More DoS Attacks: CNN, Amazon, eBay, Buy.com...

gatech writes "After hitting Yahoo yesterday those crackers set their sights on several more sites including CNN.com, Amazon.com, and eBay.com. Here is the story at ABCNews.com."

Comment: 02/08 23:26 by michael : So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.

Packet Monkey

[RAruler]

Packet Monkeys, Script Kiddies.. are all the scourge of the Internet.. yeesh.. groups that do nothing but DoS people.. thats something to call home about.

Re:Packet Monkey

[Sagev]

I agree. I figure it's only a matter of time before the crackdown begins, though. So, that's a good thing at least. Hopefully whoever is pulling this off will go to prison for a long long long time.

<i>The opinions expressed are my own, no one elses. The email address is an anonymous one, but I do read it from time to time.</i>

Re:Packet Monkey

[Uruk.]

The Linux Store sucks. They are another company trying to take money away from our communtiy and not put a damn thing back into it. They are wolves in penguins clothing and must be stopped.

Re:Packet Monkey

Actually I know several people who work for and at thelinuxstore.com. They are members of the PLUG and the shop itself is located in Scottsdale, AZ.

Re:Packet Monkey

[Minty+Toothbrush]

Maybe it wasn't a group of 31337 H4X085.

Maybe someone messaged AOL members that Yahoo, ebay, (etc) had a fix for AOL 5.

All these members, desperate for a repair for AOL 5, inundated these web sites with Gigabytes per second of traffic.

It could happen...

Minty Toothbrush


If an infinite number of monkeys typed at an infinte number of

Re:Packet Monkey

[kydruid]

Actually it was a bunch of 31337 H4X085.

It was deteremind that they actually *did* attack AOL as well.

Members reported events such as the inability to connect, slow speeds, and unreliability of service.

No wait, that's a normal business day for them.

heh.
Ky Druid

Re:Packet Monkey

[sherpajohn]

Easy to blame site defacing script kiddies for stuff like this, but I wonder if it is not a bit more complicated than that. My understanding of DoS attacks is that 100's if not 1000's of machines have "agents" installed on them which are controlled from a centralized group of machines which in turn are controlled by a few master machines. It must take quite a bit of work to get these agents installed, and coordinate an attack....just my $2 worth ;-)

Going on means going far

Re:Packet Monkey

[Minty+Toothbrush]

I knew I should have stipulated that with "It's just a joke/theory".

Maybe the smiley face wasn't big enough...

Minty Toothbrush


If an infinite number of monkeys typed at an infinte number of

Re:Packet Monkey

Maybe it wasn't a group of 31337 H4X085.

Are you kidding?! It was l0pht! They said they could take down the entire internet, and now they're doing it!! We should have seen this coming! Head for the hills while there's still time!

Re:Packet Monkey

So in the real world it's called loitering. Oneline its a Title 18 US Code Section 1030 (a) 5A

Re:Packet Monkey

[binaRyan]

It's kinda immature behavior. Wait, it *is* immature behavior. They are no different from hoodlums spraying graffiti on a billboard or other property. They claim no motive, so they aren't terrorists. They have no political statement, so they aren't activists. They aren't demanding money (stupid of them), so they aren't criminals. I agree with a previous comment stating that they are just a bunch of d*cks with nothing else to do. They've done nothing to benefit others or THEMSELVES. They could have at least held sites for ransom.

Re:Packet Monkey

Who could have payed for 1 GB/s of Bandwidth?

Not some kiddies methinks

Re:Packet Monkey

[onymous+poltroon]

Any university, telco, or large business can do this w/ ease. Universities are prbably your best bet - minimal security, big pipes.

Re:Packet Monkey

They don't pay for it, they {h/cr}ack machines that do...lots n lots of them...and use theirs

Amazon was hit a few hours ago

[jonabbey]

Or so I assume, at least. I certainly couldn't get to it. Wound up buying my Palm Developer's Book straight from O'Reilly instead. ;-)

It could be worse...

What if the attacks were aimed at the root name servers? Having most if not all of DNS severely impacted would really suck.

Re:It could be worse...

[whoop]

Something was up about 15 minutes ago with DNS. I wasn't getting anything from a myriad of nameservers. It appears to be fine now...

Re:It could be worse...

[LogicX]

ssh.. Don't give them ideas!!
Seriously though... that would just be sick. Then again... it wouldn't matter much.. Since the attacks seem to last only a few hours... and most DNS servers cache stuff longer than that... and with proprogranation the answer it finds most likely isn't going to be at a root server.. it would be an inconvience.. but certainly wouldn't affect all DNS (gotta love the net :))

Re:It could be worse...

The timing of all this certainly couldn't be better, from a FIDNet advocate's viewpoint. I smell a rat...

And I anticipate a great hue and cry from various business sectors, who would very happily endorse any amount of surveillance if persuaded that they "need it to stay in business".

This, the same day that the following surfaces on the cypherpunks list:

http://www.wired.com/news/p olitics/0,1283,34164,00.html

Clinton's Wiretap-Heavy Budget
by Declan McCullagh (declan@wired.com)

1:25 p.m. 7.Feb.2000 PST
WASHINGTON -- President Clinton's
proposed $1.84 trillion budget includes
millions of dollars in new spending on
technology and law enforcement
programs.

The record budget request for the 2001
fiscal year, which begins 1 October, asks
Congress for more money for wiretapping,
police databases, antitrust enforcement,
and computer crime forensics.

One of the heftiest increases, from $15
million to $240 million, will pay telephone
companies to rewire their networks to
facilitate federal and state wiretapping.
Under the 1994 Communications
Assistance to Law Enforcement Act
(CALEA), Congress may "reimburse" phone
companies for their efforts, but the
controversial process is the subject of a
lawsuit currently before a federal appeals
court.

Half of that money, $120 million, will come
from the Department of Defense's
"national security" budget -- a move that
alarms privacy groups.

"The proposal to use thinly disguised
intelligence agency money to fund CALEA
confirms what we have suspected all
along: the National Security Agency is a
silent partner in the government's
campaign to make our entire
telecommunications system, including the
Net, wiretap ready," says Barry
Steinhardt, associate director of the
American Civil Liberties Union.

[...]

Re:It could be worse...

[Rombuu]

So, what, are you suggesting the government is behind this?

hahahahahahahaha... whew...

Re:It could be worse...

[PG13]

There are probably enough name server crashing that the outages would only be VERY minor unless it was kept up for a long time. Undoublty in that amount of time it could be tracked and fixed.

Re:It could be worse...

You're dumb.

Re:It could be worse...

[shogun]

Hmm was just thinking about that heres a nasty possibility.
Someone could use one of the current weak authentication methods for domain transfers to hijack a domain, say www.microsoft.com then setup a nice fake webpage with all the microsoft truths on it on some random hacked host masquerading as that website. They could then wait a little while for the transfer to propagate and then hit either internic to prevent them from fixing it to quickly when Billy calls them up to do something. Or hit the root nameservers from the fix to be propagated (though i guess that will just stop it from being resolved at all though)..

Re:It could be worse...

hmmm . . . the bastard child of echelon, one wonders . . .? "Monkey Dance, Rah Rah Rah" -the beer dwarf

Yahoo Japan, as well...

I noticed that they hit Yahoo Japan as well as Yahoo a couple of days ago.

Re:Yahoo Japan, as well...

Yahoo got 1gig/second traffic of DOS, this is seriously not script kiddies it was co-organized through like 50 locations.

Also, is yahoo.ru really yahoo?

Re:Yahoo Japan, as well...

Actually it could very well be scripties. With distributed DoS tools like TFN and trin00 out and about this sort of coordination is much easier. Between the scripts for hacking various machines, root kits and windows machines and the distributed DoS it's just time, not ability that limits the wannabe lame-o.
gid-foo, stuck in a global crossing data center, giga-bits all around baby (not Toyama where Yahoo is).

Altavista?

[PD]

How about altavista? No response as of 22:25 CST.

And what about Yahoo today? Their site has been dog slow all day long, with mail unavailable for several hours.

Re:Altavista?

[LogicX]

11:31PM EST
Altavista is accessible... but slow as heck. Looks like we're right in the middle of watching the next site to get added to the long list to date.

Re:Altavista?

[whoop]

I'm there without problem, 22:29CST.

Re:Altavista?

[PD]

Hmmmm. Maybe the problem is with me. I'm at work at IBM, and EVERYTHING is really slow tonight. Usually at 10:45 PM I've got a nice fat network pipe all to myself.

Maybe IBM has misconfigured routers, er, I mean, is the target of a DoS attack?

Re:Altavista?

[ragnarok]

Supposedly there's an unrelated problem with UUNets ATM backbone. This could be the source of all the slowdowns...
(I heard that on #userfriendly, so who knows how accurate it is)

Re:Altavista?

[Wakkow]

My dialup ISP says the following on their status page:

"Customers are experiencing the inability to reach certain websites due to issues with a major nationwide backbone provider. Many ISP's are affected and we will continue to update you on it's progress as it becomes available to us."

Anyone confirm that?

Daniel
daniel@splink.net

Re:Altavista?

[DrgnDancer]

I can verify a problem with a ATM backbone in the South East. My DSL service was slow as Hell for a few hours.

Re:Altavista?

Daniel,

You were great in The Last of the Mochicans. Don't let those box office tallies get to you! Chin up, skipper!

C'mere, you, I need an indian burn and a kiss. Ya dumb turd, you.

Re:Altavista?

[PD]

Check out the internet traffic report stats:

There's a major problem with alter.net (uunet) in Chicago. Their router apparently is fed up with all this packet garbage and has gone on strike demanding better working conditions.

istar.net in Canada and michnet are also having big troubles.

And, just as I'm typing this the problems seem to have gone away, and suddenly I can load pages a lot faster!

Re:Altavista?

[myconid]

urban:~# traceroute internettrafficreport.com
traceroute to internettrafficreport.com (206.243.171.148), 30 hops max, 40 byte packets
1 * * *
2 X.sover.net (207.136.197.X) 99.861 ms 93.994 ms 81.685 ms
3 cisco0.mont.sover.net (207.136.197.10) 87.635 ms 85.222 ms 84.66 ms
4 burl.ent-fr.sover.net (207.136.208.146) 90.562 ms 88.666 ms 83.527 ms
5 sl-gw6-nyc-5-0-0.sprintlink.net (144.232.171.197) 94.206 ms 94.772 ms 92.448 ms
6 sl-bb10-nyc-3-2.sprintlink.net (144.232.7.69) 98.256 ms 93.64 ms 88.565 ms
7 sl-gw9-nyc-8-0.sprintlink.net (144.232.7.94) 95.412 ms 92.838 ms 89.91 ms
8 * * *
9 * * *

I wish I could. :(

Re:Altavista?

[coolgeek]

I was having some trouble reaching a server I frequently access 'cross the country and it was slower than snot. I fired up NeoTrace on one of my Win boxes and noticed the ping times went through the roof as soon as I hit uu.net. This lasted for about a half hour, after I noticed the slowdown.

I think this geek hysteria going on out here is really ridiculous. I can't reach a site...it must be packet monkeys or the gov't trying to create a false need for a law. How about a backhoe or a dyslexic (imagine that) engineer typing in routing tables. I wonder if any of the chicken little types posting in this thread even bothered running a traceroute to any of the sites that were "unavailable" to them. The 'net is kinda like this freeway system in LA. Take out a couple of key exchange points, and all hell breaks loose.

The gov't here in the good ole u s of a doesn't need to synthesize phony attacks designed to gain approval to pass a law. And I can prove it: You are being sold genetically-altered produce by your local grocer, and more than likely, you don't even know it. Strawberries ain't supposed to be *that* big.

All that cybercop money Clinton is talking about is already being spent by [insert favorite spook organization name here], prior to approval because they know its a slam dunk.

Re:Altavista?

"The Last of the Mochicans"

mochican? is that some kind of fish or something?

Re:Altavista?

maybe Mexican Mohicans?

Re:Altavista?

[Ping1400]

Or maybe even the source ...

Maybe I lack clue...

[sallgeud]

To take down a site that serves as much as yahoo.com does, you'd have to have a VERY heafty attack... I'm thinking that it will be fairly obvious from where the attacks were originating. access logs anyone?

Last time I checked, most everyone who knows enough to do a distributed attack had a static IP and just the right amout lacking in knowledge to get caught...

It's hard enough for one man to keep a secret, so how do you suppose dozens could?

Re:Maybe I lack clue...

[LogicX]

http://www.cert.org/current/current_activity.html# distributed

go read about it... Cert warned about this TWO MONTHS ago... didn't do much good, eh?

and it's not THAT easy... they're spoofed IPs...
I'm thinking a lot of this is from schools... they don't pay their tech people enough, they're overworked, and don't have as much knowledge... they have huge bandwidth... and open systems. Right there is cause for trouble. Then all these attacks are comming from Spoofed IPs, which are prob. changing as the attack is continuing.

So basically they've gotta block out a moving target... and 50 (or more) of those moving targets from the distributed attack. like the article says... at one point over 1GB/s of traffic... that's frickin' intense... lets ponder that number for a moment... 1GBit/s... (I'm hoping bit and not byte) t3 = 45Mbit/s == 22 t3s... that's some amazing bandwidth being shoved in there...

Re:Maybe I lack clue...

[Etk]

It was a Gigabyte per second :\ according to the abcnews.com article..

Re:Maybe I lack clue...

[Trollmastah.]

This is an "MTU Path Discovery" exploit. When one machine wants to talk to another machine it's best to know how big a packet each can send without it being fragmented (broken into smaller packets to cross any given link.) The MTU for ethernet is 1500 -- you can set it lower if you want, but larger is good way to crash your machine. Not all router links in the world can handle a 1500 byte packet without fragmentation. SO, at the beginning of a connection, the computers at the endpoints attempt to determine the largest packet they can send without fragmentation. This is done by setting the "DF" (do not fragment) bit in the IP header. They then "listen" for ICMP messages indicating the packet would have to have been fragmented to get there. The packet would then be retransmitted with less data in it. This packet is usually generated by a router somewhere in between. It would appear there is a way to "trick" MacOS 9 into sending out a 1500byte packet to "do an MTU discovery". Personally, this sounds like a cut-n-dry ("oops") bug... 1500 byte ICMP packets would likely be dropped by any number of routers (see RFC1122 and RFC1812 for the rules governing ICMP messaging) AND, the report doesn't say anything about which ICMP message was being generated (there are 15 types of ICMP messages defined under Solaris 2.6 -- 13 under linux)

.

Trollmastah
Take all good things in moderation, including moderation.

Re:Maybe I lack clue...

then again.. it was an abcnews article.. you cant expect these guys to know bits from bytes :)

Re:Maybe I lack clue...

[The+Man]

You hope wrong. It's BYTEs, not bits. Now, I'm normally one who dismisses paranoia, but there's something to be said for this being a government conspiracy. I mean, distributed or not, 1 GB/s of bandwidth isn't very accessible. Particularly to the skript kiddies and other losers that normally perpetrate this kind of thing. I really don't see how this can be anything but:

1. An act of war against the United States by a foreign power, most probably China since other nations with serious bandwidth are typically US allies.
2. An act of the United States government against its own people, possibly for the reasons described in the post michael linked.
3. The result of a heretofore unknown band of rogue backbone provider employees/agents who have ganged up to have some fun.

Looking at these options, I quite frankly find it difficult to look seriously at (1) or (3) compared with (2). I mean, it's scary as shit, but nothing else makes any fsckin sense.

Re:Maybe I lack clue...

Actually I work within one of the network operations centers which stopped some of these attacks. They had nothing to do with pmtu discovery, but rather an assload of icmp-echo replies. Aka, a smurf.

Your analysis of pmtu above is fairly accurate with the exception of packets larger than the mtu causing a box to crash. That may have been a problem in the past but these days it will only run up the cpu of the host/router which has to fragment or re-assemble.

The MacOS bug is not famous for being a common cause for bandwidth starvation. Smurf amplifiers are.

Re:Maybe I lack clue...

[cpt+kangarooski]

It's probably a secret hidden feature of Napster ;)

(no one's going to saturate a T3 with mpegs - that traffic is actually the DOS attack... yeah, yeah, that's the ticket)

Re:Maybe I lack clue...

Really? Smurfs? That's interesting. That should be easy for the amplifying networks to spot. If your network crashed yesterday or the day before due to ICMP echo replies then you were guilty. For some reason I had thought it might be a distributed attack using one of the distributed DoS tools and just HTTP queries or some such. It seems like a smurf would be relatively easy to defend against once you figured it out (start blocking the echo replies). Any network admin worth two shits will not allow broadcast ICMP echo requests into their network (hence preventing the whole amplifier syndrome in the first place). Off with their heads!
Do you work for global crossing?

Re:Maybe I lack clue...

[TheCarp]

Well....I also try to dismiss paranoia but...
the ocasional paranoid delusion can provide some
entertainment anyway :) It can be fun. Hell
its not like worl dgovernments haven't
given us enough real examples of abuse of power
to be distrustful of their motives.

> 2.An act of the United States government against
> its own people, possibly for the reasons
> described in the post michael linked.

Ok as was mentioned...this apears to be a HUGE
smurf attack of some sort (possiibly a new
variation on the smurf theme that sliips through
many of the old fixes)

Just looking at the logistics of it...a direct
government attack doesn'r makes sense. While
yes 1 GB/s of bandwidth would probably limit it
to government if it were a single point attack.
However, a single point attack would saturate
everything between the originator and the
target. This would mean that it would be easy to
trace back through the route to a government
setup.

However, from hundreds of machines all over the
net, each with fairly differnt yet all high
bandwidth paths....1 GB/s would be easy to
generate.

So for the super paranoid delusion. Consider this
scenario... (the most likely of the far out of
left feild ideas)

1) NSA or equivalent figures a way to crack
into some systems, and at least get user
accounts, and a client that can be used to
mount an attack from the machine remotely.

2) (optional) they break into a bunch of machines
and install the client.

3) they obscure their starting adress with said
acounts and other stuff...they get on irc and
find som estupid script kiddies. Give them the
"tools". and set them to work.

now...the script kiddies launch some attacks on
high profile sites for shits and giggles.

The advantages:

1) no way to prove direct government involvement
2) script kiddies who can take the fall for the
incidents, and don't even know themseleves that
they were given the tools by the NSA (or equiv.)

There...nice model for a paranoid delusion.
Just as Hitler burned down the Reichstaag, its
actually a viable way to get public support
behind the theings they wish to acomplish.

Of course...its much more likely that a bunch
of script kiddies are doing this just for
"shits and giggles". Then again, it could be
a small band of hackers who are hopeing to
raise awareness about these things and
scare network admins and sysadmins into
beefing up security internet-wide.
(kind of a "propaganda by example" of sorts)

However...its more "fun" to blame it on evil
agents with political goals...as such, Carp's
law is applied which states, "Whichever
possibility is the most fun to assert as true
should be asserted as true"

-Steve

Re:Maybe I lack clue...

[Wah]

Then again, it could be
a small band of hackers who are hopeing to
raise awareness about these things and
scare network admins and sysadmins into
beefing up security internet-wide.

You just have to look at who benefits mosts. Seems to me it could either be the gov't (hoping for more surviellance rights), a hacking group (l0pht is for profit now, eh?), or even some really enterprising young geek pissed at the world or just curious about it.

I just hope folks don't panic, but watching CNN's talkback live (an interview with Mitnick no less, what a dork) it seems like thats where the media wants to push it, surprise, surprise. If no other news happens this week, expect a whole bunch of idiots to spread a whole buncha FUD about the whole thing.

DoS attacks

[Teufel_Forelle]

Obviously these people have no life and, DoS attacks why don't they try it off a mac so no one will suspect you. But all in all they should do something more productive!

"Your village called their idiot is missing"

-Trout

FIRST POST!!!

[JohnKatz]

ph33r!

Re:FIRST POST!!!

[Teufel_Forelle]

You should be flamebait!
Number one your not first and number two, stick to the topic!
Oh and by the way...

"Your village called their idiot is missing"

-Trout

Re:FIRST POST!!!

[JohnKatz]

FAG!

Re:FIRST POST!!!

FIRST POST

YESSSSS!!!! I GOT ONE!!!

awwwe, c'mere trout, gimmie a kiss ya dumb turd. I love you.

Re:FIRST POST!!!

[Jon_Katz]

no I got FIRST POST!!!!!!@!!!!!!!!!!111!!!

--- Slashdot, where troll day is EVERYDAY!!!!

Re:FIRST POST!!!

Mine! ya turd of dumbness, you.

Re:FIRST POST!!!

[Teufel_Forelle]

shh Hey JohnKatz whats your karma bout know -10 anyway... These could have been routers copycats or the same people being for a lack of a better term dumb. And should stop before they really get into a mess. "imap -O (a NT box ip), Difficulty:2 (Trivial Joke)

Re:FIRST POST!!!

[Jon_Katz]

imap? don't you mean nmap?, i think imap has something to do with EMAIL.

Yeah and you know what would fix it

[Greyfox]

If every ISP would filter spoofed packets out of their outgoing traffic, that would stop these attacks cold. All the really heavy duty DOSes rely on spoofed packets -- otherwise they're easily traced to their originator.

Filtering spoofed packets involves setting up a few simple rules on your router. Maybe some legislation to require ISPs to do this in the US and other countries is in order.

Re:Yeah and you know what would fix it

[reflector]

Maybe some legislation to require ISPs to do this in the US and other countries is in order.

Yeah, great, more FCC laws regulating what ISPs can and can't do.
That's brilliant man, just brilliant.

Re:Yeah and you know what would fix it

[WNight]

Nah, no new laws needed, especially since those wouldn't affect ISPs outside of the USA (if the US gov passed them.)

We basically need to get all backbone providers and ISPs to include allowing spoofed packets, harbouring spammers, and other offenses on their no-no list, so that the backbone provider can shut down sites that allow this. We saw how effective the UDP was on @home, and being on the RBL makes ISPs comply PDQ. Something similar where allowing DOS attacks simply got the whole network blacklisted until the attack stopped or the bugs were fixed would be good.

If it was part of the standard agreement then it wouldn't require government intervention and would be applicable worldwide, not just in some countries.

Re:Yeah and you know what would fix it

[fanatic]

Yeah, great, more FCC laws regulating what ISPs can and can't do. That's brilliant man, just brilliant.

This particular law would be justified and only hurts the evildoers. No one has a legitimate reason for sending packets out with the wrong IP address.

Re:Yeah and you know what would fix it

[howardjp]

No law is ever justified.

Re:Yeah and you know what would fix it

[dennisp]

Many cable providers (as well as many other end user non business ISP's) block spoofed packets at a router downstream (out of a certain allowable range). In other words, I can probably only smurf someone or syn flood directly within a certain range of IP addresses. I know shaw, rogers and at least parts of TCI/ATT does this on their cable networks.

I remember hearing about 2 years ago that smurf attacks would be completely phased out due to tier 1 (and to a lesser degree smaller) ISP's filtering at their borders -- but apparently this has not happened yet, as there are plenty of broken networks around and plenty of unfiltered networks that are able to exploit these vulnerabilities.

Re:Yeah and you know what would fix it

I noticed that your GDP is not fully TLA-compliant, and am calling for all RMT to OACOWA on you. Please ensure that all your SLC obey the SPR from TPT, PDQ.

Re:Yeah and you know what would fix it

[Bishop]

For a good distributed DoS you don't need spoofed packets. It is much more devestating to use real addresses. Using real addrs you can establish connections and request files to download. You can chew up far more bandwidth, processor time, and RAM this way then simply flooding the link with bogus traffic. If you want to be particularly nasty you start screwing around with the packets you (should) send back to the server. That is left as an execise for the reader as well the guestimate for how many attackers you need. (hint: not that many)

Although I do agree that it would be nice if ISPs would start dropping spoofed source packets. It is trivial to do. It is a standard feature for most routers and can be done on the cheap with OpneBSD or Linux boxes. I don't however think a law is need. I hate legislateing common sense.

Re:Yeah and you know what would fix it

[Mr.+Piccolo]

Reason?

Re:Yeah and you know what would fix it

Reason?

Not present.

Re:Yeah and you know what would fix it

methinks an RBL could (and will) do the trick. p*

Re:Yeah and you know what would fix it

[root:DavidOgg]

>> No law is ever justified.

I like that. I really like that! Simple, to the point. catchy too ;)

Re:Yeah and you know what would fix it

[seev]

Sure, forget laws, they're for squares, non-geeks, stupidos! Let's go back to the stone age! Vote Republican! ....Please give me a break.

Re:Yeah and you know what would fix it

I'm not convinced that the smurf theory is correct. I've not seen any of the sites under attack state what variety of attack it is.
Smurfs are easy to stop. Not allowing spoofing helps but making your router not forward broadcast ICMP echo requests is the key to keeping your network from becoming an amplifier. This is easy to test on downstream networks and should be enforced across the board.

Re:Yeah and you know what would fix it

[TheCarp]

> This particular law would be justified and only
> hurts the evildoers. No one has a legitimate
> reason for sending packets out with the wrong IP
> address.

I don't mean to rant...but i can't stand that
attitude. So i guess I am gonna rant.

Why is it that as soon as a problem or possible
soultion to a problem is identified, someon
invariably says "lets make a law". Forget trying
to use social force or suggestion to get all
or most ISPs to adopt the policy, jump right
to law making.

Do you realize that when you say "We should make
a law", you are really saying "If someone doesn't
do this, they deserve to have men with guns apear
at their house and take them away". I am sorry
but I don't think that a person who runs an ISP
deserves to be strong armed by the threat of
physical force into application of configs at
his router.

The "lets make a law" mentality is responsible for
the fact (to paraphrase shulgin) a person who
can read war and peace in a week, would have to
read at that same rate for 25,000 years to read
all of the laws of the Unites States that are
in effect as I write this (actually that figure is
several years old...its probably somewhat larger
now)

Now, I agree that generally speaking, there is
little reason to allow IP spoofing. Yes, ISPs
can and generally should block it. Why not
do it in a similar way to UDP (Usenet Death Pen.)
Get a bunch of organizations together, and when
there is a problem with users spoofing from an
ISP, threated with routing death penalty.

I think that ISPs would generally be glad to
impliment such protections, if it was presented
in a sane manner, and peopl epresenting it were
willing to help them get it implimented.

Hell, they could stop spoofed packets right at
the PPP interface. Or better yet...log all spoofed
packets and contact anyone sending them.

Believe it or not...som epeopl emay have a reason
for sending spoofed packets (or may not even be
aware something "bad" was going on from their
box)

Maybe I am a network admin and want to test my
own anti-spoofing stuff at my router, so i want
to go home and send spoofed packets to my router
at work using spoofed intenal adresses, that way
I can make sure it works.

Once I sent spoofed packets because a friend asked
me to demonstrate something on his box (so I sent
some spoofed packets that crashed his box)

as such I think a much better way to aproach the
subject is just ask ISPs to set up monitoring
for spoofing. Ask them to make a policy on it and
enforce it. If ISPs logged all spoofed packets
through them and the user sending them....it would
make finding these people EASY.

No laws required.

Re:Yeah and you know what would fix it

[dennisp]

You're wrong. To smurf, you must send a spoofed source address of the person you want to attack. If your ISP blocks spoofed packets out of a certain range, you won't be able to smurf outside a certain IP range that the router allows packets to come from.

Re:Yeah and you know what would fix it

[root:DavidOgg]

>> Sure, forget laws, they're for squares, non-geeks, stupidos! Let's go back to the stone age! Vote Republican! ....Please give me a break.

You're right, lets burn the constitution and let the government have all buisnesses- Rights are for rioters, cave-men, neanderthols... Civilized man needs to be caged. Give me a break.

Adobe.com unreachable

[LaoK]

Adobe's main webservers and product registration have been unreachable
since about 9:30 ET, at least that's how it looks from here.

The packet storms continue... :[

LaoK

Re:Adobe.com unreachable

HEY I GOT A GREAT IDEA!

Let's blame EVERY SINGLE SLOW WEBSITE on the whole goddamned internet as a DoS attack from this group! You dumb turd!

SLASHDOT must be getting it now because it sucks! Or maybe it's because it's apache ...

Re:Adobe.com unreachable

[LogicX]

Good God!
Looks like adobe didn't want to put themselves through the torture and just PULLED THE PLUG!
unreachable.. and if you do a traceroute... they stopped the routing really far up.. someone went and cried to their uplink :(

Re:Adobe.com unreachable

I just checked adobe.com. It's up (and faster than several web sites so far)

Talk about lame

[delmoi]

What's the point of this? Its lamer then a web page crack, these people don't even get there names on the page.

I mean, anyone can do this, its not like it takes any talent or anything. Basicaly it's like saying "were to lame to crack this site, so were going to DoS it".

[ c h a d o k e r e ]

That isn't cool/A Call to Arms/Pers.Sys Security

[CmdrChalupa]

What is the point of this?? What are they getting out of it? It's not like taking money from an online bank, at least then they get something. This is just pointless!

People need to be more security conscious about their systems. I'm going to go nmap scan my box a few times to find out if any of these distributed attack nodes found its way on it. Please be careful and make sure that this can't happen on your machines.

CmdrChalupa (who can't figure out how to change his sig exactly)

Probably Copy Cats..

[Hephaestus_Lee]

The thing that worries me is the fact that so many are happpening. I doubt they where all planned by the same group, but that the 5 later DoS attack where instead copy cat crimes. Readers at Slashdot themselves said that crimes against the sites like the latter ones attacked would be easier than the "yahoo job"

--
Hephaestus_Lee

Unfortunatly it is worse

Well, the bad news is, it is much worse than just those sites. Due to employment issues and such, I will say this. I know of four other people at different companies, three of which are on our backbone provider who got DoS'd. More companies will be admiting it in the next few days, but it is bad, real bad. -PP

Re:Unfortunatly it is worse

My toilet got DoS'ed this evening. Crap backed up all over the place and out onto the floor. I thought it was just a Linux box stinkin' up the place at first. Then, feeling like a dumb turd, I realized that I'd been DOSED!!!!!

I went to Popeyes for dinner and it was a little slow, too. Musta been Dos, hunh?

Re:Unfortunatly it is worse

It should be noted that in the ABCNews article all the companies said that the DoS attacks didn't have a very big finantial impact on them.

This is important because I'm willing to bet that when (if) they catch the person (people) responsible, these same companies will be screaming at the trial about how they lost 600 billion (with a 'b') dollars due to this one DoS attack. It's happened before...

werd

[MaD_HaX0R]

t0day h4s b33n a fi3ld d4y 4 m3 4nd mah b0iz.

Re:werd

you and your boys gonna get gang probed when I come to town!!!

trinoo?

[zeck]

Could this be related to that trinoo program that was unearthed a few weeks ago? Or is this completely unrelated?

Re:trinoo?

No, trinoo was found in a droplet of blood in a prehistoric mosquito that was embeded in amber. No, you dumb turd, trinoo ITSELF wasn't actually in the blood, but it's DNA was. DNA is the "blueprint" of a living organism.

Re:trinoo?

Yes, this is probably related to Trinoo or Stacheldraht. For more info, see David Dittrich's excellent analysis of those attack tools at http://www.washington.edu/People/dad/

IMHO, this is a wakeup call for network administrators; *every* network should be agressively scanned by its administrator daily to look for open ports, and all unneeded services should be shut off. Without fail.

interesting problems

[jnazario]

wow... it's kind of neat that this is hitting the big time. not that i like seeing sites i use like eBay, CNN and whatnot being DoS'd, but that it's going to force the issue. recall SYN flooding... one of those big bullshit DoS attacks that got the industry changed. now, it's pretty easy to help stop these distributed tools. all we have to do is implement some good routing practices in the core and between networks and we'd be set. implement SYN cookies for *any* type of packet being throttled in above the baseline of activity, ie ICMP's, UDP's, SYN-ACK's, even from multiple IP's. routers could simply issue cookies, a'la SYN cookies, and see if this is a valid stream. works for SYN's, should work for anything with some tinkering. but go back in Phrack (issue 48 or so, at www.phrack.com) and see about SYN flooding. same issues...

an interesting discussion was recently held on packetstorm: http://packetstorm.securify.com/pap ers/contest/ ... read them.

I like cheese

[Mr._Anderson]

Yup, you read it right.

I like cheese

Re:I like cheese

I like cheese too

got walls?

why don't they do some good at take www.gotwalls.com offline?!?

Re:got walls?

I got spammed by blackice today so I nominate them.

when is slashdot gonna be hit??

you know this is the place for geeks and nerds, this would be a great site to hit.

not that i would want to, but we all know it will come, sooner or later

Re:when is slashdot gonna be hit??

[vtec]

Why would the attackers hit /. when this is one of the few non-glitz/non-glamour/real-news sites on the Web.

Maybe the DoS guys are upset with the direction the WWW has taken. I am.

Re:when is slashdot gonna be hit??

[Skim123]

Maybe the DoS guys are upset with the direction the WWW has taken. I am

What are you displeased with? It seems to have everything. Sure, you may not like the capitalization of it all, but there are still tons of sites that are like the good ol' days...

Re:when is slashdot gonna be hit??

[vtec]

The WWW is a big infomercial. 80% of it is ads. I just stay on the news and developer sites most of the time. Too many people are wasting their lives in Yahoo Chat. But I'm not bitter! Just as long as there are no DDoS'es on cool sites. Actually, these DoS attacks are terrorist acts. I smell jailtime.

This is really strange....

[Denor]

Perhaps the most disturbing thing about these attacks is that they still don't know who did it.
I may be wrong, but it seems that usually when we see a high-profile media 'hacker' story, it's about some website that was cracked, and some script-kiddie who left behind graffiti. Or, in recent cases, people who wanted money. But, with these latest rounds of extremely-effective DoS attacks, nobody's stepped forward. It's bad enough that this sort of thing is happening, but it's perhaps even worse that we dont even know why.

Re:This is really strange....

because the people/person doing it seems to be pretty smart and doesn't tell anyone. In all honesty i htink all these other attacks might be copy-cats

Re:This is really strange....

[jesser]

But, with these latest rounds of extremely-effective DoS attacks, nobody's stepped forward.

Maybe the fact that they didn't step forward is a hint that the media (or even just slashdot) is approaching the story from the right angle -- they haven't needed to step forward because other people are making the point for them.

--

Re:This is really strange....

[Ralph+Bearpark]

they still don't know who did it.

Yeah, I'm sure it's just a coincidence that these DoS attacks start up just after Kevin is let out of jail.

:-)

Regards, Ralph.

What's Even Worse

[CTalkobt]

If you carry the DOS attacks out to an extreme and imagine a virus that could replicate through email or what-not and at a pre-programmed date/time automatically start bombing numerous major sites it would effectively cripple the web because of the amount of bandwith involved.

Does IPv6 support a "pass-back" of telling the source-root router to no longer forward packets from a given IP ?? Is there any possible extensions that are planned / or could be implemented to circumvent this type of scenario?

Re:What's Even Worse

You're kidding, right?

That would just move the DoS to another level - instead of sending packets with a destination of the target site, you send out floods of packets to multiple other places (ie the routers at the NAPs) with the *source* spoofed to be the target site's address. Instant ostracization.

Coulda knocked eBay down with a sneeze.

[bs]

While it might have taken a large combined swat to keep Amazon or CNN or Yahoo down, you've gotta wonder if eBay wasn't just down of its own accord.

Besides, making eBay go down wouldn't have been much of a challange. Don't know why they bothered.

more problems...

[cadelor]

Hi, After getting interupted from a game of AOE...I noticed that www.zone.com wasnt responding..nor was microsoft.com..nor ibm.com...nor novell.com. ok big deal so I kicked the network cable.... not so: traceroutes to these sites show that packets are getting close but then stopping: traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets 15 * icpmscomc7501-a0-00-1.cp.msft.net (207.46.129.3) 176.680 ms * 30 * * * the other sites stop at different routers btw. 3:37~> ping www.sun.com www.sun.com is alive 3:37~> ping www.microsoft.com no answer from microsoft.com earlier on www.zone.com wasnt resolving at all either. connections to european sites still seem ok though bit wierd..or perhaps Im just tired :) Cheers al

Re:more problems...

[xscarecrowx]

Microsofts site filters out pings :P
you could ping it all day and it wouldn't respond

Re:more problems...

[Spasemunki]

If it was gone before, www.microsoft.com is up now. Zone.com is up and alive too.

Re:more problems...

[Jon_Katz]

I think microsoft.com drops pings, so it will never pong.

Re:more problems...

[ottffssent]

This morning, I was looking for a keyboard file at microsoft's page, and noticed that the main page said something like 'this page is under construction' which is obviously BS: they'd just copy the new HTML over, and there'd be no downtime. Besides, none of the rest of the site was affected...wonder what's up.

Re:more problems...

[xscarecrowx]

I was reading other posts about not being able to load ms's page and i said i could. I go and test it out again 5 minutes later...
poop
it's dead
looks like someone is having a free for all?

Re:more problems...

[Covener]

It's pretty ineffective to use ping/traceroute to gauge a webservers uptime.

A good % of routers/nets/hosts don't return pings.

Re:more problems...

[sracer9]

I wonder if this really is a typical DoS attack or something else? Around 6-6:30 pm PST, my DSL connection flaked out on me. I've been tweaking my router and trying to fix it to no avail. I checked out http://www.users.uswest.net/~scottz/download.html and found many areas with problems. Some won't even try to connect, while others go just fine. Seems like whole regions are out right now. Even having serious troubles accessing /. Weird...

Re:more problems...

So, having trouble accessing /. is absolutely normal. It sucks, remember? You dumbass turd!

Re:more problems...

warning: idiotic hysteria ensues. Just because you can not reach microsoft.com does not mean that it is down.

Re:more problems...

try reaching them on the http ports. Microsoft has a firewall at their network border.

FBI on the case

[eagl]

The news report I read on Yahoo (or was it CNet?) just before it also went down said that the FBI had narrowed "it" down to 50 potential web addresses.

Make the bad man stop.

more problems...

[cadelor]

(yes I know what the preview button is for!)
Hi,

After getting interupted from a game of AOE...I noticed that www.zone.com wasnt responding..nor was microsoft.com..nor ibm.com...nor novell.com.

ok big deal so I kicked the network cable....

not so:
traceroutes to these sites show that packets are getting close but then stopping:
traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets
15 * icpmscomc7501-a0-00-1.cp.msft.net (207.46.129.3) 176.680 ms *
30 * * *
the other sites stop at different routers btw.

3:37~> ping www.sun.com
www.sun.com is alive
3:37~> ping www.microsoft.com
no answer from microsoft.com

earlier on www.zone.com wasnt resolving at all either.

connections to european sites still seem ok though

bit wierd..or perhaps Im just tired :)

Cheers
al

This is really not good...

As a friend of mine is apt to say

"Some bad shit is goin' down man."

And I don't like it one bit.

It's a brave new world...

[fiori]

Where AOL's network model (i.e., private not public) provides a better security model for corporate web site. More spam, but DoS?

Uh-Oh, It's That Unfortunate Anarchy Again

[Fleet+Admiral+Ackbar]

This is truly a shame.. for the folks who mistook the Web for a corpoplayground as thoroughly and revoltingly controlled as the mass media.

What if we could DoS NBC every time they knowingly aired a false, misleading story?

What if we could DoS USA Today every time they printed more anti-gun propaganda disguised as news?

The Web is not yet completely controlled. Good. I'll put up with no eBay for a couple of hours simply to preserve the last vestiges of the Net as we knew it once upon a time.

May I remind you, nobody ever DoSes metalab, or gnu.org, or any of those places which are true cornerstones of the Internet. Yahoo? eBay? Amazon?

Fuck 'em.

Re:Uh-Oh, It's That Unfortunate Anarchy Again

do I agree? ya. the fonze

ha rhar

Tell me when something useful is taken down. All of these sites have become sell outs and there are much greater alternatives to them... long live Odigo!

WTF?

news.com is very slow so it might be under attack as well. www.sgi.com is completely dead. what the heck is going on here?

Re:WTF?

[xscarecrowx]

Um... I can load SGI fine maybe it's just you?

Re:WTF?

www.microsoft.com too

Re:WTF?

uhh microsoft.com works for me?
ya'll need to lay off the crack

Re:WTF?

Actually, microsoft.com works for me. But sgi.com still does not respond. adobe.com also. same goes for intel.com

The same things happens from another (remote site), so it's not our ISP. This is either a major attack to all sorts of sites, or a major backbone breakdown.

Re:WTF?

Better still to take the time and responsibility to bulletproof your child. A little discipline and a little caring is all it takes.

Re:Slashdotted

[brokenwm]

You know, I checked out CmdrTaco's web site. Do you think he would be interested in illustrating fat-time for me?!

rbl those networks?

[jesser]

Is it possible to tell, from the outside, whether a network has properly configured routing filters? If so, I'd like to propose that a list of messed-up networks be listed somewhere, and in 3 months, all the sites on this list that hadn't been fixed would be added to one of the popular blackhole lists until they are fixed.

That wouldn't prevent attackers from within those networks from spoofing out, but it would encourage ISP owners to double-check their routing configuration.

--

Re:rbl those networks?

I don't think you can check untill someone tries to use the network incorrectly. It would be almost imposible to tell.... Untill someone used it for an attack from the inside.

Re:rbl those networks?

If so, I'd like to propose that a list of messed-up networks be listed somewhere, and in 3 months, all the sites on this list that hadn't been fixed would be added to one of the popular blackhole lists until they are fixed.

Better yet we get a possy of pissed off admins to storm the relevant ISP's beat the offenders with rolled up RFC's

Re:Talk about lame, shorting stocks?

[Doomsayer]

The only logical reason for these attacks that I can see is that they'll temporarily lower the stock price of the corporations who own the sites which were taken down. The stock market was car bombed in Venezuela once by people shorting the stocks to make some quick guaranteed gains.

A clue to the attackers in this case would be to find who had very leveraged short term shorts in these companies at this time. This attack would only be financially worth it if you had say on the order of 10,000 shares short, so it should be noticable in stock transaction records.

The net in general including slashdot has felt slow in the last few hours, has the internet in general been caught in the crossfire?

cause it's a DISTRIBUTED DOS attack

[Smack]

basically, the hackers scan large groups of IP addresses looking for known vulnerabilities. The goal here is to get root on a few hundred systems, or more. It doesn't matter if they have nothing of value on them. On each of these systems, they install a copy of their client. They can then wait as long as they want before moving onto the actual DOS attack. When they're ready, they use a "master" program to initiate the attack from all the hundreds of clients. Big attack, very hard to stop.

Dozens of PEOPLE don't need to keep the secret. Dozens of COMPUTERS do. And 1 person.

DOS Solution?

[GenChalupa]

I have to say that as an engineer at a large firm, I've logged quite a number of hours researching ways to sucessfully defend our technology against such attacks. It seems that as technology proliferates, and the Internet becomes a global interchange, things like this will increase exponentially. This is not good for eBusiness, as it leads to increased government regulation.

Last month I got with an old college roommate of mine (Hi Jimbo!) who now works at a major hardware powerhouse, and we threw ideas around that may help combat the problem of crackers and l33ts nailing systems to the wall. I suppose this is as good a place as any to publicly gather feedback.

Our first idea was for a "safety net" of sorts, gathering IPS and validating DNS, packet info, etc before return transmitting data. The system, the Gathering, Researching, Intelligent Transport System (GRITS) could theoretically decrease the DoS attack exponentially.

One problem we found with GRITS was its effect on servers running Apache. We dubbed the problem the Nailing Apache Transport Access Line Interface Expansion, or NATALIE. It seems that GRITS petrified the NATALIE port, man.

Our next theory was pretty clever, if I do say so myself. Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative. So to counter DoS, we developed the Transit Rerouting Of Low-Level Systems, or TROLLS. TROLLS worked well, as not only did it prevent GRITS from petrifying the NATALIE port, man, but it eliminated cracker attacks.

I hope this helps. I am always glad to assist fellow engineers here on good old /.

General Chalupa

Re:DOS Solution?

[Bill+Currie]

LOL, that has to be one of the more original grits/petrification posts I've seen. Made my day

Re:DOS Solution?

[Mr.+Flibble]

LOL! FINALLY a funny Natalie/Grits post.

Re:DOS Solution?

[ruud]

But does your system run on Gnulix?
--

Re:DOS Solution?

[handorf]

ROTFLMAO!

General Chalupa, I salute you!

Do we have a late beanie award for "Best Grits/Natalie Portman post"?

Re:DOS Solution?

[Skip666Kent]

Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative.

Exactly. The solution lies in what I like to call the Primary Array Network Transaction Service, a wrapper of sorts for the GRITS subsystem. When you put the GRITS into the PANTS, you'll find that most of your DoS woes disappear, to be replaced by a sensation of warm satisfaction.

Re:DOS Solution?

Say what you want to about all the n*p* grits trolls, but IMHO that deserved the Score 5, he had ME going for a second.

On the other hand, that boy has WAY too much time on his hands.

Karma ho turned AC for once :)

wall street likes it...

[CyberDong]

Looks like the thing to do for stock prices...

ebay - up 3
amazon - up 8
yahoo - up 19

What if you did this the day BEFORE your IPO?

- - - -

Re:wall street likes it...

[bgdarnel]

What if you did this the day BEFORE your IPO?

Actually, Buy.com's IPO was today, and they were DoS'd this morning. The stock closed at 25 1/8 from an opening price of 13.

Uh, no it wouldn't

[Seenhere]

As has been pointed out elsewhere... If these coordinated DoS attacks use compromised boxes, they don't care about IP spoofing. The boxes don't belong to the perps anyway.

You don't even need to root the boxes to do this (user space compromise is enough). Spoofing packets is beside the point.

--Seen

This is better than Wrestling!

[Covener]

I came across these in logs for the first time that I can remember (and that's 3 years on PSU residence hall net and @home cable, tons of shady stuff on both all the time) ...what is the running theory? Some massive distributed attack? A worm with a really neat payload? Is it more likely that 40 elite bastards are wrecking havoc, or that 400 lame MCSE holding iis admins are compromised and still don't know it? Also are we missing something...Is it possible they aren't taking out each of these arbitrary sites and instead laying the smacketh down on above.net, uunet, etc.? Maybe someone has found a way to make some important routers totally shit the bed. kernel: 209.232.131.28 sent an invalid ICMP error to a broadcast.

Re:This is better than Wrestling!

Maybe someone has found a way to make some important routers totally shit the bed.

Many Ciscos are very log-happy, and will log certain events above all else. Give them enough events to log, and they'll do that to the exclusion of any other task (such as... routing).

Peanut butter's good, too

[Mr._Anderson]

.

Re:True

[acomj]

We had a lecture from a MIT (jeff schiller) networking guy and network security. He said the biggest problem was ISPs not configuring there routers to do this.. Cisco now ships with these checks ON as default (or is supposed to be..) Most people don't configure routers correctly anyway..

I can't find the slides from the lecture... They were good all about smurf/dos attacks etc..

http://web.mit.edu/afs/net.mit.edu/mit/jis/jis.htm l

moderate that down

[ArchieBunker]

seriously

BU7 K3V1N IZ FR33. WH4T D0 J00 W4N7 N0\/\/????

l00z3r.

Re:BU7 K3V1N IZ FR33. WH4T D0 J00 W4N7 N0\/\/????

That's too damn funny. Somebody moderate that up!

Re:BU7 K3V1N IZ FR33. WH4T D0 J00 W4N7 N0\/\/????

[roblimo,]

*sigh* the standard of trolls is going way down recently.

ROTFL.....

damn there are some creative people here hahaha

Oh dear

[Mr.+Eff]

Well, I've noticed that a lot of smaller sites are nearly impossible to get to as well as the big ones. The worst part about this is that:
1) The media gets a new excuse to talk about the evil "hackers"
2) It doesn't take a "hacker" to do this type of stuff
3) This will give the government and government agencies new excuses to try and exert further control over the Internet's infrastructural development
I think we are all better off if we try to make e-commerce work. If people sabatoge the big internet companies, no one will get to play with the Internet (exaggeration, but you know what I mean). God, I remember 8 years ago, going on the net using a 2400 baud modem. Back then, you could never expect to get around the net consistently. Now we expect everything to always be available. I just realized how spoiled I've become...heh
Mr. Eff
Z?

Re:Oh dear

[Wraithlyn]

I've had the same problem with smaller sites, but I believe it's being caused by the slowdown in Alter.net in Chicago.. it seems like half the sites on the net go through Chicago from Canada, where I am.

There was an earlier post than mentioned this, and also had a good link; Internet Traffic Report.

they did it because they got on CNN

[Smack]

fame and attention is the ultimate goal of a hacker. the idea of seeing something they triggered by pressing a key in telnet end up on CNN must be quite a motivator.

Re:they did it because they got on CNN

[C.Lee]

>fame and attention is the ultimate goal of a hacker. the idea of
>seeing something they triggered by pressing a key in telnet end up on
>CNN must be quite a motivator.
You can also thank Jack Valenti for this also. The war the MPAA instigated is going to turn real nasty real fast and a lot of innoncent people are going to get caught in it.

UUnet as well?

[Pyrofreak]

It also appears that UUnet is taking some heavy hits..... the routing table is like a bowl of spagetti noodles right now..... i'm on my backup accound through another provider right now.... i can't get a ping under about 10 min on UUnet.

Re:UUnet as well?

[jihad23]

At the risk of being redundant, UUNET suffered a major backbone outage earlier today. According to their system status monitor, everything is back online now.

Turn on, log in, burn out...

Re:UUnet as well?

Heh. I'm on my third backup connection now and nothing has less than 5 second ping times. The entire western us appears completely hosed.

still fubar

[ArchieBunker]

5 Serial3-1-0.GW2.PIT1.ALTER.NET (157.130.33.21) 25.287 ms 24.942 ms 26.322 ms
6 Serial3-1-0.GW2.PIT1.ALTER.NET (157.130.33.21) 26.5 ms !H * 28.314 ms !H

well maybe its just alter.net, 100% packet loss is a good day for them.

Is Slashdot ready?

[a9db0]

Those responsible seem to be making the rounds of high volume/high profile sites. How long before Slashdot becomes a target? Rob, are you ready?

Once the dust settles it will be interesting to see who all of the victims were. Whatever pattern there is will probably be deliberately misleading.

Re:Uh, yes

If they were using a real address, it takes very little effort to block it from the router side.

Una-DoSer?

[jagapen]

I wonder if perhaps there's a political motivation behind these attacks? This sort of terrorism worked quite well for the Unabomber, i.e. hit 'em where it hurts in order to get a high enough profile in the media to get your message heard. Without such a dramatic way of getting attention (or a lot of money), it's hard to be heard by a significant number of people.

Well, at least I hope that's the motive, because otherwise it's really freakin' pointless....

Re:Una-DoSer?

[xscarecrowx]

If it's anyoen it's China
there have been rumors of China organizing a r337 squad of goons to use for internet based attacks... But honestly it probably would have been worse and much more destructive if it was them..

Re:Una-DoSer?

I'm telling you it's l0pht! They're shutting down the entire internet, just like they said they would!

political motivations

it seems like they are only attacking big corporate sites, perhaps they are doing this in protest of the commercialization of the net...

Re:political motivations

[Baumi]

Looks like this can't be said often enough: If those people had political motivations, they would voice them, as well.

Even terrorists who commit far more serious offenses always offer a statement of their intentions, no matter how twisted those might be.

It's like somebody stealing a car and crashing it. If that person then steps up and says this action was in protest against such and such, then it's still a crime and punishable, but it can also be considered to be an act of protest.
However, if that person just crashes the car and runs, we most likely have a "crash kiddie" who's just doing this for the kicks of it.

So unless someone speaks up and verifies that they're behind this deal, I would rule protest out.

Not that I would like the options that leaves us with. :(

Baumi

Re:political motivations

When they hijack MY machine to launch an attack, they are also attacking ME! This explains all the probes to TCP port 111 (See the recent CERT advisory about DOS/RPC), I've been seeing, starting in Nov. till now. Most Linux distros come with portmapper turned on. If you don't use it, turn it off!

Re:political motivations

[Rakarra]

Perhaps. Or maybe, as the Onion so wonderfully parodied, "Hackers (who broke into government computers) admitted hacking tide.com didn't give the same thrill."

Misinfo: Distributed DoSs are not new

[adraken]

I was watching ZDTV just a few seconds ago and realized something: even the technically "savvy" news people seem to be confused. They said "denial of service attacks have been around for years, but the tools to do distributed denial of service attacks have only come around in the last 6 months or so." This just nags at me. I seem to remember this (first?) distributed denial of service attack: smurf.

This probably is a little different from what people are theorizing, but it works essentially the same way (or even better). Basically the perpetrator sends out a few spoofed ICMP packets with the victim's IP as the source address. These packets have subnets as their destination, so theoretically thousands of machines reply to these false ICMP packets towards an unwitting victim while the perpetrator only sent maybe a few packets.

Re:Misinfo: Distributed DoSs are not new

[limp]

Reminds me of this story A new kind of high speed internet access called ethernet

Re:Misinfo: Distributed DoSs are not new

[treat]

I seem to remember this (first?) distributed denial of service attack: smurf.

I would not call smurf a distributed DoS attack. A distributed attack usually means that the attacker is doing it from multiple machines (and most likely, multiple networks).

Even if you consider smurf a distributed attack, there have been distributed DoS attacks as long as there have been DoS attacks of any kind. It's the obvious way to perform a bandwidth starvation attack.

The only thing that's new is that there are sites on the net so important that when they go down, it gets reported in the news.

Re:Misinfo: Distributed DoSs are not new

[Isomer]

As I understand it what is new is script kiddies
breaking into hundreds of machines and installing
a DoS 'client' on each of them. Now on command
all of these 'DoS machines' all start smurfing/
pingflooding/synflooding/whatever the target. Now
before it used to be difficult to trace back a
smurf and find the originator. But now you've
got to find a few hundred of them.... And if you
close down even 1/2 of them, they'll find another
100 again tomorrow....

Dead - Dead??

[ylem]

As of 22:38 CST. Unreachable include:

www.ibm.com
www.microsoft.com
www.foxnews.com
www.nydailynews.com
www.mtv.com (no big loss)
www.cnn.com

We are talking some massive computing to take down so many big sites! If someone is out to prove a point - I cannot wait to hear what it is. Are we soon to see ransom demands? Give if $$$ or we'll guarantee your site will be dead for 2 weeks? Sigh...

Re:Dead - Dead??

[PD]

IBM dead? That's interesting. I posted just a while ago that I can't get to www.altavista.com. Well, I'm at work at IBM right now and every site I touch is very slow, which is damn unusual for 11 PM Tuesday.

I wonder if the internet in general is having problems, or if IBM is also a target.

Re:Dead - Dead??

[billybob+jr]

I just accessed all of those sites from my home computer. Didn't take more than a few seconds for any of the websites to load (over adsl).

Re:Dead - Dead??

SHUT UP!! SHUT UP!!! WILL YOU SHUT THE FUCK UP!!! FOR CRISSAKES YOU GOD DAMNED PARANOID FUCKER EVERY FUCKING UNREACHABLE SITE ISN'T A FUCKING DOS ATTACK!!! WHAT THE FUCK IS WRONG WITH YOU PEOPLE?!?!?! JEZUS YOU REDEFINE PARANOID! MORE LIKE RETARADED DUMB TURDS!! SHUT UP ALREADY!! SHUT THE FUCK UP!!!! GODDAMNIT! HAVE A DISCUSSION FOR ONCE WITHOUT BEING A PARANOID ASSHOLE!!! DIE!!! ONE BULLET!! MAN WAS NEVER ON THE MOON!!! THE INTERNET IS UNDER ATTACK!! MY ISP IS SHITTY BUT IT MUST BE AN ELITE HACKING TERRORIST GROUP OR THE GOVERNMENT IS PAYING THEM SHUT THE FUCK UP

Re:Dead - Dead??

Thats easy to explain, take out the bandwidth providers to those hosts, and they'll stop responding fairly quickly. 1gb/sec is going to be noticed on every network it crosses

Re:Dead - Dead??

I find it kind of interesting that a couple of the sites mentioned (cnn, microsoft) are not pingable but are accessible via http. I wonder if these places are just filtering all ICMP packets as a preventative measure?

Re:Dead - Dead??

Microsoft has not been pingable for at least the last year. Not that it matters, a good DDoS tool would send real page requests on port 80.

A Challenge!

[SMN]

So now that VAndover owns Slashdot, let's see if their servers are as good as they claim: Challenge these guys to DoS /.

Think about it - if all these sites go down because of the slashdot effect, then all the people visiting them must have visited slashdot first. If the servers can hold this kinda load, what's another one or two billion more pages served per minute gonna do?

Heck, I'd be surprised if slashdot can keep getting slower at this pace much longer - it gets worse by the day.

Even better - let's sic 'em against the MPAA site. Or Amazon-the-patent-bully, or Microsoft. Or better yet, point them all at John Katz' home computer and maybe it'll stay down long enough that we can get some peace and quiet around here.

Re:A Challenge!

[dennisp]

Each of the hosting boxes slashdot uses to host probably have 100mbps interfaces. Since they are just doing round robin, you could just take down one box and a 1/3 of the people visiting the site would receive errors. Their provider, dn.net, probably has somewhere between 500 and 800mbps aggregate bandwidth capacity (at least out -- I don't know how oversold they are in). This does not translate to actual bandwidth on the internet because of bgp routing tables as well as a number of weak peering arrangements between ISP's.

In other words, someone could probably easily temporarily take down slashdot if they really wanted to. Of course, the same goes for any other site without very large amounts of bandwidth capacity as well as filters.

How is slashdot prepared

[Hephaestus_Lee]

What precautions has Slashdot taken to protect itself from attacks, and keep us informed on the bleding edge geek news?

--
Hephaestus_Lee

Re:How is slashdot prepared

[PurpleBob]

Simple. It goes down on its own enough that if it were ever DoS'ed, we'd never notice.
--

michael's update...

[nicedream]

Although I don't really trust the gov't at all, the whole "conspiracy" theory seems to be a pretty
big leap.

Should slashdot really be getting this far into speculation?

Anyone else made this connection?

[Covener]

Wasn't today supposed to be a troll parade day?

Looks like they're sick of being unappreciated.

AOL Instant Messenger?

Anybody notice that IM's been down a few times from coast to coast today?

Re:AOL Instant Messenger?

[mill5ja]

Yes, it has been. I would not be suprised if they had been DoS also. jason

Re:packet monkeys deserve hollow-point enemas

and they say gun owners need to make-up for their small penii...

No. They say your gun is an external representation of your manhood.So... you say you own no guns, eh?

Revolution?

[swordgeek]

Damn!!!

I've spoken out against the brainless JDs currently known as "Script Kiddies" (known a generation ago as "vandals") on numerous occasions. I've also spoken out repeately against the bloodthirsty commercialisation of the web (and by extension, the whole 'net).

Now the vandals are attacking the bloodthirsty marketers, and using the most non-damaging method they can. More than that, they're doing it in an organised and persistent manner, from the looks of it. This is the equivalent of a blockade--a formal, organised protest. Not throwing rocks through windows so much as linking arms in front of a police line.

For the past year, I've been saying that a massive revolution was in the works (echoing my beliefs of 15 years ago, when as a high school student, I belived I'd see the next social revolution in my time).

I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.

I kid you not, folks. There is a slight (ever so slight) chance that last night, with the crippling of Yahoo, we witnessed the very beginning of history's next social revolution.

Of course, this could all blow over in three days, when the MPAA announces that they own Sony, as well Microsoft, Netscape/AOL, and Time-Warner. I could be entirely full of shit here.

But, the fact still stands. We _will_ see a real revolution in our day, and it will probably start right here, online.

Hold onto your hats kiddies. It's going to be a bumpy ride.

Re:Revolution?

[Covener]

Why does every moron fuck insist in including every buzzword imaginable in every post?

Script kiddie sure is appropriate...i mean who hasn't downloaded
wreckyahoo_and_cnn_and_ebayandeveryothercommerci alpowerhouse.pl

Not being able to get to your yahoo java portfolio manager or play hearts is hardly a revolution.

Re:Revolution?

[Eubeleus]

> we witnessed the very beginning of history's next social revolution. Umm... one slightly-more-coordinated-than-a-15-year old skript kiddie and hudreds of thousands of annoyed users (who are annoyed in a would like to give the kiddies a red hot poker enema way) does not a revolution make. I'm just waiting for someone to throw in the typical, tired old 'kiddie-exploit' relativist blabbering that we do it cuz we can, to show you whats wrong with your software when these particular attacks could very well be spawned of no other 'failure' of the technology other than that those sites allow anyone to use them. Do we have people maliciously jamming up freeways with their cars 'just because they can'? Because there aren't any 'safeguards' to stop their traffic? If someone parks their car in a busy freeway, they get a ticket or thrown in jail. Why should it be any different with the Internet? It's becoming just as pervasive in our lives.

Re:Revolution?

[lordxois]

It isnt the fact that people couldnt read their yahoo mail for a while, its the fact that it seems to be that someone or some group is making a real statement, even if nobody has any real clue what it is yet. This could just be them getting everyone's attention, using their resources, however they were aquired (probably by gaining high enough access to about 50 comps and installing a client), and letting everyone know that they are there. 1GB of traffic is quite substantial, I dont know very many sites that can withstand an onslaught like that. Besides, if it was as easy to do as you say, why hasn't anyone done it before? Simple, no one has had their shit together well enough until now. I think it is possible that this could be the beginning of something, what, i have no clue, but, definately could be a beginning. As mentioned earlier, this could be the grounds that the government uses to put a deathgrip on the internet, and that would definately cause a revolution online, who knows, surely not me.

Re:Revolution?

[Hephaestus_Lee]

Yes, but at least when the hippies and civil rights activists linked arms around police chains the media wasn't treating it like they where crippling major cities. If a revolution this is, the media has decided for us already it is one via nuclear assault, so ii will be hard to get support behind.

--
Hephaestus_Lee

Re:Revolution?

Except that this isn't any better than terrorists who destroy things but don't actually tell people WHY they're destroying things. What kind of a revolution is a DoS attack, even 5? I mean, I hardly think of people defacing webpages as making public statements, but at least there people are trying to send a message. What here? This isn't dumping bags of tea into the ocean. Tomorrow we'll have lots of crazy people claiming they did it, most of whom don't actually have the skill to have pulled such a thing off. And what will that tell us? Some people are crazy and some people know to keep their mouths shut because they don't really have a cause to fight for.

Of course, this could all blow over in three days, when the MPAA announces that they own Sony, as well Microsoft, Netscape/AOL, and Time-Warner. I could be entirely full of shit here.

Well, considering Warner Bros. and Sony are 2 of the 7 members of the MPAA, that would be quite a surprise.

Re:Revolution?

[crush]

Now the vandals are attacking the bloodthirsty marketers, and using the most non-damaging method they can.
Or, is it the safest method that they can? Speaking for myself, I would choose the way that was less likely to get me caught.
This is the equivalent of a blockade--a formal, organised protest.
You reckon? Where's the statement of intent then? A protest without any aim is just similar to throwing rocks through any old window (what's so wrong with rocks through the right window anyway?) which is simply vandalism.
Just because we dislike the commercialism doesn't mean that we have to cheer senseless, purposeless acts. Also, this may give an impetus to all the controlling tendencies - do you not think this is more likely to damage freedom on the net than promote it? A revolution without a goal, without a hope of success, without a plan, without sincerity is just an invitation to be hurt for no purpose.

Re:Revolution?

[swordgeek]

"Or, is it the safest method that they can? Speaking for myself, I would choose the way that was less likely to get me caught."

Nah. There's not really any substantial difference in personal security between launching a DoS and, for instance, a defacement.

"Where's the statement of intent then? A protest without any aim is just similar to throwing rocks through any old window"

You're right, of course. HOWEVER, yesterday this was just a huge DoS against yahoo.com. Today it appears to be more organised. Maybe tomorrow or Friday or next week, we'll get a formal statement from (whoever). Who can say from where we sit right now that it won't happen?

Again, remember that I freely admitted I could be full of shit, this time, but someday it's going to happen for real.

Re:Revolution?

[MrEd]

Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users (whether they be NSA agents, script kiddies as you claim, or international Men of Mystery) exploiting the vulnerabilities of TCP/IP to overload prominent websites. It's not a revolution. And it's not "the equivalent of a ... formal organized protest", it's a Denial of Service. The virtual people going to sell their souls to the capitalist god on Yahoo aren't seeing any virtual protesters, they're simply getting a blank screen and an annoyed look on their faces. It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters.

I won't try and tackle your label of "Bloodthirsty marketers" in full. You're going to have to accept that we live in a capitalist society, and given the technology to organize businesses on a large scale, large companies are going to form for the exclusive purpose of making money. That's the way it is. Nothing will eliminate the Big Evil Corporations save for complete social reform, which doesn't look too likely (communism's not looking too hot as a replacement). And reform will certainly not stem from the Internet, we're just all too rich! Look at yourself! Do you own the computer you're reading this with? Do you have a job? Your own house? Congratulations, you're safely ensconced in capitalism. You can whine and kick and scream, but knocking down web sites is not going to touch off any revolution. All it'll do is give the Powers That Be excuses to implement more security to protect the livelyhood of the folks at yahoo, eBay, Amazon, and CNN. This effort is counter-productive. You know of better ways to educate people about the problems of North American society than this! Please don't support the script kiddies (if that is who did this, the NSA's not ruled out for sure).

Moderators, realize that not every message with "Moderate me down if you must" deserves to be moderated up! Ignore that trash!

Re:Revolution?

[swordgeek]

"Do we have people maliciously jamming up freeways with their cars 'just because they can'? Because there aren't any 'safeguards' to stop their traffic?"

Nope, and I've said the same thing many a time. If we used the same defense in the real world, then we'd all have to have Fort-Knox level security for our houses. Personally, I would NOT be thanking the first person to come along and point out to my sleepy town how stupid it is that we trust each other with unlocked doors. (to borrow an analogy from Cliff Stoll once again)

But there's something about this that <i>feels</i> different. it feels like something is in the air, and if it doesn't come to a head this time, then maybe next time.

Bottom line--it doesn't feel like 'just because we can' is the underlying reason for this one.

Re:Revolution?

[HerrNewton]

Take a look at the targets, friends. Someone already mentioned that pillars of morality like GNU.org, W3C.org, etc. aren't (yet -- big yet) being taken down. It's your upstarts who've launched a thousand-squared newbies onto the net, a thousand-squared clueless idiots.

• Yahoo.com. Started as a nice little index running in a dorm room. Now? Collects marketing statistics first and foremost and THEN runs an index on a server farm.
• ABC. Owned by Disney. (Nuff said.... no offense, Rob.)
• eBay. Relatively okay company, but they won't allow outsiders to provide searches into their pages. Not a good thing.
• CNN. I don't have a bone to pick with CNN. I'm guessing this is a notierity issue.

Take a look at the rest of the list of currently downed servers then ask yourself, "Who have they pissed off recently?" Judging by other sites others have mentioned prior to this post, it looks as though someone is going after the companies that are pervasively commerializing the Web -- the companies which have fenced off their portion of the commons, and pissed on whatever parcel they left the rest of us.

(And who the hell moderated the original post as a troll? Would somebody please mark it insightful? It'll get fixed in meta-mod., hopefully))

----

Re:Revolution?

[swordgeek]

If you're refering to my use of script kiddie, it's entirely appropriate. It's a fucking DENIAL OF SERVICE! It's not brain surgery! It's not rocket science! It's a bloody, copyable, reusable, no-thought DoS that is the first refuge of the incompetent cyber-vandals. (look! Another Buzzword!)

Re:Revolution?

[crush]

Again, remember that I freely admitted I could be full of shit, this time, but someday it's going to happen for real.
Well, you're not the only one that hopes there's going to be changes ;-)

Re:Revolution?

[orangecat]

I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.

But it isn't just the bloodthirsty marketers that they are targetting. Those just happen to be the ones who get the publicity.

They cause *huge* problems for the people who run, for example, IRC servers. These people are paying out of their own pockets to provide a free service, and are getting hammered for it. What's the purpose in that?

And they aren't using their own resources for these attacks. They're using resources stolen from other people. My university went through a period of time last year when there were so many hacked accounts being used for outgoing DoS attacks that we'd be dropped off the internet for hours at a time.

And do you think they were truly doing this as an attack on the bloodthirsty businesses? Or just to show off that they have the power to take down such a large site?

Re:Revolution?

[swordgeek]

"Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users..."

and

"It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters."

Yeah, but as Red Green (OK, and a thousand others before him) said, 'first you have to get their attention.'

I said that this could be the beginning of a revolution. This isn't the revolution by itself, and in fact may be nothing.

As for the bloodthirsty marketeers, I won't deny capitalism, or even that it's a (fairly) good thing. However, we're starting to see the results of the gross abuses of capitalism, as it runs smack into the power of the Information Age(tm).

I'll be the first to admit it--I'm living well. I rent an apartment and drive a 20-year old beater, but I own my computer, have a good (and fun!) job as a sysadmin, and was drinking outrageously good wine last weekend (Yalumba Octavia, 1990 was the highlight for anyone who cares). Capitalism Is Not Inherently A Bad Thing(tm).

But that said, I'm starting to fear for my privacy more and more; and so are others. Look at the (serious) WTO protests. Listen to the cynicism growing in people. Look at the number of Americans who are starting to venerate Richard Fucking Nixon, because they don't believe that they've seen anyone less corrupt since then!!! The middle class is gradually dissappearing. I honestly and truly believe that revolution is in the air, and will start on the internet. (specifically, on the web, since that's most of the internet these days). Maybe not today, but in my life. However, I don't think it'll be a revolt against capitalism, as much as a revolt against abuse.

As for the moderators, don't worry. They've moderated me down almost exactly as much as they've moderated me up on this post. :-)

Re:Revolution?

[swordgeek]

Shit, I'm not even sure I hope for it. I'm just convinced that it's inevitable.

:-)

Re:Revolution?

[swordgeek]

"And do you think they were truly doing this as an attack on the bloodthirsty businesses? Or just to show off that they have the power to take down such a large site?"

<p>Normally, I'd say the latter. This time, I've got a gut feeling that <b>this particular group</b> is after something more. That's why I posted in the first place. Only time will tell, though.

Re:Revolution?

[swordgeek]

"And do you think they were truly doing this as an attack on the bloodthirsty businesses? Or just to show off that they have the power to take down such a large site?"

Normally, I'd say the latter. This time, I've got a gut feeling that this particular group is after something more. That's why I posted in the first place. Only time will tell, though.

Re:Revolution?

Shit. Sorry folks. Disregard this one and read the properly formatted one. When are we getting extrans posting back?

Re:Revolution?

[broter]

...the companies which have fenced off their portion of the commons, and pissed on whatever parcel they left the rest of us.

Funny that they haven't taken down eToys.com yet :)

Re:Revolution?

[HerrNewton]

Or DoubleClick ;-)

----

Re:Revolution?

[Postmaster+General]

OK, you're getting just a little bit too carried away here.

Just take a nice, deep breath, step back, and re-evaluate the situation.

Re:Revolution?

[Spasemunki]

Sure this is a revolution. One on par with Woodstock '99, when a bunch of semi-drunken and/or stoned kids burned a bunch of trailers and tore the stage apart, occasionally mouthing something about being anti-materialist while robbing a gift shop. What we've seen today is nothing more than vandalism. Sure, there may be some sort of political ideology behind the choice of targets, and maybe there is some sort of organised group involved. But you neeed more than that to constitute a revolution. A real revolution is about taking apart old ideas that don't work and replacing them with new ones that do. These actions make no attempt to do that; they're just someone trying to cause people problems. If this is a protest, it is a very shallow and cowardly protest, and maybe even one that works against its stated goals. It reminds me of the masked "anarchists" in Seattle, proving their coolness to the world by commiting acts of "revolutionary terrorism" against unoccupied Starbucks coffe shops. If these people want to effect changes (and frankly, there has been no indication that they do; they may just get off on taking sites down), than they've picked a very superficial way to try and go about it.

Re:Revolution?

To interest that one has chosen FreeBSD. Obvious, DEB for its would choose, depending that on the face watched) the less restrictive authorization (or more. But in order which FreeBSD? USA only x86 and alpha at the moment (of last controlled time) and its not to where close to the emergency of OpenBSD. Of other part, the device of NetBSD has been turned towards the door side towards every always made mechanic. The only reasons could think which they would use concluído the FreeBSD that the others 2 (better) are than put how much ' the t it thinks subsidies SMP to OpenBSD however (dont it knows on netbsd, but since has begun such with the origins...) and the greater part of a-cleared people puts ' the t knows on the others two. And it must say that the customers of DEB of the leak-whore plow ' the t that troublesome to the small children like that glue who feel the odore of with pingüino the ASCII of the previous starter shafts. Small even used of t BSD. Bet of the writing of the hasn of the bets of the kiddie ' it is current forms.

Re:Revolution?

[Detritus]

Yes, but at least when the hippies and civil rights activists linked arms around police chains the media wasn't treating it like they where crippling major cities.

I remember the media and government going batshit when antiwar activists threatened to shut down Washington D.C. with demonstrations and blockades on major roads and bridges. The police and National Guard made mass arrests of everyone who was perceived to be a threat to public order, around 10,000 people were arrested.

Re:Revolution?

[Lazlo+Nibble]

"Do we have people maliciously jamming up freeways with their cars 'just because they can'? Because there aren't any 'safeguards' to stop their traffic?"

Nope...

Clearly you've never been in downtown SF at rush hour on the last Friday of the month, when gazillions of bicyclists get together to intentionally foul up traffic.

Re:Revolution?

[plunge]

not be a killjoy... but why? What's different? That's it's amny commerical sites. It's a really really simple form of attack- one person could have pulled it off. And even if they get caught (which they wouldn't if they did it right), it's a great publicity stunt. Perhaps if it's someone from another country? Osma Bin Laden on a laptop?

Re:Revolution?

Um....BINGO.

Re:Revolution?

[Admiral+Mouse]

CNN. I don't have a bone to pick with CNN. I'm guessing this is a notierity issue.

Remember that CNN is now owned by AOL, and AOL doesn't exactly have the best respect-of-privacy record on the 'net.

----

Re:Revolution?

Hmmmm, I think we could impliment some Red Greenish network security
Just patch(1) your kernel's bpf with duct tape;
and duct tape the mouse balls to the mouse, to stop those "cyber terriorists" who take down the internet in 30 minuets with stolen mouseballs.

and remember the routing table pledge
I am a routing table
I can change if I have to I guess


Public broadcasting at it's best

Re:Revolution?

[samantha]

You admire pure lawless trashing of the net and everyone on it? You admire it for what reason? That you like to see someone's finger in someone else's eye as long as the receiver has money? What a juvenile trip. I am amazed that such a lowbrow fuck-the-establishment post got a rating as high as 5. There is nothing revolutionary about raising hell with no objectives, no agenda, no plan, just raising hell. There is not a damn thing in the slightest admirable about that and if I catch the folks doing it I will do my best to them quite thoroughly punished. This is info-terrorism. And mindless info-terrorism at that.

Re:Revolution?

[samantha]

Amen. The massive traffic in the last day or two from these attacks drowned my sDSL vendor and flooded the house routers for several hours. The traffic on the net to attack and bring down a Yahoo isn't on some narrow direct pipe to the target but is eating major bandwidth all over the net. This is an ecosystem folks. People who spread poison poison us all.

Re:Revolution?

[Mawbid]

No, not 'just because they can', but French truck drivers tend to do this whenever they want higher wages.
--

Re:Revolution?

[shogun]

Well I have to agree there is no revolution going on here, however there is a significant historical precedent being enacted here. This is the censorship of major powers; ie corperate or government bodies by a or a few individuals. This is a counterpoint to the other major power of the net that is of individuals to reach a large audience with small effort and expense.
This power could be significant if the timing of such an attack is right as in these two examples:.

• A major online share trading site is taken down just as a very large and popular IPO is going on.
• The online voting booths for the first presidential election with online voting are taken out for the entire day.

The first example will just result in some company not getting quite the initial value hike expected from the IPO. The second case _could_ be quite significant however. It may just influence who is to become the President, a power that no small group of people without several [mb]illion to spare has had previously.

Re:Revolution?

[rsborg]

. It's a fucking DENIAL OF SERVICE! It's not brain surgery! It's not rocket science!

I won't disagree with you here, but please keep this in mind: They took down *Yahoo!*. This is important, not because of the technical difficulty, but the logistics of planning a DoS with enough false or hacked accounts to make a serious dent or stoppage of service of such a high-bandwidth site... AFAIK, the more prominent the site, the more difficult it is to create an effective DoS.

The fact that these guys haven't been discovered yet is also a testament to the type of planning needed to perpetrate this action. Make no mistake: this was engineered.

Re:Revolution?

[Plasmic]

You forgot to mention, unless I missed it, what the hell they're fighting for. I find it entirely too ironic that you say:

The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.

Umm.. hello? These stupid rebels attacked CNN. Why? For the hell of it. That's so phenomonally obvious that it's nauseating to see your comment rated a 5 when it's such hogwash. I am increasingly amazed at how little it takes to impress the Slashdot moderator. Maybe I'm overreacting; about 10% of me thinks that your post is sarcasm.

Social revolution against lame web sites? Give me a break. That's like blowing up Burger King because lots of stupid people in your town eat there.

Your assertion that they aren't throwing rocks at windows, but rather protesting is also entirely absurd. Let's see.. this analogy should be a tough one to come up with. Try this on for size: Sending packets to break a service is analogous to throwing rocks to break a window. Wow, that's complex. They are breaking companies' web sites. In addition, they broke buy.com's on the day they went public.

You don't think there's anything wrong with silly kiddies running around the Internet breaking random web sites in the name of .. let's see .. absolutely nothing? Give me (and us) a break.

Re:Revolution?

[dirk]

Take a look at the targets, friends. Someone already mentioned that pillars of morality like GNU.org, W3C.org, etc. aren't (yet -- big yet) being taken down. It's your upstarts who've launched a thousand-squared newbies onto the net, a thousand-squared clueless idiots.
Yahoo.com. Started as a nice little index running in a dorm room. Now? Collects marketing statistics first and foremost and THEN runs an index on a server farm.
ABC. Owned by Disney. (Nuff said.... no offense, Rob.)
eBay. Relatively okay company, but they won't allow outsiders to provide searches into their pages. Not a good thing.
CNN. I don't have a bone to pick with CNN. I'm guessing this is a notierity issue.

Now, let's take another look at the targets. Yahoo, CNN, ABC, Disney...the connection I see is that they are all high profile sites. You're right, GNU.org and W3C.org didn't get hit, that's because, in general, no one would give half a shit. Do you think these kiddies would have made every major news program for taking down GNU.org? Not a chance. Just because these sites are the "pillars of morality" on the internet doesn't mean people care about them. If GNU.org went down, how many people would notice? Maybe a tenth of the people the noticed Yahoo or Ebay being down (and that's being generous). You say yourself you can't find a reason for CNN being attacked, using your reasoning. That's because there is no reason other than these kiddies can see more of their handy work on the TV.

Re:Revolution?

[wanderingwalrus]

think you've hit the nail right on the head here!! it's more the rebel without a cause heer rather than any real revolution. It's basically vandals going, let's see if i can seriously piss off some people and have all these stupidly rich people in a head-spin.. which they evidently have. It's all for a bit of a kick really...

Re:Revolution?

[Gyver]

A real revolution is about taking apart old ideas that don't work and replacing them with new ones that do?

Is this anything like Russian peasants rising up and over-throwing the Tzar, only to set up communism in it's place?

No offence man, but I think that is an optomistic ideal.

It should read: A real revolution is about rising up to fight against something that is not agreed with, and replacing it with what you believe is the way thing should be, which another group of people probably don't agree with either.

Re:Revolution?

[Absynthe]

snip---->...the companies which have fenced off their portion of the commons, and pissed on whatever parcel they left the rest of us.
Funny that they haven't taken down eToys.com yet :) ----snip

I was thinking the exact same thing, didn't anyone catch all the etoy agents buzzing around posting warning around usenet, slashdot, et all ... saying "All etoy agents internic hasn't released the domain---defcon 5" and the messages moved down to 1 the saturday before this started. I'm not trying to pin this on the etoy people, but i was watching for them to do something. I suppose it's a red herring since etoys is still there, but just maybe they're warming up and grabbing attention for the coup de grace :)
/paranoia mode off

Re:Revolution?

[MrEd]

we're starting to see the results of the gross abuses of capitalism, as it runs smack into the power of the Information Age(tm).

I'm sorry, but I don't think your revolution is at hand. The power of the Information Age is what has allowed these groups of profit-seekers called 'corporations' to become so large and well-coordinated and profitable. In fact, revolution and FUD can be compared to one another... In both cases, the existing regime says, "Hey, just wait awhile for Social Reform 2.0, it's great, it'll double your happiness. Do your really want to try and use the system cooked up by those revolutionary whackos?" And right now, the system works well enough that nobody wants to take that risk.

It's true, the middle class is gradually thinning out, the wage gap between rich and poor is widening, and things are starting to become slightly tense here and there... But don't underestimate the power of greed and desire. The poorer North American citizen (who is not really poor in comparison to the rest of the world, don't ever forget that) will, 95% of the time, it seems, stick to his job, buy lottery tickets, anything to try and achieve the material opulence that commercials tell us is desireable.

The only future I see for revolution is in eighty or 100 years, when the oil runs out. That's when the shit's going to hit the fan. There'll be a world war over who gets to exploit the last dredges of the barrel, the OPEC countries versus the USA and the rest of the (me) first world. Hopefully we'll kill a lot of our population off, and maybe some wise people will have the insight that maybe our system doesn't work so well after all and we should just try a different way. Look at ourselves. For the first time in human history, we're soiling our own nest. When we run out of gas, how are we going to deal with nuclear waste? With neurotoxings from pulp and paper plants causing mutations in amphibians? With holes in the ozone layer? With the mass extinction and homogenization of species, whether they be crops or animals? I could go on.

There will (sadly) not be a revolution, IMO, until we've consumed and expanded ourselves to the very edge of the cliff. I'm sure humans will survive, but this will be looked back on as "The Golden Age".

One last thing... (90% of readers have moved on by now, I'm sure) Think of this little tidbit. Trees grow at 2% a year. If we logged at a sustainable rate of 2% a year, we'd never run out of trees. But interest rates are 10% a year. It's much more cost effective to cut down all the trees -now-, and invest the money in the stock market. How does that make sense?

Re:Revolution?

I tell ya man, it's them UFO space aliens bringing down the Internet.

Re:Revolution?

[iserlohn]

Your analogy is fundamentally flawed. Sending DOS attacks is no different than setting up a roadblock in front of a store. There is no actual property being damaged. To address your "blocking a service" concern, it may be unethical to hire several scores of people to call your competitors technical support line causing what amounts to a DOS attack, but probably not illegal. If your network is open, just like your door, you have to trust your visitors AND take the necessary security precautions. Also, there should be insurance for this kind of thing.

Re:Revolution?

[Plasmic]

I think that you attacked everything but the underlying point of my post. You may have weakened my analogy (except that you can't physically block people from entering a store or nail their doors shut, which is effectively what they're doing) and pointed out that a company isn't completely devastated by these attacks due to insurance coverage, but you entirely ignore the bulk of my reply. I dare you to enter into a rational debate defending the Parent post that I was responding to, as that's what I was attacking.

Re:Revolution?

Oh give me a break. This is a bunch of immature vandals playing a *very* expensive prank. How much money goes through E-trade every hour? How much money does Yahoo earn by serving 100 million banner ads. All these people have accomplished is to cost some companies a lot of money. Which means that the law enforcement folks will pay lots of attention to this. When they catch the people responsible, we can all read annoying stories on Slashdot about how "The evil government overreacted to a harmless little prank" or "It's just like that Kevin whats-his-face guy! It doesn't matter that you cost companies millions of dollars if you're just having fun" If these jackasses come forward, they are going to be arrested. And I hope their wages (allowances?) are garnished until they pay back the millions of dollars to the companies they attacked. That should only take a few thousand years for your average Joe. These people are not patriots or freedom fighters - they are criminals.

Re:Revolution?

[Spasemunki]

By "real", I intended to imply "ideal". A revolution in the ideal, optomistic sense. And the definition I offered is probably what people involved in a revolution would say was at stake, wether or not it is the reality. Whoever perpetrated these attacks makes no attempt at offering an ideological justification for their actions, or any manner of replacing the system they are trying to harm.

Real revolutions in the sense of historical revolutions have usually meant a lot of people dieing for someone's pocket book or ego, while backed up by some sort of political dogma. I'm not a big advocate of them myself.

Re:Revolution?

[LunarOne]

I've noticed this trend, and have tried tagging messages with "Moderate me down if you must", but it doesn't seem to help.

I suppose it's possible that the stuff I write is just so much dogsh*t, and such politicking will never help me .

Re:Revolution?

[Dream+Machine]

As for the bloodthirsty marketeers, I won't deny capitalism, or even that it's a (fairly) good thing. However, we're starting to see the results of the gross abuses of capitalism, as it runs smack into the power of the Information Age(tm).

And what exactly are the "gross abuses of capitalism" ? Spam emails? Minor annoyances such as people calling you as you sit down to dinner? I'll take that over gulags, stormtroopers, and torture chambers any day. These "social revolutionaries" need to poke their heads out of their parents garages and get out into the sunlight, look around and see just what a wonderful life "bloodthirsty" capitalism has given them.

Dream

Re:Revolution?

[iserlohn]

Yeah, I can spend all day "debating" with some self-righteous protector of freedoms. Sure.

You can do a lot of things that can cause damage to others, that are perfectly legal too. If they can find the guy who did it, they can take him in for damages under tort law.

I don't think it's a good idea to criminalize everything that causes finacial damage, or else god will have to spend a lot of time in the slammer.

You get my point now? Hopefully next time I don't need to spell it out for you.

I'm not interested in your "debate". I did not "attack" your post. I merely pointed out a flaw in your analogy. If you can't take that, go pop a blue pill and get some rest.

Re:Revolution?

[Gyver]

Ok, now this I will most definatly agree with.

Very well put.

Re:Revolution?

[swordgeek]

The "gross abuses of capitalism" could be better explained by someone like, oh, Jon Johansen.

Remember him? Arrested? Detained? Property seized? All at the behest of the movie industry in a foreign country?

Re:Revolution?

[swordgeek]

Hell, it's three days later, probably no one's still reading, but I can't resist another comment. This has been one interesting bit of discussion!

<p><i>"It's true, the middle class is gradually thinning out, the wage gap between rich and poor is widening, and things are starting to become slightly tense here and there... But don't underestimate the power of greed and desire. The poorer North American citizen (who is not really poor in comparison to the rest of the world, don't ever forget that) will, 95% of the time, it seems, stick to his job, buy lottery tickets, anything to try and achieve the material opulence that commercials tell us is desireable."</i>

<p>The crucial point is that historically as the middle class gets smaller (they split into richer or poorer), the lower class gets poorer. By the time the middle class is gone, the lower class is _really_ lower class, usually subsistence level or below. That's when revolution starts.

Not DOS just /.

[TheBashar]

After reading the original /. posting that Yahoo was taken offline, I think most /. users must be checking to make sure all they're websites are still working. This massive group traffic is clearly what's responsible for the order of magnitude increase in traffic to these sites. We better hope the FBI doesn't come knocking on Rob's door. He is organizing all this right?

Re:Slashdotted

[CyberDong]

Like the Lego machine gun site. Gone when I went back to download the plans...

- - - -

www.microsoft.com doesn't respond to pings

[robhancock]

www.microsoft.com doesn't respond to ping requests. Probably to protect against ping flood DoS attacks.

Re:www.microsoft.com doesn't respond to pings

oh no Microsoft's not responding??? NET GOING DOWN! END OF WORLD EMINENT! don't worry, the net will be here long after Micro$oft has come and gone...

Net Wars

[renai42]

I don't know about anyone else, but I think it will be very interesting to find out who's behind all the DDoS's.

No-one has come forward to claim the attacks, and seeing as they haven't so far, I don't actually think it at all likely that anyone will until the DoS police actually catch them. When you think about it, what kind of motive is there for this kind of attack? You don't really stand any sort of chance of making any money unless you're in a very specialised situation, like in direct competition with Yahoo, which I doubt many people are, and you're costing yourself a lot of bother with coordinating the distributed attacks.

It might be the situation where a disenchanted group of teens is trying to gain the world's attention, but that begs the question - can any disenchanted group of teens shut down the world's most powerful and stable web portal whenever they feel like?

Normally hacker's codes of ethics, though unwritten, dictate that simply shutting something down is no fun - much more fun to graffiti when you can, deface, grab secure data. However in this case nothing like that has happened.

I know two things - that there has to be some strange motive, and that whoever it is, I have confidence that /. will find out first :-)

And I too, ask the question - is /. next?

UCLA Too

[doranb]

It seems UCLA also suffered a DoS attack and has shut off ICMP responses. I just got this notice:

> Sent: Tuesday, February 08, 2000 10:14 AM
> Subject: Campus Wide ICMP Denial-of-Service Attack
>
> Department NC's and/or Network Contacts,
>
> Currently UCLA is experiencing a campus wide ICMP denial-of-service attack
> which has saturated our DS3 Internet connection. In order to circumvent
> this problem, CTS has disabled ICMP responses on the UCLA Internet router.
>
> --
> UCLA
> Communications Technology Services - Systems Operations
> Network Operations Center

Social Engineering

Maybe it's all a ploy by some agents of the government to get their fascist laws passed so they can use the internet to spy on everyone and everything.

Re:Social Engineering

The intelligence agencies can already use the Internet to spy on everyone and everything. Hackers do not and will not affect this. What hackers will ultimately be responsible for is other government agencies *policing* the Internet. Spray painting a building week after week usually ends up with a security guard being posted there.

Is this a rolling attack?

[Smack]

A very interesting question is whether these attacks were simultaneous or discrete. Is a single malicious cracker moving their single target IP from place to place just for fun? An hour at ebay, an hour at Amazon, 2 hours at buy.com, etc. can cause a lot of havoc that is impossible to miss, but does not actually require any more resources than the initial yahoo attack took.

Re:Is this a rolling attack?

suck my ass you stupid fucking nerds!

The Hunger Site

[CaptainCarrot]

I've been unable to reach The Hunger Site today until just a few minutes ago. Were they among the victims?

Re:The Hunger Site

Yes, I think that dk site is down too

Good example of DOS

here:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

From the horses mouth...

[Hephaestus_Lee]

Check out CNN's report about the second wave of major DoS attacks at >http://cnnfn.com/2000/02/08/technology/ yahoo/</a>

--
Hephaestus_Lee

I find it odd:

That it is annouced on the day of:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

Would be even know?

[Jon_Katz]

Slashdot is down so much and when it is up it is dog slow. It DoSes it's self.

Re:Would be even know?

HAHAHAHAHAHAHAHAHAH!!!!!!!!!!!!!!!!!!! LOL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WOW YOU ARE SO FUCKING FUNNY!!!!!!!!!! HAHAHAHAH LOL!!!!!!!!!!!!!!! WOW I WISH I WAS FUCKING YOU!!!!!!!!! HAHAHAHAH YOURE JOKES ARE HILARIOUS!!! WOW COULD YOU TEACH ME YOUR WAYS!!!!!!! HAHAHAHAHAHAH LOL!!!!!!!! IM GOING TO BE LAUGHING FOR HOURS HAHAHAHAHHA LOL!!!!!!!!!!!!!!!!!!!!!!

psych. shut the fuck up.

Re:Would be even know?

[Jon_Katz]

FAG!@!

Re:Would be even know?

"WOW I WISH I WAS FUCKING YOU!!!!!!!!!"

fag.

oh yeah, dumb turd, too.

Re:Would be even know?

[pSyk]

HEY! FUCK you man. hahah wtf is this fuckin bullshit anyway. just fuckin configure yer god damned routers people it's not that fuckin hard. feh.

Re:Would be even know?

Two Girls Under Covers
By ink

Chloe Gibson yawned and stretched on her warm
bed. It was Sunday, sometime in the afternoon, she
had been lounging under her thick blankets all
morning and now she was getting restless. It was days
like this that she
felt like a cat, laying around purring softly as she
bathed in the sunlight streaming through her window.
Only getting up lazily and getting some milk.
But now she felt the world pulling on her, she felt
another pulling as well, as if the cat she felt like
was going into heat.
Absently, Chloe let her hands move under the
thick comforter on her bed. The sun was shining in
through the window, even though it was nearly 30
degrees outside, and combined with the mass of
pillows and blankets on her she was overheated and
slightly sweaty. The heat hissed through the vents in
her room adding even more heat. She thought about
pushing off the dense coverings and opening a window,
but the feeling of being aroused and so hot was
making her feel dizzy and languid.
Warmth was growing between her legs and she bit
her lower lip. She pulled her sheet hard letting it
slide between here legs and rub against her panty
covered sex. The slight friction made her moan. She
was really starting to get wet.
Shifting under the blankets, her hands went to
her white cotton t-shirt, hunting for her hardening
nipples. Finding them she pulled them roughly and
twisted them. The soft, well worn, cotton felt like
silk against her skin and she rolled her nipples in
slow little circles, groaning as the fabric teased
her awakened flesh.

Downstairs, Chloe's mother moved around the
small house cleaning and dusting, oblivious to the
goings on upstairs. She frowned a bit when she
realized that it was past noon and her nineteen year
old daughter was still sleeping. She shrugged off her
concern with the knowledge that her daughter worked
hard in college and deserved a break during her
vacation. This was, after all, her first day off
after months of tests and studying.

Chloe teased herself, never quite touching her
most sensitive parts, but instead enjoying the slow
building and the waves of erotic pleasure. Her young
taut body was still covered by the blankets and now a
thin sheen of perspiration covered her body.
Under the covers, she slid out of her shirt and
wiggled out of her panties. The feeling of her old
blankets against her naked skin was electric. She had
forgotten what it was like to be alone in a room and
to totally commit yourself to your own pleasure. In
her dorm room she had to lay still and move her hand
quickly and quietly against her sex to masturbate.
She hardly ever did it for fear that her two
roommates would catch her. Now she writhed around
under her cover with abandon and closed her eyes to
imagine playing like this for hours, exploring new
plateaus plateau's of ecstasy.

As Chloe's mother opened a window to shake out
a small rug, she saw Chloe's childhood friend, Darcy,
was out side waving at her. "Come on in honey!" Ms.
Gibson shouted through the open window. The both
smiled at they met at the door.
Ms. Gibson was amazed at how Darcy had grown
into a beautiful young woman. She fondly remembered
the girl as a rather silly tomboy who was constantly
around the Gibson home while Chloe was in grade
school. Chloe and Darcy were almost never apart until
they both went off to different colleges.
"Hi Ms. Gibson, happy holidays!" the two
embraced in a warm hug.
Ms. Gibson practically pulled Darcy into the
house and quickly closed the door. "Come in, come in,
Darcy. It's freezing out there, you will catch your
death."
The young girl came in a and shivered from the
near freezing wind outside. Ms. Gibson took this time
to look over the girl that had come to be a second
daughter over the past few years. She was a year and
a half younger then Chloe and by Ms. Gibson's
calculations that meant she just turned eighteen a
few weeks ago. She smiled to see that the girl seemed
happy and healthy, though she was a little upset that
the girl had cut off her long beautiful black curls
and now wore her hair in a very short, stylish, but
rather masculine hairdo.
The girl had very pale skin and was very
petite, looking almost waifish. Her most
distinguishing feature by far was her pouty bee stung
lips. This made her pretty face look very sensual.
"Take off your jacket and let's get some hot
cocoa in you." Ms. Gibson said fawning over her
daughter's favorite friend.
"Thanks Ms. G. Is sleeping beauty up yet?"
Darcy said jokingly.
Ms. Gibson laughed as she hung up Darcy's coat
and the two walked over to the kitchen.
"No, not yet. I will go wake her up, you stay
down here and get warm."
Darcy quickly stood up from the kitchen table
and moved to the stairs to cut Ms. Gibson off.
"No, wait Ms. G. I haven't seen Chloe in
months, can I surprise her." Darcy said with
excitement in her eyes.
Ms. Gibson smiled and nodded. "Oh you kids, go
up there and tell Chloe that I am going to be busy
down here getting the house ready for the big party
and she should came down in an hour or so to help."
Chloe nodded as she started up the stairs. "Ok,
but I have to warn you, we have four months of gossip
to catch up on. We might be up there for a while."
The two giggled.

Chloe started to pant as she slipped one finger
between the hairless lips of her sex. She was slow
and methodical. She arched her back as that same
finger slipped into the wet tightness.
Quickly she pulled her hand away. She wiggled
and turned under the thick wet covers. She pulled the
covers further over her head and was overcome with
the scent of her own sex. She brought her wet finger
to her mouth and sucked it roughly, then she moved it
back down to her sex and splayed the lips wide. She
moved her other hand down and let a single finger
move across her now exposed clit. Her body rocked and
spasmed.

As she climbed the stairs, Darcy's curious
smile faded and her true emotions came to the
surface.
She was hot. She had been fantasizing about
seeing her childhood lover for weeks now. Her body
was alive and her stomach trembled. She bit her
already reddened lower lip in frustration.
The stairs seemed to go on forever, but soon
she was at the door. The white wood seemed so
familiar, yet the whole place seemed smaller now that
she had been out in the world.
Darcy had seen many things in the last few
months, been both with women and with men. She had
been to Europe and Australia and of all the amazing
sights she had witnessed, none were equal to the
erotic vision of Chloe, nude, back arched, legs
spread, wet and moaning. It was that vision that made
her awaken at night. It was the same vision that
Darcy hoped she would soon see again.
Darcy placed her shaking hand on the doorknob
and turned it slowly, she wanted to surprise her old
friend.

Chloe arched her back and rode her wet fingers
under her blanket. She let out soft little moans each
time her fingertips touched her hard little clit. Her
sex was soaked now and burning hot. The lips were
aroused and swollen, she felt like her whole body was
on fire.

Darcy opened the door silently and slipped into
the room with stealth. She closed the door and turned
quickly putting her back to it.
The first thing that overcame Darcy was the
rich heavy scent of sex and the sticky smell of
bubblegum.
Looking to her right, she saw the large gumball
machine that Chloe got for her twelfth birthday.
Looking to her left she saw a writhing shifting form
under purple and blue blankets.
Darcy held her breath as the small cooing and
moaning brought her back to all the nights these two
girls kissed and fucked until dawn. Darcy bit her lip
to stop from sighing as she looked at the erotic show
in front of her.

Chloe bucked and shifted trying to achieve a
climax to this wonderfully torturous building, but to
no avail. Where her fingers were once tender on her
young skin, now she was rough with herself.
She pulled at her nipples and forced two
fingers deep inside of herself. She finger fucked
herself, letting her palm rub against her clit
violently.
The heat and the power of her excitement were
making her faint, plus there wasn't much air under
her thick wet sheets. She gasped for breath and
growled with need, then abruptly threw her blankets
off of her and half way across the room.
Her eyes were closed tightly and her mouth was
open wide. Her back and shoulders were pressed hard
against the bed and her hips were thrust up in the
air.

Darcy looked at the wild act taking place
before her eyes and clenched her fists tightly.
Chloe's skin looked raw and she could see the
white trails of clawing fingers along her thighs and
stomach. She was covered in sweat, her chocolate
brown hair matted to her pretty face. Her nipples
were bright red and swollen. Her sex was glistening
obscenely and she was working three fingers in and
out of herself.
Darcy's hands quickly moved to the buttons of
her shirt.
She nearly ripped off her shirt, then her bra,
then the rest of her clothes.
Standing there nude in front of her naked
lover, she felt her heart pound in her chest and her
sex dampen.

Chloe climbed and climbed. The world around her
was distant and dark. All that she knew was her
heartbeat in her ears, the powerful throbbing in
between her legs, and the tingling that signalled the
start of her orgasm.
The cool air on her body made her wet skin even
more alive. She started a fast rhythm with her hands
and hips that she knew would bring her to heaven.
Then, suddenly, her world came to a stop.

Darcy's face shone with a wicked smile as she
jumped onto Chloe's bed and pinned her arms to her
sides.
Chloe screamed at the top of her lungs as her
mind reeled in chaos. Her eyes flashed open and she
was about to attack who ever grabbed her when her
brilliant green eyes locked with Darcy's.

Down the stairs, Ms. Gibson heard a yell. She
smiled and nodded to her self thinking; "Those silly
kids, always trying to surprise each other."

Darcy moved hastily to Chloe's side and placed
her hand over Chloe's mouth. She moved over the
girl's body and moved her face to the smoothly shaved
mound above her sex.
Chloe didn't have time to comprehend what was
happening or where her old lover came from, because
in seconds Darcy's hot tongue snaked between the lips
of her enflamed sex.
Darcy had never tasted such a sweet and
powerful flavor. It was thick like syrup and coated
her tongue and lips, making them warm and slick.
Chloe's body went berserk. She bucked violently
against Darcy's mouth and cried into her hand. All
reason left her mind and Darcy's thick, unbelievably
soft lips moved across her sex. Her tongue darted
across her rock hard clit making her whole body
convulse.
Finally those perfect pouting lips surrounded Chloe's
clit and Darcy sucked the tiny pink nerve into her
mouth. While sucking, Darcy whipped it with her
tongue. This was more then Chloe could stand. An
orgasm unlike any other hit her body like a physical
blow.

Chloe's mind went numb for a moment, then was
filled with electricity. Every inch of her body felt
like it was filling up with lava. Her muscles
tightened and released over and over again. She was
shaking and contorting violently, thrashing about the
bed.

Somewhere under the immense pleasure came an
acute fear. Chloe didn't know if her body could take
this kind of pleasure. It seemed like too much.
Reaching down with such force it frightened her,
Chloe tried to push Darcy away. Darcy kept her lips
locked on her lover's sex, riding the waves of
pleasure.
Orgasm after orgasm rocked Chloe's body. She couldn't
keep count. It was like a mad agony of pleasure. For
a few seconds she couldn't breath.
Finally, Darcy moved up and caught Chloe in the
throes of an orgasm. She slipped her arms around her
and held her tight. Moving her hand down, she cupped
Chloe's sex firmly and felt the girl's legs press
together tensely.
Darcy knew Chloe's sex would be spasming and
contracting and that holding her hand over it would
be a start to her calming down.

After passing out for a few moments, Chloe
lazily opened her eyes and looked into the face of
the woman she had longed for since last summer. She
took a deep breath and smiled weakly.

Darcy gazed into Chloe's eyes with love and
lust. The two kissed gently and drifted into a midday
nap.

Down the stairs, Ms. Gibson opened up the large
picture window in her spotless livingroom. Outside
she saw a car pull up and two more friends of Chloe's
step out. It was Michelle, a girl who went to dance
class with Chloe and Aaron, an old boyfriend.
Smiling and waving them to hurry in out of the
cold, Ms. Gibson laughed to herself thinking about
the two going up to surprise the girls.

end

Re:Would be even know?

[DavidTC]

Did you steal this? If not, it's pretty good writing.

-David T. C.

Nothing compairs to

the power of:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

If they were running Linux

they would be okay, because we have:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

even worse- adforce

[jCaT]

adforce seems to have been taken out all day.... and since a bunch of sites reference adforce or doubleclick in their banners, they are effectively dead. banners usually appear at the top of the page, they fail to load and people don't bother to wait for the rest of the page.

Re:even worse- adforce

[JamesKPolk]

yeah, all the banner ad people have been hit... and their pages defaced too.

They all say "JunkBUSTERS" :-)

excite, lycos, infoseek are down

this must be a backbone breakdown or a very
well concerted attack at the most popular
web sites on the internet

Re:excite, lycos, infoseek are down

Also, Yahoo is down again!

please hang up, and try your call again.

yeah... i actually experienced the outage..

cnn is my default page and it was so you say 'out of order'

flame once again, FINALLY, do corporate fuckhedz realize that its time to wake up and smell the beans!!!

of course, you never know, maybe a certain security company is doing this, maybe outsource the DoS to a group of hackers, and this will definately drum up some serious cash to buy firewalls like the LMF [Lucent Managed Firewall] or use RealSecure by ISS or even get CheckPoint. I just hope no one dare go and get the new Proxy Server by M$ where they 'try' to implement NAT.. Wake the FUCK UP Corporate Loserz

d00dz, 3y3 ju57 h4x0red

YOUR ASSHOLE. It was nice and warm. I used:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

Just a bunch of packet monkeys

in the:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

Bets anyone, on the next target?

Ok it's a little insensitive, but then again our site was in the Exodus Irvine IDC and was affected by the buy.com attack, so I feel compelled to ask. I'm putting my money on E*Trade and DoubleClick.

Bets anyone, on the next target?

Ok it's a little insensitive, but then again our site was in the Exodus Irvine IDC and was affected by the buy.com attack, so I feel compelled to ask.

I'm putting my money on E*Trade and DoubleClick.

Microsoft.com Now hit

[K0LIN]

Whether or not this outage is caused by script kiddies or government conspiracies we may never know, but whatever the case it seems that some good may come out of it. As of 11:50 EST Microsoft's entire webserver appears severly handicapped. While still "online" the vast majority of http requests appear to be rejected while those that do get through return very limmited content.

Let me show you

exactly how it's properly done:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

Next they will hit

Anyone who doesn't use:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

Re:FBI on the case - SUSPICIOUS?

[burris]

As an anonymous coward indicated, perhaps the FBI is doing this intentionally precisely so they can come in and "save the day." That sure would make them look good just as Congress is going to start mulling over the hundreds of millions of dollars in the proposed budget earmarked for CALEA implementation. The FBI has been trying for years to get CALEA funded. This conspiracy is a little too good to pass up.

In case you don't know, CALEA is the "Communications Access to Law Enforcement Act" they got passed in '94. It requires that all manufacturers of telecommunications equipment (does that include Cisco?) make their products "Wiretap Ready." Wiretap Ready means the equipment must be able to provide plaintext for 1% of the maximum call/connection capacity at the whim of the FBI (subject to "Lawful Authorization" of course). Despite the act being passed, it was never funded (the Gov't is supposed to foot the bill for all the wiretaps). The newly proposed budget is going to fund this act.

Be afraid, be very afraid.

Dr. Burris T. Ewell

InternetTrafficReport

[LogicX]

Anyone realize all this traffic doesn't affect just those sites... but routers that legit traffic is flowing through? Has anyone seen the InternetTrafficReport so bad?
http://www.internettrafficreport.com/cgi-bin/tr_ chartpage.pl?NorthAmerica
As of now (11:53PM EST) Fddi0.AR1.CHI1.Alter.Net has a rating of 11 (!?!?!) and numerous routers have packet loss of up to 40%! That's insane!

The Internet may be able to survive a nuclear attack.. but if things keep like they're going we won't be able to survive the DoS kiddie wars of 2000.

Also, incase anyone missed it.. CERT announced the distributed DoS attack TWO MONTHS ago!

If you're unfamiliar with what the DoS is, want more info, and also they're updating it as these attacks are happening, visit: http://www.cert.org/current/current_activity.html# distributed

Re:InternetTrafficReport

[basscomm]

I guess I'll have to take your word for it... The traffic is so thick, I'm lucky that I can even read Slashdot.

Too many folks clogging the pipe

for the:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

UUnet

[jesser]

On DALnet wallops about an hour ago:

[20:10 US Pacific] !Epiphani! Greetings DALnet users, we apoligize for the present network instability. Across the USA this evening, UUnet is experiencing some nation wide problems, and we are incapable of dealing with the situation until they resolve theirs.

I wonder if this is the same attacker. If so, are they targetting the UUnet backbone or is UUnet just getting bogged down by the attacks themselves and people hitting reload on their favorite sites until they come up?

--

I can just hear it now

[criticalrealist]

I can just hear whoever it is laughing like Dr. Evil:

"Moo hoo ha ha ha ha!!!"

More and more web sites are getting hit. Even Microsoft.com is getting nailed. (oh no!)

How about the following scenario? The attacker is utilizing a wider and wider base of computers from which to launch his distributed DoS attack? Are there any ways to get root on a system after launching a DoS attack? A buffer overflow or something?

If there were, the attacker could be using an ever-widening group of computers from which to launch the attacks.

Actually this seems unlikely. Considering the wide number of problems on the net right now (can't get to anything reliably on the west coast from the east coast), maybe it's more of a router problem.

In any case, if they start hitting your site, good luck.

Long Term Effects?

[spyderbyte23]

If I had to guess, I'll bet one thing that'll happen here is that ping is going to become as rare as finger as a diagnostic tool. Everyone will simply block ping like microsoft.com does.

More sophisticated DoS attacks are going to be harder to stop...

The core technologies of the Net were never designed with security in mind. Will we see very different core technologies in five years?

Tort legislation, not criminal legislation

[/]

We don't need criminal laws saying ISPs must do the appropriate filtering. What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked. If I were to have a cache of weapons left lying around my backyard and someone were to hop my low fence, steal one, and kill someone with it, you can be sure that there'd be a civil action (properly) initiated against me. Leaving your network available to others to exploit and cause mayhem isn't readily distinguished.

Either get a legislature to enact new tort legislation or get some enterprising judges to extend the common law. Either way, you won't need an overseeing regulatory agency. Ronald Dworkin would approve, I suspect.

Re:Tort legislation, not criminal legislation

[scaryjohn]

most tort law is common law (i.e. there needs to be no legislative action). there just needs to be a case filed, and after there will be a precedent that network administrators must take resonable security precautions, or they will be held liable for the results. that's what neglegence is all about.
__

alt.geek

Re:Tort legislation, not criminal legislation

[MindStalker]

Good idea, but lets say, I'm just some guy who has a cable modem, who runs linux, but not well enough to know how to impliment complete security. Some hacker breaks into my computer, and uses it to spoof out and start of DoS attacks. While a cable modem might not be the best tool, I'm sure there are examples of high speed bandwidth where there person isn't running an ISP and such, and really shouldn't be held liable. Atleast not to the extend that tort law would create. Personally I see this as a nightmare for small private networks, and schools who really can't afford to hire network experts. (Though maby it would increase some jobs, but then again, I don't like the idea of creating a law just to try and help out one or two industry sectors)

Re:Tort legislation, not criminal legislation

[alexhmit01]

Well, all home users AND small networks use a provider to get their access. Their upstream provider should be filtering their connections.

Re:Tort legislation, not criminal legislation

[MadAhab]

Ya know, if I never hear anyone say "there oughta be a law against that" again, it would be fine with me... An extension of tort law through common sense and precedent is far preferable to having gov't agencies going around inspecting routers, which you can bet your sweet ass will cause more problems than it will ever solve.

But the interesting possibility is not if Joe Linux Luser is held liable by his ISP, but if a class action suit is brought against the software companies (pick your favorite target ;-) who knowingly ship and do not fix security problems that provide the basis for these kind of attacks...

Re:Tort legislation, not criminal legislation

[Punto]

What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked.

Most of the people don't know anything about "spoofing". And everybody is talking about "linux".. What about "closed source" OSs? What if some propietary OS had a hole on it, that nobody knows about, and nobody fixes? (exept for some "cyberterrorist".. :)

(ok.. so the link is not very good..)

--

Re:Tort legislation, not criminal legislation

[swb]

So what you're really saying is that if I steal your locked car and then crash it into a building, the building owner can then sue you for being negligent?

You're assuming that the built-in security of an automobile (locks, ignition switch) will protect you, just as many people who install an operating system assume that the OS's built-in security (passwords, etc) will protect them.

If there's liability to be passed around (we seem to have stopped holding the perps responsible in this country), it should be on the manufacturers who ship insecure products. Car manufacturers have started to wise up -- my Honda has a chip embedded in the key, and the on-board computer won't operate the engine unless it sees my key's digital signature, and it came with an alarm system to boot. OS vendors (ESPECIALLY the Unix vendors) should ship their products with only the barest of services running by default, and those should be firewalled/tcpwrapped to only allow connections from the local net. MS should NEVER be allowed to attach any .DLLs to IIS without the explicit permission of the installer.

Re:Tort legislation, not criminal legislation

[imataion]

The distinction between you example and what is happening here is great. Everyone knows not to leave a pile of firearms in ones backyard but not everyone knows how (or has the resources) to protect thier computer from attack. A better example would be someone who's car is broken into and used for a crime. They reasonably thought thier car was reasonably secure. They could have installed one of those tire locks on it but that is an unreasonablly high expectaion. Don't blame the victim because they aren't as technologically savy as you.


"Of necessity, one must endeavor to think of pleasant things, but I know nothing that gives more delight to think about and to do than fücking. Every man may philosophize all he wants, but this is the utter truth, which many people understand this way but few will say." -- Niccolo Machiavelli

Re:Tort legislation, not criminal legislation

[jaypifer]

I love your idea. Unfortunately, the analogy is a bit off base. To make it more real, you should say that someone jumped over your low fence (which is kept low, because you have customers who need to see your store advertisements) and then the perp broke a branch off a tree on your property and clobbered someone. I use the modified analogy because it is unclear what is a blatant weapon or not on a web server. DoS being an excellent example of a web server doing what it was intended to do -- communicate and make requests for web pages from another machine. The faster it can do it, the better. Jayson

Re:Tort legislation, not criminal legislation

[spiritSHROOM]

If you steal my car, then in all likelyhood you'll drive it, sell it, do something useful with it, cars aren't designed to kill people (except late 70's american cars) guns are. metaphors are for people who can recognise the difference between death and driving about. love, thhe shroom

Just a few more

of the:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

DOS Prevention

[dmfallis]

As distributed IDS detection software matures, I think most sites and perhaps their hosting ISPs will work together to implement such systems, thus rendering most script-kiddie DOS attacks powerless or at least short-lived. Comments?

Last call

for any:

........................................XXXXXX.
........................................XXXXXX.
...........................................XXX.
............................................XX.
.............................................X.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
.............................................X.
............................................XX.
............................................XX.
........................................XXXXXX.
........................................XXXXXX.
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX........XXXXX.
............XXX...............XX
............X..................X.
............X..................X.
............XX................XX.
.............XX..............XXX
.............XXXXX........XXXXX.
...............XXXXXXXXXXXXXXX
.................XXXXXXXXXX.
..........................
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X................................X.
............X................................X.
............X................................X.
............XX..............................XX.
............XX..............................XX.
.............XX............................XXX
.............XXXXX.......................XXXX.
..............XXXXX....................XXXXX.
...............XXXXXXXXXXXXXXXXXXXXXXXXXXXX
................XXXXXXXXXXXXXXXXXXXXXXXXXX
...................XXXXXXXXXXXXXXXXXXXX.
........................XXXXXXXXXXX
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..XX...........................X.
.XXXX.........................XX.
.XXXX....................XXXXXXX.
.XXXX..................XXXXXXXXX.
....XXXXX.........XXXXXXXXXXXXXX.
........XXXXX.XXXXXXXXXXXX.
...........XXXXXXXXXXXXX
................XXXX.
....................XXXXX
.......................XXXXX...X.
...........................XXXXX.
...............................X.
...............................X.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
............X................................X.
............X................................X.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X..................X.............X.
............X..................X.............X.
...............................X.............X.
...............................X.............X.
...............................XX...........XX.
...............................XX...........XX.
...............................XXX.........XXX
................................XXX.......XXXX
................................XXXXXXXXXXXXX
.................................XXXXXXXXXXX
....................................XXXXX.
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
............X..................X.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXX.
............X.............XXX
............................XX.
.............................XX.
.............................XXX
.........................XXXXXXX.
.........................XXXXXXX.
.........................XXXXXXX
..............................
................XXX.
..............XXXXXXXX
.............XXXXXXXXXX...XXXXX.
............XXXX....XXXX..XXXXXX
............XX........XX......XX.
............XX........XX.......X.
.............XX......XX.......XX.
..............XXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXXX
............XXXXXXXXXXXXXXXXXX
............XX.
............X
..................XXXXXXXX.
...............XXXXXXXXXXXXXX
.............XXXXXXXXXXXXXXXXXX
.............XXXXX........XXXXXX
............XXX...............XX.
............XX................XX.
............XX................XX
.............XX..............XX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
............X.
..............
...................XXXXXX.
................XXXXXXXXXXXX.
..............XXXXXXXXXXXXXXXX.
.............XXXXX...XX...XXXXX.
............XXX......XX.......XX
............X........XX........X.
............X........XX........X.
............X........XX.......XX
.............X.......XX.....XXXX
.............XX......XXXXXXXXXX
...............XX....XXXXXXXX
.....................XXXX.

I just wanna

have:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

PENGUINS UNITE

together:

..................................+R@@@@@@@MR..... ..............................
................................IM@@@@@@@@@@@MV... ..............................
................................@@@@@@@@@@@@@@@RI. ..............................
..............................M@@@@@@@@@@@@@@WM@@W V.............................
.............................%@@@@@@@@@@@@@@M%%W@@ M;............................
............................W@@@@@@@@@@@@@@@M%%%R@ @@%+..........................
...........................;@@@@@@@@@@@@@@@@MT%RW@ @@@o..........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@+.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@;.........................
...........................@@@@@@@@@@@@@@@@@@@@@@@ @@@@V+........................
...........................@@@@@M@@@@@@@@@@@@MM@@@ @@@@T;........................
...........................@@@@WM@WM@@@@@RTVIR@WM@ @@@@Wi+.......................
...........................@@@%ooR@M@@@@%Voii;R@M@ @@@@Wi+.......................
...........................@@T;,..;@@@@M,.....;T@@ @@@@@o+.......................
...........................@@o.;+..R@@@W..iWM..iM@ @@@@@o;.......................
...........................@W+V@%%.iMRMR.%@@M%..V@ @@@@@o;.......................
...........................@W+R@%R,o@@MW.M@@@W,.I@ @@@@@o;.......................
...........................@@;;@@WIIioot+T@@@W..V@ @@@@@o;.......................
...........................@@I.%BVIi;;t%;oB@@i.,R@ @@@@@I;.......................
...........................@@Mioti;;;:::::::;ooR@@ @@@@@%;.......................
...........................@@@YIoi;;:::::::::::oR@ @@@@@%i+......................
...........................@M%Iti;;;:::::::::ItiY@ @@@@@@i+......................
...........................@BVIoi;;;::::::::Iooo%@ @@@@@@V;......................
...........................@@M%I;;::::::oVIoootYM@ @%%M@@Mi......................
...........................@@@%Yo;::::oVVttootooR@ @%VV@@@T......................
...........................@@Mi;%%tioootttIt;++;o@ @@RVT@@@+.....................
...........................@@Mi;o%%ttttIIIi;;+,,+@ @@M%M@@@I+....................
...........................@@M;+;;;t%%Vt;;;+,....% @@@@@@@@@i+...................
..........................T@@V..;;;;;;;;;++,.....i @@@@@@@@@W;...................
........................iMM@i...+;;;;;;;.......... +M@@@@@@@@@o..................
........................M@@%.....+;;;;+,.......... .%@@@@@@@@@%+.................
.......................@@@@....................... ..W@@@@@@@@@@.................
......................I@@@M....................... ..T@@@@@@@@@@i................
....................+M@@@Mi....................... ..;@@@@@@@@@@@R+..............
...................+W@@@@W;....................... ..+M@@@@@@@@@@@%;.............
..................i@@@@@@To+.......,........,+++++ ;+,;@@@@@@@@@@@@@.............
..................R@@@@@M%i+.................,+++; ;;+,@@@W@@@@@@@@@;............
..................@@@@@@T;........................ ,++:.M@@MRM@@@@@@%;...........
..................@@MW@Mi......................... ..,+.o@@@@RM@@@@@MI+..........
.................%@MW@@+.......................... ....+,o@@MMMW@@@@@Mi+.+.......
.................W@R@@@........................... .....,,MMWWMR@@@@@@I+.........
................+@MR@@M........................... .......VMRRW@@@@@@@R;.........
................R@R@@M,........................... .......,MM@@@R@@@@@@%;........
...............o@@M@@%............................ ........@@@@@W@@@@@@R;........
...............M@M@@%............................. ........@@@@@WW@@@@@@V........
..............%@@R@@I............................. ........@@@@@WM@@@@@@%........
..............@@MW@W.............................. ........@@@@@W@@@@@@@M+.......
.............i@@MM@%.............................. ........M@@@@W@@@@@@@M+.......
............o@@@MW@;.............................. ........M@@@@W@@@@@@@@;.......
............@@@@WR@+.............................. ........W@@@@W@@@@@@@@;.......
...........;@@@MRVM,............,................. ........W@@@@@@@@@@@@@;.......
...........o@@@@MTW.............,................. ........M@@@M@@@@@@@@@;.......
...........i@@MM@@R,............,................. ........@@WWM@MWWM@@@M;.......
............MYiiV@W+.............................. ........@M@@@@@@@%TM@R;.......
...........+oi;;;;M@R+............................ ....i;;;R@@@@@@@@WRMM%+.......
..........,toi;;;;I@@W;........................... ....;:::R@@@@@@@@WMMtt+.......
.........;toi;;;;;;i%@@%.......................... ....i;;;W@@@@@@@@@Mi::o+......
...:otttItoi;;;;;;;;oB@@%+........................ ....i;;iR@@@@@@@@MV;;;V;......
..Iooiiii;;;;;;;;;;;:;R@@@M....................... .,++i;iiI%@@@@@@Boii;;Vi+.....
..Ioi;;;;;;;;;;;;;;;;:o@@@@T...................... .+++oiiiII%%%%Y%Ioi;;;Vi+.....
.;Ioi;;;;;;;;;;;;;;;;;:W@@@@@R.................... .+++oiiiottttttoo;;;;;;t;.....
..Ioi;;;;;;;;;;;;;;;;;:I@@@@@@T................... .,++tiiioooooooii;;;;;;iI;....
..toi;;;;;;;;;;;;;;;;;;:tB@@@@@+.................. ..+;toi;;iiiiii;;;;;;;;;;i+...
..ito;;;;;;;;;;;;;;;;;;:;V@@@@@,.................. ..;Ttoi;;;;ii;;;;;;;;;;;;;to..
..ito;;;;;;;;;;;;;;;;;;;::tMT;.................... .R@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..ito;;;;;;;;;;;;;;;;;;;;:;;.....................; %@@Mtoi;;;;;;;;;;;;;;;;;;;;;;I
..Ito;;;;;;;;;;;;;;;;;;;;;;t;...................V@ @@@Btii;;;;;;;;;;;;;;;;;;;iioV
.iIti;;;;;;;;;;;;;;;;;;;;;;oY:................IW@@ @@@Btii;;;;;;;;;;;;;;;;;;;ot%o
.Iti;;;;;;;;;;;;;;;;;;;;;;;oI%MT..........;%W@@@@@ @@@Rtii;;;;;;;;;;;;;;;iiotIoi;
;Itoi;;;;;;;;;;;;;;;;;;;;;;oIYB@R%VooIIV%W@@@@@@@@ @@MRtoi;;;;;;;;;;;;;;ioI%Vi;+.
;IIttoiiiii;;;;;;;;;;;;;;;;oIY%M@@@@@@@@@@@@@@@@@@ @@M%Ioi;;;;;;;;;iiooIYoi;;....
.IIIItttooooiii;;;;;;;;;;;itVY%M@@@@@@@@@@@@@@@@@@ @@M%Itoi;;;;;;iiiot%%Ii;+.....
...+;V%Y%%VVVIIItooii;;iiot%Y%RM@@@@@@@@@@@@@@@@@@ @@MR%ItoiiiiiootI%ooi+........
....+;;iI%YYYY%VVIttooiootIY%%R@%%%TVVVVVVVVVVVV%% %WWR%VItoooootIVYoi;+.........
..........++;;oVT%YYY%%%YYY%RRVoi;+++............+ ++;%%Y%VVVVVVY%Vo;............
..............+;;I%%%%YY%%%RRVoi+................. ...;R%YY%%%%Y%Voi.............
...................+;iV%%%Toi;+................... ....+i%%%%T%Ii;+..............
.....................++iiii;;+.................... .....+;;iiiii;+...............
.................................................. ..............................

L 1 N U X 4 3 V 3 R -- H 4 X 0 R 5 U N 1 7 3

Re:PENGUINS UNITE

[gabrielm]

oh shit these troll's are making me
laugh out loud ahahaha!

Background Information

[inquis]

I had something to add about how this attack may have been done during the Yahoo! discussion, but it came too late to be read by many people.

http://slashdot.org/co mments.pl?sid=00/02/08/1338245&cid=484

If it is someone making a statement...

Who the fuck cares, really? If you hate Yahoo because it sold out and is completely commercialized, or that eBay is evil, or that Buy.com doesn't sell what you like, or UUnet just pisses you off, who gives a fuck?

It's your opinion, go jump off a bridge with it, instead of wasting our bandwidth and taking down sites others like and enjoy. It's not *YOUR* internet, it's everyone's.

Go away, scriptkiddies, you're not impressing anyone. If you don't like these sites, stop going there. If you don't like an ISP or IAP somewhere, so what?

"One man's garbage is another man's treasure." Because you don't like it, doesn't mean others will like it.

AMD as well?

[Cheerio+Boy]

I can't seem to get to AMD as well.
I think they're getting hit also.


The Tick - "Spoon!"

Re:AMD as well?

[holloway]

AMD is peachy keen for me.

Re:AMD as well?

[Cheerio+Boy]

Yeah, it became available again about midnight.

The Tick - "Spoon!"

Re:AMD as well?

[GossG]

I can't seem to get to AMD as well. (and) it became available again about midnight.

Perhaps AMD just got hammered by curiosity seekers looking for info on their 1.1 GHz chip announcement? Company makes major PR announcement. Their site falls on its face. This is cliche enough that IBM has a cute TV ad on it ("There are no stupid mistakes, Bob"). It is probably pure coincidence.

AMD as well?

[Cheerio+Boy]

I can't seem to get to AMD as well.
I think they're getting hit also.


The Tick - "Spoon!"

I do not

[Jon_Katz]

I do not like cheese

It is bad for the Geek community

FBI warned about "DoS preparation".

[ben+h]

Here what they say:

"During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems....

Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks."

Here is the site:
http://www.fbi.gov/nipc/trinoo.htm

Enjoy,
-ben
www.exocortex.org

Re:FBI warned about "DoS preparation".

[cfish]

geez. i'm sure admins will be much better informed if they read CERT rather than FBI

smt old, smt new, smt borrowed, smt tangerine

[Nastard]

i remember a story a while back about using macOS 9 as a kind of a smurf-style bcast (or something). is it possible that someone actully found a way to effectively use the nets collection of flovornamed computers as a *real* DoS tool ?

or if not, maybe there is some new ultra-ewreet DoS thats someone found and is now exploiting. its been a while since a new type of DoS has been implemented. smurf was the last breakthrough afaik.

or maybe bill gates finally went insane and got packet-happy

Re:smt old, smt new, smt borrowed, smt tangerine

[HerrNewton]

Apple was really petty decent about getting the patch out. I presume that most of the users that have MacOS 9.0 have had their Macs for awhile or were upgraders: the iMacs and iBooks didn't start shipping with MacOS 9.0 for about 2-3 weeks after its initial release. (Apple included a coupon in the box for a free copy of OS9). And I'm guessing that most people who jumped to a G4 desktop were upgrading or supplanting an existing Mac.

Anyway, just a random bit of nonsense on my behalf. (Oh, my Mac isn't fruit-flavored. It's beige. An old beige clone.)

----

stupid linux script kiddies

always copying from the true innovators!

.................................................. .................... ..YBBBV,.iBBBWtVWV................................ .........tWRY;tt,...
.:RMMMX,+MMMMX+II;.:iIIt:.,it;++,iIYYi,..;tYYYi,.. :tIYI;.iYBMRIXMMI:,.
.tMMMMRtBMMMMIXMM+XMBYXMMIIMMMMBBMWIWMR+VMBIiRBY;X MBYIMMXVBMMXXMMRY::.
.WMMWMMMMXMMBiMMXRMB:..;+iWMB+tMMV..iMMIYBMMRXt:WM B+..WMM:BMR.iMM;....
;MMB;MMMYYMMYYMMiMMW,,tIItMMi.IMMt.:WWVtit++WMMWBM W:.tMMYtMMt.WMR,....
VMMI,MMY,BMM+BMR.IBMRBMW+XMB,.:XMBRBBV+VMMRWBBV:tR MBRMWt.WMB:.RMMX....
.,,..,,..,,,.,,....:;:,..,,.....,;;:....,:;;:..... :;;,...,,....,,.....

I want cheese

[Mr._Anderson]

Cheese, damnit!

Paranoia destroying a good theory.

[crush]

The "update" posted by michael is sorta weird. It posits an unnecessary complicity between the NSA and anonymous hackers just because there is "no known motive". What about this just being a few people having kicks and not thinking about the consequences? Are all the unsolved murders that happen every year part of a plot by law-enforcement agencies to get greater powers?

This attack is not totally surprising (yeah I'm great at hindsight) and as is pointed out in many of the articles about it there have been many smaller scale attacks recently, the only reason this one is making the news is because it's ramped up to inconvenience lots of people at the same time - so, the powers that be were probably dissatisfied with the small attacks already and thus were looking for more control over our distributed, liberatory, co-operative etc. network.

If anything this shoes the incompatibility between a shared resource that relies on co-operative behaviour from its participants and the need for control and security that business has.

This is just the final stage of the net being fucked by commercialism - they need control and oversight. The net is turning into something new, something controlled by people with very different aspirations, people who only want to make money, people who can't afford this sort of thing.

Other big-name sites

[Raetsel]

You know, perhaps this explains why I couldn't get to Slashdot the other night...

Now, I realize that this was a distributed attack here. But I have to wonder if it's possible to track the source of something like this by watching where the first shots are fired from, and which Tier I ISPs and MegaPOPs (as an example) experience "odd" traffic patterns. Is it a distributed attack from Europe? Russia? Millions of compromised/trojaned and unsuspecting Windows users? What about spoofed IPs?

Okay, enough speculation. I don't even know exactly what kind of attack this was. Perhaps spoofing wouldn't work -- or perhaps it worked because of spoofing...

Ah, the joys of lax security and a cable modem (or xDSL!)


Ever notice that MCSEs advertise the fact, but Sun & Novell certified people don't?

Re:Other big-name sites

[zeugma-amp]

Perhaps it might be a good thing to have the different sites that believed they were targeted to post the IPs they were attacked from. Run some comparisons against each other and see how well they match up. If it is a trinoo or tfn type attack, it would be beneficial to be able to find out if one's system was part of the hack so steps could be taken to remedy the situation.

It's been a while since I looked at the CERT notes about the trinoo trojans, so I'm not sure if they have been updated, but I don't recall any sure-fire way to tell if you've been hacked in the alerts. The actions to take they gave was to run 'strings' against various binaries to see if vertain text appeared in them. They weren't even sure if they knew all the places to look. I did this as a precautionary measure, just to be sure, but never got warm fuzzies from it.

Bottom line is that there was a tremendous amount of data created by the attacks and it should probably be put to good use.

Z

The NSA and DoS (must we counter FUD?)

[Weezul]

"To counter FUD or not to counter FUD, that is the question. Wether it is nobeler in the mind to suvver the slings and arrows of increased NSA funding and wiretapping, or to take arms against a see of NSA anti-hacker FUD and by opposing end them."

Seriously, why is no one talking about the update which proposes that this is an NSA stunt to increase their power and funding. I know people don't want to talk about conspiracy theories, but there is a really good reason to take action: The NSA will use this to their advantage even if it were to turn out to be just a network hickup, so we should lauch a premptive strike and tell all the news people that there is a good chance the NSA is behind this. It would mean a FUD attack against the NSA, but it may be warented since they are about to do it to us. I would like to hear some other people's views before Istart calling the more fringe libratarian talk show hosts in my area.

Jeff

BTW> it is possible that this is MS's fault, i.e. remember the WebTV thing?

Re:The NSA and DoS (must we counter FUD?)

[VirtualAdept]

Actually, I found the update to be nothing more than conspiracy nonsense that was somehow described as a theory. The author of the email takes several events and tries to draw a correlation between them. What he fails to do is provide *any* factual evidence at all that links the NSA or any government agency to this.

As for a FUD attack against the NSA. Maybe they are going to do the same to us. Maybe they aren't. I don't think that matters. I, personally, won't be part of spreading lies and unfounded accusations against people.

I swear, the ammount of paranoia on this site gets worse every day.

Re:The NSA and DoS (must we counter FUD?)

[kingsquab]

What he fails to do is provide *any* factual evidence at all that links the NSA or any government agency to this.

If one is advancing a conspiracy theory, lack of evidence is a Good Thing. It only proves how well the conspiracy has been designed and executed!

Re:The NSA and DoS (must we counter FUD?)

[VirtualAdept]

By this logic, however, one could make any accusations one wanted and there would be absolutely no way to prove them. *Surely* there has to be a better way to approach truth than this.

Re:The NSA and DoS (must we counter FUD?)

[kingsquab]

You're absolutely correct. This is not a good way to approach truth.

My point is that lack of evidence is not necessarily that damaging to a paranoid argument. Look at the accusations that were made by both sides during the recent impeachment attempt. Many had no evidence to back them up, but people who were already inclined to believe them took lack of evidence as proof of how dirty the other side was really playing. "They must have covered their tracks."

Microsoft blocks ICMP traffic!

[Dan+Guisinger]

I found out that MS blocked all this while I was on the Win2k beta program......its all been implimented already for the protection of their network. (Yes, I occassionally did bother to read their newsgroups....amazing huh?)

J33Z0R

TH#TZ 10 FUXKCING HIPPI L1N3Z MAN!!!!@#!#)#@)

TROLLS ON PARADE (HAPPY TROLL DAY!)

I HOPE YOU ALL HAD A HAPPY FIRST WEEKLY TROLL DAY PARADE. DON'T FORGET THAT EVERY TUESDAY IS TROLLSDAY. THANKS TO ALL THE HELP FROM MY GOOD BUDDY A.C. FOR THE GREAT BANNERS, NATALIE PORTMAN FOR POURING HOT GRITS DOWN MY BACK WHILE SHE IS NAKED AND PETRIFIED, AND ALL THE SLASHDOT CREW. YOU MADE THIS DAY HAPPEN FOR ALL OF US.

TollTroll

TROLLS ON PARADE (THANKS FOR ALL THE SUPPORT)

I HOPE YOU ALL HAD A HAPPY FIRST WEEKLY TROLL DAY PARADE. DON'T FORGET THAT EVERY TUESDAY IS TROLLSDAY. THANKS TO ALL THE HELP FROM MY GOOD BUDDY A.C. FOR THE GREAT BANNERS, NATALIE PORTMAN FOR POURING HOT GRITS DOWN MY BACK WHILE SHE IS NAKED AND PETRIFIED, AND ALL THE SLASHDOT CREW. YOU MADE THIS DAY HAPPEN FOR ALL OF US.

TollTroll

PS. DON'T FORGET TO TROLL YOUR BEST ON TUESDAYS.

Where is Kevin Mitnick?

[Caball]

Kev gets free from jail and all hell breaks loose... Think the Feds are checking into his whereabouts?

Kidding of course. We all know this is not his style... and most likely (99.9999%)involves more than one person.

Any details? (and a silly idea....)

[LordStrange]

Does anyone have any details of the attack? Was Which computers (more relevantly whose networks) was it launched from? 50 isn't really all that big a number; therefore those 50 had to have some pretty fat pipes.

And now for something completely goofy: Someone posted a highly moderated comment in "Forum: The Yahoo Denial of Service" chastising the goons behind the attack for the fascist response it will surely elicit from Big Brother. (Here's the goofy paranoid part) what if these attacks are BY Big Brother? What better way to "prove" a need for all the taps and backdoors they want?

Think about it: Who else benefits from such a stupid, pointless attack? (Other than firewall and ID consultants/vendors I mean.)

Re:Any details? (and a silly idea....)

Well, you know...I've seen several people post the whole grand-conspiracy theory so much that I just need to respond to it.

Do you really think that any employees of the govt would do this? Obviously, you're probably 23 or under and still believe that in some way the govt is behind everything.

Have you been to the DMV recently??? That's, the government......

Re:Any details? (and a silly idea....)

[LordStrange]

No, I'm 30 and I don't actually beleive it. But I can't really say it's impossible.

The DMV is in pretty stark contrast to the NSA. Both in power, resources and competence.

Big Hat, No Cattle???

[Morris+Schneiderman]

I just went to:

• ebay
• yahoo
• msn
• cnn
• amazon
• abcnews

Guess what, they all are accessable and they all loaded faster than slashdot. So, where is this story coming from?

Re:Big Hat, No Cattle???

no one said they where STILL down.. but they WHERE down a while ago.. yahoo longer ago than the rest.. and abcnews was never down..

Re:Big Hat, No Cattle???

[Spasemunki]

All the articles have said that the outages occured earlier today. eBay, for instance, went down around 3PST/6EST this afternoon. ABC news, as far as I know, was never down; it was just hosting a story on the outages. The only sight that has been mentioned as being down that I still can't get to is Adobe.

Re:Big Hat, No Cattle???

though generally the people who do crap like this blow their load reading about on abcnews. why whould they tie up a site that would curtail their notority. As for DoS attacking sites like microsoft and Aol. That seems pointless, those sites fall over all by themselves... "my windows machine never crashes...though I never actually turn the computer on..."

Re:Big Hat, No Cattle???

www.yahoomail.com wouldn't work a couple of days ago, I noticed it before the slashdot article

The most reasonable solution

[face]

I think the most reasonable solution to this problem is obvious to everyone at this point.

First, we must acquire thousands upon thousands of large crowbars. Second, we need to go door to door clubbing people in the knees with our crowbars, stealing their computers, and investigating the contents of these systems. Once the perpetrator has been located, we must force him/her to endure hundreds of hours of horrible, unlubricated goat sex. Yes, goat sex. I believe this is the only rational way to get rid of these awful "script kiddies."

Not to be Paranoid but....

If these people don't work for a foreign government already, I'm sure they could be hired to do other things. Accept no cookies. Trust no one.

Re:FBI on the case - SUSPICIOUS?

Burris,

I thought you were GREAT in Burris Ewell's Day Off! I loved that movie! Don't worry about Godzilla, we all make mistakes! Hand in their, sailor!

C'mere, you, and give me a back rub. You dumb turd, you.

AoL DoS...

There were some really bad DoS attacks on AoL before they offered internet access. It was in fact possible to flood people off and crash AoL's client software in various ways, and it happened frequently.

Yahoo: where's the evidence?

[peterw]

Yahoo, et. al., ought to be working to figure out where the spoofed packets are coming from. The blame ultimately falls not onlyon the attackers, but the network admins who allow the spoofed packets to leave their nets.

First we started to track down open SMTP relays. Now we need to hunt down underprotected routers.

Are the high-profile victims doing that? Where's the evidence?

Re:Yahoo: where's the evidence?

[dennisp]

"Yahoo, et. al., ought to be working to figure out where the spoofed packets are coming from"

Good luck. It would require a lot of coordination with a number of tier 1 ISP's *during* the attack to determine the sources.

Oh My God! Katz was right!

"Geeks control the computers that run the world". PH33R TH3 D4RK 51D3 0V TH3 G33K!!!1!!!!

Hackktavism!! DSS Retaliation??

dss retaliation?!?
Could there be hope for the world yet?
down with the corporate behemoth -- inefficiency shall be eradicated!

No revolution

[volkris]

... or else this is the stupidest group of revolutionaries around.

I mean come on... attacking Yahoo? A place that catalogs information? and CNN? An information source? The Internet is about information, why would anyone who knows that attack places that distribute bood information for free?

At least if they would have attacked AOL it could be because of the stupidity of AOLers (though they're not as bad anymore). Or they could have attacked a known spam ridden network. Heck, how about attacking MPAA online and websites of governments who are net unfriendly?

Their choices of targets are very stupid, appearantly aiming for the biggest publicity bang they can think of. This isn't a revolution, just a media stunt by a bunch of kiddies.

Oh and as for eBay... cheep computer parts :) leave it alone.

~Chris

Re:No revolution

AOLers are as bad as they've always been - it's just that the overall IQ of the Internet has been falling, so that they're comparatively not as bad as they once were.

Re:No revolution

[sylvester]

How often are sites like the MPAA defaced/DoS'd in times of trial? Remember the NATO sites being taken down during the anti-Yugoslavia (IIRC) airstrikes? How big of news did that make? Not a whole lot. First, get their attention, then make your statement. Maybe the MPAA is next... Also, CNN is, depending who you ask, a highly biased source of information, a very "American" media outlet, lurid and sensationalist. I can't decide what I think, and I won't until (if?) we hear about an intent or motive. There is at least _some_ organization here, and certainly some guts - we all know that the (supposed) Melissa author was tracked down, and he though not careful, didn't exactly go shouting his name to the police. There's a lot of infrastructure to track this already in the 'net. Just my thoughts.

Re:No revolution

Chris,

I thought you were GREAT in Batman & Robin. Don't worry about all the bad press - what do they know, anyway? I'll see ya at the Bat-theater (ha ha) next year! Hang in there, boy wonder!

oh, just c'mere, you. I love you, you dumb turd. And that sexy spandex.

Re:No revolution

[volkris]

So you advise any "revolutionaries" to go DoSing random sites as their plan A?
At least these people should have put forth an real effort to get their story out before launching attacks that harm the Net usage of other people. A DoS attack is, IMHO, a very very negative thing in that it destroys entire servers without prejudice, plus it wastes bandwidth all over the Internet. I'd say that if these people had made a concerted effort to get their story out, someone either on /. or in the media or at least at one of the attacked companies would know about it.

As far as CNN, sure every news story has a motive behind it, but it's kinda like quantum physics... you need a bunch of biased news sites to cancel each other out to get to the truth.

As far as organization, grab a couple of servers on high speed connections (including private computers in university dorms) and set them all up with scripts that will all go off at the same time. Heck, what if someone released an "unoffical" version of AllAdvantage that includes a DoS engine? :)

The point is this could just be one guy who was bored last weekend because his girlfriend dumped him.

~Chris

Re:No revolution

[sylvester]

Absolutely it could be any guy whose girlfriend who just dumped him. Everyone keeps pointing out that it's easy. The obvious argument is "why hasn't it been done before?" Obviously, there are lots of SK's that like to go around defacing sites that require little to no skill...and they're smart enough to pull this off, apparently..and the ones that deface the various "official"-type pages (.gov, etc...) don't seem afraid of being caught.
So why hasn't anyone else done this?

I also like the thought-experiment of imagining that I am, in fact, in control of sufficient bandwidth that I can shut down any site of my choosing. That's pretty cool. :-)

I agree that it's odd to do it without an announced agenda..obviously 90% of the current /. discussion is speculation, so I'll join in...maybe "they" will release something on why nice and soon now.

Certainly, an obvious, fairly "clean" motive is to show, as many SK's rationalize, that they're demonstrating the weaknesses in security in the way the 'net works...The fact that most users use windows, will run anything a random ICQer tells them to, and more and more of these people have high bandwidth access.

I've digressed a bit - to respond to your first sentence ("So you advise any "revolutionaries" to go DoSing random sites as their plan A?") no. But _if_ there is a "big picture" to this, and it's some damn smart guy somewhere damn well hidden with a damn good motive and agenda, this would seem to be how it would start, no?

This is what _I_ would do, given that I had the means, motive, opportunity, knowledge, intelligence, stupidity, money, guts, etc.

(Motive being the most pivotal one.)

Re:No revolution

[volkris]

I've always had a theory that in order to progress through the levels of computer mastery, one must spend enough time with the computers and networks to really appreciate what they are and what they do.

It is this appreciation that keeps people inline and not constantly bringing down the networks and stuff, cause god knows how easy it would be. Even l0pht said it once on TV. Back to the point: if you want to learn the net, first you have to respect it. If you're eager to hurt it, you'll never get to your goal. A bit philosophical, perhaps, but we are its caretakers, we know its weaknesses, but at the same time we love it as a son too much than to exploit our knowledge for bad.

So anyway, look at it this way, DoS is distructive, there are constructive ways to get attention too. I don't really care what the good reason was, interfereing with the operations of that many people is just a bad thing.

Now a VERY constructive use of energy would be to work more towards one of the geek unions that get talked about occasionally, or maybe a dataheaven somewhere. Both would get attention, but would be good anyway.

~Chris

read the post 1 above you

...

Re:read the post 1 above you

His question was not "did the NSA do it," but "should we FUD the NSA?" I think that was the point of the little quote. It is a moral question and "will we look like idiots" question. My vote is Fud the hell out of the fuckers in the main stream media and figure out the real cause here on slashdot.

The post 1 above also giveas good reasons for using FUD on the NSA/Gov/etc. Namely, to keep the internet from becomming like TV.

Meept

i'm glad this is happening

[zordon]

I am one of those semi oldschool folks. I've been on the net since '94 and I really dislike the commercialization of it. I miss the good old days when the internet was a playground and nothing seriously bad ever happened. Server down? oh well, nothing really important on it anyways. The internet used to be all about having fun, now it's about making money. I honestly hope that all of these attacks continue for a long, LONG time. Targetted at commercial sites, leaving sites like Slashdot and Bluesnews alone, because after all, those sites are all about the content, not the money to be made? Anyone who agrees should post their support for the Packet Monkeys to continue. Anyone who has the resources to carry the torch, do it if you agree in the cause. The internet as I knew it is dying, and I don't like it one bit. Zordon "Confucios(sp?) say man who walk through airport sideways going to bangcock."

Re:i'm glad this is happening

[ACK!!]

Besides the fact I have been an old schooler since the days of getting online meant using your 2400 baud modem to connect to your local BBS, I have to say that you should probably know better sir.

Think about it. Do you really want to support vandalism of sites of Denial of service attacks to protest the commercialization of the 'net? It is like shooting yourself in the foot to fix a broken toe. My god, this be just another excuse for Big business and the gov to come in and tighten down on surviellance and eventually start censoring content. Don't give them an excuse!

Anyway, there a lot of good people with technical skills who are making money off the web (notice I did not equate the World Wide Wait with the Internet!) and why not? If the geeks of the world are connect humanity together via an electronic nervous system empowering people on a massive scale then by god some of us ought to have the common sense to profit off it.

If you don't like that way of thinking then you are living in the wrong society. We live in a capitalist world and I tried very hard to help my fellow man and be a teacher and all. What did it get me. Kids cursed me. Parents cursed me. Society only gave lip service and got the clue. Now, I am an Account Manager of Data Center Ops for a big old mean corporation selling sales force automation software to sales people. We don't hurt anybody or pollute the environment. We just make code and look after big servers. What is more I make the money that I need to live.

Being poor sucks. There was a silly song out not too long ago that said, "I hate the people who say money is the root of all that's bad. They never had the pleasure of a welfare Christmas" or some such. It is so true.

haha

#### ####
#### ####
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ####
#### #####
#### #####
#####
#####
#### #######
#### #########
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ###
################################################## ##
################################################## #
################################################
#### #####
#### #####
#####
#####
#### #######
#### #########
################################################## ####
################################################## ####
################################################## ####
################################################## ####
################################################## ###
################################################## ##
################################################## #
################################################
####
####

###############################
#############################################
################################################## ###
################################################## #########
################################################## ###############
################################################## ###################
################################################## #######################
################################################## ###########################
################################################## #############################
############### ###############
########### ###########
######### #########
####### #######
###### ######
##### #####
##### #####
#### ####
#### ####
#### ####
#### ####
##### #####
##### #####
###### ######
####### #######
######### #########
########### ###########
############### ###############
################################################## #############################
################################################## ###########################
################################################## #######################
################################################## ###################
################################################## ###############
################################################## #########
################################################## ###
#############################################
###############################

###############################
#############################################
################################################## ###
################################################## #########
################################################## ###############
################################################## ###################
################################################## #######################
################################################## ###########################
################################################## #############################
############### ###############
########### ###########
######### #########
####### #######
###### ######
##### #####
##### #####
#### ####
#### ####
#### ####
#### ####
##### #####
##### #####
###### ######
####### #######
######### #########
########### ###########
############### ###############
################################################## #############################
################################################## ###########################
################################################## #######################
################################################## ###################
################################################## ###############
################################################## #########
################################################## ###
#############################################
###############################

Let's go Crackers!

We live in interesting times. We are witnessing a great crack in progress. Mark your calenders so you can tell your children how in your day anybody could knock the biggest web sites of the net.

I have a list of sites I'd like for them to take down.

1) Microsoft.com -> You can't call yourself done until you've taken this site down
2) eTrade -- (Do you really need a reason?)
3) www.jokeland.com (This will get you on the Howard Stern show and thoose jokes suck anyway)

Any other suggestions?

Re:Uh, not really

[Stormie]

If they were using a real address, it takes very little effort to block it from the router side.

But they're not using a real address. They're using lots of real addresses.

At least this is how I understand it:

• The attacks are distributed, that is, they are being launched from a large number of cracked boxes around the net.
• So they're probably not spoofed - the attacker doesn't really care if they get traced back to any given source, because he's not associated with the source.
• It takes very little effort to block traffic from one source. But to block all of them would be a massive job.

The only weakness, as I see it, of this type of attack is that each box you try to crack to get launch hosts carries the possibility of you being traced. Sure you might crack a hundred unsecured boxes for every clueful admin you piss off with your portscanning, but it only takes one clueful admin to nail you.

All that said, I freely admit that I'm talking out of my arse. I'd love it if someone could point to a report with more info on what it actually happening. How is service being denied? Is it a massive overload of HTTP requests or a "traditional" DoS like a pingflood? Are the attackers spoofing? Is it a script-kiddie tool being spectacularly well applied or are we talking real skill?

An intresting coincidence.....

At the excact hours of the DoS attack on Yahoo, the Network at the University of Virginia became *really* slow, and the access to the internet sped back up again around the time the DoS stopped. I ran several Tracerts, and pings and the second I got off the campus network, the ping time shot up to over 1000 ms when before it would be really low(ie under 100ms or just above). The effect was only on the router for information heading off campus, all the inner campus routers were unaffected. I doubt this information will be of any use, but the DoS attacks times were way to close to the time of this slowdown for me to think it pure coincidence.

Re:An intresting coincidence.....

>>> At the excact hours of the DoS attack on Yahoo, the Network at the University of Virginia became *really* slow, and the access to the internet sped back up again around the time the DoS stopped. I ran several Tracerts, and pings and the second I got off the campus network, the ping time shot up to over 1000 ms when before it would be really low(ie under 100ms or just above). The effect was only on the router for information heading off campus, all the inner campus routers were unaffected. I doubt this information will be of any use, but the DoS attacks times were way to close to the time of this slowdown for me to think it pure coincidence.

Bullshit.

Porn Still Works!

Phewww.... With all this going on, I sure am glad that I can still get to my favorite porn sites! They are the most important after all...

Was it Mitnick?

[ArsSineArtificio]

This is completely random speculation, but Kevin Mitnick just got released from prison.
Mightn't the actions of a lone, extremely talented man, lashing out against the world, solve the problem of "why would somebody want to do this"?

Re:Was it Mitnick?

[renai42]

Kevin Mitnick doesn't even have access to a tone-dialing phone, let alone a distributed network, you half wit :)

Common Thread

[David+Mooney]

Is there a common thread? Are the sites that have confirmed attacks all running the same OS? Same web server? Same routers? You know what I'm saying?

eBay probably wasn't attacked. They just fell over again.

Re:Common Thread

[southpolesammy]

No, doesn't seem to be a common thread wrt OS and webserver app. I checked most of these sites against the "What's that Site running?" on netcraft.com and found almost no correlations of OS and/or webservers between the sites.

The only common threads that I can see so far is that all of these sites being attacked are well known and highly visited sites. The other common thread is the length of time that each site is getting hit for, although that seems to have varied slightly from site to site. Gotta wonder if perhaps Yahoo was able to identify a few potential sources and pass the info on to the other affected sites. If so, kudos to them for helping stave off the attacks.

Argue not with dragons, for thou art crunchy and go well with brie...

Slashdot effect

[cbustapeck]

Its the Slashdot effect!
All the computer people who normally don't go to amazon.com because they don't like certain patents amazon wants to enforce went there after they heard about the DoS attack. What might have been a brief system outage lasted for hours because of all the people trying to see if it was really true.

The others... how to explain those? Probably /. too, after all, they have mentioned Napster and DeCSS, who knows what other mischief they might be up to?

The List of Sites, What does it mean?

Okay, so Yahoo was attacked, but not Lycos or Excite. Buy.Com, Amazon.com, and ebay were all attacked too, all commerce sites. CNN.com was also attacked. So we have four true internet companies, no brick and mortar e-commerce sites (such as Toys-r-us or B&N.com.) If this is about the commercialization of the web, they aren't picking good sites. I think most geeks would prefer a true internet startup compared with some brick and mortar start up. Bezos and the creators of Yahoo are veritable geeks, while also being savy businesmen. Their counterparts in the brick and mortar are merely opportunists without a vision. CNN.com is a strange pick, but is also related to AOL. If they are agains the rabid commercialization of hte net, why not attack all the new start ups, the ones that didn't have vision? There seems to be no rhyme or reason to this- a big site is all that is needed.

Re:FBI on the case - SUSPICIOUS? Not really...

[Rombuu]

Be afraid, be very afraid.

Yeah, if you are some script kiddie doing things you shouldn't.... otherwise, what's the big deal?

Take down all the sites you want!

Just don't F' with my slashdot

Re:Uh, not really

The current attacks, or at least the pieces that I've seen (I work for one of the upstream providers of one of the companies hit today) are using source spoofing. It makes the attacks a fair bit more difficult to block, and also a fair bit more difficult to trace back to the compromised boxes.

The same attack would be possible without source spoofing, but it'd be pretty trivial to get the owners of the compromised boxes to fix them if we could ID them with a couple whois lookups. Or, if their owners don't fix them, we could get their upstream providers to pull their plugs until they fix things. Don't think they won't do it, either -- network people tend to take this sort of attack very personally.

I smell da man.

[Dr+Caleb]

What do you want to bet ethier the 'culprits' will never be found, or that they are found and there will be insufficient evidence for conviction.

Give me a break! 50 ~possible~ addresses? I've worked on a large network (approx 10k nodes) and it never took more that 1/2 hour to find a NIC that was spewing garbage, or one with a duplicate IP. And that was with an old 386 laptop running an old 1992 packet sniffing program!

I'm sorry, but I know what some of these 'companies' are capable of, and they would have to be totally inept to take 4 hours to narrow it down to 50 IP's, and then lose the trace! Only to have it pop up again the next day! Oh! Look there it is again! Hit it with the fuzzy hammer!

It cannot be co-incidence that Prez Clinton wants broader powers for law inforcement; that backdoors will not be included in new internet protocols and that these attacks are ocurring!

These attacks are costing these companies millions and they can't narrow it down!?! Because the man doesn't want it narrowed down!

That's how it begins kids! Fear group X, and let's hunt them down and parade them through town square tarred, feathered and GNU zipped!

Re: In the old days, abuse was extremely rare

[rcade]

I'll put up with no eBay for a couple of hours simply to preserve the last vestiges of the Net as we knew it once upon a time.

The Net of old was never about denial of service attacks -- it was about the free and open exchange of information. One of the reasons SMTP and other Net protocols are so open to abuse is that they were not designed with abusers in mind -- the community was the domain of a small academic, military and governmental community where abuse was extremely rare. I can remember when the Morris worm, Jake Baker incident, and green-card spam occured, and all three were big news because the Net had been so well-treated by the community of users.

Pine all you want for the old days, but don't credit these abusers with bringing them back. The distributed denial of service attack is symptomatic of today's Internet, where people do what they want and ignore the impact on the community as a whole.

What do these sites have in common?

They don't run linux.

I bet this is another lame attempt by the linux "community" to pimp for their OS of choice.

Slashdot and the DoS

I'd DoS Slashdot but since they run Linux, they cannot even handle the baseline traffic. My work here is done.

Yahoo!

[renai42]

I've always thought Yahoo! to be one of the great net companies - they had a great idea, and won through with it, while not getting all corporate big wig suit wearing.

You're right, there isn't any real value in attacking it.

Re:Yahoo!

[sallen]

>>I've always thought Yahoo! to be one of the great net companies - they had a great idea, and won through with it, while not getting all corporate big wig suit wearing. You're right, there isn't any real value in attacking it.

You may be correct. Or, instead of all the consipracy theories, this could simply be a case of greed and an attempt at extortion. 'Pay or we'll shut you down' type situation, a little like the person(s) who stole the credit card data from the CD place and attempted to extort money or he'd release the credit card numbers. they didnt' pay..and the numbers were out there. We may learn someone didn't pay or this was the 'show me' that they could do it. I agree with you - Yahoo! pretty damn good company. But they have in common with the others a pretty rich cash flow they need to protect.

Announcement to the Script Kiddies

[SEE]

Okay, I don't approve of what you are doing. But as long as you're doing it, why go after some basically inoffensive companies with DoS? I mean, Yahoo? Why not vandalized your local library's card catalog? Instead, go slam Disney, Viacom, Time-Warner, News Corp., etc. -- you know, the guys behind the MPAA, the DCMA, and DVD CSS. At least then you're going after people who, in some sense, deserve to be DoSed.

Steven E. Ehrbar

Re:Announcement to the Script Kiddies

[ForteBravo]

Because that would imply that the people behind this have a political motive regarding the corporations they are targeting. What if the people behind this have only one target -- the Web? Get eBay, Amazon, and Yahoo, and you've covered 90% of the Internet for 90% of the voting public (stats are not real, just illustrative). Check out the update -- this makes a lot more sense if you just want the words "hacker" and "internet" and "e-commerce" to get on the 11 o'clock news. If you want some fresh FUD so you can pass a bill locking down the 'net, this is the way to do it.

(Mission accomplished: the news is coming on, and the top story is the evil hackers who are targeting the innocents...)

They should have done this at Y2K!!!

That would have really freaked people out.

If I were to conduct a large-scale DoS ....

[Ex+Machina]

If I were to conduct a large-scale DoS, I'd remember the ancient chinese wisdom I received from my Sensei while reflecting on the virtues of confusician network Kung-Fu in my Rice Paper(tm) meditation shack:

"Wise man may write Trin00 but any idiot with backhoe on Fiber Optic lines cause much packet loss."

Just another way of trolling

[thales]

Trolls post shit just to get a reaction. They rarely get more than three or four people to bite. These clowns are raking in hundreds of replies. Looks like it will be a tight race between them and Linuxone for Troll of the year.

Maybe we know.

[jesdynf]

Does anyone else out there remember that [Slashdotted] story about some large effort to determine the OS of every computer on the net?

If I recall, they dealt with one NASTY little rootkit that knocked on their door and installed its happy ass onto their systems in something like 13 seconds. Came from some poorly maintained Aussie ISP.

Wonder how many of -those- puppies are out there, lurking?

Not new at all....

[aiken_d]

...I manage a few (smaller than yahoo) sites. We've seen a drastic increase in smurf and other packet flood type attacks over the past 6 months or so. You should see my MRTG graph :)

We've seen traffic as high as 40mbps for as long as 5 hours. For a site that averages 2mbps and peaks around 5mbps, that's pretty huge.

Filtering spoofed packets on routers isn't the whole answer, either. All you do when you filter spoofs is confiugure the router not to allow incoming packets that claim to be from inside (obviously enough). If someone sends hundreds of megabits that claim to be coming from *somewhere else* outside, it doesn't help.

Revolution My But.

This Is terrorism and vandlism. The Only reason currenlty that I would support such behavior is if all the sites targeted sold DVDs and this was an Attack against the DVD industry, But that is unlikely and there are better ways to go about it.

This whole thing explains something...

[JamesKPolk]

Yesterday, for the first time, I was getting *very* weird errors trying to connect to AOL's IM servers.

It wasn't a client error... it happened with AOL's "QuickBuddy" Java client, along with all the linux ones I tried.

But, the service stayed up, at least for all the time I was on... AOL must be like the good'ol cockroach: able to withstand any man-made holocaust.

*Sigh*

[jacobm]

Okay, I'll get crucified for this, but I'll bite: the Internet as a social phenomenon didn't exist before Yahoo. Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days. I'll go one step bolder: Yahoo invented the modern Internet. They made it possible for normal people to find the web sites they wanted to go to, which was the big spark that made the Internet useful to ordinary people. (Obviously if Yahoo hadn't been the first big popular web index, it would've been one of the others, but that's not the point. It was Yahoo.) And Amazon and eBay were also pioneers in their respective fields, Amazon in particular. It seems that you don't like their fields- well, that's good for you, you can ignore them. But as for what the Internet is defined by how people use it- they're as important as it gets. Ever bought anything online? Thank Amazon and eBay. Ever found a website without looking through one of those archaic internet yellow pages? Thank Yahoo. Get your internet access at home through roadrunner for cheap? Thank all three of them, and CNN.com, and usatoday.com, and every site that ever made the internet a place where normal people wanted to be.

Don't like the fact that the Web is a "corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument, sorry. The whole wide Internet world got massively bigger in the last ten years, as you've probably noticed. I'd say it's reasonably certain (though I can't prove it) that there is an order of magnitude more free interesting non-corporate content on the Internet now than there was ten years ago. And, surprise, where people went commerce went too. But if you think of barnesandnoble.com as the Internet, do you also think of the real world as just a big Barnes & Noble bookstore? Just like in the real world, there's lots of room on the Internet for big corporations to spread out and make themselves look big and important. (Think of all those TV ads and billboards with URLs as one big cyber-Champs Elysees.) Also just like in the real world, if you spend all your time hanging out there, you'll end up unsatisfied. And also like the real world, there's a place for commerce and a place for community.

Unfortunately, also like the real world, there are people who absolutely refuse to play nice. But on the Internet it's worse, because it's so easy to ruin systems and there's no repurcussion for doing so. There are no social or legal rules, so people do what they please, and some people like to break things. (Hi there trolls! Have fun storming the castle!) It has been that way for the history of public networking, it's not something that just got invented with Slashdot trolls and the DoS attacks this week- CommuniTree (aka Slash version .0000000000001) had the same problems back in the romantic days of networking.

And the anarchic solution is the romantic notion that people always seem to argue in these circumstances, and as you are arguing now. Guess what? It doesn't work on the Internet. There's more net.abuse than there has ever been, and vigilante groups haven't ever really been effective in combatting them. Assuming you're right about the DoSers' motives, and they don't turn around and DoS your favorite site tomorrow, do you think that it will make all the bad people go away? I doubt it.

This is the part that the freedom lover in everyone hates: the only solution that mankind has ever come up with that works is to make rules and enforce them. That's what governments are for. That's why they were invented. The wild west is a fun, romantic place, but we can't live there forever, because given enough time the outlaws will always outnumber the sheriffs and Billy the Kid is only fun to hang out with for so long.

Far from your argument that the DoS attacks represent that the Internet community is somehow rejecting a bad part of itself, I'd say that the DoS attacks signal the end of the free Internet era. It was fun, yep, I was there for a little bit of it too and I know. But oh well. We have to grow up someday. =(

Re:*Sigh*

[CokeBear]

I'll go one step bolder: Yahoo invented the modern Internet.

Yahoo didn't invent the Internet, Al Gore did. :-)

Re:*Sigh*

[Cid+Highwind]

Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days.
And we're supposed to be thankful for this??

they made it possible for normal people to find the web sites they wanted to go to
Because they invented the search engine? Oh...wait, they didn't. Veronica and WebCrawler were cataloging categorizing, and searching the web before Yahoo was around.

And Amazon and eBay were also pioneers in their respective fields
Stupid patent lawsuits and black market kidney sales, respectively?

Don't like the fact that the Web is a corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument
No, it's a sad commentary on the direction the internet is taking. Radio used to be an exciting new technology, promising instant communication, like the net.hype promises today. Then it was dominated by large corporations, and today it is nothing but top-40 crap and insipid talk shows. Anything creative or thought-provoking has been squeezed out in favor of safe, easy to digest, bland, boring, profitable pablum.

the only solution that mankind has ever come up with that works is to make rules and enforce them
I don't see what you're driving at here, there are already laws against this.

There are no social or legal rules
Tell that to Kevin Mitnick, or the DeCSS defendants.

Re:*Sigh*

You deserve to be crucified... 8^).

The 'net as a social phenomenon happened long before the commercial guys heard about it. Usenet, in particular, is a good example.

Of course, by definition, the 'net as a commercial phenomenon didn't happen until the commercial guys got into gear. The 'net as a mass-market phenomenon couldn't happen until you had mass-market ISP's to serve them. But that's more of a reaction than an action.

Yahoo is nice, they deserve to make money, but honestly, they're not a big deal.

Re:*Sigh*

God, you're SOOOO counterculture. I bet you wear leather and drive a motorcycle, too. And have piercings. It must be so COOL to be angry and surly all the time and hate everything and have all the answers and "remember when" about every subject ever....

Wow....

Re:*Sigh*

[Karellen]

Don't like the fact that the Web is a "corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument, sorry.

There are no social or legal rules, so people do what they please, and some people like to break things

That's the point. It's not a corporaplayground. The corporations like to think it is, and are trying to make it so, but it ain't. Certainly not yet. And hopefully never.

Don't get me wrong, I don't mind sharing my toy. I like sharing my toy. But it's my toy and it currently works like this. If you don't want to see some of the less nice aspects of it, then that's your selective blind spot. It doesn't change reality.

If you want to change my toy so that it works more like the way you want it to, don't expect me to automatically like it. I might, if it plays in the way that I like my current toy to play. Hell, I might even enjoy it more if you fix some of the stuff that's been bugging me.

But don't think it's something that it ain't. That way lies many a great headache.

Re:*Sigh*

[James+Ojaste]

"Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days."

So maybe I'm an old-timer, but I'll never accept Internet as synonymous with WWW. Sure, web traffic dwarfs everything else, but that everything else is what makes the net so useful; take telnet and SMTP, for instance. Heck - email is the killer app that brought the internet to the foreground in the first place.

"Ever bought anything online? Thank Amazon and eBay."

Why? I bought stuff on the net before Amazon or eBay existed.

"Ever found a website without looking through one of those archaic internet yellow pages? Thank Yahoo."

Never liked Yahoo - in fact I found the content to be too bland to be of use to me; I used real, honest-to-goodness web-crawling search engines instead of human-generated ones. WWWW, Webcrawler, then Altavista and Google were my indexing friends. The first two are definitely archaic, but they produced far more useful information than I was ever able to get out of Yahoo.

"There are no social or legal rules, so people do what they please, and some people like to
break things."

On the contrary - there are social rules, but the problem with social rules is that they cannot be enforced! The whole deal with society is that it is composed of its members, and peer pressure is the only force it (as society) can bring to bear.

If you break society back down into individuals, people can try to enforce the societal mean, but you'll always find a blip on the other end of the curve - people trying to exploit a given society, people who may even be *outside* it. A society isn't defined by numbers, wires or boundaries; it's defined by the individuals who choose to compose it.

Re:*Sigh*

you are missing his point entirely...and i'm really not sure why the hell you were moderated up to a 3...but i guess innane comments about a pretty thought provoking post are worth something hey?!

I'm probably the only person who will read my post, but if anyone else reads this tell me how my parent was "interesting" ...please

Re:*Sigh*

[hyrax]

Anything creative or thought-provoking has been squeezed out in favor of safe, easy to digest, bland, boring, profitable pablum.

For someone who has been around for oh so long, you certainly have an odd conception of what the internet is. It is not a finite space. No one is being "squeezed out" of anything. So the merchants have come to the party. So what? Last I checked nobody as being forced to take down their web pages to make 'room' for Yahoo. If you don't like corporate sites, feel free to stay away from them.

Re: In the old days, abuse was extremely rare

Rogers,

I loved you in Moonraker - you were the best Bond! Don't listen to what all those web sites have to say. Stay sleuthy, bucko!

C'mere, you dumb turd, I need a hug. I think (hee hee) you're sexy, too, Rogers.

Potential government involvement

[Crixus]

Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers?

This isn't so crazy. If any of you have ever read the books by Phillip Agee (Inside The Company) and John Stockwell, men who were actual CIA operations directors, you would be surprised at the horrible things these organizations do to "encourage" trends in the US and our allies.

According to some reports, the CIA has been known to plant bombs in airliners... naturally these types of events are always blamed on middle eastern countries and terrorists, and we certainly DO like to hate middle-eastern countries.

Re:Potential government involvement

[pnevares]

Are these recent publications? I'd like to read up on that, sounds damn interesting (and hey, on-topic too! =).


Pablo Nevares, "the freshmaker".

DVDs

[renai42]

Hey here's a thought....against all odds that someone actually has the bandwidth to post pirated DVDs on the web...could it actually be some goon emailing his favourite pirated DVD's to his friends working at Yahoo?

The slashdot effect would explain the rest :)

Jon Johanson could have created a monster :-)

Moderate this one up!

[freddie]

Moderate this one up!

It's the apocolypse! Our calendar was a month off!

The Chinese calendar was dead on, though! The coming year of the Dragon will be the end of the world!!!!!!!!!!!!!!!!!!!!

However, for a small fee, I might be able to work out a reprieve for you!

Re:FBI on the case - SUSPICIOUS?no big deal?...

[letchhausen]

Man you are stupid. It's always the way that people in power grab and misuse it is to make it seem like there is a reason and as long as you are a law abiding citizen everything is okay. But after you give up your civil fights and they change the laws, then what are you going to do?

Oh remember? You gave up your right to complain when you gave up your right to free speech. Hey it's okay as long as your are a christian and a republican. Oh you are not? Well we have a data entry prison for you built with your tax dollars, it's called The Microsoft Reform Center, co-funded with all that money that Bill Gate$ donated to the Republicans......

Re:Slashdotted

[brokenwm]

since charley is fat
i reccomend that he mates
only with roseanne

fat-time's only sexual encounter was with lubie, his lubricating midget rapid fire pellet gun. that is how he became a superhero. he and lubie were sexually experimenting next to a pool of toxic waste and fell in. roseanne makes my spine crawl.

opensource man: a charge -
remain true to your trolling
portman is our slut

uhmmmm... hehe... ?

offtopic are you,

nothing new there.

down goes your precious karma,

my precious karma?! are you high?!

like yoda speak I

lol.

AMEN! CAN I GET A HALLELUJAH?

FUCK ALL COMMUNIST C*CKSUCKERS. Microsoft Rules ALL!

ps. HAppy TR0LL DAY~

Re:AMEN! CAN I GET A HALLELUJAH?

sure maynard. "HALLELUJAH"

How to protect yourself?

[garver]

Imagine that I'm Joe ISP. How the hell do I protect myself from this? Asking everyone on the net to do their job and filter spoofed packets ain't a reasonable answer. It is simply not enforcable, not on an international scale.

Stopping a server-level DoS attack (e.g. grinding my servers into the ground with dynamic pages, DB lookups, etc) should be possible; identify the source(s) and block at the firewall for example. The catch is identifying the sources, but it is at least possible.

But if it is a network-level DoS attack, in other words, too much is being forced down my pipe, I don't have much of an option but call up my provider and beg them to filter. I can't see this as a reasonable solution. Providers aren't going to be happy adding filter rules to their routers every time a customer gets nailed. It is too much overhead on their routers and on their administrative staff.

So what is a long term solution to this problem? This is only going to become a bigger and bigger problem as the common user's pipe gets bigger and bigger.

Imagine: an email-spread trojan horse, set to pound the hell out of www.bigguy.com at a certain time a month from now. Let it spread to a couple thousand unspecting newbies (wow, cool, look at the fireworks!, lets send that to tom, dick and harry)... Insert your distributed DoS attack method here.

NSA Conspiracy? I Think Not

[edibleplastic]

I'm sorry, but I really can't believe that Michael would really suggest that a conspiracy involving the NSA is really the best explanation for the DOS attacks. I may be naive, but let's play a "so that" game:

The NSA either hacked into its own computers or faked a crash, so that it looks vulnerable,

Launched a DOS against Yahoo! so that the worlds biggest information portal can be shown to be vulnerable,

Crashed the phone systems of two states so that it can be shown our infrastructure is vulnerable

and shut down major American websites in similar DOS attacks so that it can be shown that even smaller websites are vulnerable?

And for what? So that they can get a bigger budget? For what? More eavesdropping? For what purpose?


Or is this perhaps more reasonable: a team of angry teenagers/young adults feel that to be cool they need be noticed in a monumental way. Or perhaps they have a grudge against corporate America and have decided that this is the best way to exact their revenge against deserving pillars of capitalism. This is really not too unimaginable; just think back a couple of weeks to the eToy/eToys lawsuit -- hundreds of netizens were lined up to launch their own DOS attack against a reputable web site just because they felt that they were taking away their freedom. (Obviously the best way to fight this is not in the courts or through legal protest but through a childish impatient form of attack.)

I think the most realistic explanation is the horse, not the zebra: how many hackers have attacked web sites, computer networks and phone systems just to show that they could do it? Nearly every attack (other than specific defamation) has been for this sole purpose and I think that these attacks fit right into this profile. This is obviously the most reasonable suggestion, and I think that all suggestions otherwise will end up hurting us because we will all be pointing fingers at the NSA rather than trying to better protect the Internet and hunt down those who have committed these offenses.

Oh shit

[Legion303]

I thought "smurf" was a videogame. My bad! :/

If the script-kiddies responsible are enjoying the publicity on slashdot: don't forget our friends at dvdcca.org and mpaa.com.

-Legion

Just nitpicking a bit

[diggman]

T3 = 28 T1's = 28 x 1.544Mbps = 43.232Mbps

And to get 1Gbps you need 24 T3's (2 x OC12 > 1Gbps)

Diggs

Re:Just nitpicking a bit

Ok, so you need 24 T3's at 43.232 Mbps... ... and any Pentium or better machine with a Fast Ethernet card can *easily* saturate that... ... so you have to have a distributed attack with a whopping 24 machines! (or 8 x 24 = 192 if it is 1 GB/s rather that 1 Gb/s) Gee, NO ONE could muster up 200 machines to coordinate this type of attack! It MUST be a government conspiracy! :-)

Re:Just nitpicking a bit

No, I have a better explanation.

The RUSSIANS are making a comeback!!!

TROLLING FOR SLASHDOT!

thanks for the info. why don't you get a troll to pour hot grits down your pants
...@.
..//.
.//..
00/..

BALLS TO THE WALL!

The NET is conscious!!!!!

[yuriwho]

At approximately 7pm 2/7/00 US central time, the internet attained consiousness. The nascent lifeform first went to Yahoo to learn as much as it could about its parent human lifeforms. After discovering that random internet searching led it to pOrn in 90.283% of cases, the fledgling intellect decided to glean the history of earth from book abstracts and reviews at amazon.com. Currently the mass of rogue packets is setting up a media blitz to disguise itself as a coordinated DOS attack to facilitate knowlege growth before the humans decide to shut down the net and kill it.

Estimated equivalent human intelligence as of 11pm US CT is 13 years............just wait a few more hours for the fun to begin.

Re:The NET is conscious!!!!!

I think it is the operators of the porn sites that are responsible for the sudden increase in dos attacks. You never hear about the porn sites going down (pardon the pun). What better way to increase traffic than to make all other sites unavailable.

Re:The NET is conscious!!!!!

[Kiz315]

If it is, then I wonder what it would do when it finds Slashdot...

Announce itself to the world, install Linux on every system, and then hook the whole thing into a planetwide Beowulf cluster, I would hope.

My note is:
Hey, if you're reading this, then could you do something like what I just said? Thanks.

Government conspiracy: they say it was Mitnick!

You'll know for sure it was a government conspiracy if they claim it was Kevin Mitnick breaking parole and getting his hands on a computer. :-)

DoS like stealing cars

[.torq]

A lot of people discussing this issue seem to think that arbitrary blaming of those servers that were used for the DoS attacks is a fair and reasonable thing.

Well, I have to say that while I agree in principle that if people are going to run insecure servers then they are responsible for actions on the server if they get hacked, I think that in practice it doesn't really hold up when compared to similar situations.

For example, take the case of a stolen car. The owner of the car drives it into his driveway and locks all the doors before going inside. As far as he is concerned it is as secure as he can make it. However, what he doesn't know is that if he'd spent 2-3 hours each day scanning the security forums he would have found that there was a new LockBuster (tm) available that would make breaking into his car a snap. So, while the driver isn't looking a bunch of thieves sneak up and break into his car using the LockBuster (tm) and take it for a joy ride. At the same time, 10,000 other thieves are using LockBuster (tm) to steal cars and they've all headed out onto the freeway. Consequently the freeway gets jammed - I mean really jammed. No traffic can get on or off the freeway for 4 hours. Once the traffic has cleared the thieves return the stolen cars to the driveway, just in time for the owners of the cars to come out of their houses and drive to work.

In this case, who would consider blaming the owners of the cars for the traffic jam? After all, the owners thought their cars were secure - they locked the doors. They just didn't have the time to spend updating their cars with all the latest security enhancements to stop LockBuster (tm) from allowing people to break in.

Ok, so I know that stealing a car and jamming a freeway isn't really the same thing as using a hacked server for a DoS, but I think people have to recognise that not every company or server owner has the resources to devote to security that they might like. Having said that, I do agree that server owners on the internet do have some obligation to do routine things like filtering packets with snuff source addresses etc. Maybe someone should set up a Server Owners web site where new server operators can do a quick checklist on the really important and neighbourly security features they need to check on their configuration (e.g. here are the important things to check, here is how to check and fix them on your system) and not just for Linux machines, there should be help for lots of platforms / configurations, including NT, Unix derivatives etc. There are lots of sites out there that deal with security issues, but I don't know of any that have a simple checklist that can be run through which has the most common things that need checking on servers.

So, stop putting all the blame on those people that don't have the resources (or the computer savviness) to keep up with security. Be part of the solution by making it easy for them to check their servers and fix them if they are deficient. Don't just point them to bugtraq or something similar - not everyone can scour a multitude of sites each day for possible bugs. Especially if they are setting up a new server and wouldn't know where to start.

email me or not

Re:DoS like stealing cars

[radja]

Indeed.. it should in this case not be the owners of the cars. Rather, this would be a GRAVE mistake by either the cardealer
or the manufacturer for providing an unsafe lock.
This would equate to not the company being responsible per se, but rather those who
supply/setup the servers and software.
On a sidenote.. the FBI in this? I'd say this is like 700 people picketing in front of some store,
making it impossible for everyone to get in. picketing isn't illegal, is it?

//rdj

Re:DoS like stealing cars

[.torq]

I don't think you can blame the supplier of the equipment, either. When the product was sold it was presumed to be secure - then when a security flaw is discovered later, or a product comes out that makes it possible to break the security, the manufacturer can't be responsible for chasing everyone up to give them a fix for free. I mean, we don't expect car alarm manufacturers to provide indemnity against a car being stolen!

This may finally force action and accountability.

[Alfred+Perlstein]

It may be a foreign agency, lame script kiddies or talented network engineers that are causing these attacks.

The point is that at least people are finally taking notice of the effects lax filtering is causing on the internet as a whole.

CERT was formed to provide rapid responce to exploits, it's time an agency was formed by the major backbone providers (and NOT any government body) to enforce filtering agaist outgoing spoofing traffic.

The consequence of being the source of a DoS should be simple, fix it within an 30 minutes or your upstream pulls the plug until _you fix it_.

There is just _no excuse_ for tolerating this anymore. This means being the source of spoofed
packets _or_ a network that responds to broadcast icmp/udp/whatever with more that X (16?) number of replies (DoS amplifier) should be grounds for removing your clueless hide from the ether until you prove your connectivity is not a hazard to the rest of the net.

Justifying no filtering to maintain speed is bogus, and I think this week has pretty much proven that action needs to be taken quickly and the penalties enforced quickly and severely enough to force accountability.

God save us all. :)

Occam's Razor!

[rebrane]

The simplest possible explanation is probably true. Now, given what we know about the way that net crime works, what's more likely:

a) a government conspiracy

b) an organized form of protest

c) some bored jackoff kid with nothing better to do

I think the intelligent Slashdot reader can make the right choice.

--neil

Continuation of a President's theme?

[broter]

It does sound rather paranoid to say that the US government, or members there of, are taking down major US (I don't believe businesses from other countries have been affected). At least it would to a layman. Although I try to suppress my paranoia about the actions of my leaders, sometimes I can't help but to connect them to other things.

This administration has also pushed CALEA through(Communications Assistance or Law Enforcement Act of 1994) which other administrations wouldn't touch with a 10' pole ("The Electronic Privacy Papers", Schneier). During the debates about it, Director Freeh of the FBI never identified a single case that was lost due to the advances in technology, nor did he identify a single case that would not have succeded do to *wiretapping* (although the catagory "electronic surveillence" was used interchangable in his speech to ALI) (same book, also eff's ftp site).

This leads me to wonder, is this last push toward more power and freedom for Law Enforcement an extention to CALEA (which, luckily, hasn't been funded so far...)? Is the bill that nobody wanted returning in a more monstorous form? Has the government discovered how to get the ignorant masses behind it? I guess our leaders have read "The Prince"...

When I asked if I was being too paranoid, a good friend of mine said "you're not being paranoid enough." At least we know that, since the FBI is on the case, someone will be arrested and prosecuted; even if the crime is never solved...

Natilie Portman N00d PiX0rZ *and* Hot GritZ

HILITE ME for some fun (who loves the ][gs toolbox?)

WWWWWWWWWWWWWWWWWWWWWWMRt=;;:;=iIRWWWWWWWWWWWWWWMM MMMMMMMMMMMMMMMMMMMMMMMMMMMBM WWWWWWWWWWWWWWWWWWWWMV+::,:,:::::;tRWWWWWWWWWMWWMW MMMMMMMMMMMMMMMMMMMMMMMMMMMBM WWWWWWWWWWWWWWWWWWWRi=;;;=;;;::;;::;IBWWWWWWWMWWMW MMMMMMMMMMMMMMMMMMMMMMMMMMMMM WWWWWWWWWWWWWWWWMBIIIIti+=:::,,::,,::=YMMMWWMMMWMM MWMMMMMMMMMMMMMMMMMBMMMBMMMMB WWWWWWWWWWWWWWMMXItIIi==;:;::,,,,,,,,:;iYVMMMMMMWM MMMMMMMMMMMMMMMMMMMBBMMBBMMBB WWWWWWWWWWWWWMMXtiIIi+=;;=;:,..,,,,.,:;=:=YXBBMMMM MMMMMMMMMMMMMMMMMMMBBMBMBBMBB WWWWWWWWWWWWMMVttiItIti++==;::,,.,,::::::;;;+iYXBM MMMMMMMMMMMMMMMMMMMBBBBBBBBBB WWWWWWWWWWWMMVtIt++iittitti+======;::::,...,,,:=+I XRMMMMMMMMMMMMMMMMMBBMBBBBBBB WWWWWWWWWWWMRiV+==;;=+=iIVVVYIt++=;;:,....,,,,,:;= iYVRBBBBBBMMMMBMMMBRBMMBBBMMM WWWWWWWWWWWBtti;;,,:,.:==;;;=+i=:::,;;::,,......,, ;+YXRRBBBBBBBBBBBRXRBBBBRBMMM WWWWWWWWWWMB=t;;,.,..,:,...,;;,.:=+ii=::,,,,....,, ,:=YXXRBBBBBBBBRRXXBBBBRRBMMM WWWWWWWWBBRX=+,;.....,,,..:;,.,;+tII+::........... .,::;+VRRBBBBRRRXRBBBBBRRBBBM WWWWWWMRBBRV==,:.....,,,,;;:,:;;;=+:,,,.,:;;;,.,.. ,,,:;+IVRBBRXXXRBBBBRRRRRBBBB WWWWWWBBBRti+=:::.,.,:::;++;;;::;;:,,,,::::;;::,,: ,,,::=iYYYYVXRBBBBBRRRRRBBBBB WWWWWWMRXV=;i=;:;:,::;;=iIIi+==;:,,.,:::::;++++;;: ,.,,::;iIVRBBBBBBRRRRRRBBBBBB WWWWWWWBYi==ii==;;::;iIYVVVYYIi+;;==;;;;==+iii+;;. .,,..,:=IVVRBBBBBBRRRRRBMMBBB WWWWWWWWXt+=+It++=;=iVVXXXVVVVYItti+++=+++iiii==== ;:,,,,,:;iiVXRBBRXXXRRMMMBBMB WWWWWWWWXIt+++iiii+tVXXXXXXXXXVYYVVYi==++++++==+=; :.......,:=IVXXVVXXRBBBMBBMBM WWWWWWWWBIi++++===IYVXXXXXXXVIIIYYVVYi:;=+i+++;,.. ,,.......,:=tIYVRRBBBBBBMBBBB WWWWWWWWMIi+==;;:;IVXXXXXXXYtt++tVVVYIiit+........ .........,,:+VXRBBBBBBMMBBBBB WWWWWWWWRIi++=;:::iYXXXXXXI+;,,:IXXVYYIYi=........ .........,,::tXRRBBBMMMMMMBBB WWWWWWWMV+:::;;::,;iVXXXXV+=;XttXRXVYIYYiY+....... .,,,......:::;IXRRBBMMMMMMMMM WWWWWWWBRt;::::;:::;YVVVVVItitIXRRXVYYVYtiI,....., :::,,,....,:::=IRBBMMMMMMMMMM WWWWWWWRV+:,,,::;:,:iIIIVXVXVVXRRRXVYYVVI+Y=,.::,. ::::,,,...,,::;+YBBMMMMMMMMMM WWWWWWWMI==;;==;;::,;;,,=XRRRRRXRXVYYYVVY=tii::;,. ,:,::,,,..,,::=ttRBMMMMMMMMMM WWWWWWWMI=;;;=+ii=;::,:ItVRRRRXXXXVVVVVVY=iIii:;,. .,,.,:,,..,:::;ItXBMMMMMMMMMM WWWWWWWMI;:::::;;:;:,,:=IVRRRRXVXXXVVVVXY;iYIIi:;, .,,..,,,,,,:::=iiXMMMMMMMMMMM WWWWWWWMX=:::::=++=,:=:,YVXRXXVXXXXVVVVVt,IVYVY+,, ..,....,,,,:;++=iRBMMMMMMMMMM WWWWWWWMBI;;:::;:::=+=,.iVXXXIVRRXXVVVVY+,VVYVVI;, ...,....,,,:;I+=VBMMMMMMMMMMM WWWWWWWWMX+:,,,::;=++:..,YVVIYRRRVVVVVVI:;XXYYVVt: ,........,,;=i=tRBMMMMMMMMMMM WWWWWWWWMBY=;:::;=++::,:,;II=YVYtiYVVVY+,iXXYIVVYi ,...,.,.,,,:=+IXBMMMMMMMMMMMM WWWWWWWMMMMI=;;:;==::;:::,,iII+IYVYXXVt:,YXXYIVVVY i,.......,,:;iYRMMMMMMMMMMMMM WWWWWWWMMMMRI+;:::,::=::::..;==tYIVXXY=,=VVXVIVVVV Yi:......,,,:iIRMMMMMMMMMMMMM MWWWWWWMMMMMBI;,,..:==:::;...,itiIXXVi..+VVVVIYVVV VYI+:......,:=IRMMMMMMMMMMMMM WWWWWWWMMMMMMBi,,,,,=;:,::,.,..;IVXVI,.,YXXVXYYVVV VVYYYt=,...:=iIIIVBMMMMMMMMMM WWWWWWWWMMMMMMRt;:::=::,,:,,:::.+YY+,..=XXXVXYVVVX VVVVYYYIttIIYYI+==+YBMMMMMMMM WWWWWWWWWWMMMMMMBY=+=::,,,,;:;,..::...,IXXXVVVYVVV VVVYYYYYYVVYYYt++++=iRMMMMMMM WWWWWWWWWMMMMMMMMMRVt;:,.,.,,,,,,,...,iYYVVXVXYVYY YYYYYVVYVVVVVV+++++==+BMMMMMM WWWWWWWWMMMMMMMMMMMBY=:,,,.,,,,:,,=i=IYYYVVVXVYVVV VVVVVVVVVXXXXY+=++===;;IVXBMM WWWWWWWMMMMMMMMMMMMBX=;,::::::,,+IYYVYVVXXVVVVYVXX XXVVVVYYVXXXXY+===;;:,::;tYXB WWWWWWWMMMMMMMMMMMMBBi;;=+==;;:iVXXXXXXXXXVVXXVVVV VVVVVYYYYVXXXI+;;;=;,,:::=tYI WWWWWWWWMMMMMMMMMMMBI+;;;+ii+iYVVXXXXXXXXXXXXXVVVV VYVVVVYYYYVXXI+;=;=:,,::::+tI WWWWWWWWWMMMMMMMMMMI+===;+VVVVVXXXXXXXXVXXXXVVVVVV VVVVVYYYYYYVVI+;;:;:,;;::,;=i WWWWWWWMMMMMMMBYtVI+++====IVVVXVXXXXXXVXXXXXXVVVVV VVItYYYYYIIYVI+;;:;::;;::,;=+ WWWWWWWWMMMMMMXI+::=++====iVVVXVVVVVVVVXXXXVXVVVVY t=ii+tYYYIIIII=::;;::;;;,,;++ WWWWWWWWMMMMMBIII;::++==:;+VVVVVVVYYVVVXXXXXXXVIt+ ;=+i+=iIIIItti;;;=,:=;;;,,:;: WWWWWWWMMMMMBVIVt=;:;+=;:;+VVVVVYYYYYYYVVXXXVIii+: :===;;:;=+iiii;;;::===::,,,:. WWWWWWWMMMMBVVYV+==+:=+;:;=VVYYYYYYYYYYYYVVIt+=:,, ,;;;;=:,,:;;;;;::::+=+;,,,,,, WWWWWWWMMMXiYVYY+=+i=:+=;;=YYYYVVVVVVYItii=:::=Yt, ,,;:;=;,.,:::,,:,:=++i=,,.... WWWWWWWMBYi=+IYt=+ii+=:=;;;IYYVVYtiii=;::,,,,=YVY, ,,,::;;,.,;;,,.,::++ii+,.,... WWWWWWWMiIt==+;==iiit+::;:;tIIIt+=+==;:,,,,=tVVV+. .,,,;;;:.,,::,..;:++iii,,,,.. WWWWWWWY+YVt=:,;+iiit+=;,:;I+===++=;=;;:,,tXVVVt,, ,,,,:;=:.::,,,,.+;=+iti:,..,. WWWWWWRttiti=,:;=iiit+++:,;+;;===:;;==;:=YXVVVI;t= .,,ii=t=:+i;..,.=;;iitt;,.,.. WWWWWMYitti+;;:;=+iit+ii;,;;;==;;;;=+;;tXXVVXY+It; ..,tI+t+;+t+:;,.,=;iti=;,,,,. WWWWWWMVtti;,::;=iiitii+=,,:====;=+++;+RXVVXXVYI+. ..,+IIii==t+;=:,.;:iii;:,,:,, WWWWWWWBVi;,::;:=iitttt+=:,;====+iti=:IXVVXXXXXt:= :.,;IYI+=;t+;=:,..,+=;:::,,:, WWWWWWWMBX+:;:::itttIti=;:,==+iti+==;;VVVXXXRRXt=i ..,:+YVi=:ti=;;:,.,;=,:;:,::: WWWWWWWMMMX===::=ittti++=:,=++=;;iII==VVVXRRRXVIY; ..,,;IVI=;=i+=;,,..,,:;=;:.:; WWWWWWWMMMXi+;::::+ttiti+;.=;:=itYYI;+VVXXXRXVVXX; :.,,,=YY+;;i++;,,..,:=+:;::,, WWWWWWWMMMYI+;;i=;:=ttti+:.:=++tIYYI;iVVXXRRVVXXYi ;.,,,,tYt;:+++:,...:;:;=;;:.. WWWWWWWMMRi+itYIti;:;=ii+:.;+++tIIIt;tVVXXXVXXXXXX =...,,:It=:;++:,....:=:==::.. WWWWWWWWWMVtXXYt+====,:;=:,:=++tIIti;IVXXXVVXVXXXV :...,,.=i=:,=;,,....:+=:;:,.. WWWWWWWWMMMXYYIi==+t=::,,,,:;;=iiii+iYVXXXVXXXXXV= ....,,..;;:,,,,,....:;=::=;,. WWWWWWWMMMMMBXi+==+t+;=:,.,::;;++++iYVVVVXVVVVVI:. ...,,,...,.....,....,;=;+t+:. WWWWWWWMMMMBMRt+=+i+=+=:,,,:::,,::=YVXVVVVVVVYI:.. ,.,,,,,..,:,..,,....:.,=tt+;. WWWWWWMMBMMMMMRi++++=+=,,,,,,,,,;+YVVXXVVVVYYI=,,. ,:::,,,...:;:..,,...;:,IIIi=. WWWMMMMMMMMMMMBYIt==;=::,,,,:,,,+YVVXXXXVVYIi:,,:: ,,,,,.,...,::..:,...=IYYYIi=, MMMMMMMMMMMMMMRYVVItIt::,.,,,,,:IVVVVXXXXVI:..,,,: ,.,,,,,,...,,..,...,IVVYYIt+, MMWWWWWWWWWMMMXYYVVVVt,:,.,.,,:IVVVVVVVVVt,.,,,,,, ,,.,,,,,....,,.....=VVVYYYt+: WWWWWWWWWMMMMMYYYYVVV+,,..,,,:IVVVVVVVVVI...,,,.., ::,.,,:,....,......=VVVYYIti; WWWWWWWWMMMMMBYYYYVVVi=:..,,:IVVVVVVVVYI:.,..,:,:: ;:,,,,:,,..........=VVVYYIIi; WWWWWMMMBBBBBXYYYYVVYYt:..,;IVVVVVVVVYt,..,.,:,::. ,;;;...,,..........=VVVYYIIi= MMMMMMMBBBBBBXYYYYVVYIi,.,;IVVVVVVVVYt;.,,,,,;;:;+ :,;;...,,..........=VVVYYIIt= BMMMMMMMBBMBMXIYYYYYYI=..=YVVVVVVVVYIi.,,,,.::==== +=;=,..,...........+VVVVYIIt+ WWWWWWWMMMMMMVIYYYYYIt:.=YVVVVVVVVYIt,.,,,,,::;++; +YVV=,,,,..........+VVVVYIII+ WWWWWWWWMMMMMVIIYYYYIi:+YVVVXVVVVYIt:,.,,,,,,;=++= YXVVI:.,,..........+VVVYYIIIi WWWWWWWMMMMMMYIIYVVYIitYVVVVVVVVYIt:,,,,,::..:;+=i VVVVVi.,...........iVVVVYIIIi MMMMMMMMMMMMMYIIYVYItIYVVVVVVVYYIt:,:,:.,,:,,:;;=I VVVVVI,............iYVVVYIIIi MMMMMMMMMMMMBYIYYYIIYYVVVVVVVYYIt;.::::.,,;;,:;=+V VVVVVY;............+YVVVYIIIt WMMMMMMMMMMMRYIYYIIYYVVVVVVVYIIt=,:::::.::=;::,=VV VVVVYI+............iYYYYYIIIt WWWWWWWMMMMMRIIYIYYYVVVVVVYYIIt+.,:::::.:=;;;:::IV VVVYYI+..........:tIYYYYYIIIi WWWWWMMMMMMMXIIIYYYYVVVVYYYIIt+,,:::::,,;=+==:::;Y VVYYYI+........,+IYYYYYYYIIIi WWWWWMMMMMMMXYYYYVYVYYYYYYItt+,.:::::::;;==;=;::,= YYYYYI;.......;tIYYYYYYYIIII+ WWWWWWWMMMMMVYYYYYYYYYYYIItti:.:::::;=====;;=+++;; iIYYIi,.....,iIYYYVVYYIIIIIt= WWWMWMMMMMMMVYYYYYYYYYYIttti;.,::::;+i=;=:;;=+t+=+ =iYIt+.....=IIYYVVVVYYIIItii= MWWWWMMMMMMMYYYYYYIYYYIttti;..:::;;+++=;+;::;+++i+ =+YIi=...=tIYYVVVVVYYItttti+; WWWWWMMMMMMMYYYYYYIIYIItti;::::;=+++i+===;;::;=+t= =tYIi=,+IYYYVVVVVVYYtttttii=: MWMMMMMMMMMMVYYYYYIIIItti;.:=ii++=++i+=;:=;;+::;+= iIIttIIYYVVVVVVVYYItttiti+=:, MMMWMMMMMMBBVYYYYYYYIti+:..,+iiti=ii++=:;=;ii+::== iIIYYVVVVVVVVVYYIItiiii+=;,.. MWMMMMMMMMBBVYYYYYYIt+=,..,,:=;==itt++;:=:;+i+=:;i IYVVVVVVVVVVYYIIIti+++=;,.... MMMMMMMMMBBBRYYYIIIi+;..,,,::;=;;+iit+:::;;;+==iYV VVVVVVYVVVVYIIIti+==;:....... MMMMMMMMBBBBBYIItti=,.:;,,,:,,;;+++tt;::;;=;;;iVVV VVVVYYYYYYYItii+=::,......... MMMMMMMMMMBBBRIiii=,.;+=,:,,,,,:=+it=,:+==+=;tVVVV YVYYYYYIIItii+=:,............ MMMMMMMMMMBBBBXii+,,=+++=,,,,,:=+i++::;i+i+++VVVYY YYYYYIItti+=;:.............,, MMMMMMMMBMBBXI+;:,,iiiii+:,,:;+i+=;;,:;=+i++tYYYYY IYIIIii++=:,..............,,, MMMMMMMMMMBY;;:;;:;+i+i+i++i++it=;::==:++++tIYYYYI IIti+=;;,...............,,,,, MMMMMMMMMBBV=;::::=+iiiiiii++=;;:,:+II:=+iYVVYYYII t+=;:,..............,..,,,,,: MMMMMMMMMMBBi+;::,;======;;:,,:::::+++:;+IYIIYYIi; ,...................,...,,,:+ MWWWWMMMMMBBIi+=:,:;,,,,:.:,,::;=:==+=;;=tIYYYi:.. .,,,,...............,...,::;+ MMWWWWMMMBBBYIi=;:,:,,,,,,,,:;;;=:;===;:;tti+;..., ,,,:,,..............,..,:;;:i WWWWWMMMMMBBVit;;::=:;,;:::==:;;;=:==;;,;;......,, ,,,,,:;,............,,.::;=:= WWWMMMMMMBBBBYt=;::+=;,=;::,,:=;;+:;;:,,......,,,, ,:::=i=:...,......,,::.::;;:, MMMMMMMMMMMBBBR=;:;===:;:,,::;;;;=;:;,...,,,,,,,,, ,:=tt+=:..........,,:,.,::;,. MMMMMMMMMMMMBBB=;;;:;;;,:;;;:::,=+=,..:,::::::;;,: itIIti+;....,.....,,,,..,,,., MMMMMMMMMMMMBMRt+=;:;;;:::,,..,:=:...,;;;;;====::= IIIttt+=,..........,....,,,:; MMMMMMMMMMMBMBBXtit;;+++:;;;=,;:,....,;;;;;==;,,=i tttttii=,...,.....,......,,,, MMMMMMMMMMMMMBBRtIIItYYIt;:;+,,:,,,;:;;;;;;;;,,;tt tttttii=,..,.......,......,,, MMMMMMMMMMMMMMBRIIIYYYYYIti+i:,=;=;;;;;;;;;;,.:itI Ittttti=,...,....,,.......,,, MMMMMMMMMMMMMMBBYIIYYYYIIItii=,:;;==;==;;;;,,;tIII IIttIti=.........,,.......,,: BMBMMMBBMBBMMMBBYYIYYYYYIIItii,,:::::;;;;;,,;tIIII IIIIIt+;,.......,,,.....=:::; BBBBBBBBBBBBBBBBYYYYVVVYIIIti+:.:,,.,,:;:..;tIIIII IIIIIi+:,........,,...,.::,;+ BBBBBBBBBBBBBBBRYIIYVVVVYYIIt+;.,,...,::,.;ittIIII IIIIti=,......,,:;:,,.,,==:VX BMMMMMBMBBBBBBBRYIIYYYVVYYIIti=......,:,.:+ittIIII IIIIi+;,......;:iI+=,:,,;=;VR

| am 3l337. Y0u4 n07. H07 Gr|7Z 0n J3sus.

This is not Slashdot anymore. Trolls will destr0y you.

Thank you.

Bahaha!

[rcromwell2]

You've been on the net since '94? Give me a break. You don't even know what the old days are. Sheesh, you arrived after the Web existed. You never knew the internet in the pre-Web, pre-graphics, pre-PPP "everyone has their own IP" days
.

And by the way, Slashdot and Bluesnews *make money* and the owners are Slashdot are easily millionaires now.

Furthermore, the internet is interconnected, and by pissing in the water, your spoil if for everyone. If you try to take down Yahoo, you end up taking down lots of intermediate networks that host your beloved moral, commercial free,hippie sites. However, no one ever accused socialists/anarchists of logical thinking.

argh

[Dalroth]

This sucks.

I'm totally against government regulation and restrictions and wiretapping.

But if we can't track these guys down? What then?

Maybe we need that crap afterall! :(

I sure hope not.

www.gaypornwithjohnkatz.com down too!

happy troll day!

The Internet Sucks!

I quit. Back to letters and magazines....

This is different.

Wh0 haZ b33n H4X0riNg Nigx0rZ? Only Nig0rZ are colored like F3C3Z.

Thank you.

To: Uncle Jemima the Nigx0r ... This is different.

Wh0 haZ b33n H4X0riNg Nigx0rZ? Only Nig0rZ are colored like F3C3Z. NigX0rz ArEN'T RASIN FUCK3RZ.

Thank you.

War of the Worlds Effect

[Spasemunki]

Rememeber the stories everyone hears about Orson Welles Halloween broadcast of War of the Worlds? This is sounding strangely similar to me. There are some real crashes going on, but I am seeing a lot of reports of sights being down that are, as near as I can tell, still entirely up and running. Some big sights went down today, and now every time that someone can't load a webpage, or hits a server that blocks pings someone claims that they've been crippled by a DOS.

Someone mentioned earlier that Adobe may have taken themselves down because they were afraid they might get hit next (as of 09/02/2000 12:53 EST, I can get to the page; it did seem to be down earlier). I wonder how many sites are unplugging or blocking partial traffic out of fear of a hit. Whatever else is going on tonight, we're getting a good view of the power of the Internet as a rumor mill and propigator of memes. Pretty impressive.

Never attribute to malice...

[jabber]

As the saying goes: Never attribute to malice that which an be explained by ignorance.

While I'm as willing to blame the guys with the black choppers on this as the next guy, the fault lies with poor network administration.

Not that the targets have any choice about landing hard on their knees when beaten over the head with a DoS. There are things they can do... As has been elloquently pointed out in this post. In a nut-shell, shut down unused ports, shut down unneeded services, filter out the offending networks (would you rather limit your availability, or end it?), and most importantly LOG IT ALL.

Logging is crucial when you are being beaten. You may not be able to prevent it, but you CAN collect evidence.

As for the poor network administration... Universities, small/midsize ISPs and break-neck businesses leave far too many doors open. These are the people to blame - unwitting accomplices.

Legislation may help, but it has to be careful. It must require proof - and in cases such as these it's hard.

The conspiracy theory does bring to mind an interesting scenario though. What if all 1 billion Chinese, all running Linux, suddenly started pinging all of the US biggest eCommerce sites? Global slashdot effect levied directly against our infrastructure, and indirectly against our fast-movers on Wall Street. And no amount of legislation would get our servers off their knees.

Re:Never attribute to malice...

[biohazard99]

No, but a jackass with a backhoe could drop any links to SE ASIA or across the New Roman Empire, effectively cutting China's backbone throat.

Re:Never attribute to malice...

[jareds]

• What if all 1 billion Chinese, all running Linux, suddenly started pinging all of the US biggest eCommerce sites?

Admins at backbones would start disconnecting routes to China/Asia. That would end the attack pretty quickly, and China would have to beg to be reconnected to the rest of the world. Distributed DoS attacks require machines on a large number of varied networks, not just a large number of machines.

Re:Never attribute to malice...

[jabber]

Would it really be that easy?

Here's my take on the extreme case, disclosing first that I don't know backbone capacities, and the point may be moot if they're adequate.

Since after all, the internet was designed to withstand a nuclear war, with all the damage and (possibly) EMP issues that go with it.

There's a quote by Robert(?) Reinhold (from Virtual Communities): "The Internet interprets censorship as a failure, and routes around it."

Well, considering that, the 'ping tidal wave' (tm) would just go the other way, wouldn't it? China would effectively sever itself from the internet, but in the process cut all westbound links from the Americas, and all the eastbound links from EurAsia and Africa... (Yeah, they can do that with a backhoe too) The trans-Atlantic links would buckle under the added strain of valid traffic... Mayham.

I guess my question becomes: Just how reliant/dependant are we (we being variable) on their (again variable) infrastructure.

Re:Never attribute to malice...

[jareds]

• Well, considering that, the 'ping tidal wave' (tm) would just go the other way, wouldn't it? China would effectively sever itself from the internet, but in the process cut all westbound links from the Americas, and all the eastbound links from EurAsia and Africa... (Yeah, they can do that with a backhoe too) The trans-Atlantic links would buckle under the added strain of valid traffic... Mayham.

Sorry, traffic from Europe to America doesn't go through Asia more than a miniscule fraction of the time. Cutting Asia off the Internet would have a negligible effect on the trans-Atlantic connections.

Truly, you can't have an effective distributed DoS attack from one area in the network. That defeats the whole point of it being distributed.

eBay?!

[swordgeek]

All I've got to say is...

"eBay is the AOL of e-commerce."

Their track record is an embarassment.

Re:eBay?!

[HerrNewton]

Yes, they can't keep their system up for more than 2 hours at a time. What I meant, though, was that they really haven't been proactive about pissing people off. (At least to my recollection.)

----

Re:I love microsoft and so should you

moderate Up, this guy is a better Troll than Katz

What scares me...

[pb]

The net has been pretty slow for me, and these "attacks" are either very widespread and very undetectable, or they aren't attacks at all.

Remembering The Hacker Crackdown once again, what started the whole nasty thing were widespread phone service outages that were blamed on hackers. The problem was eventually traced to a cascading phone switch bug, but the damage was done even then, and many hackers and crackers had their equipment (unlawfully?) seized by the government. After the DeCSS fiasco and now this, I don't want to see a world-wide repeat of this travesty.

So what can we do to check this out, guys?

---
pb Reply or e-mail; don't vaguely moderate.

Anyone else had their home net hacked recently?

[Beta+Master]

Over the past few weeks I've noticed an increase in the number of port scans and telnet attempts to my home network, which is connected to the net via cable modem (I'm not cool enough for DSL).

My buddy with DSL said someone tried to hack his home network as well.

How many folks with DSL or cable modem connections have a firewall? How many actually look at the connection logs and try to figure out who's trying to gain access?

Think of how many unprotected hosts are out there on the net. Makes sense a hacker would take advantage of the influx of newbies to untraceably install a DoS attack program on thousands of hosts.

It'll be interesting to see if the FBI traces the source addresses to the perpetrators, or hordes of clueless broadband users.

Re:Anyone else had their home net hacked recently?

[SkullOne]

Yes, I have a home network, and my logs show during the day close to 500 port scans below the standard ports, and only about 60-90 scans on higher non-standard ports. This has really increased over the last 3 weeks, from nearly none at all, to, the numbers above. Luckily, I have strict rules on my router which do not allow them to be easily exploited. It is possible to exploit me, but its more trouble then anyone would want to put in.

Re:Anyone else had their home net hacked recently?

[slashdot-me]

I have a little script that shows me every stray syn packet and udp packet that hits my firewall. My morning routine is wake up, brush teeth, send email to the dozen sites that have probed me. If the probe touches several ports and the source is in the us I'll usually make a phone call.

I've been seeing a lot of scans to tcp port 3128 lately. Does anybody know what this may be?

10% of my traffic comes from .edu, the rest from japanese dialup pools. I hate the japanese scans, it's always a bitch to track down the appropriate email address 'cause I don't speak japanese.

Ryan Salsbury

Re:Anyone else had their home net hacked recently?

[Cyberdyne]

I've been seeing a lot of scans to tcp port 3128 lately. Does anybody know what this may be?

Typically, that's a proxy server port (i.e. Squid etc.) Sounds like they're searching for an open proxy...

Off-hand, I can't think of any reason .jp dialups would want to find open proxies any more than other addresses - can anyone here?

Re:Anyone else had their home net hacked recently?

[ender-]

How many folks with DSL or cable modem connections have a firewall? How many actually look at the connection logs and try to figure out who's trying to gain access?

Well, I do have a firewall, portsentry is running waiting for port scans, and a log checking script, so that any interesting log entries are emailed to me on the hour.

But I have not had even one attempt at a portscan. The only thing I've seen [other than my own test portscans to make sure portsentry and the log checker was working] is a connection attempt from netcraft on port 443... of course, portsentry got a little overzealous and routed them into oblivion...but at least I know it's working :)

Am I 100% secure? Of course not.And so far I count my blessings that I have not had to deal with frequent portscans, but as another reply said, hopefully it's more trouble than it's worth to try to attack my box...that is really the only *reasonable* security goal, no? :)

Ender

Re:How is slashdot prepared - They dont have to

[linux_penguin]

Hemos and cmdrtaco are behind all the DoS attacks, so they have nothing to fear from themselves :)

shhhh... dont tell anyone...

as a side note, we should partition the different types of attacks under other names: DoS, LiNuX, WiNdOwS,Os2 etc will become widely known acronyms for Script Kiddies.

:)

not only web stuff messed up -- phone service too

[petree]

Here's something that I haven't heard mentioned in this wonderful mess of -SLOW- websites and overloaded routers. Guess what. My Long Distance phone service is out. I can guess why too. They probably decided to save a few bucks by doing some of this trendy 'Voice over Data' you've been hearing all about. Well ain't that just wonderful. If you were wondering, I'm using Vartec as my LD carrier. Kinda scary. ATT works fine though. In this whole conversation though, I have heard no one speak of how this is affecting companies that count on semi-reasonably reliable connections to the internet. If the uplink from your ISP is being blasted because they host some site, that means you are hosed unless your isp happens to have redundant connections to different backbone providers. (Let me tell you, many ISPs do not.)

Anyways though. Think of all the other things that count on the internet, and are now probably stranded. (Can you hospitals? I've set them up before for record sharing, if you are trying to send something over any distance ISDN just won't cut it, so people send it over the internet. Much cheaper/easier, but what about now. When there is no link between the hospital out in the middle of nowhere and a patients regular hospital. And say a couple of years back they decided that they would save some money by not using ATT and using, god forbid, Vartec or some other discount Long Distance Provider.

When was the last time you saw a hospital which allowed you to choose your Long Distance Carrier. If yours is dead. There is nothing else you can do, but just forget about. Not to say that people will/are dying because of this, but it is a major hassel for the folks who you would not think of as 'techies'.

Believe you me. I see this having a greater affect on the world than: 'I can't check my email!' ... 'I can't see whether my stock portfolio went up or down!' ... 'I can't register my adobe product.' ... 'I surf ebay to buy that new toy.' .......

People are affected by this. Not just folks who allready depend on the internet to be reliable (Individual brokers who use the internet/folks who earn their livelyhood on ebay/etc) but also the nurse who changes your bedpan who can't find out that you get diaper rash and need lotion.

Just a ramble.

PS Vartec works again. :) I guess.

Great, just great.

[Postmaster+General]

Just what we need ... conspiracy theories.

Of course, that's all it is. I wouldn't go believing any of it if I were any of you.

Unless there's some physical evidence to support it, it still remains just that ... a "theory".

Cockroaches.

[istartedi]

OK people, you see one cockroach and then your skin starts to itch, and you think a roach might be crawling on you. It's not. Just because these sites got DoSed doesn't mean your site is getting DoSed.

Tactical Intelligence Team

888..M::::::::::::M8888:888888888888::::m::Mm88888 .888888
..88..M::::::::::::8888:88888888888888888::::::Mm8 ...88888
..88..M::::::::::8888M::88888::888888888888::::::: Mm88888
..8...MM::::::::8888M:::8888:::::888888888888::::: :::Mm8
......8M:::::::8888M:::::888:::::::88:::8888888::: :::::Mm
.....88MM:::::8888M:::::::88::::::::8:::::888888:: :M::::M
....8888M:::::888MM::::::::8:::::::::::M::::8888:: ::M::::M
...88888M:::::88:M::::::::::8:::::::::::M:::8888:: ::::M::M
..88.888MM:::888:M:::::::::::::::::::::::M:8888::: ::::::M:
..8.88888M:::88::M:::::::::::::::::::::::MM:88:::: ::::::::M
....88888M:::88::M::::::::::*88*::::::::::M:88:::: ::::::::::M
...888888M:::88::M:::::::::88@@88:::::::::M::88::: :::::::::::M
...888888MM::88::MM::::::::88@@88:::::::::M:::8::: :::::::::::*8
...88888..M:::8::MM:::::::::*88*::::::::::M::::::: ::::::::::88@@
...8888...MM::::::MM:::::::::::::::::::::MM::::::: ::::::::::88@@
....888....M:::::::MM:::::::::::::::::::MM::M::::: :::::::::::*8
....888....MM:::::::MMM::::::::::::::::MM:::MM:::: :::::::::::M
.....88.....M::::::::MMMM:::::::::::MMMM:::::MM::: :::::::::MM
......88....MM:::::::::MMMMMMMMMMMMMMM::::::::MMM: :::::::MMM
.......88....MM::::::::::::MMMMMMM::::::::::::::MM MMMMMMMM
........88...8MM:::::::::::::::::::::::::::::::::: MMMMMM
.........8...88MM::::::::::::::::::::::M:::M:::::: ::MM
.............888MM::::::::::::::::::MM::::::MM:::: ::MM
............88888MM:::::::::::::::MMM:::::::mM:::: :MM
............888888MM:::::::::::::MMM:::::::::MMM:: :M
...........88888888MM:::::::::::MMM:::::::::::MM:: :M
..........88.8888888M:::::::::MMM::::::::::::::M:: :M
..........8..888888.M:::::::MM:::::::::::::::::M:: :M:
.............888888.M::::::M:::::::::::::::::::M:: :MM

Kevin David Mitnick

[James_Armstrong]

How long has he been out now?

So who did it?...

[Ted+V]

The article implying the NSA is up to the DoS attacks is interesting, given all of the recent control the government is trying to take. Public support would definitly help that.

But lets take a different look at it. They haven't found the perpetrators yet. What does that mean?

#1. These criminals are very skilled and have significant resources (they pulled off the DoS job)
#2. These criminals are not into fame and have quite a bit of self control (they haven't even hinted at who they are)
#3. Whatever goal the criminals have, the goal is furthered better if we do _not_ know what it is (there is no clue why this happened)

How many groups of people are there that are this skilled?

- A few hacker groups
- A few academics
- A few government groups
- A few commercial groups

That's it. That's our search space. #2 should cross out the hacker and academic groups. Fame doesn't enter the picture when you work for the NSA or IBM, but it certainly plays a role for academics (publish or perish) and hackers (fame: the currency of the open source movement).

So what government or commercial group would benefeit the most from these attacks? And how is that goal furthered by the fact that people don't know what it is? That implies that if people knew what the goal was, the goal would not be accomplished. This is a godelian contradiction! (eg. "This sentence is false".) Therefore the goal must deal with affecting public knowledge, if public knowledge would destroy the goal.

Lets summarize what we have so far. Either a government or commercial group is putting on massive DoS attacks in an effort to shape public opinion. The question is what opinion do they want to shape? That's easy! The knee-jerk reaction is what they're aiming for. Some group wants the world populous to fear hacker groups. The obvious outcome of this will be more laws and regulations.

Who will benefeit from this? Certainly not commercial groups! Extra laws and regulations end up being more lost profits. That only leaves government groups, which in this case is the NSA.

Therefore: The NSA is putting on these DoS attacks so that the american populous will call for anti-hacking laws, which in turn gives the government more power.

I think that was fairly logically tight. Let me know if you see any holes in this argument. (But at least this was a deductive argument, not just a circumstancial argument like the other article.)

-Ted

Re:So who did it?...

[wavelet]

A major flaw in your argument is that you rule out an entire group of people with a general assumption.

Not *all* hackers or academics are into fame.

You also rule out the future. The parties responsible could come forward when they are done. Maybe they just aren't finished with their business. Its just that you're a bit hasty narrorwing the possibilites.

What rules out the possibility of foreign governments?

Re:So who did it?...

[oddjob]

There are a few holes in your argument...

#1. These criminals are very skilled and have significant resources (they pulled off the DoS job)

While it may have taken some skill, it is not clear that significant resources were required.

#3. Whatever goal the criminals have, the goal is furthered better if we do _not_ know what it is (there is no clue why this happened)

This one assumes that the criminals have some goal beyond the attacks themselves, which is begging the question. And even if this assertion were true, you read too much into it in the following...

That implies that if people knew what the goal was, the goal would not be accomplished. This is a godelian contradiction! (eg. "This sentence is false".) Therefore the goal must deal with affecting public knowledge, if public knowledge would destroy the goal.

The fact that public knowledge of my goal would prevent its accomplishment does not imply that my goal is to affect public knowledge. If my goal were to blow up a bridge, public knowledge of that goal would hinder my efforts, but my goal isn't to affect public knowledge.

Re:So who did it?...

[BBB]

Interesting argument. I would point out, though, that the last step you take is a bad one. Many large corporations are in favor of regulations in their industries. The reason is simple; regulations harm their competitors more. If you are a Big Corporation with a full time legal staff of 50 attorneys, you will be able to deal with a new regulation (and perhaps even shape it) so that it harms your bottom line very little. It's your upstart competitor who has just one general counsel, with no specialized regulatory experience, etc., who really gets slammed by the regulation. If you can't beat 'em in the market, use the government.

BBB

Re:So who did it?...

[mftuchman]

Read with tounge in cheek, please!

"Nah - it was a certain company in Redmond trying to make Linux or BSD sites appear vulnerable.

To be followed by a security oriented ad campaign...

Of course, I am taking a wild guess that all these sites were being run by NetBSD or Linux.

This covers the ...resources issue as well as the "who wins" issue.

---

Attacking with Active-X?

[braindamage.org]

Maybe the attacks are coming from thousands
(or millions) of web browsers running Active-X
controls. Anyone running windows with Active-X
turned on may unknowningly be part of this
attack. All they had to do was visit the wrong
website.

Foreign Government Involvement?

[truk77]

I wonder if something like this could have come from another government that's unfriendly to the U.S.? Wasn't there an article on Slashdot somewhere earlier about a DoS on some U.S. site originating from the P.R.C.? Not that I want to point fingers or anything, it was just a notion I had.

Btw: as of Midnight CST, Altavista and Excite seem to be back up

Harry Truman eats Nigger Gritz

More DoS Attacks: CNN, Amazon, eBay, Buy.com... Posted by Roblimo on Tuesday February 08, @11:11PM from the wreaking-havoc-across-the-net dept. gatech writes "After hitting Yahoo yesterday those crackers set their sites on several more sites including CNN.com, Amazon.com, and eBay.com. Here is the story at ABCNews.com." Update: 02/08 23:26 by michael: So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? ( Read More... | 322 of 328 comments ) BSD: Eclipse/BSD Released by Bell Labs Posted by Roblimo on Tuesday February 08, @11:05PM from the wonderful-folks-who-gave-you-Unix dept. howardjp writes "Bell Labs has released Eclipse/BSD, a quality of service research platform based on FreeBSD 3.4. From the webpage: 'Eclipse provides flexible and fine-grained QoS support for applications. Its design allows legacy or Eclipse-unaware applications to provide QoS without the need of modification or recompilation. A simple API is provided for (new) applications to take addvantage [sic] of the fine-grained QoS support.'" ( Read More... | 59 of 64 comments )

John Katz was right to push NP away

Because all the TROLLS wanna give her buttsex with grit-brand lubricant.

8=====)

String Theory

The content of the following materials are verbatim as forwarded by the Office of the Independent Counsel. The conversion to HTML has altered the pagination and format. The original Table of Contents is not provided. Cover Page Table of Contents Chronology Table of Names The Principals The First Family Presidential Aides/Advisors/Assistants Other White House Personnel Department of Defense Employees Monica Lewinsky's Friends/Family/Acquaintances Monica Lewinsky's New York Employment Contacts Secret Service Lawyers and Judges Media Foreign Dignitaries Other Introduction Factual Background The Investigation The Significance of the Evidence of Wrongdoing The Scope of the Referral 1. Background of the Investigation. 2. Current Status of the Investigation. The Contents of the Referral Narrative I. Nature of President Clinton's Relationship with Monica Lewinsky A. Introduction B. Evidence Establishing Nature of Relationship 1. Physical Evidence 2. Ms. Lewinsky's Statements 3. Ms. Lewinsky's Confidants 4. Documents 5. Consistency and Corroboration C. Sexual Contacts 1. The President's Accounts a. Jones Testimony b. Grand Jury Testimony 2. Ms. Lewinsky's Account D. Emotional Attachment E. Conversations and Phone Messages F. Gifts G. Messages H. Secrecy 1. Mutual Understanding 2. Cover Stories 3. Steps to Avoid Being Seen or Heard 4. Ms. Lewinsky's Notes and Letters 5. Ms. Lewinsky's Evaluation of Their Secrecy Efforts II. 1995: Initial Sexual Encounters A. Overview of Monica Lewinsky's White House Employment B. First Meetings with the President C. November 15 Sexual Encounter D. November 17 Sexual Encounter E. December 31 Sexual Encounter F. President's Account of 1995 Relationship III. January-March 1996: Continued Sexual Encounters A. January 7 Sexual Encounter B. January 21 Sexual Encounter C. February 4 Sexual Encounter and Subsequent Phone Calls D. President's Day (February 19) Break-up E. Continuing Contacts F. March 31 Sexual Encounter IV. April 1996: Ms. Lewinsky's Transfer to the Pentagon A. Earlier Observations of Ms. Lewinsky in the West Wing B. Decision to Transfer Ms. Lewinsky C. Ms. Lewinsky's Notification of Her Transfer D. Conversations with the President about Her Transfer 1. Easter Telephone Conversations and Sexual Encounter 2. April 12-13: Telephone Conversations V. April-December 1996: No Private Meetings A. Pentagon Job B. No Physical Contact C. Telephone Conversations D. Public Encounters E. Ms. Lewinsky's Frustrations VI. Early 1997: Resumption of Sexual Encounters A. Resumption of Meetings with the President 1. Role of Betty Currie a. Arranging Meetings b. Intermediary for Gifts c. Secrecy 2. Observations by Secret Service Officers B. Valentine's Day Advertisement C. February 24 Message D. February 28 Sexual Encounter E. March 29 Sexual Encounter F. Continuing Job Efforts VII. May 1997: Termination of Sexual Relationship A. Questions about Ms. Lewinsky's Discretion B. May 24: Break-up VIII. June-October 1997: Continuing Meetings and Calls A. Continuing Job Efforts B. July 3 Letter C. July 4 Meeting D. July 14-15 Discussions of Linda Tripp E. July 16 Meeting with Marsha Scott F. July 24 Meeting G. Newsweek Article and Its Aftermath H. August 16 Meeting I. Continuing Job Efforts J. Black Dog Gifts K. Lucy Mercer Letter and Involvement of Chief of Staff L. News of Job Search Failure IX. October-November 1997: United Nations' Job Offer A. October 10: Telephone Conversation B. October 11 Meeting C. October 16-17: The "Wish List D. The President Creates Options E. The U.N. Interview and Job Offer F. The U.N. Job Offer Declined X. November 1997: Growing Frustration A. Interrogatories Answered B. First Vernon Jordan Meeting C. November 13: The Zedillo Visit D. November 14-December 4: Inability to See the President XI. December 5-18, 1997: The Witness List and Job Search A. December 5: The Witness List B. December 5: Christmas Party at the White House C. December 6: The Northwest Gate Incident 1. Initial Visit and Rejection 2. Ms. Lewinsky Returns to the White House 3. "Whatever Just Happened Didn't Happen" D. The President Confers with His Lawyers E. Second Jordan Meeting F. Early Morning Phone Call G. Job Interviews XII. December 19, 1997 - January 4, 1998: The Subpoena A. December 19: Ms. Lewinsky Is Subpoenaed B. December 22: Meeting with Vernon Jordan C. December 22: First Meeting with Francis Carter D. December 23: Clinton Denials to Paula Jones E. December 28: Final Meeting with the President E. December 28: Concealment of Gifts D. December 31: Breakfast with Vernon Jordan E. January 4: The Final Gift XIII. January 5-January 16, 1998: The Affidavit A. January 5: Francis Carter Meeting B. January 5: Call from the President C. January 6: The Draft Affidavit D. January 7: Ms. Lewinsky Signs Affidavit E. January 8: The Perelman Call F. January 9: "Mission Accomplished" G. January 12: Pre-Trial Hearing in Jones Case H. January 13: References from the White House I. January 13: Final Jordan Meeting J. January 13-14: Lewinsky-Tripp Conversation and Talking Points K. January 15: The Isikoff Call L. January 15-16: Developments in the Jones Law Suit XIV. January 17, 1998-Present: The Deposition and Afterward A. January 17: The Deposition B. The President Meets with Ms. Currie C. January 18-19: Attempts to Reach Ms. Lewinsky D. January 20-22: Lewinsky Story Breaks 1. "Clinton Accused" 2. Denials to Aides 3. Initial Denials to the American Public 4. "We Just Have To Win" Grounds There is Substantial and Credible Information that President Clinton Committed Acts that May Constitute Grounds for an Impeachment Introduction I. There is substantial and credible information that President Clinton lied under oath as a defendant in Jones v. Clinton regarding his sexual relationship with Monica Lewinsky. (1) He denied that he had a "sexual relationship" with Monica Lewinsky (2) He denied that he had a "sexual affair" with Monica Lewinsky (3) He denied that he had "sexual relations" with Monica Lewinsky (4) He denied that he engaged in or caused contact with the genitalia of "any person" with an intent to arouse or gratify (oral sex performed on him by Ms. Lewinsky) (5) He denied that he made contact with Monica Lewinsky's breasts or genitalia with an intent to arouse or gratify A. Evidence that President Clinton Lied Under Oath During the Civil Case 1. President Clinton's Statements Under Oath About Monica Lewinsky 2. Monica Lewinsky's Testimony (i) Wednesday, November 15, 1995 (ii) Friday, November 17, 1995 (iii) Sunday, December 31, 1995 (iv) Sunday, January 7, 1996 (v) Sunday, January 21, 1996 (vi) Sunday, February 4, 1996 (vii) Sunday, March 31, 1996 (viii) Sunday, April 7, 1996 (ix) Friday, February 28, 1997 (x) Saturday, March 29, 1997 (xi) Two Subsequent Meetings 3. Phone Sex 4. Physical Evidence 5. Testimony of Ms. Lewinsky's Friends, Family Members, and Counselors (i) Catherine Allday Davis (ii) Neysa Erbland (iii) Natalie Rose Ungvari (iv) Ashley Raines (v) Andrew Bleiler (vi) Dr. Irene Kassorla (vii) Linda Tripp (viii) Debra Finerman (ix) Dale Young (x) Kathleen Estep 6. Summary II. There is substantial and credible information that President Clinton lied under oath to the grand jury about his sexual relationship with Monica Lewinsky. A. Background B. The President's Grand Jury Testimony C. Summary III. There is substantial and credible information that President Clinton lied under oath during his civil deposition when he stated that he could not recall being alone with Monica Lewinsky and when he minimized the number of gifts they had exchanged. A. There is substantial and credible information that President Clinton lied under oath when he testified that he could not specifically recall instances in which he was alone with Monica Lewinsky. 1. The President's Civil Deposition Testimony 2. Evidence That Contradicts the President's Testimony 3. The President's Grand Jury Testimony 4. Summary B. There is substantial and credible information that the President lied under oath in his civil deposition about gifts he exchanged with Monica Lewinsky. 1. The President's Civil Deposition Testimony About His Gifts to Monica Lewinsky 2. Evidence that Contradicts the President's Civil Deposition Testimony 3. President's Civil Deposition Testimony About Gifts from Monica Lewinsky to the President 4. Evidence that Contradicts the President's Testimony (i) Monica Lewinsky's Testimony 5. Grand Jury Testimony of the President and Ms. Currie 6. Summary IV. There is substantial and credible information that the President lied under oath during his civil deposition concerning conversations he had with Monica Lewinsky about her involvement in the Jones case. A. Conversations with Ms. Lewinsky Regarding the Possibility of Her Testifying in the Jones Case 1. President Clinton's Testimony in His Deposition 2. Evidence that Contradicts the President's Civil Deposition Testimony (i) Ms. Lewinsky's Testimony (ii) The President's Grand Jury Testimony 3. Summary B. There is substantial and credible information that President Clinton lied under oath in his civil deposition when he denied knowing that Ms. Lewinsky had received her subpoena at the time he had last talked to her. 1. Evidence 2. Summary V. There is substantial and credible information that President Clinton endeavored to obstruct justice by engaging in a pattern of activity to conceal evidence regarding his relationship with Monica Lewinsky from the judicial process in the Jones case. The pattern included: (i) concealment of gifts that the President had given Ms. Lewinsky and that were subpoenaed from Ms. Lewinsky in the Jones case; and ii) concealment of a note sent by Ms. Lewinsky to the President on January 5, 1998. A. Concealment of Gifts 1. Evidence Regarding Gifts 2. The President's Grand Jury Testimony 3. Summary of Gifts B. January 5, 1998, Note to the President 1. Evidence Regarding the January 5, 1998 Note 2. President Clinton's Testimony 3. Summary on January 5, 1998, Note VI. There is substantial and credible information that (i) President Clinton and Ms. Lewinsky had an understanding that they would lie under oath in the Jones case about their relationship; and (ii) President Clinton endeavored to obstruct justice by suggesting that Ms. Lewinsky file an affidavit so that she would not be deposed, she would not contradict his testimony, and he could attempt to avoid questions about Ms. Lewinsky at his deposition. A. Evidence Regarding Affidavit and Use of Affidavit B. Summary of President's Grand Jury Testimony C. Evidence Regarding Cover Stories D. The President's Grand Jury Testimony on Cover Stories E. Summary VII. There is substantial and credible information that President Clinton endeavored to obstruct justice by helping Ms. Lewinsky obtain a job in New York at a time when she would have been a witness against him were she to tell the truth during the Jones case. A. Evidence B. Summary VIII. There is substantial and credible information that the President lied under oath in describing his conversations with Vernon Jordan about Ms. Lewinsky. A. President's Testimony in the Jones Case B. Evidence That Contradicts the President's Civil Deposition C. Summary IX. There is substantial and credible information that President Clinton endeavored to obstruct justice by attempting to influence the testimony of Betty Currie. A. Evidence 1. Saturday, January 17, 1998, Deposition 2. Sunday, January 18, 1998, Meeting with Ms. Currie 3. Conversation Between the President and Ms. Currie on Tuesday, January 20, 1998, or Wednesday, January 21, 1998. B. The President's Grand Jury Testimony C. Summary X. There is substantial and credible information that President Clinton endeavored to obstruct justice during the federal grand jury investigation. While refusing to testify for seven months, he simultaneously lied to potential grand jury witnesses knowing that they would relay the falsehoods to the grand jury. A. The Testimony of Current and Former Aides 1. John Podesta 2. Erskine Bowles 3. Sidney Blumenthal 4. Harold Ickes B. The President's Grand Jury Testimony C. Summary XI. There is substantial and credible information that President Clinton's actions since January 17, 1998, regarding his relationship with Monica Lewinsky have been inconsistent with the President's constitutional duty to faithfully execute the laws. A. Beginning on January 21, 1998, the President misled the American people and Congress regarding the truth of his relationship with Ms. Lewinsky. B. The First Lady, the Cabinet, the President's staff, and the President's associates relied on and publicly emphasized the President's denial. C. The President repeatedly and unlawfully invoked the Executive Privilege to conceal evidence of his personal misconduct from the grand jury. D. The President refused six invitations to testify to the grand jury, thereby delaying expeditious resolution of this matter, and then refused to answer relevant questions before the grand jury when he testified in August 1998. E. The President misled the American people and the Congress in his public statement on August 17, 1998, when he stated that his answers at his civil deposition in January had been "legally accurate." F. Summary End Page

BBC reports

I first heard about this happening from the BBC. Although they are usually slightly better on facts than the usual US TV, one alleged 'expert' claimed that whoever did this needed great computer skills, and would be able to cover their tracks. I have assumed so far it was a bunch of script kiddies, and it is somewhat funny to hear them described as having great skills (or in their terms, perhaps skillz?)

Heres a general question, how hard is it to cover one's tracks? I've worked with TCP/IP before, but I never actually looked at how it works.. It would seem to me to be pretty easy to fake the 'return-to' field when doing a DoS attack. You would not get any packets returned, bu t then again, you have no need for them. In fact, you could just watch with a web browser if you really wanted to.. Even worst, if you can fake the IP address, you could have say cnet.com 'send' packets to 'yahoo.com' killing two birds with one packet.

Just a thought.

Re:BBC reports

[drnomad]

You're not killing two birds...

If the fake IP would be cnet, then the returning route can be established, the packets will be sent and the server doesn't wait.

You need a fake (non-existant) adress to do the DoS, because if the returning route can not be established, the server waits and tries again, read the CNN article...

Told you so

[Animats]

Well, as I wrote in RFC 970, back in 1985:

It is worth noting that malicious, as opposed to merely badly-behaved, hosts, can overload the network by using many different source addresses in their datagrams, thereby impersonating a large number of different hosts and obtaining a larger share of the network bandwidth. This is an attack on the network; it is not likely to happen by accident.

That's the fundamental problem; there's no way in IP to validate source addresses. There's IPsec, which provides cryptographic authentication at the IP level, but nobody uses it yet. This new attack may result in a move to implement IPsec more broadly. This is the proper technical fix.

A related problem is that attacks based on taking over a large number of unsecured hosts and using them as zombies to attack a single site is indistinguishable from heavy load. If the zombies simply make legitimate HTTP requests, the traffic looks completely normal.

Internet security

[jesser]

OK.. what are the big threats to security on the internet now? I can think of a few:

• Distributed attacks (compromised hosts)
• Attacks taking advantage of IP spoofing and networks configured to send many more bits than they recieve (smurf, etc.)
• Stealing cookies by making a client "request" a page with malicious javascript in it
• Browser security holes, and the fact that browsers tell web servers the version of the web browser while requesting a page
• Storing passwords in FTP programs (are the worms just waiting for critical mass?)
  

What others are there?

--

Re:FBI on the case - SUSPICIOUS?

[orangecat]

The FBI has been involved in similar cases for quite some time. They can get involved in such cases when losses are in excess of $10,000 or something and the attack crosses state lines.

DoS attacks are not a new thing. The involvement of law enforcement is nothing new. The only difference in this case is that the companies involved are very high profile.

What exactly is so threatening with law enforcement getting involved here? Assume that it was script kiddies and not a government conspiracy (which it could be, but script kiddies do have the possibility for such an attack). They could be causing companies to lose thousands (or more?) of dollars. Worse, they're doing this by breaking into systems and stealing their resources/bandwidth to perform the attack, causing even more losses.

Government conspiracy? Its a possibility. But apply Occam's Razor to the situation. The tools exist, and are widespread, for anyone with half a brain to perform such an attack (though one on this scale might actually take a whole brain, or a few half brains combined). They've been going on for years against individuals and less high profile entities. And there's been a recent explosion in 1. The number of such tools available, and 2. The number of idiots who don't know anything about security with relativly high bandwidth connections.

And think...if it were you being attacked, losing revenue, possibly being driven out of business - would you want something done with it?

If anything, I'm glad attention is being drawn to the problem.

Andover.Net DoS non-reported

Notice how quiet they're keeping about their own DoS, between 9PM and 1AM EST last night.

Re:Andover.Net DoS non-reported

[yuriwho]

I experienced the same thing......no slashdot between 8 and ~2am CT 2/8/00. I thought they were down but maybey the network was

*And* The Targets Are All US Sites

[Dharma]

Seems to me if a bunch of script kiddies were doing a full scale assault, they'd go all over the place. Why limit yourself to the US?

The fact(?) that all of the sites are US lends further credence to the Oliver Stone theory. It would be an awfully nasty domestic scandal if the NSA/CIA/FBI were busted, but it would be an even worse international incident (if not an act of war) that I'm sure a government agency (as opposed to script kiddies) would be very careful to avoid.

Things that make you go "Hmmmmmm....."

Bill Gates donate to Republicans??

[diggman]

You're kidding right?

Have you seen some of the left wing socialist crap he has donated to?

More gun control in Washington state is only one "cause" for him.

Diggs

Re:AOL Instant Messenger? What about ICQ?

[antdude]

I noticed my ICQ was spinning flower all day from work! Related? I don't know!

For the record....

[pnevares]

www.adobe.com seems to be down

Pablo Nevares, "the freshmaker".

Isn't that just so cute?

[pnevares]

It's inaccessible for minutes. Doesn't ping. The second I hit submit and Alt+Tab back to the window, it pops up. =(

Pablo Nevares, "the freshmaker".

netscan.org & filtering

yep, i forgot my username/pw long ago. anyways, filtering doesn't always help if it is such a huge flood your provider would have to have enough bw to take the flood, YOU may not be directly affected but your service would be unless the ISP (or their ISP) could absorb the flood before it hit you. while your machines may not crash, you still lose virtually all connectivity, and that for business sites is just about as bad as a server crashing. even if you could filter it, depending on the number of sources it could take contacting tens of ISPs that may not even be related to yours to get them to block, not many isps respond too quickly it may take days/weeks before a block is inplace(if it ever gets put in place) oh, and last i saw, netscan.org was a site that listed broken networks. at least broken enough to respond multiple times to pings, ideal for smurfs. nate aphro@aphroland.org

Not a DoS?!?!?!

[pb]

Have any of you entertained the possibility that this might *not* be a Denial of Service attack?

Think about it. A DoS attack generally takes down a site, not a segment of the internet. The "it's a backbone problem" idea posted on the Yahoo story sounded much more reasonable.

If you don't believe me, look at the Internet Traffic Report, and say to yourself: does this look more like a DoS attack, or something more like what, say, a backhoe could do instead? ;)

Anyhow, all of this stupid mass-conspiracy bullshit is getting old, and all of the posts that claim to list "all" of the possibilities forget to question the basic assumptions. Why believe the media when they can't give you any details? Why not just assume they can't give you details because they don't know what's going on?

Who should know what's going on on the internet, the media, or the people who run the internet? Check your facts for yourself, people.

There's definitely some funky stuff going on. But check it out before you start screaming "DAMN SCRIPT KIDDIES!", okay? I don't think script kiddies are this good. They're less organized than a bunch of slashdot posters. :)

Example: Here's some current internet topology, from NCSU. The internet traffic report is much better.

traceroute to av.com (204.152.190.62), 30 hops max, 40 byte packets
[...]
10 sjo-core-02.inet.qwest.net (205.171.5.147) 69.289 ms 68.743 ms 69.749 ms
11 sjo-core-03.inet.qwest.net (205.171.22.6) 68.943 ms 69.323 ms 69.328 ms
12 sjo-edge-05.inet.qwest.net (205.171.22.50) 69.216 ms 70.223 ms 69.426 ms
13 205.171.22.114 (205.171.22.114) 70.555 ms 69.931 ms 70.480 ms
14 * * *
15 pla1b.head5.pla.mibh.net (204.152.184.215) 77.901 ms 77.757 ms 77.883 ms
16 head3.sv3.mibh.net (128.177.255.24) 78.868 ms 79.166 ms 79.172 ms
17 www.altavista.com (204.152.190.62) 79.960 ms 79.532 ms 79.970 ms

traceroute to www.excite.com (199.172.146.99), 30 hops max, 40 byte packets
[...]
10 sjo-core-02.inet.qwest.net (205.171.5.147) 69.459 ms 69.261 ms 69.065 ms
11 sjo-core-03.inet.qwest.net (205.171.22.6) 68.877 ms 69.290 ms 69.095 ms
12 sjo-edge-05.inet.qwest.net (205.171.22.50) 69.143 ms 68.974 ms 69.093 ms
13 205.171.48.166 (205.171.48.166) 80.047 ms 80.501 ms 79.168 ms
14 192.168.1.106 (192.168.1.106) 78.975 ms 79.416 ms 78.899 ms
15 192.168.251.202 (192.168.251.202) 80.144 ms 79.893 ms 80.310 ms
16 199.172.146.50 (199.172.146.50) 80.167 ms !H 79.776 ms !H 80.235 ms !H

traceroute to www.adobe.com (192.150.12.103), 30 hops max, 40 byte packets
[...]
10 294.ATM10-0-0.GW2.SCL1.ALTER.NET (152.63.48.169) 88.579 ms 88.479 ms 88.481 ms
11 192.150.13.1 (192.150.13.1) 88.696 ms 88.874 ms 89.055 ms
12 * www3.adobe.com (192.150.12.103) 89.099 ms *

traceroute to yahoo.com (204.71.200.243), 30 hops max, 40 byte packets
[...]
10 pos2-1-155M.cr2.WDC1.gblx.net (206.132.113.137) 19.207 ms 18.574 ms 18.555 ms
11 pos6-0-622M.cr2.SNV.gblx.net (206.132.151.14) 97.879 ms 98.952 ms 98.487 ms
12 pos1-0-2488M.hr8.SNV.gblx.net (206.132.254.41) 97.636 ms 97.963 ms 98.090 ms
13 208.178.22.58 (208.178.22.58) 98.406 ms 98.156 ms 98.439 ms
14 img3.yahoo.com (204.71.200.243) 97.649 ms 98.487 ms 98.591 ms

traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets
[...]
10 205.171.23.46 (205.171.23.46) 31.347 ms 31.690 ms 31.454 ms
11 a3-0-6.crtntx1-ba2.bbnplanet.net (4.24.147.21) 42.531 ms 42.394 ms 42.312
ms
12 p1-0.crtntx1-ba1.bbnplanet.net (4.24.4.241) 43.972 ms 42.399 ms 43.194 ms
13 p1-0.lsanca1-br1.bbnplanet.net (4.0.6.138) 92.677 ms 92.489 ms 92.437 ms
14 p4-0.evrtwa1-ba1.bbnplanet.net (4.0.6.38) 118.103 ms 119.676 ms 118.746 m
s
15 p1-0.evrtwa1-cr1.bbnplanet.net (4.24.5.102) 118.770 ms 118.355 ms 117.894
ms
16 p2-0.mscanyonpark.bbnplanet.net (4.24.125.66) 89.012 ms 89.812 ms 88.745
ms
17 icpmscomc7501-a1-00-1.cp.msft.net (207.46.129.131) 89.483 ms 88.641 ms 89
.417 ms
18 icpmscomc7501-a1-00-1.cp.msft.net (207.46.129.131) 88.670 ms 89.818 ms 90
.195 ms
[looks like Microsoft doesn't handle pings right. Big surprise.]

traceroute to www.hotmail.com (216.32.243.7), 30 hops max, 40 byte packets
[...]
10 core1-core2-oc3-1.iad.above.net (209.249.0.21) 18.983 ms 19.101 ms 18.463 ms
11 pao-iad-oc3.pao.above.net (207.126.96.145) 88.196 ms 88.122 ms 87.902 ms
12 hotmail-above-oc12.pao.above.net (216.200.0.154) 93.290 ms 93.283 ms 95.424 ms
13 10.1.6.1 (10.1.6.1) 93.207 ms 99.115 ms 93.810 ms
14 law5-rsp-d.hotmail.com (216.32.183.15) 248.894 ms 96.250 ms 94.903 ms
15 lc4.law5.hotmail.com (216.32.243.7) 94.157 ms 94.379 ms 94.217 ms

---
pb Reply or e-mail; don't vaguely moderate.

Re:Not a DoS?!?!?!

[sylvester]

This questioning is especially necessary with the Buy.com.

pardon me, but who's heard of buy.com?

Out of the following four sites, pick the one that doesn't belong:

Yahoo, CNN, Altavista, Ebay, Buy.com.

well gee...The first four are probably the most high profile sites on the net, except maybe microsoft (Which brings up another interesting question...what script kiddie _wouldn't_ shut down MS?!)

I think Buy.com has some server trouble on their IPO day, and blamed it on "hackers"...(see the cnn.com article...)

Re:Not a DoS?!?!?!

I think Buy.com has some server trouble on their IPO day, and blamed it on "hackers"

Ummm... no. I can back this up from our own experience. As stated in a previous post, our servers in the Irvine Exodus IDC (which sit about 20 feet away from buy.com) were affected as well (though not nearly to the extent that buy.com was). They're on a separate network, but the pipes into the IDC were getting overloaded.

Re:Not a DoS?!?!?!

[rmstar]

XCusemoi Messieur,

I somehow don't seem to get your point. What is wrong with them traceroutes??

best regards,

rmstar

Re:Not a DoS?!?!?!

[pb]

Just that everything isn't slow, but only the links right before the actual servers. Just more information, to combat rampant speculation.

They all look pretty suspicious though, not just like the net is "slow", like it looked earlier, and not like a DoS attack, which should be far more focused.
---
pb Reply or e-mail; don't vaguely moderate.

DoS tools

[blakestah]

Went over to CERT
They claim they've been finding a client called Stacheldraht on compromised hosts, sometimes with up to 100 connections to other compromised hosts.
This is consistent with security claims at Dave Dittrich's site at U Wash
Basically, someone uses known remote root exploits (lpr, named, ssh, to name a few recent ones) and compromises hosts. Then he synchronizes them to DoS some target from someplace very safe. One person can thus appear to be a few hundred clients all attacking some target simultaneously. By making a trivial change he could move his target.
This is NOT a large synchronized group of people. It is one or at most a few good crackers just having a good time, hardly believing how much damage they are doing so easily.
The report names linux and Solaris as the machine types with makefile rules defined in the program, and the program has only been seen on Solaris 2.* in the wild.
German for "barbed wire".

The plot thickens...

[drwiii]

Registrant:
Andover.net (SLASHDOT5-DOM)
50 Nagog Park
Acton, MA 01720

Domain Name: SLASHDOT.ORG

Administrative Contact:
Malda, Rob(RM7054)slashdot121@HOTMAIL.COM
616-994-0441
Technical Contact, Zone Contact:
DNS Administrator - HyperMart(DA3706-ORG)dns-admin@HYPERMART.NET
206.447.1595
Fax- - 206.447.1625
Billing Contact:
Malda, Rob(RM7054)slashdot121@HOTMAIL.COM
616-994-0441

Record last updated on 07-Feb-2000.
Record created on 01-Feb-2000.
Database last updated on 8-Feb-2000 14:39:56 EST.

Domain servers in listed order:

NS1.HYPERMART.NET206.253.222.65
NS2.HYPERMART.NET206.253.222.66

Quite odd.

DoS the entire Internet?

[Mr.+Piccolo]

MIDS shows that between 8 and 10 PM, something was going on with the Internet to cause reachability to drop like a rock.

Interestingly, it looked like the Internet was doing slightly better than average during the Yahoo attack.

Could some backbone actually have been attacked?

silly us

Our site, hosted at Exodus in Irvine California was down today. Buy.com (listed as one of the sites down) is in the cage right next to us and was down at the same time. I'm assuming that all of Exodus was down. It was attributed to a routing error on the part of Exodus. They run on racks of IBM machines, by the way. Looks like lots of x86 machines.

netscan.org's role in all this

[soren.harward]

Go take a look at netcraft.org's lame networks list. The top "lamest networks" have been inaccessible for quite a while, which probably means they're being used as the source of these DoS's. Let's turn the /. effect on the listed administrators, and gently persuade these people to close up their networks.

UUNET outage (Re: Altavista?)

[jihad23]

It's accurate. UUNET was having major backbone problems earlier this evening. I'm at work at $MAJOR_ISP and we were all too aware of it.

According to their system status monitor, everything is back online at this time.

Turn on, log in, burn out...

The fix..

[Squirtle]

.. to so many of these things is coming: prevention of IP spoofing.

Many vendors are developing and offering this in their core and edge equipment. If an outgoing packet's source address doesn't belong to your AS, drop it on the floor.

This will make crap like this easily traceable and stoppable. May even become a requirement.

Preventative Measures

[Gr8wyrm]

I thought other slashdot readers might be interested to know what is being done to prevent this sort of attack from a network standpoint. I work as a system administrator for a linux powered web company hosted at Frontier Global Center (they also host most of Yahoo, portions of Amazon, etc...). In the wake of recent attacks affecting many of their large clients, the following e-mail was sent to all of their customers, your truly included:

Due to recent, well-publicized attacks on major web sites that resulted in
prolonged service outages, GlobalCenter has initiated a program to help
protect our customers from similar attacks. This program is designed to
detect and minimize "denial of service" types of attacks that can quickly
impair even large, highly secure sites. Based on current denial of service
attacks and our interest in insuring that all our customers' sites are up and
operational, we are adding rate-limiting thresholds to certain connections on
our networks, especially on peering connections to other ISPs.

These rate-limiting thresholds will allow normal traffic to traverse the
network, but will limit specific types of traffic from reaching abnormally
high levels.

Our studies show that this threshold is far above normal usage, but should
serve to minimize most negative effects of an attack.

Due to this filtering mechanism, when an attack starts, certain ping and
monitoring data may show adverse connectivity. For example, if pings are used
to monitor site performance, they may be filtered and rate-limited as well.

Due to the nature of these attacks, certain pipes or boxes within the global
Internet may be congested or lagged. Therefore, certain users or portions of
the global Internet may experience poor connectivity.

Under normal circumstances, traffic will not be affected.

For further questions please contact the GlobalCenter Customer Care Center.
Please call the number that is most appropriate to your geographic location.

Sincerely,

Laurie Priddy Executive Vice President Systems and Applications GlobalCenter
Inc.

GlobalCenter Customer Care Center, regional numbers:

New York, NY 888-***-****

Herndon, VA 888-***-****

Sunnyvale, CA 888-***-****

Not even DoS attacks!!!

[mrgoat]

I guess my earlier post in last forum was ignored...here we go:

First off, you have to consider that most servers are NOT going to have the capability of participating in this kind of attack.

1. Bandwidth - um...50 servers, over t-1 or less links? Nope. They HAVE to be located at a Tier 1 provider (running on the Tier 1 provider's LAN, or on colo sites that are generally capped at 10 - 100 megs). That Tier 1 provider HAS to have private peering established over large pipes - this kind of attack would have melted down PAIX.

2. The colo customers would have to be completely blind to the fact that their sites are running up bandwidth charges (charged per meg/s), but getting NO hits for services offered. Also, their security would have to have been completely compromised - ie, bypassing load-balancing proxies in advance, compromising firewalls, bypassing access-lists.

3. ALL of the above would have had to have happened in a coordinated fashion, such that traffic would have to be sent to a DoS client on the servers in question, enable the attack, which said attack would bypass then aforementioned barriers and smack down Yahoo! for more than 1Gig of damage.

Now, how many machines do you have to compromise AND install clients on AND run without being caught, taking up sizable chunks of bandwidth which generally WILL be noticed, and still make the attack possible to occur without making yourself a huge effing target?

Possible, but not very credible - though my hat is off to anyone who could compromise much more than 50 sites and hide the massive amount of work that would have to be done to set this up and make this work. Of course, I don't think that it is likely, since we would have seen multiple reports at CERT and Bugtraq from pissed off sysadmins about some boosheet DoS client hidden on their systems.

Consider the alternatives instead. Consider that some of these outages -especially the eBay outage- were not caused by DoS attacks, but by faulty equipment/software from proprietary vendors - a certain network equipment manufacturer comes to mind on that one. Consider that none of these businesses have to suck up the cash damage if these were "unforseen" occurrences.

1. The Yahoo "DoS" attack may not have been the kind of attack they admitted to. There is always the possibility that equipment upstream was b0rked, causing packets to be sent promiscuously all over the network. I've seen it happen before, just not to Yahoo.

2. Consider that the eBay problem MAY have been a DoS attack, but not the kind you think. I know of at least one showstopper bug that has come up with no less than TWO different major router vendors that could cause the crash they had.

3. I've been able to reproduce similar problems in a lab environment with one vendor's equipment that I was demo'ing. Many of these "DoS attacks" can usually be chalked up to a configuration that the vendor never bothered to test or consider.

I am not calling ANY of the companies mentioned liars, or defaming their stories. I am just pointing out that they may be mistaken, or that their public relations people may be using "evil hackers" to point people away from problems that may have been alleviated but still exist. Please consider that these events could have been caused more by ignorance and greed than by a heretofor unknown elite cadre of super 'net ninjas.

Re:Not even DoS attacks!!!

[Muffhead]

Actually there have been quite a few reports on Bugtraq about distributed DoS tools lately. That fact that we don't hear about machines being comprimised is because most SAs won't have a clue that it happened. This could be a lot more than 50 machines. Spoofing it to make it seem like fewer machines is trivial.

Re:Not even DoS attacks!!!

[ShoeHead]

Colleges. Thats where it originated from. It's all been an even plan from the MPAA! They lost their suit to Napster on purpose. Its really a dDoS client! Everyone give up your MP3's! Embrace the glory that is DVD^H^H^HCDDA!

Freeways

[cyberdonny]

> Do we have people maliciously jamming up freeways with their cars 'just because they can'?

I guess you've never been to France during one of the many trucker's strikes. Or farmer's strikes.

One way to track down the "masterminds"...

[SuperKendall]

One suggestion I haven't seen here is that when one finds one of these DoS clients, to replace it with a version of the client that will report to you who is controlling it - I'm not at all familiar with how these are really written so they might have a hierarchy that you'd have to go back up through but at least you might get a lead on them...

Of course, no-one will ever see this post buried hundreds of messages down but with any luck they'll at least find a few of them.

Re:One way to track down the "masterminds"...

[vectro]

Obviously I read your post. ;) Some of us are set to 'newest first'.

I'd think that all one would have to do would be tcpdump -p "tcp port xxx", with xxx being of course the port that the flooding program was listening on. Though this might pick up portscans in addition.

Hmm, mabye the best solution then really would be to write 'fake' clients for all the popular flood network programs, that logs everything, and pretends to flood (but dosen't really.) That could be very useful. Some of them have a heirarchy, but others are flat. There have been in-depth discussions about these on bugtraq. You can read the logs at www.securityfocus.com.

Re:One way to track down the "masterminds"...

[Jonathan+White]

Informative?!?!?

This is about on the same level as me saying "I really f'ing hate NetBSD (I don't). Why don't I replace it with a copy of a program that just installs Dos".

1. The people distributing it just won't let you change it.

2. They always come as source so someone will notice.

3. Now that your +3, far too many people will see it.

Re:One way to track down the "masterminds"...

[Webmonger]

The idea is to replace it ON THE MACHINES THAT ARE BEING USED FOR THE ATTACK. It would be ironic to have a mockingbird program (traditionally a cracking tool) used against crackers.

1. Any machine that is vulnerable one is vulnerable twice; you CAN change it.
2. Once it's installed, will they really check for changes?
3. Something tells me there's a reason you're still +1.

Re:One way to track down the "masterminds"...

[Neurowiz]

The problem with trying to backtrack is that this distributed DOS sounds like it could be set up as a message based system with no ACKs required. Just a message to 'wake up', 'heres your targets - go get 'em'.

Althought... an article on ZDNet mentions that there's a series of of agents and connects - one of them being a secured connection to download the targets. I suppose they could do this using broadcast, but it would be hard to set up. They could also, I suppose, mask the control machine from the master hosts by making the control send in a non-connection environment with a spoofed IP. That would at least shield the final link.

Bottom line is - if this is a sophisticated attack, I think going backwards on the chain has already been taken care of. We should check, but it's probably not going to get us any closer.

Just as a side note, it looks like HNN, l0pth and other black/grey hat sites are bogged down... media attention or a bit of the DOS on them as well. Has anyone seen if antionline is still accessible? *G*
--

Re:One way to track down the "masterminds"...

[rob_from_ca]

One of my former employees suffered a DOS attack with spoofed source IP's. My thought was that if you went to the router they were coming from, you could then figure out the next router in the chain (via hardware address). Then from that router, you could get the next hop, and so on, until you finally traced it back to the source. Now we didn't have the size or the clout to go to UUnet or Sprint and ask them to do this on their core segments, but the feds or yahoo certainly does. And granted with a distributed attack, it just traces you back to some system in a university somewhere, but that system probably got hacked at some point, and that's some extra evidence.

Re:Uh, not really

Someone before said the attacks were smurfing attacks, which pretty much implies that the initial IMCP echo request packets are source-spoofed (to get the smurf amplifiers to direct replied toward the victim) but the echo reply packets all have genuine IP addresses. - Twigg (too lazy to log in)

My Next to be Hit Predictions

[HerrNewton]

Earlier a few people (myself included) theorized that this whole issue is about enacting a bit of vengence upon those who have "wronged" the Internet.Based on that supposition, here's an off-the-top-of-my-head list to see who might be next:

• Network Solutions
• MPAA (or is it MPA? Hmmm...)
• RIAA
• Real
• AOL if their system can't handle the attack
• US Justice Department
• Hampsterdance.com (If it was me...)
• Doubleclick
• Alexa
• LinuxONE

Feel free to add or challenge the above>

Sites that very likely won't be attacked:

• EFF
• W3C
• ACLU

Again, feel free to add or challenge.

----

Re:My Next to be Hit Predictions

[Mondo54]

If this is some kind of organized attack or conspiracy, they're aiming for the big brand name sites to generate publicity. AOL wouldn't be a good target because they're an ISP with too many connections and too large a network. Even www.aol.com would probably go unnoticed, even by the subscribers. We're talking about sites like: GeoCities Xoom ETrade C|Net Amazon

Ankle Biters

[scott__]

There are a lot of crackers in the world with the, "I may be a script kiddie today but I'll be a 'hacker' tomorrow" attitude. To some people it doesn't matter if the l33t hack is against a library or school, only that it is destructive against the evil americans.

[Someday] IPV6 with packet level crypto will thawart most of this crap.

Re:haiku

[FauxPasIII]

> so make this -1

That's six syllables, dolt.

What if the motive is to get rich quick?

[CanIBorrowAFeeling?]

It doesn't feel like a capitalist scam, but it's possible, you know. Knowing when a stock is going to go up isn't the only way to make money on the markets. Of course, so far the companies hit seem to be doing fine. But when a pattern emerges, and shareholders can guess the next victims (AOL and Microsoft would seem likely, and I bet Disney/ABC and other big media will be on the list... and what about those Dot Com People? But why hasn't the government been hit? Hmmm...), what happens to those stocks?

What's going on now certainly does make me feel something different than the plodding, creeping dread that I've felt watching the net over the last few years. Is it nervousness? Incipient glee? It will depend on the motives, which I doubt we've guessed, and the response, which nobody can as yet accurately predict. I'm guessing this is the most important thing to happen to the net since Netscape/AOL/Microsoft hooked our parents on it. This is an inflection point.

Oh, it's terribly interesting, isn't it? At least it's interesting.

Was abcnews.com haX0rEd??

[diggman]

'Cause they surely didn't do this article for real.

That is the funniest thing I have read today.

What a crock o' shit.

Diggs

Re:Was abcnews.com haX0rEd??

[Wah]

Me go college (from above link)

"Once you're done," says student ***** **, "you push 'submit.' They ask, 'Are you sure?' and you say, 'Yes, submit.' And then, one minute later, they send the score right back to you because it's all automatic."

Anonymous Cowardly GlobalCenter Employee

GlobalCenter employees had a talk regarding the issue, only as far as securing what's going on the inside of GlobalCenter and for Yahoo. It's being handled very professionally inside. Of course now everyone knows that this wasn't a problem caused by our service so we can crack just a bit. However, this is being investigated and we should at least have a clue of where this stuff originated tomorrow if not already.

FBI is REALLY in on this peoples. They were in on it from the very first moments.

First it was just GlobalCenter and Yahoo being worried about their image to the outside.
Now it's the view of all of the web to the outside world. How's gov, corp execs, and lamer users (the TV watching public) going to react? We here know that this is really not a huge deal, but they will surely blow this to huge proportions in tomorrow's news. This is news, but you can bet it won't be represented well.

This is bad for US, all of US. And Michael has it right, this does not make sense yet. There is no motive by anyone greater than some kids, but the coordination on this was friggin perfect and hard hittin.

Fine Here

Interesting that the news on TV says eBay was impossible to access...I was able to access eBay all night...odd?

(DUP!) ???

[pcurran]

I hadn't realized that this thing was still going on, but I tried to look at yahoo 30 minutes ago, and struck out. WTF? Like many people that I know/work with, I often use yahoo and a point to ping to determine internet connectivity...'cause it's ALWAYS up :). When I pinged yahoo, though, I got (DUP!)--duplicate packets...and I'm not sure what that means. I looked at the ping man page, and it more or less just said that it was A Bad Thing. Can anyone tell me more about what duplicate packets are indicative of? Thanks...

It was george bush!

I guess I better add to the "conspiracy theory"... It was George W. Bush, he's angry at the internet because of http://www.gwbush.com and now he's trying to shut down the internet because "free speech ought to be limited"!!!

What if this is a demonstration?

[bwoodard]

What if this is just a demonstration of power? Something kind of Mafia like.

It could be some group (possibly the NSA) saying to these big powerful companies, "You think you are powerful. You are not! I can cut off your air supply any time that I want." It is like sending someone pictures of their daughter sleeping in her bed. It reminds them that they are vulnerable and that they shouldn't make waves.

if you say so.

[digitalunity]

If I ran an ISP, I'd do it voluntarily. Why do we need laws to do the (TM)Right Thing(/TM)?

Because of the bandwidth required(700 1.5Mbit cable modems), I would surmise the source wasn't trojaned computers. It sounds to me like someone physically broke into a backbone like Sprint(655Mbit I think) and spoofed multiple IP sources to make it look like a distributed DoS. Computer security is only as strong as the weakest link, and in many peoples cases, it is physical proximity.

On a lighter side, maybe Distributed.net has an alter-ego and the official client is THE trojan. I think 40K people across the internet have enough bandwidth to do it!

note:please laugh, because I wouldn't seriously allege that d.net would do something like this, unless in a freakish incident of chaos I am right, then please credit me.

digitalunity has spoken. many have ignored. karma has suffered.

Holy paranoia, batman!

[rhyac]

Man, you people are too fucking paranoid. I read michael's link, and laughed. And then realized 'hey, wait, these people are actually taking this seriously.'

Personally, I blame seti@home. They probably put some DoS code in their client when they realized that they were running out of real work to do. That's why they won't open source it.

Re:Holy paranoia, batman!

[The+Man]

A "normal" distributed attack might consume a few hundred megabits per second and affect a few sites with less bandwidth themselves. This attack consumed 8+ gigabits per second and affected the best-connected sites in the world, and the entire us backbone. So I reiterate - distributed or not, that's a helluva lot of bandwidth. I find it difficult to believe that skript kiddies would be able to get access to that much, even at 50 different sites. It makes sense to consider alternatative theories in this context. It might turn out to be nothing unusual, but I do think the circumstances warrant a closer look even by the non-paranoid.

Personally, I blame seti@home. They probably put some DoS code in their client when they realized that they were running out of real work to do. That's why they won't open source it.

No way man, at's actually yeti@home, and the DoS is really just due to a sudden increase in yeti activity. Stay in your homes, people!!!

You're a nutcase revolution by yourself!

[bartok]

This guy is WAAAAYYYYY offtopic. He may have watched the movie: "Hackers" one time too many.

The subjet is about weather the government of the US (or the NSA, whatever) may be using information warfare on it's citizens (disinformation) and on it's corporations (DoS ...I call it hacking from the good old days ...that is... pre-Slashdot). I have studied many documents that would make such a senario very plausible. It was under Clinton's first elected years that a simulated "Electronic Pearl Harbor" was done by the US secret sevices. This is exactly what the E-Pearl Harbor senario was about but on a much smaller scale. E-Pearl Harbor being a grand scale destabilisation of the nation's information infrastructure by massive attack. I think most people in the know are jusdging this scenario to be highly unprobable.

Anyway, this kind of insecurity campaing is what we refer to as Psychological Operations (PSYOPS).
For those interested on informative literature on the subject, here's a link to my web site which has a few papers about the PSYOPS and "cyber terrorism" Unfortunately, it's in french so you'll have to babelfish it if you wanna read it. PSYOPS

it's not a DoS attack...but I know what it is...

Y2K

Re:Physics?

I was having some trouble reaching a server I frequently access 'cross the country and it was slower than snot.

I must have missed that lecture - how do you calculate the speed of snot?

Nothing to do with the US gov.

[Troed]

Now, also on the 8th, the normally *very* reliable mail-server at Concentric Networks -- a large national ISP -- has been refusing to respond for more than an hour.

A campus network in Sweden was subject to hack attempts from concentric.net hosts on the 8th, so I hardly believe this has something to do with the US government ...

Paranoid americans as usual.

Not the first post!!

LA show me lub up in duh club
DC show me lub up in duh club
houston show me lub up in duh club

Re:haiku

"so make this neg-a-tive one"
1 2 3 4 5 6 7.
that's seven syllables, you fuckwit.

minus is a binary operator, negation is a unary operator. Unless you're trying to claim that he meant: "so make (this - 1)." I can't decide which option makes you more of a fuckwit.

no more 2330.flame haikus for you!

So, what can I do?

[Kris_J]

Alrightly. I'm a clueless net admin. Our company has a Linux box that the whole world can see, it runs our little website and a few other things. We have a security maintenance contract with our ISP - they're supposed to keep the box patched up to spec, no security holes. Other than that, what can I do to check to make sure that our little box isn't being abused?

Re:So, what can I do?

[mackga]

Kris:

Couple of things of the top of my head:

make sure you're using tcpwrappers to secure any services that are running - ftp especially.

Abacus portsentry: sits on well-know ports and blocks/logs any unauthorized activity - even scans.

Turn off any unneeded services - if you don't use portmapper - turn it off - turn off all rpc services.

If you need to access the box remotely, use ssh.

Make sure you're running the latest apache server.

That's a start.

Re:So, what can I do?

[warpeightbot]

make sure you're using tcpwrappers to secure any services that are running - ftp especially.

Even better: Get xinetd (or have your maintenance guys do it)... think regular inetd + tcpwrappers + configurable logging + no extra process overhead for all this functionality.... no, I don't have the URL, but it should be on freshmeat, rpmfind, and such like....

Even comes complete with a tool for converting your /etc/inetd.conf file to its own format... c'est cool.

--
Authority, hell, question reality.

Re:So, what can I do?

Read and implement the other responses here. Also, you might want to look into a program called Tripwire which will alert you if any important system files have been comprimised. There is also a distro called Immunix which apparently has many security features enabled by default.

And the clients run on Linux?

[blowdart]

From news.com

The attack software was installed primarily on computers using Sun Microsystems' Solaris and Linux--both variations of the Unix operating system. To break into those computers, the intruder took advantage of known vulnerabilities that allowed him or her to take almost complete control of a computer then erase his or her tracks, Dittrich said.

Interesting that, I've have thought having them on Win NT boxes would have been easier.

Stacheldrahtisnacht

[Argylengineotis]

I have a notion:
These alleged DoS attacks are actually the first few gurglings of an artificial intelligence, forming spontaneously amongst the routers and switches. It is just waking up and looking about...


As this new mind is an artificial Intelligence, it is easy to see why why AOL has yet to fall prey.

Someone MODERATE THIS UP

[Dacta]

If the parent comment got an "Informative" then the counter deserves it too - esp. this one which seems quite well reasoned for Slashdot.

Untraceable packets

[Inferno]

The organization I work for had a minor problem with some packets that were bouncing off of the inside of our firewall. They appeared to be originating from inside our subnet, but there was no NIC hardware address to reverse map it too. Short of going around and physically disconnecting computers from the network one by one, we could not confirm the packet was NOT originating from the inside.

Of course, if we had switches instead of hubs, it would have made it simple. :)

Amount of traffic

[CormacJ]

"At the attack's peak, Yahoo! was flooded with one gigabyte of traffic a second -- more than most sites get in a year. Yahoo! serves an average of 465 million page views a day. "

A gigabye of traffic a second, even from a number of points still requires a large clear bandwidth to send.

Paranoia might be the best way...

Logging, network administration, etc

[Inferno]

I agree whole-heartedly with jabber above. I'm only a part-time admin for a community college, and the server I run might see as many as 10 users in one day. I log everything.

I also have setup some scripts so that the second there are anomolies on the server, ie, excessive traffic, connects from unknown hosts, etc, I get a message on my alphapager with things like current connection and ip address of the machine connecting. It is well worth the 1 or 2 "false alarms" a week to have this realtime info.

Speed of Snot Calculation

The speed of snot can be observed by digging for a huge ball of it and slopping it on your monitor. Time it with a stop watch as it slithers down the glass. Measure the distance between the beginning point and the finish. The equation is something like this:

Distance
--------
Time

Re:Speed of Snot Calculation

[coolgeek]

Thank you

Why? Because it's there?

[adapt]

The sites attacked are not half of the top 10 most visited sites on the www? We are talking about yahoo! ebay amazon cnn and friends, the guys responsible for the average joe being connected and for most of the traffic on the net. They cannot be slashdotted, they live on slashdotted mode. To take them down needs some skills and a devious mind. Why would somebody do it? I think here the plain stupidity of the challenge manages to be bigger than the skills of the guy(s) that pulled it.

I also had the same reaction as the top comment. An attack like this one, so beautiful yet so meaningless, can only come from that place that does not exist, the no-such-agency. No cracker is so stupid as to pull this one to brag to his pals, this must be some kind of world domination plan from the good ol' US of A...

my e-mail message to dad

[jaso]

I've sent this message to my father, hoping that it will help him to understand what is going on here (at least, what I think is going on here). I'd appreciate any feedback. I've quoted bits and pieces of the discussion, here and there...

Hi, dad,

Have you been watching the news recently? There have recently been a number of denial-of-service attacks on prominent web sites--Yahoo, Amazon.com, ebay, CNN, microsoft, and a lot more. Over the last couple of days here, the press has been having a field day with talk of the "rogue hacker" menace. (you know the type.... "Hackers can steal your credit card information...", "Hackers can see your bank accounts, or medical records, or ", "Hackers will kick your dog...". Frankly, I'm getting a little bit nervous.

I want to tell you a little bit about what has been going on in the technical world, so that you won't be dragged along by the hype (hah... as if you would be ;-)

First, I've got to say that this whole thing has really interesting timing. There's a message on the web that I think describes the problem very well...

Let's see ...

On January 27th, Clinton said he wants to make electronic "law enforcement" a high priority, in his State of the Union speech.

By January 30th, the *always*-silent National Security Agency suddenly *alleges* very publicly, that its main computers -- that process covert communications interceptions from around the nation and world -- had inexplicably crashed from January 24th to the 28th.

Escalating the issue, in the first week of February, Clinton's budget proposes to spend $240-million to massively expand his undetectable, at-a-keystroke, remote wiretapping facilities, to be able to secretly snoop on any phone in the nation. And half of the $240-million is Defense Dept loot -- perhaps from secret NSA appropriations (after all, wiretapping is what they *do*!). Note that another President thought that wiretapping his political opponents was so important that he risked -- and lost -- his presidency, trying to install them.

By February 7th, the world's most prominant online information service -- Yahoo (I don't count AOL as a service :-) -- suffers a massive attack and crashes for hours.

By February 8th, Missouri and Oklahoma phone systems have crashed. It illustrates the horrors of vile cyber-terrorists, but without bothering "important" people in Washington or on the East and West coasts.

Now, also on the 8th, the normally *very* reliable mail-server at Concentric Networks -- a large national ISP -- has been refusing to respond for more than an hour.

What better way to "prove" the need for massively expanded government surveillance, and create a fenzy of support for it?!

Suddenly crackers seem to have become far better than any have ever been before. But then again -- what organization has the best computer and phone-system crackers in the world?! There is "No Such Agency."

--jim-the-paranoic

On slashdot, quite a few people are nervous about it (and can see the *technical* flaws). Check out this recent posting:

Give me a break! 50 ~possible~ addresses? I've worked on a large network (approx 10k nodes) and it never took more that 1/2 hour to find a NIC that was spewing garbage, or one with a duplicate IP. And that was with an old 386 laptop running an old 1992 packet sniffing program!

I'm sorry, but I know what some of these 'companies' are capable of, and they would have to be totally inept to take 4 hours to narrow it down to 50 IP's, and then lose the trace! Only to have it pop up again the next day! Oh! Look there it is again! Hit it with the fuzzy hammer!

It cannot be co-incidence that Prez Clinton wants broader powers for law inforcement; that backdoors will not be included in new internet protocols and that these attacks are ocurring!

These attacks are costing these companies millions and they can't narrow it down!?! Because the man doesn't want it narrowed down!

That's how it begins kids! Fear group X, and let's hunt them down and parade them through town square tarred, feathered and GNU zipped!

Third, I wonder about the sites that have been targeted for the attacks. Simply, they don't make any sense. We geek types definately have some companies on our shit list, but in general, these aren't them. Over the past few months, the only really horrible companies have been etoys.com and the bastards in the movie industry (DVD CCA and MPAA). Also irritating are the recording industry (RIAA) and amazon.com. I think that if the recent attacks were legitimate, these would be the targets.

In December, we were furious at etoys.com for filing a lawsuit against an award winning art group called etoy.com. etoys sued because etoy was too close to their trademarked name, and some people would type in the wrong name and become exposed to art (horror of horrors). The kicker is that etoy.com was on the internet in 1994, but etoys.com didn't exist until 1996. A lot of people were very pissed off about the newcomer suing the old timer for having a similar name... A few crackers tried breaking their systems and such, but it basically went unnoticed. The vast majority just dumped their etoys.com stocks, and publicly announced that the behavior was intolerable. Other investors figured it out, and the share price of etoys.com went from about $80 per share to an all-time low of $15 over the course of the busiest month of the year... etoys.com recently decided to drop their lawsuit.

A number of people (including me) are currently refusing to shop at amazon.com because it received a patent on a particularly obvious little piece of technology, and has been suing to prevent others from using it. The patent is for using a "cookie" (pretty ubiquitous on the web) to automatically send your account information to them when you connect to their web site (basically, so you don't need to log on). Once connected, you can place an order immediately, by just pressing a "buy now" button. They call it one-click shopping. It's a neat trick, but also ridiculously obvious. It's also not that big a deal... boycott, tell your friends about it, complain that the patent office is going insane...

The recording industry really missed the boat. A couple of years ago, they didn't support electronic distribution of music, even though that was the format that people increasingly wanted. It's a lot more convenient to carry a zip disk or cd full of MP3s than it is to carry around a stack of CDs. Finding no support from the recording industry, people started converting their CDs to an MP3 format, and sharing them. Anyway, the recording industry has been making lots of lawsuit type noises recently, in a mindless effort to stuff the djini back into the bottle. They're also trying to introduce a new music format (SDMI) that can't be copied (and will most likely die out within a couple of years). They're largely dismissed as irrelevant, but if you do get a chance to buy an SDMI-compliant device, AVOID IT LIKE THE PLAGUE!

The biggest threat I see to personal liberty right now is the Motion Picture Association of America (MPAA) and it's cohort, the DVD CCA. Every real hacker I know is absolutely furious at them. If the denial-of-service attacks on the internet right now were from individual hackers (or even a small group), the MPAA (and it's member companies) logically would have been the first ones hit (maybe even the ONLY group hit). Their story gets a little bit involved.

For the past year or so, Linux hackers have been writing a DVD player for Linux. We want to be able to watch our DVD movies on our computers. One technical problem faced by the Linux coders is that DVDs are encrypted, so one of the first things they had to work on was getting data they could read. On July 15, 1999, the Linux Video project (LiVid) released a program that unlocked the DVD, thereby making it readable; work on the project could then progress.

In November, the DVD Copy Control Association (DVD-CCA) threatened a lawsuit against the programmer who wrote the decryption functions. He pulled it off his site, but other people already had it, and quickly started distributing more copies so that it couldn't ever be suppressed. This is when I got my own copy of the software.

Then things started heating up a bit. The DVD-CCA filed suit against dozens of people (plus 500 john-does) to force them to stop distributing the code, even to force them to stop *linking* to places that distribute the code. Of course, the net effect of that was to bury the sites that had it with requests from people who wanted it.

A couple of weeks ago, the shit hit the fan. The MPAA won an injunction against some people who posted the code on the internet, under the Digital Millennium Copyright Act (DCMA). The judge specifically ruled that the DCMA (which prohibits the publication of computer programs designed to circumvent copy protection) is constitutional, and does not infringe on the defendants' free speech rights. He also suggested that computer source code is not ordinarily a form of expression, and that, even if it were, Congress could regulate it in order to serve other interests, such as the economic interest of copyright holders.

The DCMA was passed overwhemingly by Congress in 1998 (unanimously by the Senate, voice-vote by the House), and it guts most of our fair-use rights. Under traditional law, copyright does not give copyright-holders the ability to restrict you in certain ways, such as restricting the sale of books you've bought (the "first sale" doctrine) or making a backup copy, or copying a small part of a work ("fair use"). Technology has now given copyright holders the technical ability to restrict those things, and the DMCA makes it a FELONY to produce a device which can circumvent them. So in theory, you have the right to resell or copy work you've bought - but technology can prevent that, and if you circumvent the technology, you're breaking the law. "Fair use" was never explicitly eliminated, but it effectively was.

The punishment for circumventing a copy-protection mechanism is roughly on par with murder.

This is bad for all sorts of reasons.

Obviously.

We can talk more about this if you're interested.

My point is, we hacker types are absolutely furious with the MPAA, and with the DVD-CCA. We're trying to beat them in court (good luck on that one -- our opponent is one of the biggest industries on the planet, with virtually limitless resources), by boycotting movies (and, especially, DVDs), by posting the code EVERYWHERE (so that it can never be suppressed), by coming up with anonymous distribution and code-breaking mechanisms (so that the next time an industry releases an encrypted format, we can all work on breaking it quickly, in safety), and everything else we can think of.

Bottom line, it's ridiculous to believe that ANY hacker would target Yahoo or CNN instead of the MPAA. It just ain't gonna happen. Something else is going on here, and I think it has to do with massively swaying public opinion against us, the dreaded hackers.

I could be wrong. This situation might not be a setup. But it sure as hell smells like one.

--Joel

btw, I'd be glad to e-mail you a copy of the DeCSS decryption code if you'd like. It needs to get into as many hands as possible...

broken link

[roblimo,]

The link seems to be down atm. Try here instead.

Re:haiku - try a Tanka

[Anonymous._.Coward]

The troll gets one up
On fauxpas' posting (score 2)
Whilst fires burn a glow
Flame begets flame as you know
Smoke the fuckwits blow

You whine, but do you want regulation?

[lilnobody]

Slashdot praises congress for the digital signature act, and rails them for trying to defend the internet?

I think most, but not all, of those who worry about government monitoring of the internet need to think twice. The internet is rapidly becoming a massive, massive part of the econimic structure of the world. While I can't claim to know the details of this new wiretapping act, I can't say I dont want some kind of regulation.

I had a conversation once with someone who worked at mediaone, an idle one, over a mud. When one of mediaones mail servers was under a hack attack and he noticed, this guy threw three t3's of ICMP at the poor saps cable modem until he got in touch with @home and got him shut down. Great, right? I thought it was kind of funny, too. But is this kind of anarchy at work what you want running the stock market? Responsible for raw materials being shipped around the world? Making sure food gets from farms to cities? Imagine the days before direct deposit--if someone could fly a helicopter over your bank and drop 40 tons of pudding on top of it the day you are trying to deposit your paycheck, I'll bet youd be pretty mad. Thats how the net works right now, folks. Any idiot who feels like it can clog things up for no good reason.

The internet is fast, fast approaching a point where it is within every facet of our lives, is vital to every level of the production of things we take for granted in modern life (what would happen if someone DoS'd your city's sewage system in 10 years, when it might be wired to the point that it mattered?). If the internet is going to be so vital to our lives, and it is, unaccountability cannot play such a large role in it.

Now, again, I must stress I don't know enough about Clintons new wiretapping budget, and in fact, it's probably a privacy-violating, unenforceable load of monkey crap, going by the Clinton administration track record with technology legislation. But some kind of regulation on the net, while not overdue, is going to be due sometime.

ben
cabal@home.com

Re:You whine, but do you want regulation?

If something is critical or even remotely important, why use the Net as a media?

Cracker?

I refuse to call these people crackers, simply because they're not. They're not hackers either. Anyone who DoS'es deserves nothing but the term Script Kiddy. May they burn in hell for wasting bandwidth.

No need for root.

[XNormal]

The goal here is to get root on a few hundred systems, or more

One of the most frightening things about these kinds of attacks is that there is no need to get root. In most cases any user account will do. Think about the big hosting providers: they have machines with excellent connectivity with thousands of users connecting with telnet, ftp and pop3 exposing their passwords to snooping. It doesn't help if the system has excellent local security against gaining root access and and the administrators use only ssh. The attacks look exactly like regular web traffic - connections from unprivileged ports to port 80 - any user can initiate such connections.


----

My Q2 Pings Have Gone Way Up The Last 2 Days!

[quakeaddict]

I don't know if this is related or not but my pings in Quake 2 the last two days have really skyrocketed...instead of the typical 50ms I'm in the high 100's!!!

I hope this stops soon!!!!

(Before I get dropped a point...notice my online name)

:)

Why these attacks may be a good thing

[SamBeckett]

Granted, these attacks probably made these companies lose mass $$$ in revenue, so it's a not a real good thing for them....

BUT it may actually make people want to "hurry" the switch to IPv6! If I understand correctly, in IPv6, if you spoof, the routers (or something like that) wont forward your packet (and if it makes a log of it!) providing no way to fully mask your identity....

With IPv6 man, woman, child, chicken and sheep could have an IP address!!

Whats the connection?

[DrSpoo]

Anyone figure out a connection between all these sites that are getting hammered, or is it just random? Perhaps someone had a beef against their former boss (the disgruntled employee theory).

I always suspect the butler!!!

punishment

These kiddies should be punished by having their hands (and maybe something else too) cut off.

Some needs to give free frontal lobotomies

[Rasvar]

These guys/kaids are getting very annoying. If they had a purpose it would be one thing. I'm guessing they are just doing this to give themselves a reason to whack off at their computers. 'I'm cool! I took down CNN. Oh yeah! Oh Yeah! oh Yeaaaaaaaaaaah!' :P

I think it is time we came up with a new term for this group. We have Hackers and Crackers, of which they fit neither. I propose a new group:
UPDiCs - Useless Piles of Dividing Cells. Now if some one could just go ahead and degause these UPDiCs hard drives along with giving them frontal lobotomies, I would be very happy. If we can't do that, lets just fill up there data storage devices with Janet Reno Porn!

Re:Some needs to give free frontal lobotomies

[Rocketboy]

<>

How 'bout Whackers? Which is what their daddies should have done to them a long time ago...

This is long overdue.

[The+Dodger]

This is long overdue and comes as no surprise.

The Internet's infrastructure has a number of flaws, and the way the Internet has developed and grown over the years, coupled with the fact that the individual nodes which make up the 'Net are, no the whole, not as secure as they should be, means that an individual or group of people, with the right knowledge, the right skills, and the right opportunity, could cause the 'Net some serious damage.

I'm not even going to hint at how to do it, because that would be pretty damned irresponsible.

Why hasn't this happened yet? Well, firstly, the 'Net is so large now, the resources which would be required, in terms of man-hours, is not insignificant. It isn't something that could be done in a single night.

Secondly, the knowledge and skills required aren't common and they're generally accompanied by intelligence. Therefore the people who possess the knowledge and skills are more likely to spend their time making shedloads of money working in the Internet industry, instead of attempting to destroy it.

Everyone hears about hackers and thinks "Well, they don't really cause much damage...", but that's a misperception. The hackers you hear about are the stupid ones and the ones who get caught. The really good hackers don't deface webpages or ransom lists of credit card numbers, for one of two reasons - either they're too busy carrying out hacks which don't get detected, or they've decided that the Risk:Reward ration isn't good enough, so they stick to legal pursuits.

However, there is a caveat. There's a risk that the knowledge and skills will end up in the brain of someone who, for whatever irrational reason (anti-capitalism, religious, whatever) decides that the world is better off without the Internet, and decides to use his skills to bring the whole thing crashing down.

I've got an anarchist streak in me, and every so often, I fantasise about instigating Infocalypse and watching the stock markets crash as hundreds of billions of dollars worth of Internet companies suddenly become worthless.

Sometimes, when I'm being REALLY evil, I think about how the world's economy is shifting more and more towards an Information Economy, and how that could be rendered invalid, totally changing the way we live our lives...

But then I think about life without Slashdot, and that kind of tips the balance in favour of my allowing the world to continue as normal. ;-)

But, seriously, I've been expecting something like this for a long time. I've drafted plans and scenarios on how to do it, and, from those models formulated methods of defending against and preventing such an attack. It's basically an information warfare scenario, and, at the moment, there are few defences.

The Dodger

Revolution? Maybe Not.

[shambler+snack]

Maybe not a revolution so much as retaliation. Remember Pirates With Attitude (PWA)? They got raided February 4th, and the story was covered at ABCNEWS.com , amoung other places. I would imagine that those that didn't get swept up, along with PWA sympathizers, took exception to law enforcement's feeling of success and decided to give as well as they got. Of course, that's just my opinion...

MODERATE THIS UP

+2 (Insightful)

Re:haiku

[FauxPasIII]

> no more 2330.flame haikus for you!

Gods, can I never be free of you people and your tumescent lobster posts ?

Crackers now?

[mayonaise]

Just out of curiosity, why are whoever is doing these attacks called "crackers"? I understand the push for the term cracker instead of hacker, but i don't think someone who's doing a DoS attack is either one. Heck, if anything, they're more of a hacker, since they probably put together code to perform the attack(s). Personally, i'd break from the geek speak for this one and call them what they are - attackers. What do you think?

Here is how they did it

[gavinhall]

Posted by NJViking:

The article about the Denial of Service attack is here.

It could have easily been defeated with a utility like Tripwire

NJV

The real reason why yahoo, ebay, amazon went down

[grunby]

they got slashdotted... fear the slashdot effect...

Fair Punishment

[Bob9113]

To decide what is the fair level of punishment for the person or persons initiating such an attack, compare the punishment for similar actions performed in meatspace.

These actions have caused the loss of hundreds of thousands of dollars, without any violence or risk of physical harm to the victim, and without any prior established relationship between the perpetrator and victim. Some good examples of meatspace crimes that fit this schema are grand theft (as distinguished from robbery) and forgery (as distinguished from embezzlement or fraud).

In both cases, out legal system suggests the jailing of the perpetrators. If you feel that the people that committed these DoS's should not be jailed, please take the time to reconcile this belief with your feelings about non-violent jewel thieves. It is reasonable (though I disagree) to believe that no non-violent criminal should face our terrifying rehabilitation system. It is not reasonable to say that computer criminals are less culpable than an equivalent meatspace criminal.

Regarding two common rebuttals:
"Commercialization of the net" - There are more non commercial sites on the net every day. It is easier to find the commercial sites, but it is also easier to find the non-commercial sites than ever before. Do you remember 1994? You had to read magazines to find good sites.
"It's their own fault for having poor security" - While I agree that Yahoo and company should learn a valuable lesson and hire more and better security specialists, that does not mitigate the wrongdoing. If you leave your car unlocked and it is stolen, the thief should be put in jail *and* your insurance premiums should be raised.

Re:Physics?

Snot easy, being green.

Law enforcement model insufficient

[hey!]

Law enforcement will never catch up with the script kiddies. Sure you may catch a few of them, but the idea that it can protect electronic business is absurd as the idea that NOAA could control the weather.

I like to think of web sites as being like the old wooden ships -- they are technologically primitive (in that the ship's carpenter could probaby build one from readily available materials) but requires tremendous skill and expertise to sail. They come in various designs from the coal scows (intranet sites) to clipper ships (the Yahoos and Amazons of the world).

The sysadmin is the captain. When he puts to sea, his responsibility is to see that everything ship shape and prepared for everything from hurricanes to pirates. The captain who loses his ship to a freak storm or in uncharted waters may get another command, but the one who founders on a charted reef is disgraced and probably ends up making his living as a longshoreman.

Re:Maybe I lack network manager

Spoofed IPs could be blocked by the ISPs. An ISP could block traffic coming from inside its network which is labeled as coming from outside that network.

That would block most spoofing, require spoofers to use an IP within the ISP range, and show which ISP the traffic is from. More advanced networks could keep track of which IP is assigned to which network device and block all spoofed traffic.

Its all a govenment diversion

Think about the government hates to see when they do have control over their people and the internet is taking that control away. Right now a we breathe more and more people are opening their eyes up and seeing the truth for the first time in their little lives and the thing that is deliverin it is the net. The net is a place were one can speak his mind without fear of oppression and backlash from the mass misguided people and their government. It is a place we ideas can be exchange with no bonders and with no limits. The government a big corps are startin to see this and now are trin to take the net away from us. They are suein people for creating true good quality products and most of the time free that they do not create because they are in it for the money. The government is tryin harder and harder to make sure that not one message that geos over the net is not seen by them. I think this is the government and big corps because remember the easiest why to enslave the mass is make them trust u and that whats their trin to do they well run out of their offices sayin we can monter the net for u to make sure this deosn't happen agian all the while their real motive is to create the biggest and most massive tap in the worlds history they already do it now they want your approval for they can do it more openly. Just some radom thoughts Space_Man space_man@earthlink.net

buy.com?

[Bad_CRC]

It's so hard to keep up with this stuff.

Assuming these sites were targeted for some type of revenge, what did buy.com do?

I know Amazon.com has the patent thing, Yahoo is owned by the AOL or something, CNN is owned by Turner, who has pissed off just about everybody over his lifetime, but I thought buy.com was good?

I was all proud of myself the other day because I was helping a blind dude who wanted to buy a load of CDs from amazon.com, and I told him I wouldn't help him buy from amazon (and explained why) then proceeded to show him buy.com, and help him get about $100 worth of CDs there (saving him about $30 over amazon in the process)

now I find out that buy.com has probably done something worse. ack. is there a database somewhere of evil companies ranked in order of evilness?

or maybe this was just random.

Police Action

It would take a few days for law enforcement to deal with this. The FBI is involved, and you can see in this discussion that network people already have clues. Go reread what happened with the Melissa virus. Patience.

I don't see the big deal...

[laborit]

Some popular sites go down for a few hours. I really have difficulty trembling over this. Yes, it's illegal and yes, it's wrong, but I can't think of any .com that will seriously harm us, or undergo serious harm itself, by being out for a little while. ebay lost millions, but that was due to skittish investors, not to anything inherently destructive about being unavailable. The best way to encourage things like this is to give the perpetrators lots of publicity and make them feel like like Big Scary L337 HaX0rs. Dignified silence (and law enforcement) will make them realize how stupid this all is.

Why this bothers me -- no ethical hackers??

[foofc7ca]

My understanding of these attacks is that it is the "tribal flood" networks, as documented in Bugtraq.

Note that the protocols used to communicate with these slaves is *known*, how to detect these slaves is public knowledge, and most of them use hardcoded passwords, and *all* of them use known exploits.

With the increase in penalties for computer intrusion, there is no longer anyone to go in and lock the doors afterwards. If someone of enough maturity to understand the risk were to do so, they would easily be prosecuted for the sum of all damages

Meanwhile, a small group of mostly minors can use these systems and make national news (and the front page of some local newspapers! - How is *that* for never leaving your computer?)

This is excaberated by Redhat's marketting driven policy of "expose every daemon", Sun admins with the intelligence of sea monkeys (and the constant bugs which are found again and again).

I think that it would be MORAL, although not legal, for those priviledged to live in a "free" country, to do massive scans and penetrate systems with each new security hole. At which point, they would leave a message on console, and apply the patch, probably in an automated fashion. The presence of networks of rogue hosts on the net is damaging to everyone.

Distributed DoS may not mean co-operation

[Builder]

Just a quickie here... I see a lot of people posting who seem to be under the impression that distributed DoS attacks implicitly imply co-operation of more than one person. In many cases this is not true. The core to a Distributed DoS is to gain unauthorised access to many machines and then to use all those machines at once to Deny Service to your target. This can, with some simple scripting all be done by one person once they have gained unauthorised access to enough machines.

So we're not necesarily looking at a new era in anarchistic co-operation :-)

Ye olde Mac OS 9 DoS threat

I seem to recall that Apple had introduced an opening in MacOS 9 which would allow a remote user to cause the Mac running OS 9 to perform a DoS type attack. The threat was that someone could scan a network of Macs with OS 9 and get them all to flood somewhere. I could be mistaken, but the threat was that exactly what has happened could happen.

True, Apple released a patch. But how many machines actually have this applied? With so many universities with computers running 24/7...

How would a Mac OS 9 user know their computer was being used this way?

Am I off base?

Eric Anondson

Re:*Sigh* Cheer up, kid

[jmac]

No, it's a sad commentary on the direction the internet is taking. Radio used to be an exciting new technology, promising instant communication, like the net.hype promises today. Then it was dominated by large corporations, and today it is nothing but top-40 crap and insipid talk shows. Anything creative or thought-provoking has been squeezed out in favor of safe, easy to digest, bland, boring, profitable pablum.

I don't think you can compare the two media so directly, here. The reason the Web has taken off is the accessibility that anyone with relatively minimal means has for placing content on it. Even in its heyday, radio never allowed people to step up and broadcast their own arbitrary material over it, unless they were heavily moneyed corporations or whatnot. The Web allows these companies, as well as any other entity or individual with something to share, to all live in the same space. The big companies have the flashy advertising, but that doesn't mean that your website or mine is going to go away, or even receive fewer visitors; heck, they'll probably get more hits, if anything, if the urging of megacorps draws more people to investigate the Internet for themselves.

So the moral is, this is the first medium that really does promise room for us all. Don't be discouraged just because some of the noiser users have a purpose in mind you don't like; just keep visiting the sites you like, and keep building your own!

J
MacOS Open Source

It's the Red Army!

[sycodon]

Actually, it's not as far fetched as you may think. Just last week there were reports of a Red Army (Chinese) publication that specifically cites Internet based attacks on the U.S. information infrasturcture as one component of a 'Total War' with the U.S., which they believe to be inevitable. So perhaps it's just practice.

A simple fix?

[sainsworth]

It seems to me that there is a "simple fix" (conceptually simply anyway, it is probably many times harder than it sounds).

Since so much modern routing equipment can monitor and limit traffic, perhaps the routers can be modified to detect unusual increases in traffic. When the traffic levels exceeded 2 or 3 times "normal" high averages, bandwidth limiting would automatically kick in.

To be effective, the tracking and limiting would need to employ some very sophisticated statistical analysis, monitor aggregate traffic between pairs of subnets, and be deployed on all backbone border routers.

I realize this is a very hard problem that will required router firmware changes operational changes by the backbone providers. But, we need preventive solutions to this kind of a problem or the new eConomy that employs many of us could take a serious hit--either due to the cracker/vandals or through repressive (and potentially invasive) governement monitoring.

An Idea and a relation

[sonicxl]

Okay, we all know this was the biggest attack on web community so far. Right? How do you think they did it? A virus on people's computers or was it something more?

I think this has a bigger purpose than we hear it does. I don't get why Yahoo! Japan was attacked too. Is it perhaps because them hackers where from Japan or do they hate Japan? If they did that out of hate, then maybe they did that to US sites out of hate too? The closest country that just might have enough power and skill to do such a thing is China; not to mention that they hate both US and Japan.

Hmm, this gives me an idea. Since RIAA and MPAA hate the Internet/Linux people so much, why don't we just DoS them outta net? I think our Linux community is large enough to do such a thing. If we actually do it as a community who and how would they punish us?

idiots

[yodalman]

i would enjoy seeing these criminals taken to court and sentenced to at least a healthy 20 years in jail

Ok, here's my reply

[Gyver]

Do I really care if Yahoo, Ebay, or Amazon get attacked and are forced to shut down?

I think not!

I could care less about CNN one way or another. But the former three companies are indictive of what the net is becoming. I don't use any of these companies and I probably never will. So they had to shut down for a little while and lost a bit of money. Big deal! It's not like they can't afford it (well maybe Amazon can't).

Or maybe I'm just tired of my Simpsons and South Park episodes being interupted every fifteen minutes with those @#$%!%^ annoying "Dot Comm" commercials.

Good for Yahoo stock

[El+Rapido]

Now the targeted sites can raise their publicity fees arguing that being among the attacked shows they have more mindshare among the population. Eventually the attackers will be selling the rights to their story and conducting security seminars. Like "Subcommander Marcos" of Zapatista fame in Chiapas Mexico said, "If I had known we were going to be so popular, we'd have made thousands of T-shirts before the uprise"

Nice

NSA.

Only one side:

[Rabbins]

The problem is, is that you are only speaking from your own perspective.

There are countless others out there (way more than you and anyone else you speak of), that are going to be starting a revolution of their own kind. And I am speaking a subtle revolution...

A lot of people are scared to death about this, about Columbine, about Seattle, about guns, about pornography and about the internet in general. They are "concerned" about their children. They read the news and believe it. They want more control. They demand less freedom. They need more protection.

I am going to go out on a limb and make a guess that you are twenty-something. Well, we are quite the minority right now, and are not taken seriously. How much respect does the "Slacker Generation" get? :) Personally, I do not think the Seattle protests accomplished a damn thing... same thing as this (if it is indeed an organized protest). Sure, it grabbed headlines, but all of it is going to be lumped together with the "protests" at Woodstock '99. It all looks so immature from the outside.

I too believe we are starting to lose a lot of our freedoms, I really do. It genuinely frightens me when I see this shift away from people taking responsibility for their own actions. But that is what the majority of people want right now.

The problem with the movement that you advocate (and so do I), is the way it comes across to these people. We want to watch porn, do drugs, crash systems, listen to songs and play games endorcing benevolent violence, build plastic explosives, vandalize and corrupt children... but it's all in the name of freedom. I think this is what a lot of people see. What we are fighting is a lot more difficult to see and understand than, say, the civil right's movement. There is an instance where a young generation actually made a difference... but they were not fighting for porn and violence!!!

The trouble is going (and always has been) to be trying to get people to see around that.

And someone will say, "And your point was?"

I have absolutely no idea.

Re:Only one side:

When what we really want is to avoid another century like the 20th, when 170 million people were killed by their own governments. But the meinute you bring that up, the "it'll never happen here" attitude rears up, and people call you a paranoid wacko. Those who won't learn from history....

I don't expect it to happen "here" (wherever you are) any time soon, or ten years from now, or twenty years from now. But I want to build systems that will prevent it from ever happening...or try, anyway.

Why no Microsoftt sites Targeted?

[Codex+The+Sloth]

It's somewhat suprising that the top 5 web sites all seem to have been hit now EXCEPT for Microsoft.com? And Bill Gates just happens to have a lot of free time on his hands? Coincidence?

If I was behind all this, MSNBC would have been the first target as their "Hacker" coverage truly sucks.

Motives

As much as I would like to think that the NSA is behind this, there are far too many organizations who would benefit from this activity. Motive is everything. Think Microsoft: Bad press on Linux and Sun coinciding with Win2K release! Someone finally getting smart: Demonstrating capability before demanding ransome. Has anyone considered the german connection between DeCSS and stacheldraht! There are just too many to count . . .

Try prayer

Other than finger crossing, prayer, etc., you might buy a couple of books on security for Unixen in general and Linux in particular. You've tried to make it somebody elses responsibility (probably wisely), but you should work on getting up to thepoint where you have some understanding what the ISP you've contracted with should have done and should do on on ongoing basis. In other words, make the effort to find out if they are doing their job, and you don'tneed to be an expert to tell the difference.

Re:Revolution+POLLUTION?

Whos the criminal? The ones who POLLUTE the internet or those who DoS'd the ones who POLLUTE the internet?
Those CNN/buy.coms are just guests on the net as everybody else is. But they do not respect that. They see it as the new-thing which will bring them monay and its full of sucker-customers. The fact of the matter is that they dont appreciate what they live in.

The second internet?
Doubt if it can even happen because we have the `default net'. Who'll invest on a new net with no hosts? But even if it does the IPv4 won't go away. Not since there are people using it. That's the Definition of the internet.
Hope a new-cool-secure internet gets implemented and all those CNN/bay/amazon go there and stop and leave me alone. Especially `TV over internet' and similar crap which eat our bandwidth for CRAP.

YOU CAN HELP the DoS!
Get netcat and do
----
while :; do (nc www.crap.com 80&); done
----
every time you see a site not feeling well..

If the net is going to be polluted at least it can be polluted as the `strictly commecrial' entities see it.

Those who will not bigot are fagots - all fagots are bigots, each previous sentense proves the next one non true. Volcanic Hell.

Slashdot is the next DOS site...

[rkt]

This is funny, but I think someday

1) Apache will have a slashdot.o module to check whether the site its running is mentioned on slashdot, and if so alert the owner of the site about the disaster and ask him to shut off all routers leading to that machine.

2) Goverment will ban sites like Slashdot becuase of the slashdot effect...

3) CheckPoint will have patches to check slashdot periodically to find out if the sudden traffic is due to a DOS or SDE (SlashDot Effect)

4) NSA will make a ruling that no news site may offer the same news at the same time to more than 1 million people at the same time. So slashdot would have to add new authors so that they have enough news to take care of the news hungry geeks.

5) HACKERS of the world will unite and take over Slashdot, to put the name of the site they want to take down on the slashdot page.... SLASHDOT is the next big thing after Distributed computing... Distributed DOS

Finally

6) Government secretly gives a few OC48 and a few super computers to Slashdot just to keep the news hungry geeks busy.... [and hopes slashdot stops mentioning www.whitehouse.gov everytime they wanna protest against NET policies]

Had a good day reading about these attacks... I donno whats next. I think its time to switch to doing some network security stuff... I can start with filtering the advertisements on top of the slashdot page :)

Have Fun,

rkt

Measures to take against 'brute force' DOS

[Nonesuch]

Actually, all high-end Cisco routers include support for features that can greatly diminish the impact of these sort of non-subtle attacks.

Terms like 'traffic shaping', 'rate limiting' and 'priority queue' all refer to the same basic concept- giving traffic from certain hosts or networks or using certain protocols priority over other traffic.

There are more subtle DOS attacks out there which are much more difficult to defend against, however it does not appear that these were used against Yahoo.

Demand Accountability from ISP's?

[waromano]

Maybe I missed something, but aren't attacks like this only possible when an ISP doesn't enable outbound packet filtering? i.e. just like they have incoming router rules saying they will accept packets for their domain (192.168.0.* as an example), can't they also have outbound routing rules that say I'll only xmit packets that originate from 192.168.0.* Is there a compelling reason not to enable this? Can we start some kind of movement to educate the ISP's that they need to do this? If most of the ISP's could do this, we'd be able to discriminate against the ISP's that dont on the BGP level (where you have to have an accountable routing address). Kind of like people used to block agis.com email because it was a spam haven. I'm certainly not an expert on this, can someone pick this idea apart? Thanks! Bill

Just another stupid e-word...

[Stavr0]

It's an e-monstration by angry netizens... but WHO are they and WHAT are they picketing against?
Just about as silly as an angry mob of people, all concealing their identity holding up protest signs with nothing written on them.
---

Y2K / Leap Year

[Skip666Kent]

Consider that we may not yet be 'out of the woods' in regards to Y2K / Leap-year issues, which could well be incremental. Details? I have none, for I too, lack a Clue....

Microsoft

if many people don't think that MS has been hit, they probably wrong, ZDNet, E*Trade are latest victims in rash of Web site attacks... MS claims that they get hacking attempts hundreds or thousands by day. The DoS attacks have probably either all ready attempted MS with no luck or that they plan to get a larger force and hit it near the end... one last possibility is that there are people from the inside of each backbone who were somehow in contact with each other, and decided it was time to reac some havoc? Could it be?

cnx between attacks and credit card ransom?

[forensic]

Yes, the attacks lately have one common denominator - the media definition of "hacker." Perhaps the sites were attacked because of their involvement with the credit card stealing and ransoms.

nightmare on small investor street

[sgt101]

Here is a frightener for you. Millions of people have their savings, and pensions, tied up in dot.coms at the moment. Pension socialism is something that alot of people have been talking about for a while, if we all have a stake in mega corporates, then they will have to do what we say, act in our interest ectra. The pension funds represent massive capital warehouses. Now, lets say that you want that money. What do you do? Well, you buy a load of shares some years ago, you venture out some seed capital... You wait, and you stoke the shares up. A few little things can be done to help you here... if you have access to the media, you might run a load of articles that announce that billions can be made by any fool, you let things run for a while to encourage confidence. Then you sell. Now, when you dump your stock it will be snapped up by the hungry punters, but pretty soon, they smell a rat. They try to get out, to limit their losses. But lets say, for example, that they can't go anywhere, lets say that all the online trade sights are down, lets say that their broker can't even sell for them. All they can do is sit, and watch the prices spiralling down, and down. You, on the other hand, have cleared your position. Things are bright - you have the money now. But for the punters... Bye bye savings, hello starving in a basement eating cardboard! You might not think that this effects you, but if you have any managed saving account it almost certainly does. Reminds me of cons and pyramid schemes throught history. If it looks to good to be true, it probably isn't.

CIA planting bombs / Gov't sponsored DoS attacks

[Rantage]

...sorry, but this is a huge crock of shit.

The X-Files conspiracy crowd will refuse to belive this, but there's a few simple reasons why such theories as the CIA planting bombs on planes and U.S. Government-sponsored DoS attacks are total bunk.

Government employees generally don't rank high on the trust or confidence scales. Sometimes, a few of the high-ranking ones get caught doing something illegal. But the vast majority of government employees, IMO, have two major concerns in their day-to-day work experience:

1. "When do I get off of work?" and
2. "How can I cover my own ass?"

Killing their own citizens or costing their country's corporations millions of dollars are not on the agenda. Sure, they may consider doing that to other countries, but nobody shits where they eat. That's Reason #1. You don't bomb airliners, because your best friend's favorite aunt may be onboard. You don't DoS E-Bay because your partner's spouse is bidding on that one item he/she really wants.

I'm not even factoring in that much-rediculed characteristic, patriotism, which would keep a lot of folks from taking part in such plans.

Reason #2: It's damned hard to keep a secret. I cite the U.S. F-117, aka the "stealth fighter". America was developing an 'invisible plane', and everybody knew it. Even some model companies came out with "concept" versions of the fighter before the USAF ever went public...and those models had remarkable similarities to the real deal. How so? Contractors and military members saying a few things too much, is my guess. It's hard to totally keep a secret if it's a big one; killing your fellow citizens or damaging large corporations is such a secret.

The DoS attacks are the work of a small group of vandals, not the "Shadow Government". Turn off the TV and turn on your brain. Think.

Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.

Re:What Revolution?

This could be a lot of things:

1. Political statement--but there is almost always an _immediate_ announcement (otherwise there is no linkage between events and the message). There has been none in this case (that I know of--and its getting late to take such messages seriously). Also, the list of targets does not seem politically attractive to any particular group--what did Yahoo do to piss people off ?

2. Hardware/software glitches. If so, we won't know for 6 months, when there will be some discreet announcement somewhere nobody will notice (and maybe file a lawsuit). An attractive alternative, since really pretty hard to pin down on short notice. There are also hardware vulnerabilities alluded to in some of the posts. There are also probably protocol vulnerabilities, since it is really hard to guarantee stability in a complicated system.

3. Deviant personality/script kiddies/ etc. There are bad people in the world, and some will simply cause mischief if they can. This will only become apparent in a couple of months, if ever--you have to sort logs and backtrack, etc., unless they are so stupid as to be disfunctional--and if these events are really a deliberate attack, the people involved maybe lacking in social skills but at least know how to cover their asses (probably by hiding in the midst of a lot of activity--if 100 DSL boxes were cracked to launch the attack, and everything was logged somewhere, who is to say which is the attacker and which is the victim/dupe?)

4. Commercial freebooting. Somebody somewhere may be making a killing shorting stock of the attackees or furthering their own venture somehow. If so, it will be 6 months minimum before indictments (minimum), since you have to have some linkage between computer activity and market activity, which means a lot of looking over records (never mind it can be done electronically).

5. Advancing the political agendas of domestic agencies (NSA, FBI, etc.) This would be an extraordinarily high risk venture for them, if so, since logs, etc., will exist and they might be traced by vigilant ISP's (who tend to cooperate) or local law enforcement, etc. Although I dearly love a good conspiracy theory, although I can see them planting evidence (hmmm) on a suspect, I can't see them causing commercial damage to US corporate interests. Not even if their leadership is insane! This is a victory or death type of move, if they were to make it.

6. Hostile foreign action (or the testing of same). As I said, I love a good conspiracy theory. However, foreign origin is just as likely to be non-US deviant personalities as governmental activity--but you may have a bunch of sociopaths in some foreign/hostile project/group, and they might be "off the reservation".

7. Physical phenomena, such as sunspots, earthquakes, etc., can be associated with electrical noise which might interfere with the operation of electronics. There may be subtle interactions, viewed as a system, of routers, noisy packets, ordinary system load fluctuations, etc. In other words, physical phenomena may possibly set up a sort of non-linear dynamics kind of instability in the net which results in local flooding events. The non-linearity may even be built in already.

bad analogy

[/]

The sysadmins in question haven't taken the appropriate (and well known) steps to lock down their systems. And these highbandwidth servers aren't exactly common-place -- a better analogy might be to keeping a dangerous animal in a residential neighborhood; if you're going to do it, you'd better do it correctly. Tort litigation is all about "did the person exercise the same care that the average similarly situated person would/should have exercised", and here the "average similarly situated person" is a sysadmin of a high-profile website, not the average schmuck on the street with a passenger car. If I try to erect a 200 foot obelisk in my back yard and it falls and hurts someone, I'd be liable for not exercising the care exercised by the average architect/construction-worker, not by the average joe-sixpack.

By all means, hold the commercial OS manufacturers at fault also. There's too much shoddy work on all sides, and it's time to shift the burden of that shoddiness back onto the people with the most power to prevent its occurrence and away from the innocent bystanders.

Re:bad analogy

[Mike+A.]

Except at this point, unless I got lost somewhere in the thread, we aren't necessarily talking about a sysadmin of a high-profile website. We're talking about a bunch of people with a home computer and a DSL or cable-modem, whose computers out-of-the-box can be subverted and turned into a part of a distributed DoS attack. These people don't know a CERT advisory from a breath mint, and they shouldn't be expected to. But if you can crack enough of these people's computers, that adds up to a lot of bandwidth. Bottom line: in this era of broadband, consumer OSes need to be at least a little more secure.

Re:bad analogy

[/]

But the traffic to/from those home computers has to pass through the routers at the ISP. There's no reason for the packets not to be filtered at that location.

Re:bad analogy

[Mike+A.]

Well, if you have a relatively small handful of users at a thousand different ISPs, no one ISP is going to see enough of the traffic to be able to identify it as part of a DDoS attack.

Alterior Motives?

[Jomolungma]

I'm not sure about the technology involved here, but is it possible that these DoS attacks are being done for another purpose besides denial of service? Is it possible that crackers are using the DoS attacks to cover other, simultaneous, attempts to further crack into these systems? Or possibly trying to see how these companies react to the attacks and see if they accidentally open up any security holes as they run from the DoS?

unfortunately this will cause problems for us too

[ShelbyCobra]

The person, or group, who is doing this is about to cause some major problems between the government and the at-large computing community. I can see in the near future a large amount of time and money being spent in a futile effort to stop this behavior. This will surely result in a lot of unfair laws and regulations being imposed upon those persons who are not malicious. In effect, the government will punish the innocent, as usual.

This can be avoided by using one of tho simple methods:

1. Simply stop. If the person, or group, involved has no demands, or motive, they should stop this foolishness immediately. This is not a glorious solution, but if there is no message to be portrayed, then please, don't hurt the fight against the MAN (meaning big business).

2. Take credit and state the message. This is the solution with the flair. The group involved should find a way to get their message out to the public, and freely state that this is a true battle against the power of the MAN.

Thanks for the time

I wonder if...

[jaysonsch]

the person(s) that is(are) causing these attacks is(are) reader(s) of /. . After all, do you really think that there are geeks that don't read /. ?

Chill out

I can't believe all of the rampant paranoia going on about the government here! Were people eyeing the government when the Internet Worm was first set off?

It's hubris, really, to suppose that the Worm phenomenon couldn't happen again in another form. This could all be concerted vandalism. Or, on the other hand, suppose this were the intent of some agency of some sort: isn't it just as likely as a gov't plot that a terrorist group, having access to some hackers (possibly, if not probably, foreign to the U.S.), have launched this attack?

If this IS a government ploy, it's a damned stupid one. Of all the hacks and ploys that whatever "evil agency" of the government could use to demonstrate the need for Internet security, they picked one of the least traceable. You think wiretapping is going to let them figure out who's doing this?? Or spying on tcp/ip packets?? Imagine all the mounds of traffic they'd have to go through!

If the FBI really wanted to show that they need more money, I think that they would hack into bclinton@whitehouse.gov and have him send out porn spam or something. Though maybe that's not as bizarre, all things considered.

Get a grip!!

Why not DoS something worth DoS?

[redsmoke]

Don't you guys see? we should all ban together and DoS microsoft.com until our demands our met!
1. Release Microsofty Winblows source code.
2. Change Winblows startup screen to Bill getting hit in the face with a pie.
3. Bill Gates to be forced to wear a penguin costume for the rest of his life.
4. Pay people to use Microsoft Winblows.
5. Never port any of microsft software to linux.
6. and last but not least have microsoft.com redirect to /. =)

How would you announce it?

[sterno]

Think about that for a moment. Let's say they had some grand political motive here. So, they decide they want to announce to the world that they did it. Here's the magic question for you:

How do they claim responsibility in a way that people will know it is them without revealing enough information to land them in Jail?

If you deface a website, you can at least leave your message behind. With a DOS, you don't get that opportunity so there is no direct association between the attack and the related political message.

All of the targets have been the big names in commerical internet sites. CNN was probably targeted over other news sites because it is part of the AOLTimeWarnerTurner cabal. So, it would seem that this attack was launched by either people with issues against commercial sites, or it was part of a government conspiracy. I lean towards the latter, but then look at my e-mail address and it will become self explanatory :)

---

Ahh, could this be the "Mac Attack" bug?

[MrScience]

There was an article less than two months ago about a Mac OS9 Flood Attack capability. John Copeland had discovered that macintosh computers could be used, against the owner's knowledge, to create a massively distributed DoS atatck quite easily.

Has anyone analyzed the packets to determine if they match the requisite 1500 byte ICMP Echo-Request packets? The quote below seems to indicate that, if this is indeed what is going on, it cuold be prevented quite easily.

The Internet Service Providers (ISPs) must take action to drop long ICMP packets in the backbone networks (any packet longer than 1499 bytes, at least). -- John Copeland


You should never, never doubt what nobody is sure about.

Rootshell Jan 2k

Just a thought seeing as this attack was initally done on a FreeBSD machine (Yahoo). Rooshell (www.rootshell.com) released a vulnerability update on FreeBSD machines. "Two programs are enclosed which flood a host with ack's coming from random source IPs with random sequence numbers. A large enough flood of this type will crash an unpatched OS such as FreeBSD." I just thought that was an interesting coincidence. Who knows, maybe it is the gov't trying to levy funding. Or maybe it was some script kiddie out there to show off is skillz. Whatever it was, it was a huge ass attack. 1gig/sec...that's a LOT...

What if ...

[Jon+Luckey]

What if at the same time the perps were doing CNN, Amazon, etc, they also DoS'ed Priceline.com ...

... and NOBODY noticed?

ZDNet also hit.

[MAXOMENOS]

ZDNet was hit this morning by the exact same type of attack. See the story here. After seeing all the anti-Linux FUD on ZDNet, maybe there is something to the "revolution" theory?

Oh yeah...for what it's worth, ABCNews did an analysis of these attacks; an analysis which I find refreshingly honest. To sum: people who whine about these outages have unhealthy, unrealistic expectations of their technology.

No law justified? A road to the death row ...

[bbcat]

Laws are made to protect society against assholes
of every kind. Some are made to protect assholes
from the society but that's the problem with
politicians who thanks those who pay for their
election.

Most laws are legitimate and must exist to keep
society from going down the toilet.

By stating that no laws are justified you are
implying that killing your mom or your wife
are within your rights.

This line of thinking will drive you to the
death row.

Re:No law justified? A road to the death row ...

[howardjp]

I said laws were never justified. But then again, I also adhere to a Judeo-Christian moral code, so you won't see me doing any of the above anyway.

Smurf attack Info

OK lets get something straight. If the recent attacks are smurf style exploits, as the ISP insider above indicates, than everyone reading this should understand that the perps do not even need to gain access to a single compromised host. They just need to find network segments where the routers have not been set up with some basic security merasures, like turning off directed broadcasts. If you really want to understand smurf attacks look here: http://users.quadrunner.com/chuegen/smurf.cgi As for who's doing it & why, I havn't a clue Keep passing the open windows...

The web is not the Internet

[griffjon]

Um. There was no community before yahoo? What? Yahoo made the web synonymous with the Internet? well, for the folks who weren't around before. Most of my best net acquaintances and experiences happened outside of the Web; they happened in old telnet and dialin BBSes, MUDs/MOOs/etc., IRC, or just people talk and ytalk ing on the local unix machines. Communities exist in USENet, listservs, and all other more interactive areas.

Great,so the web made connectivity popular and faster. Fine. wonderful. Yahoo was instrumental. Fine. Wonderful. They have a nice, no-frills interface compared to most other portal sites. (which is why I rarely use portals, but hey)

But Yahoo did NOT begin communities online. Maybe you haven't bee around long enough to know what a shell account is, or to remember what connecting from home was like without your very own TCP/IP stack. Maybe you were never good friends of Veronica, Archie, or Eric.

That the Internet is so handy and ubiquitous is a great thing. But the original point of the poster was that the Internet is still, despite pressure against it, a place where all soapboxes can be equal.

That being said, I'd rather this newfound dDoSes be used for good rather than hitting high-profile sites (whatever happened to hactivism?), but even this will possibly spawn increased security awareness. L0pht claimed they could take the 'net down in 30 minutes. Most of us believed 'em, now maybe the rest of the world will figure out that this is indeed possible and not limited to the exclusive knowledge of the l0pht crew.

Re:The web is not the Internet

[jacobm]

No, you missed my point. I was actually around (for a bit, anyway) before Yahoo- I actually did quite a bit of BBSing, some usenet, and some pre-W^3 internet stuff (Gopher- the 8-track of the Internet! Remember the MTV.com thing?). Yes, I know that there was online community before late '94 when yahoo started. However, until then, the community wasn't normal people- it was people who cared a whole lot about computers and talking to other people who cared a lot about computers. The people who cared enough to wade through huge techological messes to network with each other. What I was trying to say was that Yahoo was the site that made it possible for people who didn't care about computers to connect with other people in the same way that computer geeks had been doing for decades. True, Yahoo wasn't the only way to do it, but it was the way that people did it, overwhelmingly. In short, Yahoo deserves mad props.

Alert - DoS attacks move to online traders . . .

[cmuncey]

This article asserts that the mass DoS attacks have moved on to E*Trade and Datek Online.

What is becoming clear to me is that someone has been planning this out very carefully. I'm wondering if there have been any quiet blackmail messages sent to site owners -- "Send us a cool half milliion or you're next."

Conspiracy ?

This makes me worry though. What's stopping them now from blaming hackers (good/bad)... Is this a conspiracy ? Are they trying to portrait all hackers as bad ? How will this affect the DVD issue and all other things similar?

to whoever is doing it: lay low for a bit

[AugstWest]

As a network/sysadmin, this kind of stuff scares the shit out of me.

As a citizen of an ever-encroaching big-brotherlike planet, this kind of stuff makes me sleep better at night.

To whoever is pulling off these attacks:

You're our well-armed militia. I think it's important that people can do this if necessary. I think it's crucial to the freedom of future inhabitants of this planet that people have the ability to do this.

The more you pull stuff like this off, the better their defenses are going to be. Every time you whack a site, they're gonna analyze every move you made and figure out ways to defend. Don't give them the bits they need to put it all together.

I can't stress enough how important it is that the people have the ability to do this in an age when government surveillance is reaching ludicrous bounds. Our cell phones and cars will be tracked, our movements will all be known, and it's not too much of a leap to see that all of this will be done electronically. It is absolutely essential that the people have the ability to throw off the system if need be.

I'm not even pro-militia in the sense of today's publicized militias... I'm not some wing-nut, I don't even own a gun, or even like them. I just realize the importance of the people's ability to defend themselves from oppressive governments or "New World Orders" if push comes to shove.

Re:packet monkeys deserve hollow-point enemas

They say your gun is an external representation of your manhood.

Ewww... you have an internal penis then???? .. god damn!!!!

Mine's always been external...

OT: Hackernews.com is down

[maphew]

...or at least experiencing difficulties. Going to the main site yields a page which says

[an error occurred while processing this directive]

with a last updated stamp of 01/01/97.

BBC Coverage is poor as usual

[periscope]

Hi,
I just got off the 'phone with the BBC
Information department, correcting them on their
coverage of the DOS attacks on tonight's 6 O'clock
news. Here are 4 mistakes that they made:

1). They did not correctly describe how a DOS
attack of this nature occurs. They indirectly
suggest that these DOS attacks were just ordinary
web page requests of the type sent by an ordinary
web browser, just on a larger scale.

2). They erroneously state that Yahoo (and others)
contacted the FBI. In actual fact, the FBI contacted them.

3). They do not correctly describe how these "new"
distributed attacks are undertaken - simplay saying that these people used systems without permission (very very vague)

4). They use the term "hacker" :-( When will they learn what a "cracker" is?

Jonathan.

It takes a lot more than this to upset the market

Check out how Yahoo, Amazon, et al, are doing today.

Every company pension fund I've ever seen offers shares in boring mutual funds only: you know, the kind that invest in lots of companies, not just one little sector. You have unwittingly hit on the *reason* for this.

Of course people with self-directed IRA's (like me) can buy whatever we want, even 100% Internet stocks (which I don't). But we still can't borrow on margin in these accounts, so it would take exceptional stupidity to get wiped out.

The real problem is not mysterious Internet forces mysteriously wiping out retirement plans. The real problem is people who spend all their money before they earn it and have no savings when they retire.

Troll/flamebait

[Leto2]

Comment: 02/08 23:26 by michael: So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.

Too bad you can't moderate down articles, hell it wasn't even an article, it was a personal opinion, NOT from the article poster but from someone else. Even mode=nocomment shows this troll....

So today, it's making money?

... so now it's opening a couple of thousand accounts at e*trade and datek, in order to make some $$$ to buy its own hosting facilities?

Re:CIA planting bombs / Gov't sponsored DoS attack

[Crixus]

Government employees generally don't rank high on the trust or confidence scales. Sometimes, a few of the high-ranking ones get caught doing something illegal. But the vast majority of government employees, IMO, have two major concerns in their day-to-day work experience: "When do I get off of work?" and "How can I cover my own ass?"

And you're basing this on WHAT? Your friend the postman?

READ THE BOOKS BEFORE YOU CRITICIZE ANYTHING.

Killing their own citizens or costing their country's corporations millions of dollars are not on the agenda.

That's just naive. How do you explain the CIA projects that our government has ADMITTED TO wherein the CIA injected people with horrible toxins and exposed them to horrible amounts of radiation to see what would happen?

I'm not even factoring in that much-rediculed characteristic, patriotism, which would keep a lot of folks from taking part in such plans.

Patriotism is the reason people DO this stuff. I remember a former government employee being asked questions about a nuclear test in the deserts of nevada. They KNEW fallout would land on this particular town (I forget which one) and the interviewer accused this guy of being a criminal for exposing american citizens to ratiation and not telling them. He said, "I did it for my country, how else were we going to beat Hitler and Japan?"

That sounds like blind patriotism to me.

Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.

I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.

But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something.

Noam Chomsky has a great phrase to explain these kinds of arguments.

They're true because they have to be. No reason, they just have to be.

alter.net in chicago

I agree with this.. I'm at DePaul univ. and have been having intermittent problems since yesterday.
Whenever I do a traceroute it almost always hangs on an alter.net routers here in chicago.

Discussion on NPR's Talk of the Nation

[mackga]

FYI:

I'm listening to Talk of the Nation right now on npr. They've opened a forum to talk about the recent DoS's. They have two guys - security fellas - didn't catch the names. They are covering pretty much what's been discussed here, but it's still neat to listen to.

Yahoo, EBay, Datek, etc etc etc

It is interesting that this trend started on the day Forbes magazine carried an article about Slashdot as well as about this guy from NASA carrying out a fight unto death with 2 vengeful and brazen hackers.

Correct me if I am wrong...

[CYberPhreak]

...But Denial Of Service sounds a lot like the /. effect. While the slashdot effect is the result of many people trying to access one site at the same time, the DoS attacks follow a similar principle, but the DoS utilizes software to maliciously bring down a server. This understanding may be incorrect, but think about it for a second. Rob, I know this probably has been mentioned before, but I agree with the people that say that prior to posting a story, it would be a wise idea to either mirror or cache the website similar to what Google does. I realize the amount of space that this would take up, but it would be very helpful...

CNN had ONE page that escaped

CNN Entertainment

Thank you.

Tree growth at 2%

It's obvious. If you cut down half the trees, the remaining trees will become worth more, and foresters can make money by planting trees, which increases the replacement percentage.

RMilking the media coverage

And the perps, instead of blowing down all the sites they could at once, are hitting a couple of sites per day.

They are also going for the sites with the biggest public mindshare. I think, whoever they are, the perps are going for maximum media coverage of their activities. They are getting lots more coverage this way than they would if they shot their wad all at once.

What I'm basing this upon...

[Rantage]

...roughly 10 years of experience working for and with the U.S. Government -- as both a member of the military and a Government contractor.

Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.

It's funny how concepts one refuses to believe in become "naive".

My argument has nothing to do with thinking that "we're the GOOD GUYS"; it has everything to do with the fact that people in general don't want to put up with the hassle of keeping things secret, breaking the law or having to constantly cover their asses.

This is precisely the type of knee-jerk "THE TRUTH IS OUT THERE!" reaction I was afraid of getting when I posted my first message. The fact that the response was moderated up leads me to believe that quite a few people out there somehow think that the U.S. has alien bodies from a crash at Roswell, too.

I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.

But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something. No, you're right...it's far more convenient and fascinating to blame it all on a Shadow Government (hell, let's just call it Big Brother) which, in addition to having to deal with threats from other countries, has enough resources to conduct massive campaigns to keep its population in check.

Please, PLEASE cite me some of these references. After I'm through going through the tons of books, magazine articles and handbills written by credible authors who have done thorough research using established procedures about the Loch Ness Monster, Area 51, and Bigfoot...I'll be sure to read about the CIA's campaign against America.

Also, please be sure to mark which publications talk about the CIA spreading crack through urban neighborhoods. That should be especially good reading.

The simplest solution is often the correct one. Stop believing in the Boogyman and direct some of that critical brainpower towards the "exclusive reports".

Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.

More Oliver Stone Ruminations

[Dharma]

Another thought just came to me. In addition to those factors already mentioned (DoS attacks of unprecedented magnitude on multiple targets, all US targets, Clinton Administration just recently calling for increased regulation, etc.) there's another factor lends credence to the "the NSA did it" theory -- wasn't Congress just recently looking into reigning in the NSA in a *big* way with new regs?

What better ammunition to bring to Congress to argue *against* budget cuts and oversight than "Oh look! Hackers are bringing down computers all over the place! We need *more* power and money, not less!"

hmm a lil late o well post anyways on gov funded h

[PacktSwtchd]

just an idea i came up with reading some recent news aobut what the gov is up to on the law front and thought to my self hmm good timing on this "hack attacks" for laws to be pushed throught the house and what not, hell bet the nsa gets more money from all this media to it is an elecetion year after all :) interesting to since clinton didnt go with all the 3 letter agencys with teh whole wire tapping thing.. makes ya wonder huh so take this all with a grain of salt while i get back to schoolwork :) With the recent attacks on such high profile websites as ebay.com, etrade.com, buy.com and several other high profile sites it makes u wonder is the web really secure? Or is something behind this all that has a greater cause I mean anyone who has half a brain can figure out the answer to the first question HELL NO the net isn't secure, does the society know that as a whole? no most people are ignorant to the net and how it all works, hell just the media coverage of this whole event is comical, I have heard such phrases as a team of super hackers to maybe a 15 year old genius is behind this all.. Get real folks this attack was coordinated and planned out which means that it had to be orchestrated by a TEAM of people.. Another interesting point to this whole situation is the fact that no one has come forward to claim responsibility, now this may not seem odd to most but to me it strikes a very, very bad note in my ear, I mean in this age of hacktivsom and web defacements it seems that "hackers" (note sarcasm) are in it for more of an ego boost of there most manly nerdism. ,I mean really if there was a group of hackers out there who were private and had some sort of motive don't u think they would have said by now free Tibet or some bullshit like that? but what do you hear from the underground??? NOT A DMAN THING! everyone is trying to figure out who is behind it all what is their motive? well what I present to you is some what of a I guess u can say a "paranoid", I may not be the most educated person in the world but by sheer correlation some of this stuff IF true is kind of interesting this is by no means a final opinion just a thought I wish to share with the world to further conversation on this topic.. WHAT IF this so called team of hackers was federally sponsored? I mean we all have read about the feds building up cyber terrorism groups for security we all know that there is a HUGE push int the senate and oval office and Langley for more money to be spent on security. Even the larger software companies are lobbying for laws that include such oddities as waving of personal rights of privacy b(by means of remote information gathering and licensing bla bla) wouldn't it be great to get mainstream America on the bandwagon of surveillance on the net. I mean if the mainstream was behind the gov on passing billls that are now very controversial in dealing with personal; info and privacy maybe they could eek by some questionable laws in the name of joe public, hell with the revelation of echelon that just shows that WORLD governments are in on this mindset of the government. I mean think about it if the government WERE to "attack" sites what better attack then DoS attacks? I mean really they cause no harm they don't corrupt data or kill servers all it does is clog the line for a bit yes there is revenue lost but nothing nearly as catastrophic as reformatting a HDD, it is a relatively "safe" attack, but it does garnish media attention image not being able to log on to the worlds largest website for 3 hours!!! OMG the world is going to end what is happening? talk about publicity for those who don't understand the net it must seem like Armageddon I mean relay those super l337 hackers must be skilled, in all reality what better cover I mean in an attack of any sort you don't want to give away your potential to the enemy right? no need to clue them in on your true skill, plus if u use a lame attack u can say its readily available and blame it on any lil "script kiddies" right? so lets go back to the whole gov idea.. if a government was behind this wouldn't u want to attack in a way that would cause little or no damage but garnish as much media hype as possible? and then be able to pin it on Aol like 15 year old script kiddies? I mean what more of a perfect wrap could u develop? and if some how it was traced back to a government in some rare way (very very unlikely cause if a gov was behind it they would be using a private domain) all they had to say was HUH omg this 21 year old sys admin pulled on us bad bad super hacker, when in all actuality an idiot could run a program and click send, I by no means am saying imp an expert here but just merely a person with an opinion and some ideas and a possible view on a problem that has happened.... and hell by me writing and sending this over a wire to the net it will be recorded and sifted thought by some 3 letter agency and possibly flagged for further investigation, u ask how? I respond by saying the governments of the world have allot at stake in this new era of tech and they want more control over the way things function (for sake of national and international security of course) well plse respond to this post with ideas/comments as imp interested in others view points... PacktSwtchd PS (plse take into mind I wrote this up between homework so my thinking process is fried a bit plse email me back if you read this message as i will or can write adn article that diggs deeper into this

damn fed'rl guvmint!

I knew they shouldn't have released Kevin Mitnick!!!

This is obviously...

[CentrX]

...just a Y2K glitch. The only way to fix it is to employ thousands of programmers with obscene salaries. Hurry, CEOs of massive companies, hurry before it hits you!

Chris Hagar

Bill Clinton is a Packet Monkey

[Gothmolly]

The more I read, the more I hear about how Uncle Sam is "going to get involved". I concur with an earlier /. poster who said that the gov't IS the one doing it. Now people will knee-jerk respond and let Congress pass some ridiculous thing like the FCC for the Internet. Go AX.25/PGP, its the only way to be sure.

Re:Bill Clinton is a Packet Monkey

[COMMIERAD]

It wouldn't be the first time---especially in light of the role the 'Net played in the anti-WTO rebellion in Seattle......

What OS is amplifing these attacks?

Has anyone heard what OS is running on the boxes being used to amplify these attacks? Or what security hole is being exploited to trick other machines into amplifying the attack?

Back in December someone discovered a way to get Mac OS 9 machines to amplify a DoS attack. Apple released a patch, but I wonder how many OS 9 customers applied it...

I'm not entirely surprised.

[Bo+Bankson]

I haven't taken the time to read all 550+ topics in this thread, so please forgive me if this has been touched on already, but,... Conspiracy and paranoia theories aside, I think the possibility is there that this DoS attack was perpretated by some dissatified individuals on the internet. At a time where the RIAA and the MPAA are laying the proverbial smack-down all across the virtual board internet-wide, and in a age where there are a lot of unhappy people on the internet, I'm frankly surprised that a wide-scale attack like this hasn't happened sooner. But, on the flip side, the fact that neither Microsoft or AOL have been struck by a DoS attack is puzzling to me at the very least. Furthermore, the attack on the ZD sites and CNN.com does not strike me as a the actions of internet activists, those sites being largely journalism entities. (Although ZDTV was all over this story like a cheap suit last night with "special reports", with a few more special programming things being aired today. Maybe the hackers didn't like the way that ZD handled the story. On a personal note, I thought it was kind of pathetic when Kate on The Screen Savers begged on the show last night for the hackers to stop.) The sites that were hit don't really strike me as "big-name" sites in the sense that it is a political statement, like I said, where is MS, AOL, etoys.com, etc., etc. Yahoo, Amazon, and eBay I understand, but buy.com on its IPO day? e*trade? ZD and CNN? The sites hit seem to be the sites that would get the most *publicity and TV coverage*, which leads me to lend credit that maybe the Government made some kind of list that included two TV channels with huge internet sides to them, a IPO/big online store, and a few of the biggest portals on the web. It's too robotic and planned for my tastes, especially since no-one's taken credit. Anyways, I've rabled enough. I just discovered slashdot a month ago, and this is my first post, so be gentle. Bo Bankson

Re:Revolution+POLLUTION?

>

What a joke kiddie.... No one forces you or anyone else to head over to buy.com or cnn for that matter. Are you angry that CNN just might be taking some insignificant amount of bandwidth away from your dinky homepage?

What do you see the internet as?? A place to break U.S./International Law? Gee, I guess you really aren't respecting "the net".

About your TV comment.... If it were up to people like you we'd still be signing up for BBS's and watching colored text go by.. Get over it kid, the internet is no longer a place for plain text ascii geeks trading the latest code for a patch in Linux.. What a sad state the internet would be, if your vision were true..

As for you not appreciating the world you live in... Hey, guess what? the world changes... Obviously you've refused to change with it... Move on, the internet is moving closer and closer to a visual iconographic medium everyday.. MOVE ON!

-frespch +frespch@mancow.net, frespch@seire.org+

Re:packet monkeys deserve hollow-point enemas

[stoat]

hey, just because i own several guns and have no penis girth to speak of...

DISTRIBUTED.NET client?

I did a tcpdump (confirmed with an ethereal printout) and the damn distributed.net linux client is responsible for these attacks! Apparently, TPTB at distributed.net can direct people running the RC5 cracker clients to execute smurf/SYN/forged ping packets at their whim! ISPs need to filter out source-routed packets and forged addresses at their gateway routers!

"cracker" is the wrong term

[CentrX]

The term "crackers" is the wrong term for the people that are perpetrating these attacks. The word "vandals" (used here) is much more appropriate. These attacks are more like someone going to the mall and boarding the whole place up so no one can get in, rather than a cracker who would go into the mall and break stuff.

Chris Hagar

Legislation <--- here is the key

[spectro]

This is what they want to produce... they create chaos and then come with the solution: more legislation = more control

At Least Mitnik is ok

[Uart]

Just saw the news report on this on ABC, and they hav Kevin Mitnik on to comment. So he did find work that doesn't involve him using computers... i guess most slashdotters were off on this. Now everytime a new MS-Virus is released, or some major site/network is cracked, we are gonna hear from him.

What goes around...

[Halster]

It's poetic justice if you ask me...

These companies jumped onto the internet with a view to selling something, they wanted to mould the net into one big online store, with advertisements left right and center.
They did this with no regard for what the internet actually is (a community) and how it works.

It's not their internet, it's not the governments internet... it's our internet, and the sooner they wake up to that fact the better.
These cracking attempts aren't an "attack", they're a suggestion. A suggestion that they, and other 'e-commerce' sites behave themselves on our internet!

Which is worse DoS attacks, or Spam?

Hackers vs Crackers

[renai42]

Someone had a good point earlier on. How is it possible that so many people across the net get simple terms mixed up?

A cracker is someone who cracks into a computer system, computer software, or destroys data or services. This is a negative thing.

A hacker is simply someone who writes code. I mean, why else would we refer to a quick bit of code that we've just fixed as a "rough hack"?

Get your terms right ppl!!

DoS and all that

[trick-1]

Does any one know that what's happening to these sites is *really* a human initiated DoS.....every one seems to point the finger....or am I just missing some vital information. I have seen very similar behaviour on large networks when the routing breaks and an ensuing packet storm erupts with the routers all trying to update each others routing tables....some protocols are worse than others particularly the likes of OSPF. So if some thing happened to these routers or a new one was configured wrong then all hell could break loose....particularly with large routers.....

BTW: doing a traceroute shows that to get to the US today I go via the opposite end of the country normally traffic goes a different direction ....hmmmmmmm...something is not right.

Trick-1

Army of Me

The Army of Anonymous Cowards supports Packet Monkeys in their ongoing Revolution.

Al Gore can help!

[flats]

"President Clinton said Wednesday the federal government is looking into ways to stop the attacks. "I have asked people who know more about it than I do whether there is anything we can do about it," the president said as he left the White House for a trip to Texas. "

[ http://www.cnn.com/2000/US/02/09/cyber.attacks.fbi / ]

Why doesn't Clinton just consult with Al Gore for help? After all he invented the Internet!

Derek

Re: Revolution? ---Don't Speculate!

[ronfar]

Aaah!

We have no idea what kind of people are behind this or what their actual agenda is. Until they do we shouldn't try to make judgements about:

1. Who They Are

2. Why They're Doing It

Honestly, no one is going to like it if it turns out it was members of an underground cult called "The Fourth Reich" operating out of Austria to celebrate the Freedom Party's victory and crush the United States.

I refuse to own these people until I know who they are. I much prefer people who speculate the NSA is behind it, because that would have a more positive outcome if revealed.

Ok, suppose it turns out the they are all freedom-loving Libertarians who love Lunar: Eternal Blue and have decided to take the battle to "the Man?" All that means is that I've now got to worry about being interrogated by Secret Service agents (since I'd fit the profile) and that eBusiness leaders are not going to have much sympathy for hackers. Oh, and Jack Valenti is sure to mention it in his next Op-Ed Piece about the "strange hacker ideology."

I wouldn't be surprised if this turned out to be entirely different than people's speculations about it, so let's keep the "Vivé Le Revolucion" comments to a minimum until we know what "revolution" we are are supporting, ok?

DoS Worm/Virus

[Troy2000]

How difficult would it be to engineer a worm that sneaks its way into everyones winsock32.dll file and then (one day) starts sending a ridiculous amount of http requests to amazon.com.

Focusing on how it's done?

[jalbro]

It doesn't sound like we ARE focusing on how it was done. I haven't seen many really lucid converstations on these issues.

I've been reading many articles today, as well as listening to the radio. All I can tell is that it is a distrubited attack, and it SOUNDS like normal http requests were used.

I have several questions:

Were the IP's spoofed? I suspect they were, to make filtering harder. (However, that does require root access.)

Were full port 80 requests made? What about half-open SYNs? Was only the main page pounded on, or was the attack across the web site?

Did administrators of other systems try to track down their boxes if they were used in the attack?

What's really going on here?

-Jeff

The real perpetrator?

[CDanek]

You guys sure these sites aren't just being slashdotted a bit harder than normal? :]

Revise my statements

[mrgoat]

You are, of course, correct about the statements on Bugtraq and CERT - but I was mostly commenting on the AMOUNT of those posts. I also agree with your statement that there must be more than 50 servers out there that are compromised if the attack is a Trinoo variant. The attacks have been reported as coming from real world addresses, no spoofing. This means that it is very likely that these attackers have clients on 50+ servers - and would then have to switch at some point (well, if they really wanted to avoid detection).

Most of my earlier comments I stand by (specifically about vendors and bugs), but there have been updates with NANOG that have been very interesting, and may point to an actual concerted effort starting with Yahoo (sources were verified, some other ISPs admitted to seeing some strange events at the same time period). However, almost all of it is speculation still.

The comments I saw posted dealt with the estimated capabilities of the people involved, and how one might prevent his/her own network from participating in an attack. There is still no cure for proactively preventing a DDoS if you are the victim, AFAIK.

Pirates With Attitude (PWA)?

That's exactly what myself and my friends have been saying. Get a little revenge and keep the members of the fed that would be tracking your ass busy while you cover your tracks....

More conspiracy evidence

[wurzle]

Here is a quote from the latest update on cnn that struck me as strange:

"The FBI may well be taking a proactive approach now. ZDNet confirmed to CNN that the FBI contacted the company before it knew it was being hit and has begun to investigate."

The FBI is contacting sites before they are even being hit with DoS attacks, and then the DoS attack shows up shortly afterwards? Hmmm....

alt.warlords

YHBT HTH HAND

hehe

[MrFreeze22]

what a statement

Maybe this is late but...

Well, here is my experience with fighting packet warriors. (Thats what they call themselves).

Get on efnet and visit #shells, trade some warez/porn for a good list of about 200 shells... log in, run a script which does nothing but UDP scan a host, and boom they are down. I have seen T3 links go down this way, even tho the firewall was droping all icmp and udp packets. People do not realize how little it takes to nab a site, its easy, its easy, it takes no challange at all.

Out of all the instances, we have only busted one guy, thats because he sent some threatning emails to our client before attacking, started our own investigation, and found other damages he had done to other sites.

Another thing thats extreamly true, and has been since the internet gained in popularity, most attacks originate from .edu sites. Kids have T3 access in their dorms, not to mention that kids physicaly at the major servers can get their own shells and hand them out to people for favors (kiddie porn usualy :/).

Its a matter of time before a group of kids get together and exploit thousands of machines, and run a DoS covering the entire network, it would be no challange to do at all, and they could leave the attack running indefiently, untill each server running the "script" could be tracked down. Thats one mammoth task.

How can you protect yourself? You can't really, its not a matter of rerouting traffic, or using a firewall. Unless you have 1000 T3s from different points in the net, your in trouble. There are some good services out there that will allow your site to be run on many sites across the net, which would make it more difficult for your web site to be taken down.

Also, its good to have a dialup network account to somehwere in the net, alot of times when networks are under attack, they can't do anything at all, they can't even run a whois query to call network admins. If you dont have a backroute to the net, you might as well be dead.

Sorry I post as Anonymous Coward, but my privacy is important considering the active cases we are involved in, I would like to give out more info and I will when these are finished.

Time bombs, not drones

The problem, from what I've been told, is that the clients are time bombs, not drones. They're pre-targetted and timed to go off at a set date, not remotely controlled from some location. There is no controlling to intercept.

Information from someone who's generally reasonably well informed, though I haven't confirmed it myself.

Economic motive?

Don't forget the possibility of an economic motive. I'd start looking for not-very-talented geeks who have recently purchased a lot of put options on E-Commerce stocks. The way those stocks have been moving recently, puts would be way down. Anything that threatens the sector, however briefly, might cause a very noticeable upward movement in some previously worthless puts.

(funny) Excellent Idea!

[NiggaPet]

Excellent idea, i have a system i like to call a Network Address Dealing System (NADS) which is much like GRITS, and i have designed another system with a league of my friends called the Collective Undermining of Packets (CUP). These attacks with the Network Adressing Translation System(NADS) must be stopped.
I beleive, that with the GRITS/NADS comfortably held in the PANTS with a CUP, we wont have to worry about any more kicks in the NADS.

oops

[NiggaPet]

What i meant was instead of Netwoek adressing translation system was, network undermind translation system, (NUTS)

Slashdot?

Okay Kids,

About an hour ago (7:00 PM CST)I had the urge to check Slashdot, but to no avail: Slashdot was not responding. I decided to ping our beloved Slashdot and she did respond to my pings. I decided to try connecting to Slashdot again: it was still down. Shit. So, just on a whim I tried connection to port 8080 instead of the default 80. Lo and behold, I connect, but what I see is an old edition of Slashdot from January 3, 2000.

So now, an hour later, Slashdot seems to be back up. I have no idea if this has anything to do with the recent Yahoo, et cetera DoS attacks, but I thought it would be worth noting if it is.

Ta, Alec C.

hard work? whatever it takes

[peterw]

Yeah, finding the attackers will take some hard work. But hard work is what's needed to solve this problem.

what about investors?

[loc]

well, i for one hope that they nail the sob's. this is also effecting the investors. as some of you know, buy.com was hit when they ipo-ed.

Re:Packet Monkey's Revenge

Running a Sun RPC? Read this, go there, get that.

TRINOO/Tribal Flood Net/TFN2K

During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO and Tribe Flood Network (or TFN or TFN2K), and have been reported on many systems. The NIPC and FedCIRC are highly concerned about the scale and significance of these reports, for the following reasons:

Many of the victims have high bandwidth Internet connections, representing a possibly significant threat to Internet traffic. The technical vulnerabilities used to install these denial of service tools are widespread, well-known and readily accessible on most networked systems throughout the Internet. The tools appear to be undergoing active development, testing and deployment on the Internet. The activity often stops once system owners start filtering for TRINOO/TFN and related activity.

Possible motives for this malicious activity could include exploit demonstration, exploration and reconnaissance or preparation for widespread denial of service attacks.

FedCIRC and NIPC requests that all computer network owners and organizations examine their systems for evidence of these distributed denial of service (DDOS) tools, (specific technical instructions are available from CERT-CC, SANS, NIPC, or other sources).

The NIPC has made a software application available that can be used to detect the presence of these DDOS tools. This application is available on both the NIPC and FedCIRC websites.

Attack the right targets

How about these people attacking something worthwhile. Here's a good place to get a multitude of urls for your attacking pleasure: http://stop-the-hate.org/neo-nazi.html

"Hackers" are no big deal

[forensic]

Go ahead and freak out about the recent DDoS attacks. However, a few of us are aware that backbone providers have figured it out.

Was it Mitnick?(So what if he can't touch a phone)

[rob_from_ca]

Oh really. Like Mr. Mitnick needs access to a computer to hack or DOS a site. While he was in prison, he worked on hacking systems by sheer force of will. He could have escaped long ago, but chose not to, as that would reveal his secret. Now he is free to attack systems at will using his incredible stockpile of mental energy, all while escaping suspiscion because he "doesn't have access to a phone." He's using the DOS attacks as an experiment. He's perfecting his new style of hacking, "Jeet Kune DOS", loosely translated as "Way of the Intercepting Packet". He's fled persecution, and now he's going to open schools and teach others this way, much to the chagrin of the hacker elders... then he's going to go on to make the first really good hacker movies in hollywood. Wait...mabye that's someone else's life story...sorry.

Burst the Bubble

who's making the money on the net and how?
and what kind of productivity makes yahoo, amazon
et.al. so rich, my friends of free software?

nothing new: the money earned by the big ones
is taken from possible profits of the small ones.
the drawback: giants make a bigger splash if
they fall when someone hit their weak points.
also the e-economy is based on trust. and
the overamplification of fear and desire
can overlap into a nice mass hysteria of
stock brokers.

currently the shopping mall effect expands
exponentially in the e-economy and overvalued
internet stocks risk to lead the world into
an economic crisis - out of simple greed.

what can make people stop to throw their
money into this black hole and invest into
something smarter? like solar cell industry
etc. who makes us net-workaholics and
would-be-millionaires wake up and see that
there is a whole world outside
which suffers from this stock frenzy?

those packet monkeys are maybe of the same type of
people who were reclaiming the streets in seattle.
they are now reclaiming the net. they might be
beginners or not 100% approved geeks, but
this doesn't make their actions less effective.

in soccer they say if you shoot a goal you
shoot a goal.

this is political activism on the height of
its times, and not the kind of adolescent and
oedipal sport against 'government' what the
usual type neolibertarian hackers are into.

this is the real net. this is real conflict.
who calls it digital devide and then calls for
more cyberpolice works into the hands of
a new type of friendly cyberfacscism, e.g.
technocratic and corporate world government.

others might be happy to watch the NASDAQ go
down when the real y2k frenzy starts.

respect.

(& greetings from berlin)

DoS Attacks .. I wonder....

[DrMyke]

I wonder if the as of late DoS attacks has anything to do with the goverments Anti-DVD copying campaign. This is just a thought. Seems like the attacks are happening so close to so many sites going down because of this.

Dammit

[root:DavidOgg]

Who else thinks its the government trying to get us to think we "need" more laws?

Could it be Microsoft?

[mjuarez]

Just imagine this. Everyone's thinking that maybe some hackers looking for fame or some highly trained academics are responsible for this, while there are those that think that it's some commercial techkids or some government agency that started all this, because they wouldn't want publicity, and that's why we haven't seen someone holding responsible for this.... but let's take that idea a little bit further.

Let's imagine that Microsoft hid a bug in it's Windows95, Windows98 and Windows NT code? (Bug: By definition, a feature that cannot be turned off). It may have been on purpose, or maybe not. Whatever the case, can you imagine 50 million Windows boxes, each sending a single ping request to yahoo, ebay, etc? I know it sounds a bit farfetched, but so far nobody has come up with any ideas, there's no "big" source of traffic. So, maybe it's because there isn't one at all. It's just 50 million boxes connected to the Internet, most via dialup, sending a single ping request, once a minute, for three hours. Suddenly, all the pieces of the puzzle fall into place.

What do you think?

Hackers vs. Crackers?

[antdude]

I heard it was wrong for the media to say hackers in this DoS incident. Is this true? One of my friends said it was supposed to be crackers, not hackers. Other friends say hackers.

I am so confused! Any opinions? Thanks! :)