Domain: matrix.net
Stories and comments across the archive that link to matrix.net.
Comments · 19
-
Net packet loss
I've noticed that the net seems to have been particularly slow recently. Checking on Xaffire Inc.'s Internet Average it's obvious that there are a few problems. Could this be a combination of the various DDoS's occuring at the moment and the recent worms?
-
matrix.net
Due to all these viri and ddos's over the last month the reachability index at xaffire has been pretty rocky. Fun to watch though.
-
MIDSMIDS shows drop offs in their
weekly & monthly reacability charts
and weekly & monthly packet loss chartsTheir Internet Weather> animations would also be interesting
-
MIDSMIDS shows drop offs in their
weekly & monthly reacability charts
and weekly & monthly packet loss chartsTheir Internet Weather> animations would also be interesting
-
MIDSMIDS shows drop offs in their
weekly & monthly reacability charts
and weekly & monthly packet loss chartsTheir Internet Weather> animations would also be interesting
-
MIDSMIDS shows drop offs in their
weekly & monthly reacability charts
and weekly & monthly packet loss chartsTheir Internet Weather> animations would also be interesting
-
OT: What the Hell is This?
How can the internet hit 100% perfect in an (esential) instant?!?
I subited it as a story, but it was rejected. Something going on out there and it doesn't look good.
-
Re:been watching this all night
-
Collected info:There's a stream of related info in the comments of Slashdot's Cross-Site TRACE story.
Some snippets from there:
Mabu's message says: Here's what we've been able to learn, at 4:30am Central time.
We have reason to believe that something called the "SQL Worm" is in play. Some sort of DDOS attack which creates overwhelming traffic on port 1434. This is all preliminary stuff, so take it as such but I have one link up and 3 others down.
I don't have confirmation or details on what systems are affected but we have information to indicate that the following networks are currently affected: Quest, Cable & Wireless, Broadwing, Sprint (partially). My Worldcom link seems to be unaffected (which is why I can post). Note that the connectivity interruptions may be regional but that's what we are dealing with in the South Central area of the US. This has been going on now for about 4-5 hours.
What we are seeing is a major outage due to DDOS on port 1434, on portions of the Internet backbone. At this point, the exact pattern of the outage has not been clarified.
Expect the problem to potentially be addressed when the backbone providers start filtering port 1434. However, it's taken them at least four hours to figure this out.
We just got notice (a few moments ago) that Quest finally started filtering port 1434 and everything went back up. So now we need to figure out what vulnerability this was. My information indicates that port 1434 is MS SQL server resolution service (see related CERT advisory [cert.org]. My initial impression is that while this vulnerability was discovered awhile back, someone just recently figured out a very effective exploit using the vulnerability. I am looking forward to hearing more about what people find out.
The issue currently happening, from what anyone can tell at any rate is that a flaw in MSSQL has been found, due to everyone noticing a lot of traffic on 1434.. MSSQL port anyhow, I was running MSSQL earlier and my dns crapped out ctrl+alt+del'd and saw 85% cpu used by mssql server, killed it and boom everything was okay, possibly a worm traveling around, http://internethealthreport.com/ UUnet seems absolutely destroyed
;)I'm watching my firewall logs fill up even as I type, and all the 1434 hits are coming from different IPs... no dupes yet that I can see (maybe there are... but I'm not planning on sitting here all night reading logs).
http://www.nextgenss.com/advisories/mssql-udp.txt is an advisory about port 1434
http://average.matrix.net/Daily/markR.html shows a vivid picture of overall net health due to this
SQLServer listens to 1434 to accept incomming connections. SQLServer 7 would then normally transfer these connections to 1433 by default. SQLServer 2000 would transfer the connection to a random port.
It's best to 'hide' the SQLServer from the internet, and/or disable TCP/IP listening for SQLServer totally when it's connected to the Internet. MS also suggests SQLServer should never be exposed to the Internet directly. You can hide SQLServer (2000) directly, using the Server network utility, shipped with SQLServer. You can there first deselect TCP/IP as a protocol that's active, and if you need it, you can select 'hide' to hide the server on the internet, however it's better to disable TCP/IP totally, since you do not need it when you work with SQLServer from the same box (f.e. a website running on the same box accessing the SQLServer).
Oh, of course it should be mentioned, there is a patch for this available at MS' technet site.http://www.kb.cert.org/vuls/id/370308 may be the CERT article related to this vuln.
Resent-From: mbac@romulus.netgraft.com
From: Michael Bacarella Date: Fri Jan 24, 2003 11:11:41 PM America/Los_Angeles
Resent-To: bugtraq@securityfocus.com
To: nylug- talk@nylug.org, wwwac@lists.wwwac.org, linux-elitists@zgp.org
Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!I'm getting massive packet loss to various points on the globe. I am seeing a lot of these in my tcpdump output on each host.
02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0It looks like there's a worm affecting MS SQL Server which is pingflooding addresses at some random sequence. All admins with access to routers should block port 1434 (ms-sql-m)!
Everyone running MS SQL Server shut it the hell down or make sure it can't access the internet proper! I make no guarantees that this information is correct, test it out for yourself!
-- Michael Bacarella 24/7
phone: 646 641-8662
Netgraft Corporation http://netgraft.com/
"unique technologies to empower your business"
Finger email address for public key. Key fingerprint: C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055 -
not relatedThis vulerability is about sites getting access to other sites' cookies.
It is not likely to be related to the current DDOS, which seems to be this MS vuln.
-
not relatedThis vulerability is about sites getting access to other sites' cookies.
It is not likely to be related to the current DDOS, which seems to be this MS vuln.
-
Re:Damning evidence?
At first I thought they were being a bit harsh until I took a closer look at the dates. He's accused of breaking into the network on the 8th, but not reporting it until the 18th.
I read the July 24th Houston Chronicle article and the March 21st article too. The Cheif County Clerk seems to be saying that one (1) pornographic picture found on one (1) of his department's poorly secured computers was the sole damage found. He claims it cost $5,000 to fix the damage he accuses Puffer (the whistleblower) of causing.
With a network as poorly secured as his practically anyone with a wifi card could have uploaded that picture.
If any repercussions should come anyone's way over this incident I don't understand why the first candidate isn't Charles Bacarisse, the County's District Clerk. Bacarisse claims that none of the computers under his administration could have been seriously damaged by the penetration of war-drivers. Okay, but am I mis-reading the Chronicles quotes from him? Doesn't he seem to have been completely oblivious to the vulnerability his insecure testing was opening to the rest of the computers on the County's system?
We have seen this before, with Randal Schwartz's ordeal at Intel. This comp.security article contains a contemporary account of his "crimes".
The lesson seems to be that no matter how well intentioned you are, the only safe way to report a security vulnerability is if you can find a way to do so anonymously.
-
The Real Deal - University Of Illinois' Don Bitzer
Don Bitzer is the true unsung hero of computer science - his work as head of the University Of Illinois' PLATO project touched virtually everything people love today about computers and the Internet!
Check out his 1965! patent - bitmapped graphics, audio and photographic quality images back in the sixties!
Other (pre-1975!) PLATO innovations included instant messaging, near zero latency multiplayer network gaming, distance learning, groupware, newsgroups, online newspapers, animated email, network delivery of music, client/server computing, touch screen interfaces, flat-panel displays (the basis for the ones you're just now seeing at Circuit City!), and multimedia that were delivered across a worldwide educational network with satellite and cable communications.
In his ACM article on the early days of Smalltalk, Alan Kay states that he had no idea how to implement his Dynabook concept before seeing a demo of Bitzer's patented plasma display.
Search some of the early WWW documents, and you'll be surprised to see PLATO's influence. Here's e-mail inventor Ray Tomlinson and Ethernet papa Robert Metcalfe attending a 1971 conference that included a demo of Bitzer's PLATO system before their breakthrough work. And there's communication from none less than Tim Berners-Lee encouraging early Internet pioneers to try to meet Professor Daniel Sleator's challenge to try to provide the Web with easy-to-use PLATO features from two decades earlier.
Prominent users of Bitzer's PLATO system at the University of Illinois included Groove's Ray Ozzie (who credits PLATO with giving him the idea for Lotus Notes) and Brand Fortner, a founder of Spyglass, which produced the original Internet Explorer for Microsoft.
At the risk of overestimating PLATO's profound influence, it certainly is an odd coincidence that "ground zero" of PLATO just happened to be across the street from Netscape founder Mark Andreesen's NSCA gig (where Fortner also worked at one time).
For more info on PLATO, check out David Woolley's excellent PLATO: The Emergence of Online Community.
After reading it, you'll see that Bitzer's PLATO of the early '70s had far more in common with today's popular Internet that Berners-Lee's Web of the early '90s.
Don Bitzer's been the Rodney Dangerfield of the Internet for far too long - it's time to give the guy the proper respect he deserves! -
Re:Well yes, but...Matrix net carries some interesting statistics regarding TLD availability here.
Reading through the page will give you an idea of the bandwidth matrix has at their disposal. The fact that most TLD servers are still 100+ msec ping on average would indicate, IMO, that those servers are under load.
Cheers,
-- RLJ -
Re:Prior Art....Plato?
Interestingly enough, the BT patent credits a 1965! patent awarded to UIUC Professor Don Bitzer for his PLATO work that sure seems like suitable prior art on its own for hyperlinks.
Don Bitzer is the true unsung hero of computer science - his work touched virtually everything people love today about computers and the Internet!
Check out the patent - bitmapped graphics, audio and photographic quality images back in 1965!
Other (pre-1975!) PLATO innovations included instant messaging, near zero latency multiplayer network gaming, distance learning, groupware, newsgroups, online newspapers, animated email, network delivery of music, client/server computing, touch screen interfaces, flat-panel displays (the basis for the ones you're just now seeing at Circuit City!), and multimedia that were delivered across a worldwide educational network with satellite and cable communications.
In his ACM article on the early days of Smalltalk, Alan Kay states that he had no idea how to implement his Dynabook concept before seeing a demo of Bitzer's patented plasma display.
Search some of the early WWW documents, and you'll be surprised to see PLATO's influence. Here's e-mail inventor Ray Tomlinson and Ethernet papa Robert Metcalfe attending a 1971 conference that included a demo of Bitzer's PLATO system before their breakthrough work. And there's communication from none less than Tim Berners-Lee encouraging early Internet pioneers to try to meet Professor Daniel Sleator's challenge to try to provide the Web with easy-to-use PLATO features from two decades earlier.
Prominent users of Bitzer's PLATO system at the University of Illinois included Groove's Ray Ozzie (who credits PLATO with giving him the idea for Lotus Notes) and Brand Fortner, a founder of Spyglass, which produced the original Internet Explorer for Microsoft.
At the risk of overestimating PLATO's profound influence, it certainly is an odd coincidence that "ground zero" of PLATO just happened to be across the street from Netscape founder Mark Andreesen's NSCA gig (where Fortner also worked at one time).
For more info on PLATO, check out David Woolley's excellent PLATO: The Emergence of Online Community.
After reading it, you'll see that Bitzer's PLATO of the early '70s had far more in common with today's popular Internet that Berners-Lee's Web of the early '90s.
Don Bitzer's been the Rodney Dangerfield of the Internet for far too long - it's time to give the guy the proper respect he deserves! -
Re:Good News
Matrix.net has an interesting story detailing the bombing's effects on 'net traffic, and how it responded to the increased load.
-
A product of financial euphoria
Business people have a boosterism neurosis and are seriously detached from harsh reality. Everybody reads FORTUNE and SUCCESS, but nobody subscribes to BANKRUPTCY and FAILURE.
This salient quotation from Week Two of Bruce Sterling's Infinite Matrix blog, "Schism Matrix," could describe the thinking that inspired Matrix.net to launch an online SF magazine in the first place. The company wanted to acquire such a cachet of cool among faanish computer geeks that everyone would want to work for them. (I suspect that the company owners, SF fans themselves, also were willing to pay big bucks for this pretext to hang out with cool SF people like Sterling.)
This kind of hiring strategy only makes sense when the job market, and company management, have both gone completely giddy. It seemed that way to me, back when editor Eileen Gunn talked about this project at last year's ArmadilloCon SF convention in Austin, Texas. Still, it's neither good manners nor good politics to say, "So, you're caught up in a financial euphoria, are you?"
Another irony of the Sterling comment above is that FORTUNE was the only magazine I saw that pointed out the bubble before it burst, albeit in the late stages. Somebody there wasn't detached from harsh reality. But few paid attention, because pointing out bubbles isn't good manners or good politics.
-
Re:War pigs
Something you might find interesting: at one time the worlds largest repository of free and open-source software was at the (then) Army Ballistic Research Laboratory, open to anyone who could FTP there. It was an important resource during the 1980's when the free software community, a community that included the late Mike Muuss of the BRL, was taking shape.
This is only one example of many from that era. (I hope it's not too trivial to point out that the Internet itself originated with the "War Pigs.") Had the GPL included an anti-military clause, there is a good chance that much of GNU would not exist -- if the movement had happened at all. Don't forget, the "War Pigs" paid for Stallman's ARPANET connection (via MIT, which was on the ARPANET by virtue of being a major military contractor).
I'm not attempting to justify the military, here, just pointing out that blindly excluding them may not be the best of ideas...
-Ed
-
Packet loss
average.matrix.net shows a marked increase in packet loss starting a few days ago. Could it be related to this?