Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet

DDoS for Fun and Profit 429

First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.
This discussion has been archived. No new comments can be posted.

DDoS for Fun and Profit

Comments Filter:
  • by EvilStein ( 414640 ) <spam@BALDWINpbp.net minus author> on Saturday January 25, 2003 @05:41PM (#5158769)
    Geez, Dalnet and EFnet are beginning to sound like Apple - they're *always* "going out of business" or something like that.

    Wait, the difference is that Apple is still on the net. Heh.

  • by WIAKywbfatw ( 307557 ) on Saturday January 25, 2003 @05:41PM (#5158771) Journal
    OK, I can see how some script kiddie might think that orchestrating a DDoS attack might be fun but how would he profit from it?

    Anyone?
    • by Anonymous Coward
      1. Orchestrate DDoS
      2. ????
      3. Profit!
    • by Anonymous Coward
      its all about their ego, no real life or real life issues to be compensated with non real life actions.
    • by Anonymous Coward on Saturday January 25, 2003 @05:54PM (#5158837)
      I believe the news clipping was labeld in such a way to make a play off Aleph1's famous phrack magazine article describing buffer overflows, which was titled "Smashing the Stack for Fun and Profit".

      za
    • by TheTomcat ( 53158 ) on Saturday January 25, 2003 @06:02PM (#5158871) Homepage
      Hypothetically, say there were two major on-line auction sites. We'll call them auction.example.com and sell.example.com.

      auction.example.com might want to attack sell.example.com's servers -- more business and credibility for auction.example.com (unless they get caught)

      ----

      If, hypothetically, I run a brick-and-mortar specialty store (I sell cheese). I notice business dwindling off. I survey some of my customers and find out they're buying their Gouda from cheese.example.com. Attack the site, or the whole 'net: get customers back.

      ----

      However, I suspect this new worm's ("Bill's Tapeworm" as I heard another slashdotter call it) DDoS payload was a side-effect and likely accidental. The worm is trying to reproduce, and the DDoS seems like an unintended payload (after all, if the work can't get to another target because of network congestion, it can't infect it (UDP packets DO get dropped in such situations)).

      S
    • by tigris ( 192178 )
      Not script kiddies. Content Providers. Just think about all those movies and music being traded for free without a single dime going to the big conglomerates.

      Must be driving them nuts.

      Wouldn't surprise me in the least if they've moved beyond rhetoric to action.
    • Maybe this was started by a security company. Then people come to them looking for the patch. Then the security company charges for the path == profit.
    • how would he profit from it?

      Extortion; Blackmail.

    • It's quite a simple and obvious scheme really. The RIAA has hired someone to build this virus which effectively DDOSes the entire 'net. All of the P2P filesharing networks slow to a halt, and suddenly all of those people who were planning to download + burn the music for their superbowl party tommorrow have to actually buy it.

      Actually, it wouldn't surprise me *too* much to learn that this is the case...
  • by Chaltek ( 610920 ) on Saturday January 25, 2003 @05:43PM (#5158782) Homepage
    from the conspiracy theory dept.:
    Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.

    ~Chaltek
    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday January 25, 2003 @06:24PM (#5158963) Homepage Journal
      Personally I think that the DoS against DALnet is actually an attempt to harm efnet. See, the DALnetters are all flooding into channels on efnet. In fact since DALnet has come under fire many efnet servers have started limiting you to five (!) ban slots. FIVE! So the signal to noise ratio has gotten worse on efnet, yet we have less tools to try to solve it with.
    • Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.

      If I was going to get into conspiracy theory, I'd point the finger at any of the various commercial "Messengers" (AOL Messenger, Yahoo Messenger, MSN Messenger, etc.) before I'd point at the *AA's.

      People addicted to chatting WILL pick up one of the other chat venues if IRC is not available which means more eyeballs for the ads that support those venues.

      File traders already have other means: KaZaa, et. al.

  • DDoS (Score:3, Funny)

    by teamhasnoi ( 554944 ) <teamhasnoi@yahoo. c o m> on Saturday January 25, 2003 @05:45PM (#5158790) Journal
    like when Apple started charging for .mac services.
  • by leprkan ( 641220 ) on Saturday January 25, 2003 @05:46PM (#5158793)
    I would put money on it that tommorow will be the generally fastest day of the internet all year (not saying much it's january). Everything important will be patched, and all the home pc owners that don't know jack about computers will say, "I don't want to catch that virus I heard about on the news, I better wait a day untill it dies down". Thus more bandwidth for everyone else.
    • And... (Score:2, Funny)

      by Anonymous Coward
      The Super Bowl will be on.
    • 1.2 Megabits / s (Score:3, Informative)

      by bstadil ( 7110 )
      Seriously. It is MUCH faster today than normal. At least here in Dallas. Here is Result from Speedtest [bandwidthplace.com]

      1.2 megabits per second

      Your raw speed was 1156090.51 bits per second which is the same as:

      Communications

      1.2 megabits per second How communication devices are rated. Kilo means 1,000 and mega means 1,000,000. Examples include 56k modem and 10Mbit Ethernet

      Storage

      141.1 kilobytes per second The way data is measured on your hard drive and how file sharing and FTP programs measure transfer speeds. Kilo is 1,024 and mega is 1,048,576. 1MB file download 7.3 seconds The time it would take you to download a 1 megabyte file at this speed.

      Rating

      Compared to all connection types worldwide, yours is fantastic

    • Today has been plenty fast for me. I haven't noticed any problems yet (well, other than not being able to register Visual Studio .NET, is there a crack out there?). The internet really is quite resilient.
  • huh (Score:4, Funny)

    by pummer ( 637413 ) <spamNO@SPAMpumm.org> on Saturday January 25, 2003 @05:46PM (#5158794) Homepage Journal
    why would they use online voting when they could simply use chad-laden punch cards??
    • Because the NDP probably thinks that's too old fashioned. They're trying to be 'hip' nowadays, ie Jack.
  • i don't get it (Score:5, Insightful)

    by pummer ( 637413 ) <spamNO@SPAMpumm.org> on Saturday January 25, 2003 @05:48PM (#5158809) Homepage Journal
    microsoft can't even secure their own servers? How can we expect their OS's to run securely on our servers?
    • Re:i don't get it (Score:5, Interesting)

      by anubi ( 640541 ) on Saturday January 25, 2003 @06:13PM (#5158919) Journal
      I think the psychology is kinda simple:

      You know how it is if you hire somebody *else* to paint your house? There is usually a heckuva lotta stuff you would have done differently because its *your* house.

      But if you paint the house yourself, it takes a heck of a lot longer than you dreamed, but it's done right - to your exact satisfaction. You know everything about it - and if anything goes wrong, you know exactly how to fix it.

      There's a big different between *yours* and *someone-else's*.

      I feel the same about OS.

      If its really not all that important, I will go with whatever gets the job done quickest.

      But, if my life or reputation depend upon it, I need to be secure in my knowledge that I know exactly what I am doing - for it is I and I alone which must take responsibility for the outcome.

      I think a lot of it is like choosing rope - if you are a shopkeeper, you may choose a rope based on its markup and profit potential, but if you are a mountain climber, you probably choose rope based on a completely different criteria.

    • ...because no other OS has ever had an exploit. this is far-reaching because of wide-spread use, not because it's any more hole-ridden than any other OS. sign up to a few various security lists and marvel at the filling of your inbox.

  • by Anonymous Coward on Saturday January 25, 2003 @05:49PM (#5158812)
    This is from HardOCP.com [hardocp.com]:

    It's 2:20 CST and I'm trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can't logon without activation.

    Except, I CAN'T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)

    ** Routine maintenance **. I mean, I asked: I said

    "You don't have some little stand-alone machine that reads a DVD database so you could stand in line and do it?"

    "You don't have a couple hundred "last resort" number ranges? You can call me back tomorrow!!!"

    "There's not some guy you can go ask? Ya can't call Bill at home?"

    So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.

    But, I'm still seriously pissed. Call 'em at 888-571-2048 and try for activation.

    And let's think about the true meaning of the fact you can't release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about "routine maintenance" on the 24.7.365 activation promise...

    Well, on to the next job...
    • So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.

      If the work is that important, why do you not have a backup machine with which to perform the task? Rather ironic that you're lambasting Microshaft for having no backup system when you yourself have none.

      Disclaimer: yeah, yeah, I know it's pretty poor that M$ doesn't have any kind of backup activation facility, but just playing devil's advocate a little.

      • by moncyb ( 456490 ) on Saturday January 25, 2003 @06:56PM (#5159091) Journal

        Are you saying he should have 2 computers when he only needs one???? Not everyone can throw around money.

        The Microsoft servers are a different story. They should have lots of backup systems running because they serve millions of people. Not to mention this is caused by a security flaw they carelessly created.

        This guy is hardly being hypocritical.

    • by handsomepete ( 561396 ) on Saturday January 25, 2003 @06:08PM (#5158901) Journal
      I've been given the 'routine maintenance' runaround on non-mssql bombing days twice. About 8 months ago they told me I wouldn't be able to activate for at least 24 hours because of 'routine maintenance and a database upgrade'. Activated two days after. 2 months later I called about 3am CST and was told that during that time is when they do their 'routine maintenance'. When I got them during a good time after that, the operator (poor guy) hassled me about my re-activating. Even after I told him that I just changed out some hardware on the same computer, he insisted on telling me that I couldn't install XP on a second computer (as in he didn't believe me). After a 10 minute conversation he finally gave up and gave me activation, but with a stern warning ("Well, just remember that this is the third time you've activated this copy in 6 months").

      2 months after that I left Windows for good and latched on to Linux. So far I haven't had to call my distros for product activation, so I'm happy.

      (Disclaimer: Linux isn't for everyone, not preaching, just my experience, yadda yadda yadda...)
    • This sort of thing is precisely why I will never run XP on any of my own computers. If I have to run a Windows program, it will be on Windows 2000. When new software stops supporting that platform I hope to have already switched everything over to either my Mac or Linux boxen.
    • Next job?

      Apple Retail Store, pick up a nice new iBook or PowerMac.

      Or Partition drive and start installing Linux.

      StarTux
    • First, this repair/upgrade sounds more like a different computer. Second, XP allows three changes every 120 days. Finally, SP1 gives you a grace period if you deactivate your product with changes to your system. You either didn't update your computer to the latest service pack (which came out a while ago) or you waited until the last minute. No sympathy from me.
    • er, wait a minute....
      This question may sound a bit dumb, but "You have to activate XP for a freakin' *hardware* upgrade???"

      Damn....

      In order to explain the "dumbness" of my question: I switched to linux *exclusively* 6 years ago. I am SO glad I did that after reading all this...
  • by Anonymous Coward
    "Korean computers were cut off the net"...

    Pity that they will be reconnected...
  • Dilemma (Score:5, Funny)

    by Anonymous Coward on Saturday January 25, 2003 @05:52PM (#5158824)
    So torn...should I damn Microsoft for providing easy replicative means to fuck up the net all day, or thank them for providing the means to disable the XP activiation servers?

    When your enemy is their own worst enemy, does that make them your friend?

    Head...aching...
  • Right. I've had enough f this crap.
    But all this rage can go nowhere - you can't do anything about other people's stupidity - it's just so frustrating.

    Are there any SK's reading /.?

    Reply to this, anonymously if you must, and please give me some insight into what is so amusing about destroying the hard work/livelihood of others for 0 gain on your part? I just cannot understand the motivation to do so. It's like tagging - pointless destruction of property that achieves nothing.

    I guess if I thought for one second people might think about how junky most MS product offerings are, and replace them with high quality Open Source or Free software, I might see a point - but no one ever seems to.

    Sigh. So. Very. Depressed.
    • Power. (Score:5, Insightful)

      by Second_Derivative ( 257815 ) on Saturday January 25, 2003 @05:56PM (#5158846)
      Feeling of power basically. They want to be "ph33r3d" and to run DalNET (or whatever else) into the ground would make them the most powerful people on DalNET because they have power over everyone else and the network is completely at their mercy.

      That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.
      • Re:Power. (Score:3, Insightful)

        by ez76 ( 322080 )
        That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.
        As a sociological phenomenon, power-tripping is hardly limited to the Internet.
    • Well, if those that ran Dalnet didn't allow kiddy porn channels on their net perhaps they would not be attacked so much.
    • Even the script kiddies are, for the most part, pretty pissed off. I spent quite a fair amount of my childhood in script-kiddie chat rooms, and going out and meeting up.
      The majority (as in everyone that I've met) has always tried to be non-destructive. There was one kid who hacked a server and panicked when he didn't know how to fix up the logs and instead wipped the machine. He got shunned and banned from the chat rooms.
      One reason, from a cold and practicle point of view, is that nobodies wants to piss off anyone important for fear of retribution, and plus the idea is to have servers that you can use to download stuff on, and use for private irc servers etc.

      Doesn't answer your question sorry, but I just wanted to point out that even in the 'hacking' world people are pissed off and annoyed by this.
      • It helps though - much better than the typical /. amateur psychologists and apologists that usually reply. At least it's an honest answer based on personal experience, which is what I was after. Thank you.
        • by JohnFluxx ( 413620 ) on Saturday January 25, 2003 @06:52PM (#5159069)
          Just one quick point I forgot to make...
          Note that hardly any of viruses, worms, etc cause any real damage. Imagine the harm you could do if you really wanted. Imagine if code-red wiped the drive. Imagine if this SQL worm spread really slowly and randomly modified the SQL database. If it wasn't detected for ages, yet had slowly deteriated the database over a matter of months hence rendering backups next to worthless.

          • Imagine if this SQL worm spread really slowly and randomly modified the SQL database. If it wasn't detected for ages, yet had slowly deteriated the database over a matter of months hence rendering backups next to worthless.


            In that case, I believe the correct term is Service Pack. ;-)
  • by Maditude ( 473526 ) on Saturday January 25, 2003 @05:55PM (#5158840)
    Heh, looks like it took out a big portion of Bank of America's ATM (cash) machines! [washingtonpost.com]
    Link

    I can't believe that BoA has their ATM's on the internet -- anyone know more about how it got to their ATM network?
  • by seanadams.com ( 463190 ) on Saturday January 25, 2003 @05:57PM (#5158851) Homepage
    I didn't get any spam today... can you guys do this DDOS thing more often? :)
  • Self-destructive (Score:5, Insightful)

    by mu51c10rd ( 187182 ) on Saturday January 25, 2003 @05:59PM (#5158857)
    I do not believe the people responsible for such attacks realize they are being self-destructive. The only end goal of such actions is not to increase security-mindedness in the computer world, but rather scare the normal users, the public, from ever touching the Net. Without the users, companies will be stretched to find the cash to keep up the backbone structure and I am sure it would fall apart. The media hypes anything that is detrimental to the public, including viruses, DDoS attacks, etc. This does nothing but a) scare users off the net 2) make the Net look bad to the public. So are all these kids out there pulling stunts going ahead with the goal of destroying the Net in mind? Even though that seems to be all they know? Interesting, work to destroy the only thing you know. Perhaps I should start a crusade to physically destroy computers too? My actions would teach people they do not *require* their computers to survive right? Just like taking down sites will serve to show people security vulnerabilities?
    • The media hypes anything that is detrimental to the public, including viruses, DDoS attacks, etc. This does nothing but a) scare users off the net 2) make the Net look bad to the public.
      So is it the **AA doing this DDoS?
  • DDOS attacks ruin the productivity of others. Whether it is microsoft, or any other site... Many people use WindowsXP in the world, much much more than the amount who use linux, and attacking the servers ruins the productivity of many businesses who rely on windowsXP to get work done.

    Sure you could say "Microsoft is wrong for HAVING this activation feature", but that is incorrect. Attacking ANY company's network is wrong, and very illegal. How would you feel if the servers you get open-source applications from were made unusable because someone attacked the network they were hosted on? This is the same thing.

    I hope the people who are responsible for this attack (which is technically terrorism) are thrown in jail. It will likely be a long sentence.
    • by DarkKnightRadick ( 268025 ) <the_spoon.geo@yahoo.com> on Saturday January 25, 2003 @06:07PM (#5158894) Homepage Journal
      You know, since 9/11/2001 it seems that every attack of any kind has been labled an act of terrorism.

      Those who start these DDoS attacks are seen less like your standard fare and labled TERRORISTs. I don't see them creating terror. Perhaps we should all take a look at this definition of terrorist from Merriam Webster [merriam-webster.com]:

      One entry found for terrorism.
      Main Entry: terrorism
      Pronunciation: 'ter-&r-"i-z&m
      Function: noun
      Date: 1795
      : the systematic use of terror especially as a means of coercion
      - terrorist /-&r-ist/ adjective or noun
      - terroristic /"ter-&r-'is-tik/ adjective

      Usama and his bunch are terrorists.

      The people responsible for this attack are more akin to electronic warriors. Whether or not they are right in their methodology OR targets makes them no more and no less. Yes, they are criminals, but I really don't think any such attack against any company that experiences so many can be called a "random act of terror". It's more like a concerted effort to destroy said company.

      Had they issued some sort of demand with a threat of physical violence, I'd change my opinion, but as it stands the people responsible are criminals/warriors.
      • by glwtta ( 532858 ) on Saturday January 25, 2003 @10:47PM (#5160024) Homepage
        oh, I guess you haven't seen the new one:

        One entry found for terrorism.
        Main Entry: terrorism
        Pronunciation: 'ter-&r-"i-z&m
        Function: noun
        Date: 2001
        : any activity against which more extreme measures are desired than current law permits. commonly used to argue that due process and public debate are unwarranted in this instance.
        - terrorist /-&r-ist/ adjective or noun
        - terroristic /"ter-&r-'is-tik/ adjective

    • by GigsVT ( 208848 ) on Saturday January 25, 2003 @06:09PM (#5158905) Journal
      I hope the people who are responsible for this attack (which is technically terrorism) are thrown in jail. It will likely be a long sentence.

      I seriously doubt Bill Gates and other Microsoft programmers will spend any time in jail at all over this.
    • How would you feel if the servers you get open-source applications from were made unusable because someone attacked the network they were hosted on?

      I'd hardly call VA's lack of a business plan an "attack" on SourceForge. :p
    • DDOS attacks ruin the productivity of others.

      Actually, anything that gets me away the Internet tends to increase my productivity substantially. I'm probably not unique in my lack of self-discipline, either. :-)

    • Sure you could say "Microsoft is wrong for HAVING this activation feature", but that is incorrect. Attacking ANY company's network is wrong, and very illegal. How would you feel if the servers you get open-source applications from were made unusable because someone attacked the network they were hosted on? This is the same thing.

      All true and valid points, sir. But this is Slashdot...we DDOS all of our favorite servers all the time! ;)

      And I do say that Activation is a Bad Thing (tm) but I agree that attacking any company's network is neither a valid nor legal form of protest.

      --K.
    • by Henry V .009 ( 518000 ) on Saturday January 25, 2003 @06:35PM (#5159006) Journal
      Post 9/11 Godwin's Law corollary: As a Usenet discussion grows longer, the chances of a comparison involving terrorism or bin Laden approaches one.

      I therefore declare this thread over and whatever ideas you meant to express discredited.
    • I hope they do too! This way we could chalk up one more point for Microsoft's money/marketing machine.

      Releasing so-called production-use software with exploitable bugs like this latest one is wrong, but unfortunately, not illegal.

      How would you feel if you were told by someone (who you thought was a reputable person) that the software you were buying was stable and secure then you install it and your main database has just crapped all over itself because of some skript kiddie?
      No need to worry! Your trusted vendor gives you a patch (after you pay service fees) and blames the hacker for the problem.
      Here's the kicker: Your vendor is a high-prfile one. Their marketing department tells the (cluseless) media the same thing: hacker's fault, not theirs. The media passes this along to the (usually cluseless) masses. Anonymous J. Hacker is blamed by all for the problems caused by the vendor's incompetence, while the vendor suffers very little PR trouble and has no insentive to be careful in the future.

      Which is worse to you? Somebody exploits a known bug, causing huge problems, or Microsoft releases dangerously insecure software, allowing the problems to occur in the first place?

    • (which is technically terrorism)

      Oh shut the fuck up. Even though I agree with what you said, please do.

  • ... this would be the most interest anyone has shown in this leadership race!
  • ISP's fault? (Score:4, Insightful)

    by YellowElectricRat ( 637662 ) on Saturday January 25, 2003 @06:21PM (#5158950) Journal

    When will the ISPs start getting off their respecitve behinds and start doing something about this? With the broadband ISPs subnets accounting for so much of the destructive power of these DDoS attacks, they have a responsibility to at least attempt to ameliorate their impact.

    It's not hard to set up simple routing rules to at least curb some of these attacks. Hell, a lot of ISPs still even route spoofed IP packets out of their networks - this is nowhere near acceptable. Realistically, there is no real application for a constant stream of ICMP traffic coming from a single node - there should at least be a maximum allocatable bandwidth for ICMP set at the ISPs gateway. Obviously UDP and TCP based floods are more difficult to manage, but throttling ICMP based floods would be a step in the right direction.

    All this is IMHO, of course - users have a responsibility to secure their machines, obviously, but it's going to be a hell of a lot easier to secure a few gateways and routers than a million home PCs.

    • Re:ISP's fault? (Score:2, Insightful)

      by fimbulvetr ( 598306 )
      I don't want to type this again, so read this:

      http://slashdot.org/comments.pl?sid=51243&thresh ol d=-1&commentsort=0&mode=thread&pid=5114080#5116092

      And go *(&( yourself.
    • Re:ISP's fault? (Score:3, Insightful)

      by raju1kabir ( 251972 )
      When will the ISPs start getting off their respecitve behinds and start doing something about this?

      Never, I hope. When nimda was going around, my DSL provider blocked port 80 and never unblocked it - and it's what, a year later now? That's resulted in my being unable to access my home computer from a variety of kiosks, etc., that don't allow selecting alternate ports.

      If the ISPs do anything, they should be setting up rules that catch probes from live worms and then disconnect the specific lines from which they originated.

  • Backend? (Score:5, Insightful)

    by new-black-hand ( 197043 ) <nik@@@techcrunch...com> on Saturday January 25, 2003 @06:25PM (#5158965) Homepage

    From http://www.msnbc.com/news/864184.asp [msnbc.com]

    Within a few hours, 25,000 back-end database servers had been infected, said Oliver Friedrichs, senior manager with Symantec Corp.'s security response team.

    If they where truly 'backend', they wouldnt of been infected. This is because of all those open and live MS SQL servers.

  • Ah...it all makes sense now. So it is quite likely that the NDP online voting difficulties were caused by the MS SQL worm, since the company, Election.com, used M$ Windows 2000 as their backbone. I just wish they had announced it earlier, so that I didn't have to stare into the monitor for half an hour just waiting to vote. No conspiracy theories of right-wingers trying to sabatage the election then ;)

    Which brings us to another interesting question: why didn't the NDP consider open source alternatives? Then again, they've hired Election.com to handle the whole process, so I suppose they couldn't really do much about it.

    • MS-SQL certainly wasn't the problem according to election.com's Earl Hurd. In a CBC TV scrum-style interview, he was quick to blame the problem on a malicious 'hacker' that had logged into the voting system. When asked by the media if such an attack could reoccur, he replied "unless the creative individual died in the last five minutes as a result of my evil thoughts, then there is a chance that another attact is possible".
  • Interesting site (Score:5, Interesting)

    by larien ( 5608 ) on Saturday January 25, 2003 @06:31PM (#5158987) Homepage Journal
    Well, my firewall's been getting hit with port 1434/UDP packets (>150 so far today), so I decided to have a looksee where they were coming from by doing reverse lookups on the IPs. Most seemed to be Europe (.de, .fr, .nl) and some .au, but I did notice one in... navy.mil.

    Seems the US military managed to leave an unpatched SQL server open to the world...

  • by jabex ( 320163 ) on Saturday January 25, 2003 @06:38PM (#5159013) Homepage
    I guess it's good that Kevin Mitnick has started his own consulting firm. Hmmmm.

    http://interviews.slashdot.org/article.pl?sid=03 /0 1/20/1254218&mode=thread

    Let me try my first profit post:
    1) Free Kevin

    2) Start Consulting Firm

    3) (cough... cough)

    4) Profit!

    Seriously - I'd hate to be Kevin Mitnick right now... There's probably 20 different gov't agencies all getting the warrants right now. "This much havoc can only come from ONE man!" Mwuwuwuwahahhahaha.
  • by g00z ( 81380 ) on Saturday January 25, 2003 @06:41PM (#5159022) Homepage
    Whoever might be thinking that this is just your typical round of script kiddies attacking dalnet is dead wrong. DALnet is in more that serious trouble -- for the most part it's already dead.

    As a DALnet vetran and an op of one of the top 20 channels (#80s-cartoons), I can tell you that almost all of the major channels have now moved to other networks for good. Ever since the begining of december we had outages that would last anywhere from 4 days to a WHOLE WEEK where no one could connect to a single server in the network.

    The gaul of some people is pretty amazing. Apparently, these current DDos attacks have been orchestrated by some one (or group of people) that are holding the DALnet network ransom and are demanding that dalnet pays them X amount of money to stop the attacks. Mind you, these attacks have been going on for about 2 months now, and these people still aren't in custody of law enforcement. It just goes to show you that the only thing that seems to get the FBI involoved in computer crimes is corporate cash. I guantee you if such an attack was launched against a commercial website, the feds would snag these fools within one day; But since this is a non-profit organization, they seemingly don't give a shit.

    A lot of the big channels from DALnet have gone to EFnet. The irony in this is quite painful (Since DALnet was initaly formed by disgruntled people from EFnet trying to escape shitty service in the first place.)

    One plus about leaving DALnet on to greener pastures has been zero PM spam on the new networks at least. Well, for now.
    • It just goes to show you that the only thing that seems to get the FBI involoved in computer crimes is corporate cash. I guantee you if such an attack was launched against a commercial website, the feds would snag these fools within one day; But since this is a non-profit organization, they seemingly don't give a shit.

      Not true - EnterTheGame (an IRC network with ~10K users) had some attacks this summer, but they eventually tracked down the attacker and he was raided by the FBI - see the press release [enterthegame.com].
  • I don't like that one of the linked articles suggests an end of IRC. Any server can be DDoS'd and there's nothing that makes IRC more vulnerable than any other service being provided. In general, the IP addresses of hubs are hidden from ordinary users, the the worst damage that can be done is taking some client servers offline.

    Yes, the kiddies get large botnets, but that doesn't mean they win. There were times a few years ago that most EFnet servers were offline for days, and that EFnet logs many servers during that time. But the kiddies were never able to destroy the network, and it's come back stronger than ever. If anything, the kiddies didn't hurt the network, they made it better. There's a chanfix, inspired by the attacks, to restore opless and some taken-over channels. This goes a long way to preventing attacks. Most of the EFnet attacks were motivated by channel disputes.

    Undernet has hid which server a user is connected to and has disabled commends such as /links. There's now a +x mode which if a user is logged into X/W, hides the user's host.

    Where I'm going with this is the best IRC networks generally survive the attacks and are stronger in the end. I don't think an attack on Dalnet is the end of IRC.

    While I'm no expert on this, as a longtime user of IRC, in the past couple years I've seen a huge rise in the number of users who send you a website to visit upon joining a channel. Some networks take the steps of helping these users remove the trojan, or removing them from the network. On the other hand, some networks do nothing to solve these problems. If these are the same trojans that provide DDoS bots, opers could be doing a lot more to track down and solve the problems. I, for one, often report these to EFnet opers, and the opers are almost always quick to remove the user from the network.

    What's my point in all of this? With some common sense, some coding skills, and opers who are willing to help, a network can solve a lot of its problems. If EFnet and Undernet managed to overcome DDoS attacks many times in the past, one wonders why Dalnet wasn't able to.

    And the end of Dalnet doesn't mean the end of IRC. Other networks are better prepared to deal with this sort of thing, and can survive much more than Dalnet has. While the article raises valid concerns, it's written from the standpoint of someone who doesn't seem to know much about other networks.

    Anyway, I hope Dalnet doesn't just cease to exist. Somehow I doubt it will, though.
  • by hebble ( 35128 ) on Saturday January 25, 2003 @06:44PM (#5159037)
    "The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center."
    I swear, sometimes it seems like Bush is playing through Deus Ex really slowly, jotting down policy proposals as he goes.
  • I swear it wasn't my fault. Hans Blix told me that he couldn't find any worms on my SQL Server.
  • Microsoft liable (Score:2, Insightful)

    by smoondog ( 85133 )
    I realize that this may seem silly, but I still don't get just why M$ isn't liable for at least some of these damages. They release a compromisable product, they sell said product, they quietly release a patch of said product, then worm kills said product. I'm sorry, but the costs of releasing buggy code (particularly at M$) are so high that it is more reasonable to have harsh punishments to companies that release said code than to waste energy finding kiddies who will always exploit holes.

    -Sean
    • by io333 ( 574963 )
      I don't agree or disagree with you, but say some free open source linux product being worked on by volunteers allowed the same sort of problem to happen. Who would you suggest should then be liable?

      Isn't this kind of like blaming firearm manufacturers for a murder when some dirtbag kills someone?

      What about auto manufacturers that build cars that can be stolen? Should they be liable when someone steals the car when it could have been protected by requiring the owner of the vehical to punch in a 47 digit code to operate it?
  • DALnet (Score:5, Informative)

    by lvdrproject ( 626577 ) on Saturday January 25, 2003 @07:05PM (#5159144) Homepage
    This is the first i've heard about the other two stories-within-the-story here, but DALnet has been the constant bane of people wanting to get things done (and/or chat) for quite some time now. The DDoS attacks have been going on for a long time, but they really came to a peak a few months ago, where it became extremely difficult to stay connected to DALnet for more than a few hours at a time (at which point you would have to reconnect, usually to a different server, since the servers seemed to just take turns dying).

    There have been at least two, possibly three or four, occasions where DALnet just shut down completely for a period of at least a few days (this latest one being in the range of like a week). After the first "big" DALnet shut-down, it seems a lot of channels moved to other networks; most of these channels have even gained numbers. Seems even if DALnet does return, a lot of the channels that left it will stay on their new-found networks. The few anime channels that came back to DALnet are very slowly gaining back their numbers, but they're nowhere near the levels they used to be. As of right now, the highest count is 51 users, which is really low for a DALnet anime channel. Highest warez channel count is 68, which is also really low for a DALnet warez channel. And even the MP3 channels, which probably were some of the biggest channels on DALnet, have lost major numbers. I seem to remember them being in the area of like 600+; current count is 166. So yeah, DALnet has really been taking it in the ass.

    General consensus around the parts i hang out seems to be that losing DALnet wouldn't be such a bad thing. We'd all move our channels to other networks, and be done with it. Chat channels would really love EsperNet or IRCnet, and warez/MP3/ISO/PlayStation/etc. channels have a half-dozen networks to choose from, most notably EFnet (though i despise it). Anime channels would thrive on Aniverse. DALnet was great, but, unless things see a really dramatic improvement, i think there are many that would agree that it needs to be put out of its misery as soon as possible.

    What has made this all really lame has been the fact that DALnet hasn't really said anything about this. Their eZine (the DALnetizen) has truly been the opposite of helpful throughout this whole ordeal. It seemed as though DAL was almost oblivious to what was happening. There would be a paragraph about Christmas, a paragraph about the benefits of PHP, a paragraph about poems, a paragraph about some new op or something, and then tucked away in a little corner would be a little sentence or two along the lines of "ps dalnet si getitng ddosed pls bare w/ us thx". After this most recent attack, however, they've started to get their act together a bit, and have posted a lot more information regarding the situation. Information can really be helpful to their users, if they want to keep them.

    Also not helping the situation are rumours(?) to the effect that the DALnet administration has resorted to childish finger-pointing, and have pretty much detached themselves from each other. DALnet isn't really doing a very good job of assuring its user base that it'll be alright. :/ Hopefully, if DALnet is to survive, this will be remedied.

    And, finally, the biggest blow to DALnet has been the de-linking of several of its (best) servers. Almost all of the "good" servers, the ones that everyone had as their first picks, have disappeared. Even the "fall-back" servers seem to be gone. Evidently DALnet is picking up a few new (or renamed, maybe, i can't be sure myself) servers, even in light of the attacks, however.

    So DALnet's fate is really unknown. No one can be sure, but for now it's functioning, at least in the sense that it has the ability to carry users. Who knows, though, it could be down again tomorrow.

    • General consensus around the parts i hang out seems to be that losing DALnet wouldn't be such a bad thing.

      Hm, some group of people is attacking the largest IRC network, presumably with the intention of bringing it down completely. Should they succeed, how good is that really for the other IRC networks?

  • Yeah, see, I just tried activating my copy of Office XP since I swapped in a new system board (old Abit BM6 suddenly died after 3+ years of rock solid service), and it wouldn't connect to the servers.

    So, I did the thing any self-respecting geek would do. I download OpenOffice.org, and uninstalled Office XP. So, as you can see, software activation is a good thing for open source software, as it drives users like myself away from MS products. ;)

  • by Geek Boy ( 15178 ) on Saturday January 25, 2003 @08:13PM (#5159475)
    Many stores, including Holt Renfrew, were unable to process credit card, credit, debit, or any other forms of electronic transactions today due to their central database being down. When will they learn?

  • Canadian Voting (Score:3, Informative)

    by RobinH ( 124750 ) on Saturday January 25, 2003 @08:52PM (#5159603) Homepage
    For those who don't know, in Canada we still use a pen and paper voting system -- not even punch cards. This vote was specifically for the leader of a political party, so I believe it was run by the party, not by Elections Canada. [elections.ca] For me, these problems are evidence that we should stick with our proven voting methods until we're much more confident in electronic voting systems (if ever).
  • by MrRudeDude ( 450053 ) <mr_rude_dude@yahoo.com> on Saturday January 25, 2003 @09:44PM (#5159795)
    and in addition to needing to piss and shit like crazy, I just became too paranoid to go to the bathroom.

    That set me thinking -- windows XP activation is 30 days, right ? If you don't activate, what happens in 30 days ? It demands you activate or it locks up.

    How many people when installing or starting up a new computer for the first time ignore the activation because they've got to try it out right now ? A lot. What day was 30 days ago ? December 25th. What day probably features more people opening up new computers than any other ?

    Perhaps they didn't try to attack the activation servers specifically, but simply thought of bringing down the net to stop the wave of Jan 25th activations, and got the activation servers as a lucky bonus.
  • The sky is falling! (Score:3, Interesting)

    by Robotech_Master ( 14247 ) on Saturday January 25, 2003 @09:54PM (#5159833) Homepage Journal
    This morning, I burned my last two CDROMs into coasters and needed to get more...so I headed over to the bookstore on the college campus near my apartment, figuring that even if I had to pay a little more for one or two CDROMs there, it would be less bother than driving across town to Best Buy. I arrived at opening time...to find the bookstore completely dark. I knocked on the door, and one of the student workers came out and explained that the university had taken all its computers off-line today because of a "big computer virus attack" that hit last night. "You might see something about it in the news," said worker said sagely. "It was world-wide." And so the bookstore was closed. And they couldn't sell me a single CD-ROM.

    I ended up going up the street to Walgreen's and getting a 10-pack there...for probably what 2 or 3 blank CDROMs would have run me at the campus bookstore, so I suppose I can't really complain too much that university stupidity saved me some money. It was extremely annoying at the time, though.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...