacks? And who is to say that some lame coder in MS didn't slip some code into Windows 2000 to do exactly that? There are, what, 40,000,000 or so lines of code in there. What if 10 of them do a random DoS depending on a signal this guys might send from Microsoft HQ - DoS www.linux.org, say, and several hundred thousand PCs world wide start a DDoS on that site? I know, complete paranoid, but they could do it.

    And in some code was slipped into Linux, I'm sure Alan or Linus, or some other coder, would find it quite quickly, and it would be removed quicker than it went in.

  • First, it's quite possible to embed your own malicious code into proprietary software without having access to the source code. happy99.exe inserted malicious code into WINSOCK.DLL to propagate itself, for example. You just have to be handy with a hex editor and understand the calling conventions of your platform.

    Worse, it's extremely unlikely that anyone will detect the modification, except possibly through its effects. Detecting such a modification (without observing its effects) in a proprietary application is much, much more difficult than inserting it. (After all, you only have to insert it in one place; you have to look for it everywhere. Looking everywhere means you have to understand what the whole application should be doing. Without source code. Inserting it only requires that you understand what the application actually does do.)

    Analogous attacks on free software are typically detected within hours or days.

    Second, you can run Purify on applications you don't have the source code to, as long as Purify can find and redirect malloc() and free(). Purify doesn't find all buffer overflows, though; in particular, it doesn't find the most interesting kind, where you overflow a buffer into something you're not supposed to be able to overwrite.

    Third, these attacks are not related to inserting "malicious/foreign" code into an operating system. They're related to breaking into a system, running some user code on it, and sending out packets from it.

  • ...and some good concepts they are.

    Another way of phrasing it is: education

    - an educated free thinking consumer is a better consumer than an ignorant one.

    - an educated and free thinking market is better than an ignorant one.

  • Article is Flaimbait

    That is asking "Is it possible [MS] orchastrated the entire thing?" is flame bait.

    MS is so good at FUD that they don't need to orchestrate something like this to create it. It's just their FUD machine capitalizing on an opportunity.


  • that mycio scan is really pathetic. It essentially requires you to submit the scan request from the server you want scanned.. which assumes that it actually has a javascript supporting browser. (lynx didn't seems to fit that bill.)
  • Thank you for posting this. I had not been able to read the origional as yet. Unlike many of my fellow Slashdot readers I prefer to read the artical in question before commenting.

    This is just bad reporting. Even if the facts were correct, the article itself is of very poor quality. Sources we're not identified, grammer was poor, and very little justification is given for any of the claims. I'm betting upper level editorial people took it down the minute they saw it.

    I'm betting that someone owed someone a favor and this was some sort of free promotion for myCIO.com or something..

    (Not that my grammer and spelling are wonderful, but I'm not "publishing" this...)

  • by Anonymous Coward

    Summary of events as I've read about them:

    In two days, major Web site hosts get nailed with a lot of high bandwith, bogus traffic (at one point, one site gets nailed with more traffic in one day than they get in a month or something...).

    The next day, the Attorney General, Janet Reno issues a statement to the effect of the government will respond to these "cyberwarfare attacks". A day after that, the FBI says, oh, looky here, we have code we want to give you to help you "combat" these DDoS attacks. ...

    1.) The Internet comes from the ARPAnet, a government research project at one point in history. There are military networks on the modern Internet to this day. (.mil , .gov)

    2.) The government has a lot of technical resources at it's disposal; lots of bandwidith. The NSA, for example, has a lot of computers and networks. Military installations do too.

    3.) There's been a lot of talk by the government about "combatting cyber-crime, "cyberwarfare", "the information infrastructure". Heck the President made a statement last March targeting "criminal" hackers. (See 2600, 16:1)

    4.) The military loves field exercises. The military is in to cordinated groups and group tactics. Why not have one big cordinated field exercise in "cyberspace" to "test the information infrastructure" to see what happens when e-commerce is disrupted?

    5. The government is about retaining order through control; laws, rules, censorship, taxation, etc. These things help keep the government running and society maintains a peaceful status quo. The government likes the status quo.

    Now, as far as I know, the government isn't making a dime off e-commerce (i.e. sales taxes). Why should they care if Amazon or eBay lose money? It's not their money; of course, they'd like to be making lots of money, to fund more projects, pay debts, etc. Hmmm.

    Now say, TWO DAYS LATER when the virtual smoke clears on the electronic battlefield, a politician sidles up to the e-commerce sites and say, "Well, dang, sorry you guys lost all that dough, but look here, we have this nifty code at your disposal. Feel free to use it to patch that dang problem to improve yer site security fellas, don't worry, you can trust us ... we're the government after all."

    Now that's awfully quick, with a modern government that sometimes takes months to even pass a bill into law. How the heck did they get that code out there so fast(Now I suppose that they might have been working on solutions to getting their Web sites from getting defaced less often...)?

    What you don't see in the media(and this is the fun part of the conspiracy) is the part where the good ole boy politician checks back with e-commerce companies in a few months and says, "Glad that code is working for you; mighty glad.

    Incidently, we have an even better solution than that code. What we gave you was just a beta version.

    Did we mention that now that we understand how to do these DDoS attacks, we'll be doing them against your site to test the intergrity of our code for you. We'll be doing this at random, so you don't have to worry about testing it yourself. In fact, you might not even know it's us doing it, to "simulate" a reall attack.

    Now, if you agree, for a small fee, say, oh, just a few tax dollars off your gross sales each year for the next 20 years, we'll go ahead and install this improved version of our code that will allow you to distinguish between us and them, and it'll protect your sites even better than the beta. Honest, you can trust us ... we're the government." >>big toothy politician grin
    6. Headlines in March of this year start to read: "Government and e-commerce do business" "Government passes bill into law; taxation of e-commerce to begin next financial quarter" "Offshore corporate banking increases" "Dot.Companies focus on Carribean and Mediterranean investments" "Data havens appear in international waters aboard new dot.company cruise ships"

    Okay, where are Mulder, Scully, and the Lone Gunmen when I need them?

  • newsbytes feedback e-mail: feedback@nbnn.com [mailto]
  • I just received this letter in response to previous correspondance with the editor in chief of newsbytes, including discussion of publishing a correction instead of pulling the original article.

    We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented.

    Thanks very much to everyone for their comments and insight.


    editor in chief

  • Someone could rake in *shitloads* of money by starting a company that simply secures the machines of people too clueless or stupid to do it themselves. Wannabe-admins will set up a Solaris box, or a Linux box, or an Irix box, or an NT box, or God knows what else, and just expect it to be secure right out of the box, when the simple fact is, everything is broken out of the box and always will be broken, no matter how much you patch it!!! This is the mentality sysadmins need to keep in mind when they're securing their machines: you have to be very vigilant when you connect a machine to a network. Keep on top of all the latest security patches for your operating systems. Make sure you didn't miss any old ones (hell, the IMAP hole trinoo uses is fucking ancient, yet PEOPLE STILL HAVEN'T FIXED THEIR MACHINES!)

    Sometimes it's not just the users who need a few beatings with the clue stick.

    - A.P.

    "One World, one Web, one Program" - Microsoft promotional ad

  • However, lots of times you need an OS that allows for low level manipulation of the IP stack. IIRC, you can't do this in Win95 so spoofing packets like a worm on crack just won't work in win95.

    False. One doesn't need any special interface in the IP stack implementation to send bogus packets -- he needs an access to the network interface at the IP level or anywhere below it. MS-DOS with Ethernet or PPP driver is enough to do that -- hell, PalmPilot with a modem is enough to do that.

  • how many Win9x machines are hooked up to big enough pipes (and not behind firewalls) to make a difference?



  • Cisco has a document [cisco.com] up on their website that might interest everyone.

    Here's a quote:

    In order to facilitate DDoS, the attackers need to have several hundred to several thousand compromised hosts. The hosts are usually Linux and SUN computers; however, the tools can be ported to other platforms as well.

  • Users requesting to install Linux on their computer shall be subject to a mandatory five day waiting period, during which an extensive criminal background check and psychological profile will bae assessed of the prospective linux user. Upon passing these checks, the user will be issued a license which permits him to install linux on no more than two machines at his primary residence. The license must be renewed annually. The user will also be required, before installation, to turn over the root password (which he then must use upon install) to authorities and well as any cryptographic keys to be used within the system to be held in escrow and only to be used for law enforcement purposes or upon the order of a judge or magistrate or for routine scanning for illegal activities, all of which the users agrees to and further agrees that these may occur without his knowledge nor require his approval. Changing the root password or cryptographic keys without submitting a written request to and recieving written approval from authorities is a violation and can result in fines of up to $10,000,000 and 20 years in jail, per violation, as well as immediate search and siezure of all computers, disks, property, and financial assetts, and immediate imprisionment without the right to a speedy trial which the user agrees to waive his rights to by accepting the linux license. Also, failing to turn over passwords or keys, or claiming to have forgotten them shall be tantamount to guilt sufficient to mandate the maximum fine, again, per password failed to be turned over. Claiming to have simply forgotten the keys is not an excuse. And once again, the user agrees to all of this and waves any and all rights that would oppose these measures by accepting the license. These measures are therefore fully constitutional and are effective immediately and all existing linus users must come into full compliance within ten days, afterwhich these regulations shall be in full force.
  • I'm unsure of how to react to this. My FIRST idea would be to post some code and binaries that can implement it by cracking into an IIS server, but I don't think that would be the all that great of an idea either.. At the same time, we can't just ignore these statements, but saying, "No, you're wrong", doesn't carry much weight either..

    Oh, what to do with ethics.. :-(
  • Oh, yeah, the brilliant minds that determined that a crack attempt on the Pentagon came from Russia, rather than California, last year.

    If they can be fooled by an nmap decoy, they can be fooled by a fake OS fingerprint. It's not that hard to do, but it seems that it's hard to think of.

    And if, as some have said, I'm paranoid, that's possibly true. But just because I'm paranoid doesn't mean MS isn't out to get people.

    Oh, and would MS -really- care about an outcry? I seem to remember fake letters being sent to newspapers, in support of them, in one trial. I also remember a faked video tape, an OS "patch" which deliberately broke Felton's IE de-installer, attempting to tamper with evidence (eg: getting their German HQ to burn all evidence), the destruction of all source code for Win 3.x in the Caldera trial, the breaking of APIs in Win 3.11 to prevent OS/2 working, the current API court case in Europe, the reneging on licences with companies developing Windows emulators for Unix, the reneging on the EULA when it became expensive for them, the attempt to control the media via ZDNet and MSNBC, the attempt to control the satellite phone industry via an aborted attempt to launch 1,000 low-level satellites...

    Can anyone seriously both acknowledge Microsoft's wrong-doings AND ignore the possibility of yet another?

    Doesn't it seem a little coincidental that there's a massive publicity boost for Microsoft, immediately prior to the President of the European Union raking them over the coals? And at the same time as surveys are showing that a major threat to them in the server & embedded markets (Linux) is on the verge of overtaking them?

    If Microsoft needed scare-tactics, they'd need them right now. I don't believe in luck, and I won't believe that Microsoft "just happened" to receive a whole plateful at EXACTLY the right time, at a very critical point in their history.

    Sorry. If it's a choice between being a paranoid, hyper-suspicious global village idiot, or a gullible, mega-trusting sheep, I don't look good in mint sauce.

  • Secret tape recording, smuggled out from the banana warehouse...

    King Monkey, Great Sage, Equal of Heaven: Oh, for heaven's sake, Pigsy, I want to take over the world this week! Why should the master always have the fun?

    The Master: Hmmmm. Do I know you?

    (Agent) Monkey: Chchchchchchchch!

    Dexter: This is getting seriously silly, and is taking me away from my greatest creation!

    Brain: And what, pray tell, is more important than taking over the world?

    Pinky: Daffodils in chocolate syrup! Wahahahahahahaha! NNnnorg!

  • The Royal Family is made up of poor college kids? You want to tell them, or should I?
  • ...and it reflects on a pet peeve.

    Used to be, linux was only run by those that really, really knew how to run it. So what if the default installer installed apache and turned it on. So what if it installed telnet/rpc/nfs/and other services and left them running. It was all OK, as most linux systems were servers of some sort, so they needed these things and those of us that ran linux boxes knew how to shut down what we didn't need and how to install a proper firewall if we needed to do so.

    The market is changing.

    There are now a number of Joe D. linux users out there that haven't the foggiest idea what tcp or anything else that is not clickable is. Remember that battle cry "World Domination"? Well, here it comes folks. If linux succeeds in its self appointed "goal", there will be far more Joe D. idiot users out there than those of us that do have some comprehension of what is going on under the hood and what we are doing.

    What baffles me today is why do the distros STILL install all of this stuff, leave it all enabled, and fail to also install a proper firewall that, if you want to make sense or at least be consistent, doesn't allow access to anything except for those services that are specifically enabled?

    Huh? Why leave the whole machine wide open?

    Personally, I'd much rather have an initial installation that started up closed, locked, sealed up tight as a drum, and totally inaccessable to anything that probes eth0, ppp0, or whatever so that I can then turn on only those things that *I* want to be on. As it is, since most installations today are NOT servers, most new installations these days take a whole series of operations to secure properly rather than a few simple steps to turn on those services that really do need to be enabled on Joe Dimwit's workstation.
  • So I guess they haven't heard of BO/BO2k/Netbus or anything else....

    No, my bet is that they have heard of BO/BO2K/Netbus, as have most ITs working in the NT field. College campuses (which the FBI is concentrating heavily on right now) regularly do scans for BO and Netbus. It was publicized so heavily that most people knew about it and at least had the knowledge that they should be checking for it. I remember when I worked for our campus network checking for BO and cleaning off people's systems. But they don't scan their systems for these Unix vulnerabilities because the Unix community does such a good job of saying, "Oh, our systems are super-secure." That's true, if they're set up properly, but most aren't (especially when it comes to college kids running Linux), and that's what's being exploited. At least when Microsoft gets a bug, it's heavily publicized. When Unix gets a bug, unless the admin is on bugtraq (of which many aren't), no one will hear about it. Our network admin at my current school doesn't know too much about Unix or admining, but he gets a lot of help from the press when it comes to running his NT network.

    Basically, there are enough stupid people admining Linux and other Unix systems that those networks are probably much more vulnerable than your average NT network. Maybe instead of saying, "This is such FUD!" Linux advocates should do a lot more education about how to make systems secure, starting at the company level (Redhat and Corel) and working down to the level of the user (LDP).
  • What article did you read? The article I read didn't mention anything about source code. The article I read talked about a company that offers a web solution to determining whether or not your system's security is compromised, making it available to the daemons that run these types of attacks. Nowhere did I read anything about why Linux and Solaris are more vulnerable.

    So, either we're reading different articles, you didn't read the article, or I skipped an entire paragraph or something (hey, I'm not perfect).
  • To be fair, I never said that Rob accused Microsoft, and I am well aware of that fact that it was the poster of the article that made that accusation. Slashdot, though, is a journalistic source, and Rob is an editor. Editors verify facts and approve stories. That's why not all stories are posted to Slashdot. It's up to the editors to determine the validity of the story and whether or not it has merit. Rob has the full right to edit that poster's text and not doing so was a conscious effort on his part.

    If Slashdot is truly to be respected as media source, it's going to need to get it's act together. It rails against FUD from Microsoft, but it turns around and spews the same type of FUD back out against Linux. I'd rather hold Slashdot to a higher standard than my typical news service, and to do that, the editors are going to have maintain a higher standard. That means cutting out some of the sensationalism and making sure that they verify their stories.

    So yes, the blame for this post falls squarely on Taco's shoulders. He should never have posted it for general discussion without first making sure that those ridiculously (and wrongly) anti-Microsoft comments were either toned down or removed altogether. That's his job as editor. If he's not going to maintain at least some journalistic ethics, then I may as well read CNN for my Linux news.
  • I agree in retrospect. You may well be right.

    If someone wants to find a NewsBytes editorial email, I'll send the same email to them.

    The main thing is to respond. And I don't think we should only let the big guns of the community respond (though of course their help will be very important).

    Send mail yourselves. It doesn't really even matter if it's to the right guys -- CompCurr has an obligation to report the news correctly, and if NewsBytes is giving them bad wire feeds, perhaps they should junk the service. News companies need to stand up behind the stories they report.

    This one was about the dumbest I've read in a long time :)


    Oh, and M$ isn't behind this. Don't be absurd.
  • I was given the address of the editor of Newsbytes by the fine people at ComputerCurrents.net.

    Her name is Wendy Woods, wendy@newsbytes.com [mailto]

    I don't enjoy poster her personal email here, but she's an editor; she needs to take responsibility.
  • Send mail to the editor [mailto].

    Be polite, but set them straight.
  • Pardon me, but I fail to see how source code to exploits is more available on Unix than on Windows? Last I checked, there were tons on L0pht's site, and others.
  • Doing DDOS does not require modifying the kernel; it can be done at the user level. On top of that, on Unix system, it generally requires root access (at least for faking addresses), whereas on Win9x, which does'nt have user levels, there is no such protection. This article is not just FUD, it's an utter and complete lie.
  • i knew someone would point it out.

    however to say that windows systems are immune is a complete lie. anyone remember melissa? virus writers to date haven't really played with the net, but the ability to write up a virus that attacks people you don't like seems rather simple (to the virus crowd).

    all one would do is write up a virus that would check a set of web pages - there are hundreds of free hosting sites - and snarf a list of ip addresses once a day or so. then it would do a DoS attack on one of those hosts at random.
  • top 10 reasons why they retracted the article:

    10: they did research
    01: linux users wrote in to explain their mistake
    00: sun's lawyers called them and gave them the definition of libel and defamation

    gee, i wonder which?
  • they'd be immune to being ddos *servers* but anything that speaks ip is at risk. apparently the freebsd (and no doubt openbsd) and to a lesser extent linux have some tunable params to make them less susceptible, but i doubt there's any complete defence.
  • After all, Intel builds the chips that are used in the vast majority of Linux systems, and the Linux systems are obviously insecure.

    Oh yeah, they're used in all the Windows systems too. Never mind.

    How stupid can they get?

    - -Josh Turiel
  • I checked out the webpage for ZoneAlarm. It looks interesting and real easy to use. But, it doesn't do much more than a stock Linux install with either ipfwadm or ipchains will do.

    With Linux, you're able to turn on and off services, masquerade behind a firewall, turn off response to pings even (which I think ZoneAlarm does). Basically, you have all the features of ZoneAlarm plus more, but without the user friendliness.

    The lack of user-friendliness is a good thing, IMO. With ZoneAlarm, you can't really tell exactly what it's doing. With ipchains and a homebrew script you know what's going on under the hood. With security, it always pays to be more careful. Knowing more about the internal processes helps you be more careful.

    And if you really want the nice GUI, there are a number of apps available on freshmeat.net to help you.


  • Network Associates, Inc. [NASDAQ:NETA], has launched a new business-to-business service called myCIO.com which allows enterprises to click on to the myCIO.com Web site for a check of their servers' vulnerability.

    It continous to talk about how you don't have to download the government tools, but can rather use thiers stright from thier web site. And so on. It plugs at least one other Network Associates tool before finally blowing its self out. Of course no details which vulernability is being exploited is mentioned... But they claim they can find it.

    I wish someone had seen the site before this story was posted, and the Jihad was declared.


  • So I guess they haven't heard of BO/BO2k/Netbus or anything else....

    Of course it's all a media relations exercise.

    Personally I've been acting the doomsayer for a long time regarding DDoS and the introduction of thousands of windows PC's on DSL technology. Windows NT and 2k at least make an attempt to be secure on the network, but the lose95/98 machines have had little of those considerations.

    Personally - I think that people should get computer licenses - you should have to demonstrate your ability to admin and secure a machine on the internet. This should be needed to get hardware and connections, and users could be licensed to different levels.

    Imagine your Pride as you show the modem plebs your license to gigabit networking ;-)

  • I think Nicolas is referring to the need to be root to make spoofed packets in linux, or TCP half-open stuff, etc.

  • A: To use Windows on a DoS Wargame is just stupid. You would get a bigger chance that the attacker machine would get down (and WELL down) rather than even slightly harass the victim...

    B: Naaaa. Microsoft is not behind this. Neither the Greys, the Shadow Governemnt, the KGB/FSB/MOSSAD/BOSS/Hezbollah/CIA/FBI/NASA. It's a smart and nasty kids play. Or some stupid jerks doing "Morrison experiments" on the net. Or some guys who think that is time to "revive" the anti-worm/virus/exploit market...

    C: Don't trust these "we'll check the stuff for you". There is always the risk that such offers carry some stuff "behind the scenes". Or that tempatation will not be hold on a possible future. On this point I had already found several "do all jobs for you" stuff, from very serious companies, where VERY SERIOUS information suddenly travels from your net right into their offices...

    D: It is sad that such thing is happening and seems to still happening after so many days. This rather strange passivity does not offer anything good in the future. If FBI is readying for another "super-operation" that ends in a mess, then what will be the "next day"? These kinds of DoS are not the worst of te worst. In fact, presently, any Internet Wargame is rather stupid, because it still is enough to pull a few plugs and "KABUUM", everything ends in a simple and calm silence... So building things as if this is Waterloo could lead to some sad consequences.
  • Looks to me like you skipped about three paragraphs.

    In particular, the fact that you say it "didn't mention anything about source code" is telling.

    Try doing a Find on it for "source code", then read that paragraph and the ones before and after it.
  • I think I may have seen a possible probe by who (or whatever) is behind the dDoS. My friends' box was probed by a MySQL Linux box in India that was as full of holes as Swiss cheese. Perhaps the dDoS is being implimented by some wormlike agent?
  • "In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone."

    I don't know, why this writer, doesn't have an editor, who could remove, all the extra commas, and replace, the adjective, "easy," with the adverb, "easily".
  • Finally got through the /. effect to read the article...

    > What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.

    What I see is "the current spate of attacks takes
    advantage of an *inherent* vulnerability in these systems" [emphasis added]. They're not blaming sys admins or failure to apply patches. They're claiming that it something wrong with the OS that can not be fixed.
  • puh-leeze!

    trying to blame an OS for this DoS stuff is like trying to blame Ford or Chrysler for drunk drivers and speeders.

    many have made the point already, in various forms: the OS that the perpetrator(s) used could have been anything. he/she/it/they could have used any or all of Linux, Solaris, Win*, or even OS/2, just to name a few operating systems...

    the OS that was used isn't the point. the fact is that there are people that do this stuff. there always has, and there probably always will be. the trick is to figure a way to get around the problem so that it's not an issue anymore.
  • The perpetrator would probably want to choose a reliable system to launch their attack, otherwise the blue screen of death will screw up their evil project. So yes, linux is more vulnerable than windows as a launch host, but for a different reason.
  • The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON* Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*

    [grin] And then a few plants and dupes ridicule the "paranoia", neatly drawing attention away from the conspirators. Ha! Caught you!

  • I heard on tv this morning that they had found the malitious code, that the hacker/cracker used. Therefore M$ is wrong or whomever is accusing Linux and Solaris. Solaris is also not open source. I am sure all patches that go into there software are checked, as I am sure that Linus && Alan do not let malitious code into the kernel.

    send flames > /dev/null

  • Preach on Brother!
    I run (ran) one NT machine now, and I tell BO with the cool plugins is the best way to manage the thing. Some thing does not work, fire it up and fix it. When I got BO on it, I tossed it up on a rack and forgot about it. Just log in with BO and check it out every now and then. Great thing is that I can reboot it remotely! Sweet!
  • ...that the DDoS tools that exist have makefiles for two OSes, and two OSes only. That's right, Solaris and Linux.

    Though according to this in-depth review (http://staff.washington.edu/dittrich/misc/stachel draht.analysis), the linux version is not reliable, and stacheldaht has only been found in the wild on Solaris.

    Does this mean that winxx machines are not vulnerable? no, just not used in this case. Just wait until some non-kiddie ports this into windows and watch UUNet go /all/ the way down with the addition of all the windows boxen.
  • Here's what I got when I just loaded the page:

    Daily News
    Solaris and Linux Vulnerable To Hack
    By Sherman Fridman, Newsbytes.
    February 11, 2000

    Due to flagrant inaccuracies this article has been pulled and is being re-written.

    Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

    February 11,2000 11:17:00 AM PST

    Well, I'd like to have read the original story.. The site was slashdotted all morning.. oh well.

  • Is it possible it [MS] orchastrated the entire thing?

    I suppose it's possible. Is it likely? Not hardly. Can MS be expected to exploit these high-profile DoS attacks to promote its own products and blame its major competitors? Bet money on it!

    Katzish analogy time: Gun control zealots and censorship advocates invoked the Columbine tragedy to promote what they were selling. Why should we expect MS to behave any differently?

    Calmer heads recognize(d) that these tragedies were waiting to happen. What's really surprising is not that they happened, but that they didn't happen sooner.

    Linux (well, any OS, really) is only a tool. It can be used for good or for evil. Please use only for good.

  • Two minutes of amateur research reveals some interesting things. Amazing that I, an amateur, could find this, but a trained reporter cannot!

    (Of course, Stacheldraht is not the only perpetrator in this recent spate of DoS shenanigans. However it was identified as one of the major cracks used)

    From Dave Dittrich's paper on Stacheldraht , we find: "The Makefiles contain rules for Linux and Solaris, with the default being Linux (even though it appears that the code does not work very reliably on Linux). For the purposes of this analysis, all programs were compiled and run on Red Hat Linux 6.0 systems. As far as I am aware, the agent has been witnessed "in the wild" only on Solaris 2.x systems."

    Hmmm. It seems that Linux is not the wide-open OS that the article makes it out to be. The rest of the paper also clearly illustrates that any OS with common networking utilities (including NT) is vulnerable to similar agents.

    Mr. Dittrich's recommendation is: "The real defense is to make sure that *all* systems are kept up to date with security patches, unnecessary services are turned off, and competent system administrators are running and monitoring every Unix system on your network. (I'll hold my breath while you go make that happen, OK? ;)"

    Funny, this sounds like that same old security mantra I've been hearing from day one! A more competent reporter would have attributed at least part of the blame to lax security policies.

  • Clinton scheduled this summit some time ago due to his proposals for more Federal net policing.
  • Yes, the culprits were primarily Solaris (and Linux) boxen. No, there is nothing special about these systems vs. Windows. The hackers who made the scripts wrote them to compile on UNIX, only because hackers prefer to run UNIX on their own systems.

    As it stands right now, the average Solaris box can easily be exploited by buffer overflow scripts against Sun RPC services (cmsd, tooltalk, amd, etc). However, the same percentage of Windows boxes can be exploited via .htr buffer overflow or the RDO exploit.

    BTW, if you've been running a firewall or intrusion detection system for the last several months, you probably have evidence [networkice.com] of the perps. You may also want to check out this list of intrusions [networkice.com] that hackers can run against systems, which are really evenly distributed among UNIX and Winsoze systems.

  • That article contains a number of claims from a person and no proof at all. The fact that arbitrary unwanted (by the system owner) code can be run on a Unix system (well, Solaris and Linux) is taken for granted, which is total nonsense.

    Apart from the wrong statements, the 'journalist' who wrote the article obviously hasn't checked anything, he just provided a forum for that other guy who wants to sell some security-related product. It's a shame everybody can create their own news site without having to fulfill certain standards...
  • ... and have 100,000 people do the same, the size of your sticks doesn't matter

    By Sherman Fridman, Newsbytes.
    February 11, 2000

    Due to flagrant inaccuracies this article has been pulled and is being re-written.

    Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

    Aahh, you gotta love the power of the Internet and accountable media. How many times does your newspaper do this? How about the Evening News? How often do they need to....
  • You know, Computer Currents could run an article saying that Linux is the absolute be-all/end-all of server operating systems. They could also run reports saying that Windows NT 4 performs better than anything else under heavy loads.

    Either way, I would ignore it. Computer Currents has zero credibility. If you read their print version, it's mostly ads for here-today-gone-tomorrow ISPs and product reviews along the lines of "Adobe Photoshop lets me change the color of my cat's eyes! Amazing!"

    Seriously. I've picked up copies from time to time since ~1995 (gotta read something on the exercise bike). The quality is very uneven. If you can do "Hello, World!" in C, you can label yourself a "software expert" and they'll let you make a total fool of yourself in print.

    As Mr. Gump says, "...and that's all I have to say about that."
  • They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.

    While I'm not one to advocate security through obscurity, I do have to take you to task over your claim that it's an outright lie; it's not.

    1. If the source comes with it, I can embed my own malicious code in the source and pass it on like that. People have to check what I've done - and people might not spot it. I can't do my own source rev for a closed-source OS, so this form of attack won't work. The closest analagous attack that will work is a trojan or virus attack.

    2. If the source comes with it, I can run it through BoundsChecker or Purify or some other such intelligent lint tool and find any buffer overflows in the source - or any potential other errors. Heck, I can even go through it by hand and see what I can find that I can use to get access to the machine. I don't report them - I just note they're there and use them as exploits to embed my DDOS code onto the system that is vulnerable. This is much easier than the way you have to do it on closed-source systems, where you have to do things as a matter of trial and error and slowly wend your way through the system prodding here and there to try and find some kind of hole - and then you've got to find some way of inserting your own code onto the system from there. Much more difficult.

    Let's face it - it's possible on both systems. But let's also face it, it's not a lie to say that it's easier to insert malicious/foreign code into an operating system that you have the source to. Because it IS easier - just not much easier.

  • The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)

    I'm sure somebody out there would belive it


  • The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)

    I'm sure somebody out there would belive it


    PS: I hope this isn't duplicated.../. isn't answering on the first try :/
  • I haven't read the story (the site is slashdotted) so this is just in response to many messages in this thread, and to the news of the attacks themselves.

    The fact of the matter is that most Linux distributions install out of the box with way to many ports open and exposes them to attack.

    Yeah, so do Windows boxes, yadda, yadda, but who gives a shit? I care about making Linux better, not about Windows being worse.

    Item No. 1: At my LUG somebody this week asked for help after his RH 6.1 box was cracked. Guess what, his install had left his machine running BIND (the version with the known exploit!), Samba, nntpd, ftpd (with anonymous ftp enabled!) and all sorts of other crazy things. Why in the hell does an installation for a home machine open all this crap? (It's the same for Slackware, and for all the other big distros). This is crazy and totally irresponsible.

    Item No.2: Where I work I'm in charge of security and we get our daily ration of port scans and such. Ocasionally I discretely run nmap back at the source. Granted I don't do this always, but when I do the fact is that the vast majority of those machines turn out to be running Linux and are wide open, listening on all sorts of ports that home machines have no business listening on.

    Linux is becoming more popular; and that's wonderful. But in the short term this just means that more machines are sitting ducks, really. The way the default installations leave the machines so open it's a sad joke, combined with more high-bandwidth connections means that there are more potential slaves out there for distributed DoS and it's incredibly easy to break them wide open without the owner ever noticing.

    And I don't care if Windows is even easier to crack. That's a f*ing lame excuse. If we're committed to Linux we should react to stories like this by asking "what can Linux do to avoid being part of the problem"? rather than shouting "BackOrifice, nyah, nyah!" or some other pointless diatribe. That's FUD in reverse and any Linux fan should be embarrassed for engaging in it.

    Hell, at work I've advocated Linux to the point where we're running many important servers on it, despite some reluctance of management (and a good amount of FUD from vendors who were cut out :-) )
    But I'm not talking about whether theoretically Windows is more crackable than Linux; I'm talking about what I see almost every time I take a close look at who's portscanning our firewall and most of the time it's a Linux box; and you know what? It's embarassing and there's no good reason for it to happen.

    The proper response, IMHO, is to petition the makers of all the popular distributions to adopt a closed configuration for their default install, with users having to explicitly open services after been given a short blurb on security and the risks of running unattended network daemons. That's more productive than wondering about a conspiracy that Microsoft could't pull off even if they wanted to.

  • No, they are just like a little kid that makes up stories for attention. They are not whining, they are lying! So there is a big difference. Microsoft will "get their faces kicked in" b/c they made up lies about the popular good looking kids, that are more mentally stable and secure with their surroundings (ie. Linux, Solaris).
  • by RNG ( 35225 )
    The high-tech industry has known since August 1998, he said, that Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders.

    I just love the fact that this guys blatantly says that Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. I really doubt there's much truth to this.

    Windows- based systems are not subject to this problem. Sure. I'll believe it when I see it. If the last few years have proved anything, it is that Windows (with it's executable macros, activeX programs and other integrated offerings) is much worse when it comes to security and stability. And now all of a sudden, Windows machines are immune and Unix type machines are vlunerable? Yeah, right. Next he's gonna try to convince us that the BSoD is really just a feature which secures the box by disabling (amongst other things) net accees.

  • PCAnyWhere costs lots of money and has a corporation behind it, which makes it respectable.
  • Nelson is my hamster. [frogbert.cx] He's an expert on computer securty and sunflower seeds.
  • This can't happen with Windows? Horseshit. The first hypothesis that came to mind when I heard about this DDoS attack was a Back Orifice module installed all over the place.

  • MSN was hit [zdnet.com] on tuesday though. The attack continued from 6pm until the next morning.
  • Don't you mean that you check for it on the 'default port'.. IE, that port number which any halfway braindead cracker would change.... Or am I giving these idiots too much credit for brains?

    Besides, who said that I meant NT?
  • Is that so?

    We had better get a module for BO2k quick, one that will do ping-floods and other DOS nastiness, especially one that can be triggered easily with a single UDP packet..

    Just for illustrative purposes of course, as we don't want to come out as if we are SUPPORTING such horrible things. :)
  • Whoa, I finally managed to fully read the thing..

    Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. No first name, no last name, no specific affiliation.

    It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)

    So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.

    My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him the instruction (and flames) he so richly needs. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.
  • Whoa, I finally managed to fully read the thing..

    Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. We don' know if its a first name or a last name, and there is no specific affiliation.

    It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)

    So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.

    My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him/her the instruction (and flames) they so richly need. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.
  • People are more apt to jump on a bandwagon to bash Microsoft for no reason whatsoever than to take free beer.

    Utter bullpucky. Your logic is dreadfully flawed. I'd take the free beer, first, every time, and I'm sure most /.ers would too. Plus, it's easier and more fun to bash Microsoft with a few free beers under the belt. Burp. But, even so, the phrase "Microsoft Office 2000: FREE with the purchase of six-pack" has TREMENDOUS appeal. Make it a case and I'll even install it.

    "C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off."

  • Just to give the good Commander a little benefit of the doubt, he clearly indicated that the words on the header were someone else's words, and labeling this as from the "you-gotta-be-kidding-me dept." shoud have been fair warning.

    Also, as someone who works on NT as well as other OS's, there is no reason why such attacks cannot be mounted from MS OS's. It's just that the set of tools that apparently were involved in this set of attacks work on Solaris and Linux boxes. For example, another similar attack strategy, IIRC, has been identified for Macs running OS9.

    The main point of the post is dead on -- the problem is large numbers of unneccessarily insecure machines on the net -- in this case *nix boxes -- that act as hosts or agents for staging the attack. CERT has been warning about this general topic for many months, with specific warnings [cert.org] about just this kind of technique using the tools (TRINOO and TFN2K) now suspected. There are specific things you can do to prevent your servers hosting this kind of attack, but too many sites have not carried out these safeguards -- and this week has proved it. Ingress filtering and better packet filters on the backbones will cut back on smurfing, but there are ways around that. If you are a sysadmin, and you are not monitoring the CERT current activity page [cert.org] as well as others, subscribing to some of the appropirate mailing lists and keeping your systems up to date accordingly, this will keep on happening, and Microsoft has nothing to do with it.

    Paranoiac whining will not get us anywhere.

  • For the record:
    • No, I don't think Micros~1 orchestrated this. They are certainly delighted by this article, though (and maybe even wrote part of it -- THAT would not be surprising).
    • Solaris and Linux are insecure? Yes, but large DoS attacks could be done just as easily (more easily, in fact: see the BO2K post above) from insecure WinNT and Win95 machines connected to the Internet. Hey, as far as I know, Back Orifice 2000 was released first under WinNT, right? One should also remember that Yahoo was one of the first site targeted... and everyone knows that Yahoo runs FreeBSD (No flame, please!).
    • Even if Solaris and Linux are to blame for the recent DoS epidemic, they can be secured much faster and much more completely than said WinNT servers. Remember, it only took a few hours to get a patch for the Linux "Ping of Death" IP stack attack. Now that the nasty crackers have got sysadmin running for cover, expect a soon-to-be-released-patch to correct this DoS issue.
    • Finally, something that should be pointed out: DoS are a pain in the neck, but they do not compromise the security of credit card numbers (for instance). They just prevent the services offered by the target from being accessible. Yahoo was back online in a few hours and I fully expect all web servers running Open Source (whether *BSD or Linux) to survive this with minor inconvenineces at worst. Solaris and Windows NT are another matter entirely of course.
    So the verdict is: this article is clueless FUD (surprise! surprise!). WinNT is insecure. Linux and Solaris are more secure. OpenBSD is secure by default. So there. Of course, this opinion is only worth what you paid to read it.
  • Mentioned on /. a few months back that allows ANY Mac to act as a Tribe-like client - Appole announced a fix but you can bet that it didn't get applied to 90% of the machines that loaded MacOS9 ... rumor also has it that other people who got their TCP stacks from the same source Apple did (I heard HP? - but beware 3rd hand rumors) have had this bug for a lot longer - Apple was a pretty late adopter

    Personally I'm just waiting for the Windows virus that infects, announces itself to it's master, then lays dormant untill required .....("what do you mean 'every PC on every @home net in the world is pinging us ...'") - it's an obvious way to get a Tribe-style resource that's an order of magnitude or two greater than you can get by hacking a bunch-of Linux/Unix systems

  • Ask yourself why only Linux or Solaris?

    Because no one in their right mind is going to trust a uninsulated Microsoft box with a pipe big enough to attack over! Linux, BSD, Solaris; They're all just fine in a sea of packets, PIX-less. Windows 98, NT? Better put 'em behind a firewall, or else some three-year old malformed packet bug is gonna get em!

    The hackers realized a Win32 client would be useless; Why hasn't this journalist, a so called 'expert' (No doubt in looking like an ass in print)
  • Sorry if this is redundant, but I hadn't seen it noted yet. Score one for the community.

    Due to flagrant inaccuracies this article has been pulled and is being re-written.

    Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

  • CmdrTaco didn't suggest that Microsoft had a hand in the attack. The person who submitted the story did. Pay attention to the italics. CmdrTaco didn't comment at all.
  • Remember that many cable modem providers were freaking out just recently because Windows systems hadn't disabled file and printer sharing and spammers were putting files in their startup group that would allow them to use the system as an smtp proxy and send spam. I recieved a message from Road Runner advising me of the issue. Of course, I have a Linux firewall so I'm not exactly vulnerable.
  • This seems to be a case of traditional boilerplate story forms used by the journalists. Such a story would look like:

    • A major computer attack happened
    • when (today). It has attacked notable victim machines (yahoo). What is unusual about this attack is, unusal feature (indirect distributed source). This attack specifically uses code for vector os type (*nix). It is triggered by vector transmission method (daemon install). Due to the nature of this code, the attacks of this form cannot come from other familiar os types (win, mac).

    It's not journalism to then state the speculation that OTHER potential code could do exactly the same thing on the other familiar OS types. Editors would possibly see it as a liability to state it; Dan Rather doesn't explain HOW to improve a weapon. Such speculation is punditry and analysis. Of COURSE it's true that Windows and MacOS and BeOS and PalmOS and anything else can be compromised. It just takes a change to the virus/trojan mechanisms.

    "Virus" is an apt analogy. It depends on a specific sort of host. You don't catch the flu from your cat, but there are viral infections that specialize on either species. You can catch some diseases inter-species, but it requires the two species to have something in common which the virus can exploit.

  • They're just like a little kid, ratting on their kid brother. 'Hey mommy, guess what Johnny did!'. The same kinda kid who'll get his face kicked in behind the school during recess. The more Micro$oft lies and points fingers, the more people will get tired of hearing them whine.

  • I was hunting for some decent protection (yeah, I know, too late) for my dedicated machines and I came across ZoneAlarm 2.0 [zonelabs.com].

    Has anyone used this? (It's a Widows Only deal)
    Does anyone know of a better freeware solution? (Question open to ALL operating systems)
    Thank You.


  • Daily News Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. February 11,2000 11:17:00 AM PST
  • by heller ( 4484 ) on Friday February 11, 2000 @10:55AM (#1285106) Homepage

    Here [nacs.net]


  • They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.
  • by FreeUser ( 11483 ) on Friday February 11, 2000 @10:36AM (#1285108)
    Computer Currents has yanked [currents.net] the story, complete with apology for the inaccuracies:

  • by AaronW ( 33736 ) on Friday February 11, 2000 @07:46AM (#1285109) Homepage
    There are detailed descriptions about how these attacks are being executed at Dave Dittrich's [washington.edu] web site. It looks like there are numerous vulnerabilities in both Red Hat Linux 6.0 and in Solaris that were exploited for this bug.

    Linux, Solaris, or Windows is only secure if the system administrator constantly applies the latest security patches, and how many of you actually do that? The only way to prevent this sort of attack is being vigilant about security on all machines on your network.
  • by CormacJ ( 64984 ) <<moc.liamg> <ta> <yehguagcm.camroc>> on Friday February 11, 2000 @07:34AM (#1285110) Homepage Journal
    I think someone needs to have a word with this guy. Usually these attacks are done with custom written programs, not a OS.

    Any OS with an IP stack can be used for these attacks.

    This guy is hyping a fear for the clueless so that these upper management people will rush out and buy his "software".

    He's mixed up worms, viruses and DoS in one big muddled heap.

    I would not even think about touching this protection software, if this is what they say it can fix.
  • by Hrunting ( 2191 ) on Friday February 11, 2000 @07:36AM (#1285111) Homepage
    You claim the article is sensationalistic?! Hell, I can't believe this post made it through the editors with its sensationalistic undertones. I see one line that says the code can't run on Windows. It's absolutely right. What these people are looking for is a daemon that runs on Unix systems. I don't see Microsoft's hands in here manipulating the story and I don't see an over "Linux/Solaris is bad" undertone either. What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.

    And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines. If you've got proof, fine, post it. But don't say it because you didn't like the fact that someone pointed out that poorly managed Unix systems were the starting point for a massive web attack. Basically, the Unix community just got slapped in the face for being so complacent about the security of their systems. That's it.

    I really thought Slashdot was above this sort of thing.
  • by RAruler ( 11862 ) on Friday February 11, 2000 @07:35AM (#1285112) Homepage
    Okay, lets see.. we've blamed
    A) Packet Monkeys, Script Kiddies, Crackers
    B) The Government, NSA, CIA, FBI
    C) Microsoft

    The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON*
    Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*

    So, it appears the whole thing has been orchestrated by the Microsoft-Jewish-Communist-American Government-Echelon-Media and it is the first step in a global stranglehold on free speech where Bill Gates reigns supreme.
  • by ucblockhead ( 63650 ) on Friday February 11, 2000 @07:46AM (#1285113) Homepage Journal
    I'm a WindowsNT programmer with a moderate amount of TCP/IP experience. I'm certainly no IP expert. The only "cracking" knowledge I have is what I've read in various places, including the risks digest, and others. I'm pretty damn sure I could do this on a Windows box.

    All it would take would be to take advantage of any of the numerous holes that have allowed people to run arbitrary code on a windows box. Sure, many of these have been fixed, but I know the Windows user community. Lots of those machines are run by people with no clue.

    Hell, my own machine would almost certainly succumb. I'm tempted to try. Good thing it is behind a firewall.

    Were I to actually do this, I'd throw up some website somewhere, with an invasive ActiveX control, and throw some porn on it. I'm sure I'd attract enough suckers run a DDoS attack. And once that code is one their machine, the rest is trivial. Basic sockets programming. The "hard" part would be doing it in such a way as not to get caught, but I am pretty sure even that would only require a few days work and access to a public machine.

  • by ucblockhead ( 63650 ) on Friday February 11, 2000 @07:55AM (#1285114) Homepage Journal
    They didn't say the code didn't run on Windows. That would have been correct. What they said was that Windows machines aren't vulnerable to this sort of attack. That's a crock of shit.

    All a Windows version would need is "ActiveX" + "IP Stack" + "Thousands of cable modem and DSL systems managed by unknowledgable users".

"I shall expect a chemical cure for psychopathic behavior by 10 A.M. tomorrow, or I'll have your guts for spaghetti." -- a comic panel by Cotham