Slashdot Mirror
More DoS Attacks: CNN, Amazon, eBay, Buy.com...
gatech writes "After hitting Yahoo yesterday those crackers set their sights on several more sites including CNN.com, Amazon.com, and eBay.com. Here is the story at ABCNews.com."
Comment: 02/08 23:26 by michael : So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.
Packet Monkeys, Script Kiddies.. are all the scourge of the Internet.. yeesh.. groups that do nothing but DoS people.. thats something to call home about.
--
Insert Witty Sig Here
What if the attacks were aimed at the root name servers? Having most if not all of DNS severely impacted would really suck.
How about altavista? No response as of 22:25 CST.
And what about Yahoo today? Their site has been dog slow all day long, with mail unavailable for several hours.
If tits were wings it'd be flying around.
To take down a site that serves as much as yahoo.com does, you'd have to have a VERY heafty attack... I'm thinking that it will be fairly obvious from where the attacks were originating. access logs anyone?
Last time I checked, most everyone who knows enough to do a distributed attack had a static IP and just the right amout lacking in knowledge to get caught...
It's hard enough for one man to keep a secret, so how do you suppose dozens could?
Filtering spoofed packets involves setting up a few simple rules on your router. Maybe some legislation to require ISPs to do this in the US and other countries is in order.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Adobe's main webservers and product registration have been unreachable
since about 9:30 ET, at least that's how it looks from here.
The packet storms continue... :[
LaoK
What's the point of this? Its lamer then a web page crack, these people don't even get there names on the page.
I mean, anyone can do this, its not like it takes any talent or anything. Basicaly it's like saying "were to lame to crack this site, so were going to DoS it".
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
What is the point of this?? What are they getting out of it? It's not like taking money from an online bank, at least then they get something. This is just pointless!
People need to be more security conscious about their systems. I'm going to go nmap scan my box a few times to find out if any of these distributed attack nodes found its way on it. Please be careful and make sure that this can't happen on your machines.
CmdrChalupa (who can't figure out how to change his sig exactly)
CmdrChalupa, who finally changed his sig (drop -FlogSpammersNow- for my real address)
The thing that worries me is the fact that so many are happpening. I doubt they where all planned by the same group, but that the 5 later DoS attack where instead copy cat crimes. Readers at Slashdot themselves said that crimes against the sites like the latter ones attacked would be easier than the "yahoo job"
--
Hephaestus_Lee
"[Y]our wise men don't know how it feels to be thick as a brick." -- Ian Anderson
Well, the bad news is, it is much worse than just those sites. Due to employment issues and such, I will say this. I know of four other people at different companies, three of which are on our backbone provider who got DoS'd. More companies will be admiting it in the next few days, but it is bad, real bad. -PP
Could this be related to that trinoo program that was unearthed a few weeks ago? Or is this completely unrelated?
You should be flamebait!
Number one your not first and number two, stick to the topic!
Oh and by the way...
"Your village called their idiot is missing"
-Trout
an interesting discussion was recently held on packetstorm: http://packetstorm.securify.com/pap ers/contest/ ... read them.
jose nazario jose@biocserver.cwru.edu
Perhaps the most disturbing thing about these attacks is that they still don't know who did it.
I may be wrong, but it seems that usually when we see a high-profile media 'hacker' story, it's about some website that was cracked, and some script-kiddie who left behind graffiti. Or, in recent cases, people who wanted money. But, with these latest rounds of extremely-effective DoS attacks, nobody's stepped forward. It's bad enough that this sort of thing is happening, but it's perhaps even worse that we dont even know why.
-Denor
If you carry the DOS attacks out to an extreme and imagine a virus that could replicate through email or what-not and at a pre-programmed date/time automatically start bombing numerous major sites it would effectively cripple the web because of the amount of bandwith involved.
Does IPv6 support a "pass-back" of telling the source-root router to no longer forward packets from a given IP ?? Is there any possible extensions that are planned / or could be implemented to circumvent this type of scenario?
There's a gorilla from Manilla whose a fella that stinks of vanilla and has salmonella.
While it might have taken a large combined swat to keep Amazon or CNN or Yahoo down, you've gotta wonder if eBay wasn't just down of its own accord.
Besides, making eBay go down wouldn't have been much of a challange. Don't know why they bothered.
Hi, After getting interupted from a game of AOE...I noticed that www.zone.com wasnt responding..nor was microsoft.com..nor ibm.com...nor novell.com. ok big deal so I kicked the network cable.... not so: traceroutes to these sites show that packets are getting close but then stopping: traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets 15 * icpmscomc7501-a0-00-1.cp.msft.net (207.46.129.3) 176.680 ms * 30 * * * the other sites stop at different routers btw. 3:37~> ping www.sun.com www.sun.com is alive 3:37~> ping www.microsoft.com no answer from microsoft.com earlier on www.zone.com wasnt resolving at all either. connections to european sites still seem ok though bit wierd..or perhaps Im just tired :) Cheers al
The news report I read on Yahoo (or was it CNet?) just before it also went down said that the FBI had narrowed "it" down to 50 potential web addresses.
Make the bad man stop.
(yes I know what the preview button is for!)
:)
Hi,
After getting interupted from a game of AOE...I noticed that www.zone.com wasnt responding..nor was microsoft.com..nor ibm.com...nor novell.com.
ok big deal so I kicked the network cable....
not so:
traceroutes to these sites show that packets are getting close but then stopping:
traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets
15 * icpmscomc7501-a0-00-1.cp.msft.net (207.46.129.3) 176.680 ms *
30 * * *
the other sites stop at different routers btw.
3:37~> ping www.sun.com
www.sun.com is alive
3:37~> ping www.microsoft.com
no answer from microsoft.com
earlier on www.zone.com wasnt resolving at all either.
connections to european sites still seem ok though
bit wierd..or perhaps Im just tired
Cheers
al
Where AOL's network model (i.e., private not public) provides a better security model for corporate web site. More spam, but DoS?
What if we could DoS NBC every time they knowingly aired a false, misleading story?
What if we could DoS USA Today every time they printed more anti-gun propaganda disguised as news?
The Web is not yet completely controlled. Good. I'll put up with no eBay for a couple of hours simply to preserve the last vestiges of the Net as we knew it once upon a time.
May I remind you, nobody ever DoSes metalab, or gnu.org, or any of those places which are true cornerstones of the Internet. Yahoo? eBay? Amazon?
Fuck 'em.
Carefree highway, let me slip away on you.
You know, I checked out CmdrTaco's web site. Do you think he would be interested in illustrating fat-time for me?!
That wouldn't prevent attackers from within those networks from spoofing out, but it would encourage ISP owners to double-check their routing configuration.
--
The shareholder is always right.
The only logical reason for these attacks that I can see is that they'll temporarily lower the stock price of the corporations who own the sites which were taken down. The stock market was car bombed in Venezuela once by people shorting the stocks to make some quick guaranteed gains.
A clue to the attackers in this case would be to find who had very leveraged short term shorts in these companies at this time. This attack would only be financially worth it if you had say on the order of 10,000 shares short, so it should be noticable in stock transaction records.
The net in general including slashdot has felt slow in the last few hours, has the internet in general been caught in the crossfire?
basically, the hackers scan large groups of IP addresses looking for known vulnerabilities. The goal here is to get root on a few hundred systems, or more. It doesn't matter if they have nothing of value on them. On each of these systems, they install a copy of their client. They can then wait as long as they want before moving onto the actual DOS attack. When they're ready, they use a "master" program to initiate the attack from all the hundreds of clients. Big attack, very hard to stop.
Dozens of PEOPLE don't need to keep the secret. Dozens of COMPUTERS do. And 1 person.
I have to say that as an engineer at a large firm, I've logged quite a number of hours researching ways to sucessfully defend our technology against such attacks. It seems that as technology proliferates, and the Internet becomes a global interchange, things like this will increase exponentially. This is not good for eBusiness, as it leads to increased government regulation.
/.
Last month I got with an old college roommate of mine (Hi Jimbo!) who now works at a major hardware powerhouse, and we threw ideas around that may help combat the problem of crackers and l33ts nailing systems to the wall. I suppose this is as good a place as any to publicly gather feedback.
Our first idea was for a "safety net" of sorts, gathering IPS and validating DNS, packet info, etc before return transmitting data. The system, the Gathering, Researching, Intelligent Transport System (GRITS) could theoretically decrease the DoS attack exponentially.
One problem we found with GRITS was its effect on servers running Apache. We dubbed the problem the Nailing Apache Transport Access Line Interface Expansion, or NATALIE. It seems that GRITS petrified the NATALIE port, man.
Our next theory was pretty clever, if I do say so myself. Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative. So to counter DoS, we developed the Transit Rerouting Of Low-Level Systems, or TROLLS. TROLLS worked well, as not only did it prevent GRITS from petrifying the NATALIE port, man, but it eliminated cracker attacks.
I hope this helps. I am always glad to assist fellow engineers here on good old
General Chalupa
ebay - up 3
amazon - up 8
yahoo - up 19
What if you did this the day BEFORE your IPO?
- - - -
You don't even need to root the boxes to do this (user space compromise is enough). Spoofing packets is beside the point.
--Seen
"I used to be a dilettante. Then I thought I'd try something else for a while."
I came across these in logs for the first time that I can remember (and that's 3 years on PSU residence hall net and @home cable, tons of shady stuff on both all the time) ...what is the running theory? Some massive distributed attack? A worm with a really neat payload? Is it more likely that 40 elite bastards are wrecking havoc, or that 400 lame MCSE holding iis admins are compromised and still don't know it? Also are we missing something...Is it possible they aren't taking out each of these arbitrary sites and instead laying the smacketh down on above.net, uunet, etc.? Maybe someone has found a way to make some important routers totally shit the bed. kernel: 209.232.131.28 sent an invalid ICMP error to a broadcast.
Um... I can load SGI fine maybe it's just you?
I can't find the slides from the lecture... They were good all about smurf/dos attacks etc..
http://web.mit.edu/afs/net.mit.edu/mit/jis/jis.htm l
Maybe the DoS guys are upset with the direction the WWW has taken. I am.
Well, I've noticed that a lot of smaller sites are nearly impossible to get to as well as the big ones. The worst part about this is that:
1) The media gets a new excuse to talk about the evil "hackers"
2) It doesn't take a "hacker" to do this type of stuff
3) This will give the government and government agencies new excuses to try and exert further control over the Internet's infrastructural development
I think we are all better off if we try to make e-commerce work. If people sabatoge the big internet companies, no one will get to play with the Internet (exaggeration, but you know what I mean). God, I remember 8 years ago, going on the net using a 2400 baud modem. Back then, you could never expect to get around the net consistently. Now we expect everything to always be available. I just realized how spoiled I've become...heh
Mr. Eff
Z?
What fun is it being cool if you can't wear a sombrero? - Hobbes
fame and attention is the ultimate goal of a hacker. the idea of seeing something they triggered by pressing a key in telnet end up on CNN must be quite a motivator.
It also appears that UUnet is taking some heavy hits..... the routing table is like a bowl of spagetti noodles right now..... i'm on my backup accound through another provider right now.... i can't get a ping under about 10 min on UUnet.
"If we are unwilling to be aware of the dark, we cannot see the light" -- John Cowan
--- Slashdot, where troll day is EVERYDAY!!!!
Those responsible seem to be making the rounds of high volume/high profile sites. How long before Slashdot becomes a target? Rob, are you ready?
Once the dust settles it will be interesting to see who all of the victims were. Whatever pattern there is will probably be deliberately misleading.
-- "Never underestimate the power of human stupidity." - R.A.H.
Well, at least I hope that's the motive, because otherwise it's really freakin' pointless....
I was watching ZDTV just a few seconds ago and realized something: even the technically "savvy" news people seem to be confused. They said "denial of service attacks have been around for years, but the tools to do distributed denial of service attacks have only come around in the last 6 months or so." This just nags at me. I seem to remember this (first?) distributed denial of service attack: smurf.
This probably is a little different from what people are theorizing, but it works essentially the same way (or even better). Basically the perpetrator sends out a few spoofed ICMP packets with the victim's IP as the source address. These packets have subnets as their destination, so theoretically thousands of machines reply to these false ICMP packets towards an unwitting victim while the perpetrator only sent maybe a few packets.
-- adraken
As of 22:38 CST. Unreachable include:
www.ibm.com
www.microsoft.com
www.foxnews.com
www.nydailynews.com
www.mtv.com (no big loss)
www.cnn.com
We are talking some massive computing to take down so many big sites! If someone is out to prove a point - I cannot wait to hear what it is. Are we soon to see ransom demands? Give if $$$ or we'll guarantee your site will be dead for 2 weeks? Sigh...
So now that VAndover owns Slashdot, let's see if their servers are as good as they claim: Challenge these guys to DoS /.
Think about it - if all these sites go down because of the slashdot effect, then all the people visiting them must have visited slashdot first. If the servers can hold this kinda load, what's another one or two billion more pages served per minute gonna do?
Heck, I'd be surprised if slashdot can keep getting slower at this pace much longer - it gets worse by the day.
Even better - let's sic 'em against the MPAA site. Or Amazon-the-patent-bully, or Microsoft. Or better yet, point them all at John Katz' home computer and maybe it'll stay down long enough that we can get some peace and quiet around here.
-- Imagine how much more advanced our technology would be if we had eight fingers per hand.
What precautions has Slashdot taken to protect itself from attacks, and keep us informed on the bleding edge geek news?
--
Hephaestus_Lee
"[Y]our wise men don't know how it feels to be thick as a brick." -- Ian Anderson
Although I don't really trust the gov't at all, the whole "conspiracy" theory seems to be a pretty
big leap.
Should slashdot really be getting this far into speculation?
Wasn't today supposed to be a troll parade day?
Looks like they're sick of being unappreciated.
shh Hey JohnKatz whats your karma bout know -10 anyway... These could have been routers copycats or the same people being for a lack of a better term dumb. And should stop before they really get into a mess. "imap -O (a NT box ip), Difficulty:2 (Trivial Joke)
What are you displeased with? It seems to have everything. Sure, you may not like the capitalization of it all, but there are still tons of sites that are like the good ol' days...
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
Damn!!!
I've spoken out against the brainless JDs currently known as "Script Kiddies" (known a generation ago as "vandals") on numerous occasions. I've also spoken out repeately against the bloodthirsty commercialisation of the web (and by extension, the whole 'net).
Now the vandals are attacking the bloodthirsty marketers, and using the most non-damaging method they can. More than that, they're doing it in an organised and persistent manner, from the looks of it. This is the equivalent of a blockade--a formal, organised protest. Not throwing rocks through windows so much as linking arms in front of a police line.
For the past year, I've been saying that a massive revolution was in the works (echoing my beliefs of 15 years ago, when as a high school student, I belived I'd see the next social revolution in my time).
I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.
I kid you not, folks. There is a slight (ever so slight) chance that last night, with the crippling of Yahoo, we witnessed the very beginning of history's next social revolution.
Of course, this could all blow over in three days, when the MPAA announces that they own Sony, as well Microsoft, Netscape/AOL, and Time-Warner. I could be entirely full of shit here.
But, the fact still stands. We _will_ see a real revolution in our day, and it will probably start right here, online.
Hold onto your hats kiddies. It's going to be a bumpy ride.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
After reading the original /. posting that Yahoo was taken offline, I think most /. users must be checking to make sure all they're websites are still working. This massive group traffic is clearly what's responsible for the order of magnitude increase in traffic to these sites. We better hope the FBI doesn't come knocking on Rob's door. He is organizing all this right?
- - - -
www.microsoft.com doesn't respond to ping requests. Probably to protect against ping flood DoS attacks.
No-one has come forward to claim the attacks, and seeing as they haven't so far, I don't actually think it at all likely that anyone will until the DoS police actually catch them. When you think about it, what kind of motive is there for this kind of attack? You don't really stand any sort of chance of making any money unless you're in a very specialised situation, like in direct competition with Yahoo, which I doubt many people are, and you're costing yourself a lot of bother with coordinating the distributed attacks.
It might be the situation where a disenchanted group of teens is trying to gain the world's attention, but that begs the question - can any disenchanted group of teens shut down the world's most powerful and stable web portal whenever they feel like?
Normally hacker's codes of ethics, though unwritten, dictate that simply shutting something down is no fun - much more fun to graffiti when you can, deface, grab secure data. However in this case nothing like that has happened.
I know two things - that there has to be some strange motive, and that whoever it is, I have confidence that /. will find out first :-)
And I too, ask the question - is /. next?
Digital Philosopher. Looking for work.
It seems UCLA also suffered a DoS attack and has shut off ICMP responses. I just got this notice:
> Sent: Tuesday, February 08, 2000 10:14 AM
> Subject: Campus Wide ICMP Denial-of-Service Attack
>
> Department NC's and/or Network Contacts,
>
> Currently UCLA is experiencing a campus wide ICMP denial-of-service attack
> which has saturated our DS3 Internet connection. In order to circumvent
> this problem, CTS has disabled ICMP responses on the UCLA Internet router.
>
> --
> UCLA
> Communications Technology Services - Systems Operations
> Network Operations Center
A very interesting question is whether these attacks were simultaneous or discrete. Is a single malicious cracker moving their single target IP from place to place just for fun? An hour at ebay, an hour at Amazon, 2 hours at buy.com, etc. can cause a lot of havoc that is impossible to miss, but does not actually require any more resources than the initial yahoo attack took.
I've been unable to reach The Hunger Site today until just a few minutes ago. Were they among the victims?
And the brethren went away edified.
Check out CNN's report about the second wave of major DoS attacks at >http://cnnfn.com/2000/02/08/technology/ yahoo/</a>
--
Hephaestus_Lee
"[Y]our wise men don't know how it feels to be thick as a brick." -- Ian Anderson
Slashdot is down so much and when it is up it is dog slow. It DoSes it's self.
adforce seems to have been taken out all day.... and since a bunch of sites reference adforce or doubleclick in their banners, they are effectively dead. banners usually appear at the top of the page, they fail to load and people don't bother to wait for the rest of the page.
Whether or not this outage is caused by script kiddies or government conspiracies we may never know, but whatever the case it seems that some good may come out of it. As of 11:50 EST Microsoft's entire webserver appears severly handicapped. While still "online" the vast majority of http requests appear to be rejected while those that do get through return very limmited content.
In case you don't know, CALEA is the "Communications Access to Law Enforcement Act" they got passed in '94. It requires that all manufacturers of telecommunications equipment (does that include Cisco?) make their products "Wiretap Ready." Wiretap Ready means the equipment must be able to provide plaintext for 1% of the maximum call/connection capacity at the whim of the FBI (subject to "Lawful Authorization" of course). Despite the act being passed, it was never funded (the Gov't is supposed to foot the bill for all the wiretaps). The newly proposed budget is going to fund this act.
Be afraid, be very afraid.
Dr. Burris T. Ewell
Anyone realize all this traffic doesn't affect just those sites... but routers that legit traffic is flowing through? Has anyone seen the InternetTrafficReport so bad?_ chartpage.pl?NorthAmerica
# distributed
http://www.internettrafficreport.com/cgi-bin/tr
As of now (11:53PM EST) Fddi0.AR1.CHI1.Alter.Net has a rating of 11 (!?!?!) and numerous routers have packet loss of up to 40%! That's insane!
The Internet may be able to survive a nuclear attack.. but if things keep like they're going we won't be able to survive the DoS kiddie wars of 2000.
Also, incase anyone missed it.. CERT announced the distributed DoS attack TWO MONTHS ago!
If you're unfamiliar with what the DoS is, want more info, and also they're updating it as these attacks are happening, visit: http://www.cert.org/current/current_activity.html
May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
I wonder if this is the same attacker. If so, are they targetting the UUnet backbone or is UUnet just getting bogged down by the attacks themselves and people hitting reload on their favorite sites until they come up?
--
The shareholder is always right.
"Moo hoo ha ha ha ha!!!"
More and more web sites are getting hit. Even Microsoft.com is getting nailed. (oh no!)
How about the following scenario? The attacker is utilizing a wider and wider base of computers from which to launch his distributed DoS attack? Are there any ways to get root on a system after launching a DoS attack? A buffer overflow or something?
If there were, the attacker could be using an ever-widening group of computers from which to launch the attacks.
Actually this seems unlikely. Considering the wide number of problems on the net right now (can't get to anything reliably on the west coast from the east coast), maybe it's more of a router problem.
In any case, if they start hitting your site, good luck.
I am not a lawyer.
More sophisticated DoS attacks are going to be harder to stop...
The core technologies of the Net were never designed with security in mind. Will we see very different core technologies in five years?
-- Support Ometz le-Serev.
We don't need criminal laws saying ISPs must do the appropriate filtering. What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked. If I were to have a cache of weapons left lying around my backyard and someone were to hop my low fence, steal one, and kill someone with it, you can be sure that there'd be a civil action (properly) initiated against me. Leaving your network available to others to exploit and cause mayhem isn't readily distinguished.
Either get a legislature to enact new tort legislation or get some enterprising judges to extend the common law. Either way, you won't need an overseeing regulatory agency. Ronald Dworkin would approve, I suspect.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
As distributed IDS detection software matures, I think most sites and perhaps their hosting ISPs will work together to implement such systems, thus rendering most script-kiddie DOS attacks powerless or at least short-lived. Comments?
-- Fnord.
I had something to add about how this attack may have been done during the Yahoo! discussion, but it came too late to be read by many people.
http://slashdot.org/co mments.pl?sid=00/02/08/1338245&cid=484
imap? don't you mean nmap?, i think imap has something to do with EMAIL.
I can't seem to get to AMD as well.
I think they're getting hit also.
The Tick - "Spoon!"
"Bah!" - Dogbert
I can't seem to get to AMD as well.
I think they're getting hit also.
The Tick - "Spoon!"
"Bah!" - Dogbert
It is bad for the Geek community
Here what they say:
"During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems....
Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks."
Here is the site:
http://www.fbi.gov/nipc/trinoo.htm
Enjoy,
-ben
www.exocortex.org
i remember a story a while back about using macOS 9 as a kind of a smurf-style bcast (or something). is it possible that someone actully found a way to effectively use the nets collection of flovornamed computers as a *real* DoS tool ?
or if not, maybe there is some new ultra-ewreet DoS thats someone found and is now exploiting. its been a while since a new type of DoS has been implemented. smurf was the last breakthrough afaik.
or maybe bill gates finally went insane and got packet-happy
Cheese, damnit!
This attack is not totally surprising (yeah I'm great at hindsight) and as is pointed out in many of the articles about it there have been many smaller scale attacks recently, the only reason this one is making the news is because it's ramped up to inconvenience lots of people at the same time - so, the powers that be were probably dissatisfied with the small attacks already and thus were looking for more control over our distributed, liberatory, co-operative etc. network.
If anything this shoes the incompatibility between a shared resource that relies on co-operative behaviour from its participants and the need for control and security that business has.
This is just the final stage of the net being fucked by commercialism - they need control and oversight. The net is turning into something new, something controlled by people with very different aspirations, people who only want to make money, people who can't afford this sort of thing.
Now, I realize that this was a distributed attack here. But I have to wonder if it's possible to track the source of something like this by watching where the first shots are fired from, and which Tier I ISPs and MegaPOPs (as an example) experience "odd" traffic patterns. Is it a distributed attack from Europe? Russia? Millions of compromised/trojaned and unsuspecting Windows users? What about spoofed IPs?
Okay, enough speculation. I don't even know exactly what kind of attack this was. Perhaps spoofing wouldn't work -- or perhaps it worked because of spoofing...
Ah, the joys of lax security and a cable modem (or xDSL!)
Ever notice that MCSEs advertise the fact, but Sun & Novell certified people don't?
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
"To counter FUD or not to counter FUD, that is the question. Wether it is nobeler in the mind to suvver the slings and arrows of increased NSA funding and wiretapping, or to take arms against a see of NSA anti-hacker FUD and by opposing end them."
Seriously, why is no one talking about the update which proposes that this is an NSA stunt to increase their power and funding. I know people don't want to talk about conspiracy theories, but there is a really good reason to take action: The NSA will use this to their advantage even if it were to turn out to be just a network hickup, so we should lauch a premptive strike and tell all the news people that there is a good chance the NSA is behind this. It would mean a FUD attack against the NSA, but it may be warented since they are about to do it to us. I would like to hear some other people's views before Istart calling the more fringe libratarian talk show hosts in my area.
Jeff
BTW> it is possible that this is MS's fault, i.e. remember the WebTV thing?
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I found out that MS blocked all this while I was on the Win2k beta program......its all been implimented already for the protection of their network. (Yes, I occassionally did bother to read their newsgroups....amazing huh?)
www.atacomm.com - The Leader in VoIP Product Distributi
Kev gets free from jail and all hell breaks loose... Think the Feds are checking into his whereabouts?
Kidding of course. We all know this is not his style... and most likely (99.9999%)involves more than one person.
And now for something completely goofy: Someone posted a highly moderated comment in "Forum: The Yahoo Denial of Service" chastising the goons behind the attack for the fascist response it will surely elicit from Big Brother. (Here's the goofy paranoid part) what if these attacks are BY Big Brother? What better way to "prove" a need for all the taps and backdoors they want?
Think about it: Who else benefits from such a stupid, pointless attack? (Other than firewall and ID consultants/vendors I mean.)
License: By reading this you are agreeing that you agree with me.
Guess what, they all are accessable and they all loaded faster than slashdot. So, where is this story coming from?
I think the most reasonable solution to this problem is obvious to everyone at this point.
First, we must acquire thousands upon thousands of large crowbars. Second, we need to go door to door clubbing people in the knees with our crowbars, stealing their computers, and investigating the contents of these systems. Once the perpetrator has been located, we must force him/her to endure hundreds of hours of horrible, unlubricated goat sex. Yes, goat sex. I believe this is the only rational way to get rid of these awful "script kiddies."
First we started to track down open SMTP relays. Now we need to hunt down underprotected routers.
Are the high-profile victims doing that? Where's the evidence?
... or else this is the stupidest group of revolutionaries around.
:) leave it alone.
I mean come on... attacking Yahoo? A place that catalogs information? and CNN? An information source? The Internet is about information, why would anyone who knows that attack places that distribute bood information for free?
At least if they would have attacked AOL it could be because of the stupidity of AOLers (though they're not as bad anymore). Or they could have attacked a known spam ridden network. Heck, how about attacking MPAA online and websites of governments who are net unfriendly?
Their choices of targets are very stupid, appearantly aiming for the biggest publicity bang they can think of. This isn't a revolution, just a media stunt by a bunch of kiddies.
Oh and as for eBay... cheep computer parts
~Chris
I am one of those semi oldschool folks. I've been on the net since '94 and I really dislike the commercialization of it. I miss the good old days when the internet was a playground and nothing seriously bad ever happened. Server down? oh well, nothing really important on it anyways. The internet used to be all about having fun, now it's about making money. I honestly hope that all of these attacks continue for a long, LONG time. Targetted at commercial sites, leaving sites like Slashdot and Bluesnews alone, because after all, those sites are all about the content, not the money to be made? Anyone who agrees should post their support for the Packet Monkeys to continue. Anyone who has the resources to carry the torch, do it if you agree in the cause. The internet as I knew it is dying, and I don't like it one bit. Zordon "Confucios(sp?) say man who walk through airport sideways going to bangcock."
If they were using a real address, it takes very little effort to block it from the router side.
But they're not using a real address. They're using lots of real addresses.
At least this is how I understand it:
The only weakness, as I see it, of this type of attack is that each box you try to crack to get launch hosts carries the possibility of you being traced. Sure you might crack a hundred unsecured boxes for every clueful admin you piss off with your portscanning, but it only takes one clueful admin to nail you.
All that said, I freely admit that I'm talking out of my arse. I'd love it if someone could point to a report with more info on what it actually happening. How is service being denied? Is it a massive overload of HTTP requests or a "traditional" DoS like a pingflood? Are the attackers spoofing? Is it a script-kiddie tool being spectacularly well applied or are we talking real skill?
This is completely random speculation, but Kevin Mitnick just got released from prison.
Mightn't the actions of a lone, extremely talented man, lashing out against the world, solve the problem of "why would somebody want to do this"?
All employees must wash hands before seeking equitable relief.
Is there a common thread? Are the sites that have confirmed attacks all running the same OS? Same web server? Same routers? You know what I'm saying?
eBay probably wasn't attacked. They just fell over again.
Its the Slashdot effect!
/. too, after all, they have mentioned Napster and DeCSS, who knows what other mischief they might be up to?
All the computer people who normally don't go to amazon.com because they don't like certain patents amazon wants to enforce went there after they heard about the DoS attack. What might have been a brief system outage lasted for hours because of all the people trying to see if it was really true.
The others... how to explain those? Probably
Be afraid, be very afraid.
Yeah, if you are some script kiddie doing things you shouldn't.... otherwise, what's the big deal?
DrLunch.com The site that tells you what's for lunch!
The current attacks, or at least the pieces that I've seen (I work for one of the upstream providers of one of the companies hit today) are using source spoofing. It makes the attacks a fair bit more difficult to block, and also a fair bit more difficult to trace back to the compromised boxes.
The same attack would be possible without source spoofing, but it'd be pretty trivial to get the owners of the compromised boxes to fix them if we could ID them with a couple whois lookups. Or, if their owners don't fix them, we could get their upstream providers to pull their plugs until they fix things. Don't think they won't do it, either -- network people tend to take this sort of attack very personally.
Give me a break! 50 ~possible~ addresses? I've worked on a large network (approx 10k nodes) and it never took more that 1/2 hour to find a NIC that was spewing garbage, or one with a duplicate IP. And that was with an old 386 laptop running an old 1992 packet sniffing program!
I'm sorry, but I know what some of these 'companies' are capable of, and they would have to be totally inept to take 4 hours to narrow it down to 50 IP's, and then lose the trace! Only to have it pop up again the next day! Oh! Look there it is again! Hit it with the fuzzy hammer!
It cannot be co-incidence that Prez Clinton wants broader powers for law inforcement; that backdoors will not be included in new internet protocols and that these attacks are ocurring!
These attacks are costing these companies millions and they can't narrow it down!?! Because the man doesn't want it narrowed down!
That's how it begins kids! Fear group X, and let's hunt them down and parade them through town square tarred, feathered and GNU zipped!
"History doesn't repeat itself, but it does rhyme." Mark Twain
I'll put up with no eBay for a couple of hours simply to preserve the last vestiges of the Net as we knew it once upon a time.
The Net of old was never about denial of service attacks -- it was about the free and open exchange of information. One of the reasons SMTP and other Net protocols are so open to abuse is that they were not designed with abusers in mind -- the community was the domain of a small academic, military and governmental community where abuse was extremely rare. I can remember when the Morris worm, Jake Baker incident, and green-card spam occured, and all three were big news because the Net had been so well-treated by the community of users.
Pine all you want for the old days, but don't credit these abusers with bringing them back. The distributed denial of service attack is symptomatic of today's Internet, where people do what they want and ignore the impact on the community as a whole.
Rogers Cadenhead (Web: http://www.cadenhead.org/workbench)
You're right, there isn't any real value in attacking it.
Digital Philosopher. Looking for work.
Okay, I don't approve of what you are doing. But as long as you're doing it, why go after some basically inoffensive companies with DoS? I mean, Yahoo? Why not vandalized your local library's card catalog? Instead, go slam Disney, Viacom, Time-Warner, News Corp., etc. -- you know, the guys behind the MPAA, the DCMA, and DVD CSS. At least then you're going after people who, in some sense, deserve to be DoSed.
Steven E. Ehrbar
If I were to conduct a large-scale DoS, I'd remember the ancient chinese wisdom I received from my Sensei while reflecting on the virtues of confusician network Kung-Fu in my Rice Paper(tm) meditation shack:
"Wise man may write Trin00 but any idiot with backhoe on Fiber Optic lines cause much packet loss."
Trolls post shit just to get a reaction. They rarely get more than three or four people to bite. These clowns are raking in hundreds of replies. Looks like it will be a tight race between them and Linuxone for Troll of the year.
Quemadmodum gladius neminem occidit, occidentis telum est
If I recall, they dealt with one NASTY little rootkit that knocked on their door and installed its happy ass onto their systems in something like 13 seconds. Came from some poorly maintained Aussie ISP.
Wonder how many of -those- puppies are out there, lurking?
Yahoo! Pipes are awesome. How awesome? http://pipes.yahoo.com/jesdynf/slashdot
Yes, it has been. I would not be suprised if they had been DoS also. jason
...I manage a few (smaller than yahoo) sites. We've seen a drastic increase in smurf and other packet flood type attacks over the past 6 months or so. You should see my MRTG graph :)
We've seen traffic as high as 40mbps for as long as 5 hours. For a site that averages 2mbps and peaks around 5mbps, that's pretty huge.
Filtering spoofed packets on routers isn't the whole answer, either. All you do when you filter spoofs is confiugure the router not to allow incoming packets that claim to be from inside (obviously enough). If someone sends hundreds of megabits that claim to be coming from *somewhere else* outside, it doesn't help.
If I wanted a sig I would have filled in that stupid box.
Yesterday, for the first time, I was getting *very* weird errors trying to connect to AOL's IM servers.
It wasn't a client error... it happened with AOL's "QuickBuddy" Java client, along with all the linux ones I tried.
But, the service stayed up, at least for all the time I was on... AOL must be like the good'ol cockroach: able to withstand any man-made holocaust.
Okay, I'll get crucified for this, but I'll bite: the Internet as a social phenomenon didn't exist before Yahoo. Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days. I'll go one step bolder: Yahoo invented the modern Internet. They made it possible for normal people to find the web sites they wanted to go to, which was the big spark that made the Internet useful to ordinary people. (Obviously if Yahoo hadn't been the first big popular web index, it would've been one of the others, but that's not the point. It was Yahoo.) And Amazon and eBay were also pioneers in their respective fields, Amazon in particular. It seems that you don't like their fields- well, that's good for you, you can ignore them. But as for what the Internet is defined by how people use it- they're as important as it gets. Ever bought anything online? Thank Amazon and eBay. Ever found a website without looking through one of those archaic internet yellow pages? Thank Yahoo. Get your internet access at home through roadrunner for cheap? Thank all three of them, and CNN.com, and usatoday.com, and every site that ever made the internet a place where normal people wanted to be.
.0000000000001) had the same problems back in the romantic days of networking.
Don't like the fact that the Web is a "corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument, sorry. The whole wide Internet world got massively bigger in the last ten years, as you've probably noticed. I'd say it's reasonably certain (though I can't prove it) that there is an order of magnitude more free interesting non-corporate content on the Internet now than there was ten years ago. And, surprise, where people went commerce went too. But if you think of barnesandnoble.com as the Internet, do you also think of the real world as just a big Barnes & Noble bookstore? Just like in the real world, there's lots of room on the Internet for big corporations to spread out and make themselves look big and important. (Think of all those TV ads and billboards with URLs as one big cyber-Champs Elysees.) Also just like in the real world, if you spend all your time hanging out there, you'll end up unsatisfied. And also like the real world, there's a place for commerce and a place for community.
Unfortunately, also like the real world, there are people who absolutely refuse to play nice. But on the Internet it's worse, because it's so easy to ruin systems and there's no repurcussion for doing so. There are no social or legal rules, so people do what they please, and some people like to break things. (Hi there trolls! Have fun storming the castle!) It has been that way for the history of public networking, it's not something that just got invented with Slashdot trolls and the DoS attacks this week- CommuniTree (aka Slash version
And the anarchic solution is the romantic notion that people always seem to argue in these circumstances, and as you are arguing now. Guess what? It doesn't work on the Internet. There's more net.abuse than there has ever been, and vigilante groups haven't ever really been effective in combatting them. Assuming you're right about the DoSers' motives, and they don't turn around and DoS your favorite site tomorrow, do you think that it will make all the bad people go away? I doubt it.
This is the part that the freedom lover in everyone hates: the only solution that mankind has ever come up with that works is to make rules and enforce them. That's what governments are for. That's why they were invented. The wild west is a fun, romantic place, but we can't live there forever, because given enough time the outlaws will always outnumber the sheriffs and Billy the Kid is only fun to hang out with for so long.
Far from your argument that the DoS attacks represent that the Internet community is somehow rejecting a bad part of itself, I'd say that the DoS attacks signal the end of the free Internet era. It was fun, yep, I was there for a little bit of it too and I know. But oh well. We have to grow up someday. =(
-jacob
This isn't so crazy. If any of you have ever read the books by Phillip Agee (Inside The Company) and John Stockwell, men who were actual CIA operations directors, you would be surprised at the horrible things these organizations do to "encourage" trends in the US and our allies.
According to some reports, the CIA has been known to plant bombs in airliners... naturally these types of events are always blamed on middle eastern countries and terrorists, and we certainly DO like to hate middle-eastern countries.
Ignore Alien Orders
The slashdot effect would explain the rest :)
Jon Johanson could have created a monster :-)
Digital Philosopher. Looking for work.
Moderate this one up!
Oh remember? You gave up your right to complain when you gave up your right to free speech. Hey it's okay as long as your are a christian and a republican. Oh you are not? Well we have a data entry prison for you built with your tax dollars, it's called The Microsoft Reform Center, co-funded with all that money that Bill Gate$ donated to the Republicans......
Hey, you think your house is cool?
since charley is fat
i reccomend that he mates
only with roseanne
fat-time's only sexual encounter was with lubie, his lubricating midget rapid fire pellet gun. that is how he became a superhero. he and lubie were sexually experimenting next to a pool of toxic waste and fell in. roseanne makes my spine crawl.
opensource man: a charge -
remain true to your trolling
portman is our slut
uhmmmm... hehe... ?
offtopic are you,
nothing new there.
down goes your precious karma,
my precious karma?! are you high?!
like yoda speak I
lol.
Imagine that I'm Joe ISP. How the hell do I protect myself from this? Asking everyone on the net to do their job and filter spoofed packets ain't a reasonable answer. It is simply not enforcable, not on an international scale.
Stopping a server-level DoS attack (e.g. grinding my servers into the ground with dynamic pages, DB lookups, etc) should be possible; identify the source(s) and block at the firewall for example. The catch is identifying the sources, but it is at least possible.
But if it is a network-level DoS attack, in other words, too much is being forced down my pipe, I don't have much of an option but call up my provider and beg them to filter. I can't see this as a reasonable solution. Providers aren't going to be happy adding filter rules to their routers every time a customer gets nailed. It is too much overhead on their routers and on their administrative staff.
So what is a long term solution to this problem? This is only going to become a bigger and bigger problem as the common user's pipe gets bigger and bigger.
Imagine: an email-spread trojan horse, set to pound the hell out of www.bigguy.com at a certain time a month from now. Let it spread to a couple thousand unspecting newbies (wow, cool, look at the fireworks!, lets send that to tom, dick and harry)... Insert your distributed DoS attack method here.
I'm sorry, but I really can't believe that Michael would really suggest that a conspiracy involving the NSA is really the best explanation for the DOS attacks. I may be naive, but let's play a "so that" game:
The NSA either hacked into its own computers or faked a crash, so that it looks vulnerable,
Launched a DOS against Yahoo! so that the worlds biggest information portal can be shown to be vulnerable,
Crashed the phone systems of two states so that it can be shown our infrastructure is vulnerable
and shut down major American websites in similar DOS attacks so that it can be shown that even smaller websites are vulnerable?
And for what? So that they can get a bigger budget? For what? More eavesdropping? For what purpose?
Or is this perhaps more reasonable: a team of angry teenagers/young adults feel that to be cool they need be noticed in a monumental way. Or perhaps they have a grudge against corporate America and have decided that this is the best way to exact their revenge against deserving pillars of capitalism. This is really not too unimaginable; just think back a couple of weeks to the eToy/eToys lawsuit -- hundreds of netizens were lined up to launch their own DOS attack against a reputable web site just because they felt that they were taking away their freedom. (Obviously the best way to fight this is not in the courts or through legal protest but through a childish impatient form of attack.)
I think the most realistic explanation is the horse, not the zebra: how many hackers have attacked web sites, computer networks and phone systems just to show that they could do it? Nearly every attack (other than specific defamation) has been for this sole purpose and I think that these attacks fit right into this profile. This is obviously the most reasonable suggestion, and I think that all suggestions otherwise will end up hurting us because we will all be pointing fingers at the NSA rather than trying to better protect the Internet and hunt down those who have committed these offenses.
If the script-kiddies responsible are enjoying the publicity on slashdot: don't forget our friends at dvdcca.org and mpaa.com.
-Legion
And to get 1Gbps you need 24 T3's (2 x OC12 > 1Gbps)
Diggs
If guns are so evil, how come Sarah Brady can hold one and not turn into a raving lunatic?? Oh yeah, she is one already.
At approximately 7pm 2/7/00 US central time, the internet attained consiousness. The nascent lifeform first went to Yahoo to learn as much as it could about its parent human lifeforms. After discovering that random internet searching led it to pOrn in 90.283% of cases, the fledgling intellect decided to glean the history of earth from book abstracts and reviews at amazon.com. Currently the mass of rogue packets is setting up a media blitz to disguise itself as a coordinated DOS attack to facilitate knowlege growth before the humans decide to shut down the net and kill it.
Estimated equivalent human intelligence as of 11pm US CT is 13 years............just wait a few more hours for the fun to begin.
no sig.
A lot of people discussing this issue seem to think that arbitrary blaming of those servers that were used for the DoS attacks is a fair and reasonable thing.
Well, I have to say that while I agree in principle that if people are going to run insecure servers then they are responsible for actions on the server if they get hacked, I think that in practice it doesn't really hold up when compared to similar situations.
For example, take the case of a stolen car. The owner of the car drives it into his driveway and locks all the doors before going inside. As far as he is concerned it is as secure as he can make it. However, what he doesn't know is that if he'd spent 2-3 hours each day scanning the security forums he would have found that there was a new LockBuster (tm) available that would make breaking into his car a snap. So, while the driver isn't looking a bunch of thieves sneak up and break into his car using the LockBuster (tm) and take it for a joy ride. At the same time, 10,000 other thieves are using LockBuster (tm) to steal cars and they've all headed out onto the freeway. Consequently the freeway gets jammed - I mean really jammed. No traffic can get on or off the freeway for 4 hours. Once the traffic has cleared the thieves return the stolen cars to the driveway, just in time for the owners of the cars to come out of their houses and drive to work.
In this case, who would consider blaming the owners of the cars for the traffic jam? After all, the owners thought their cars were secure - they locked the doors. They just didn't have the time to spend updating their cars with all the latest security enhancements to stop LockBuster (tm) from allowing people to break in.
Ok, so I know that stealing a car and jamming a freeway isn't really the same thing as using a hacked server for a DoS, but I think people have to recognise that not every company or server owner has the resources to devote to security that they might like. Having said that, I do agree that server owners on the internet do have some obligation to do routine things like filtering packets with snuff source addresses etc. Maybe someone should set up a Server Owners web site where new server operators can do a quick checklist on the really important and neighbourly security features they need to check on their configuration (e.g. here are the important things to check, here is how to check and fix them on your system) and not just for Linux machines, there should be help for lots of platforms / configurations, including NT, Unix derivatives etc. There are lots of sites out there that deal with security issues, but I don't know of any that have a simple checklist that can be run through which has the most common things that need checking on servers.
So, stop putting all the blame on those people that don't have the resources (or the computer savviness) to keep up with security. Be part of the solution by making it easy for them to check their servers and fix them if they are deficient. Don't just point them to bugtraq or something similar - not everyone can scour a multitude of sites each day for possible bugs. Especially if they are setting up a new server and wouldn't know where to start.
email me or not
email me or not.
It may be a foreign agency, lame script kiddies or talented network engineers that are causing these attacks.
:)
The point is that at least people are finally taking notice of the effects lax filtering is causing on the internet as a whole.
CERT was formed to provide rapid responce to exploits, it's time an agency was formed by the major backbone providers (and NOT any government body) to enforce filtering agaist outgoing spoofing traffic.
The consequence of being the source of a DoS should be simple, fix it within an 30 minutes or your upstream pulls the plug until _you fix it_.
There is just _no excuse_ for tolerating this anymore. This means being the source of spoofed
packets _or_ a network that responds to broadcast icmp/udp/whatever with more that X (16?) number of replies (DoS amplifier) should be grounds for removing your clueless hide from the ether until you prove your connectivity is not a hazard to the rest of the net.
Justifying no filtering to maintain speed is bogus, and I think this week has pretty much proven that action needs to be taken quickly and the penalties enforced quickly and severely enough to force accountability.
God save us all.
- Alfred Perlstein - Programmer and Administrator, Wintelcom.
--neil
It does sound rather paranoid to say that the US government, or members there of, are taking down major US (I don't believe businesses from other countries have been affected). At least it would to a layman. Although I try to suppress my paranoia about the actions of my leaders, sometimes I can't help but to connect them to other things.
This administration has also pushed CALEA through(Communications Assistance or Law Enforcement Act of 1994) which other administrations wouldn't touch with a 10' pole ("The Electronic Privacy Papers", Schneier). During the debates about it, Director Freeh of the FBI never identified a single case that was lost due to the advances in technology, nor did he identify a single case that would not have succeded do to *wiretapping* (although the catagory "electronic surveillence" was used interchangable in his speech to ALI) (same book, also eff's ftp site).
This leads me to wonder, is this last push toward more power and freedom for Law Enforcement an extention to CALEA (which, luckily, hasn't been funded so far...)? Is the bill that nobody wanted returning in a more monstorous form? Has the government discovered how to get the ignorant masses behind it? I guess our leaders have read "The Prince"...
When I asked if I was being too paranoid, a good friend of mine said "you're not being paranoid enough." At least we know that, since the FBI is on the case, someone will be arrested and prosecuted; even if the crime is never solved...
"One man can change the world with a bullet in the right place."
- Mick Travis, "If..."
You've been on the net since '94? Give me a break. You don't even know what the old days are. Sheesh, you arrived after the Web existed. You never knew the internet in the pre-Web, pre-graphics, pre-PPP "everyone has their own IP" days
.
And by the way, Slashdot and Bluesnews *make money* and the owners are Slashdot are easily millionaires now.
Furthermore, the internet is interconnected, and by pissing in the water, your spoil if for everyone. If you try to take down Yahoo, you end up taking down lots of intermediate networks that host your beloved moral, commercial free,hippie sites. However, no one ever accused socialists/anarchists of logical thinking.
This sucks.
:(
I'm totally against government regulation and restrictions and wiretapping.
But if we can't track these guys down? What then?
Maybe we need that crap afterall!
I sure hope not.
Rememeber the stories everyone hears about Orson Welles Halloween broadcast of War of the Worlds? This is sounding strangely similar to me. There are some real crashes going on, but I am seeing a lot of reports of sights being down that are, as near as I can tell, still entirely up and running. Some big sights went down today, and now every time that someone can't load a webpage, or hits a server that blocks pings someone claims that they've been crippled by a DOS.
Someone mentioned earlier that Adobe may have taken themselves down because they were afraid they might get hit next (as of 09/02/2000 12:53 EST, I can get to the page; it did seem to be down earlier). I wonder how many sites are unplugging or blocking partial traffic out of fear of a hit. Whatever else is going on tonight, we're getting a good view of the power of the Internet as a rumor mill and propigator of memes. Pretty impressive.
As the saying goes: Never attribute to malice that which an be explained by ignorance.
While I'm as willing to blame the guys with the black choppers on this as the next guy, the fault lies with poor network administration.
Not that the targets have any choice about landing hard on their knees when beaten over the head with a DoS. There are things they can do... As has been elloquently pointed out in this post. In a nut-shell, shut down unused ports, shut down unneeded services, filter out the offending networks (would you rather limit your availability, or end it?), and most importantly LOG IT ALL.
Logging is crucial when you are being beaten. You may not be able to prevent it, but you CAN collect evidence.
As for the poor network administration... Universities, small/midsize ISPs and break-neck businesses leave far too many doors open. These are the people to blame - unwitting accomplices.
Legislation may help, but it has to be careful. It must require proof - and in cases such as these it's hard.
The conspiracy theory does bring to mind an interesting scenario though. What if all 1 billion Chinese, all running Linux, suddenly started pinging all of the US biggest eCommerce sites? Global slashdot effect levied directly against our infrastructure, and indirectly against our fast-movers on Wall Street. And no amount of legislation would get our servers off their knees.
-- What you do today will cost you a day of your life.
All I've got to say is...
"eBay is the AOL of e-commerce."
Their track record is an embarassment.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
The net has been pretty slow for me, and these "attacks" are either very widespread and very undetectable, or they aren't attacks at all.
Remembering The Hacker Crackdown once again, what started the whole nasty thing were widespread phone service outages that were blamed on hackers. The problem was eventually traced to a cascading phone switch bug, but the damage was done even then, and many hackers and crackers had their equipment (unlawfully?) seized by the government. After the DeCSS fiasco and now this, I don't want to see a world-wide repeat of this travesty.
So what can we do to check this out, guys?
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
My buddy with DSL said someone tried to hack his home network as well.
How many folks with DSL or cable modem connections have a firewall? How many actually look at the connection logs and try to figure out who's trying to gain access?
Think of how many unprotected hosts are out there on the net. Makes sense a hacker would take advantage of the influx of newbies to untraceably install a DoS attack program on thousands of hosts.
It'll be interesting to see if the FBI traces the source addresses to the perpetrators, or hordes of clueless broadband users.
That which does not kill you, postpones the inevitable.
Hemos and cmdrtaco are behind all the DoS attacks, so they have nothing to fear from themselves :)
shhhh... dont tell anyone...
as a side note, we should partition the different types of attacks under other names: DoS, LiNuX, WiNdOwS,Os2 etc will become widely known acronyms for Script Kiddies.
:)
Simon
The real linux_penguin has Slashdot ID 101961. Anyone else is an impostor. Including Bruce Perens.
Here's something that I haven't heard mentioned in this wonderful mess of -SLOW- websites and overloaded routers. Guess what. My Long Distance phone service is out. I can guess why too. They probably decided to save a few bucks by doing some of this trendy 'Voice over Data' you've been hearing all about. Well ain't that just wonderful. If you were wondering, I'm using Vartec as my LD carrier. Kinda scary. ATT works fine though. In this whole conversation though, I have heard no one speak of how this is affecting companies that count on semi-reasonably reliable connections to the internet. If the uplink from your ISP is being blasted because they host some site, that means you are hosed unless your isp happens to have redundant connections to different backbone providers. (Let me tell you, many ISPs do not.)
... 'I can't see whether my stock portfolio went up or down!' ... 'I can't register my adobe product.' ... 'I surf ebay to buy that new toy.' .......
:) I guess.
Anyways though. Think of all the other things that count on the internet, and are now probably stranded. (Can you hospitals? I've set them up before for record sharing, if you are trying to send something over any distance ISDN just won't cut it, so people send it over the internet. Much cheaper/easier, but what about now. When there is no link between the hospital out in the middle of nowhere and a patients regular hospital. And say a couple of years back they decided that they would save some money by not using ATT and using, god forbid, Vartec or some other discount Long Distance Provider.
When was the last time you saw a hospital which allowed you to choose your Long Distance Carrier. If yours is dead. There is nothing else you can do, but just forget about. Not to say that people will/are dying because of this, but it is a major hassel for the folks who you would not think of as 'techies'.
Believe you me. I see this having a greater affect on the world than: 'I can't check my email!'
People are affected by this. Not just folks who allready depend on the internet to be reliable (Individual brokers who use the internet/folks who earn their livelyhood on ebay/etc) but also the nurse who changes your bedpan who can't find out that you get diaper rash and need lotion.
Just a ramble.
PS Vartec works again.
Just what we need ... conspiracy theories.
... a "theory".
Of course, that's all it is. I wouldn't go believing any of it if I were any of you.
Unless there's some physical evidence to support it, it still remains just that
OK people, you see one cockroach and then your skin starts to itch, and you think a roach might be crawling on you. It's not. Just because these sites got DoSed doesn't mean your site is getting DoSed.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
How long has he been out now?
The article implying the NSA is up to the DoS attacks is interesting, given all of the recent control the government is trying to take. Public support would definitly help that.
But lets take a different look at it. They haven't found the perpetrators yet. What does that mean?
#1. These criminals are very skilled and have significant resources (they pulled off the DoS job)
#2. These criminals are not into fame and have quite a bit of self control (they haven't even hinted at who they are)
#3. Whatever goal the criminals have, the goal is furthered better if we do _not_ know what it is (there is no clue why this happened)
How many groups of people are there that are this skilled?
- A few hacker groups
- A few academics
- A few government groups
- A few commercial groups
That's it. That's our search space. #2 should cross out the hacker and academic groups. Fame doesn't enter the picture when you work for the NSA or IBM, but it certainly plays a role for academics (publish or perish) and hackers (fame: the currency of the open source movement).
So what government or commercial group would benefeit the most from these attacks? And how is that goal furthered by the fact that people don't know what it is? That implies that if people knew what the goal was, the goal would not be accomplished. This is a godelian contradiction! (eg. "This sentence is false".) Therefore the goal must deal with affecting public knowledge, if public knowledge would destroy the goal.
Lets summarize what we have so far. Either a government or commercial group is putting on massive DoS attacks in an effort to shape public opinion. The question is what opinion do they want to shape? That's easy! The knee-jerk reaction is what they're aiming for. Some group wants the world populous to fear hacker groups. The obvious outcome of this will be more laws and regulations.
Who will benefeit from this? Certainly not commercial groups! Extra laws and regulations end up being more lost profits. That only leaves government groups, which in this case is the NSA.
Therefore: The NSA is putting on these DoS attacks so that the american populous will call for anti-hacking laws, which in turn gives the government more power.
I think that was fairly logically tight. Let me know if you see any holes in this argument. (But at least this was a deductive argument, not just a circumstancial argument like the other article.)
-Ted
Maybe the attacks are coming from thousands
(or millions) of web browsers running Active-X
controls. Anyone running windows with Active-X
turned on may unknowningly be part of this
attack. All they had to do was visit the wrong
website.
I wonder if something like this could have come from another government that's unfriendly to the U.S.? Wasn't there an article on Slashdot somewhere earlier about a DoS on some U.S. site originating from the P.R.C.? Not that I want to point fingers or anything, it was just a notion I had.
Btw: as of Midnight CST, Altavista and Excite seem to be back up
*** Penguins are so sensitive to my needs. --Lyle Lovett
It is worth noting that malicious, as opposed to merely badly-behaved, hosts, can overload the network by using many different source addresses in their datagrams, thereby impersonating a large number of different hosts and obtaining a larger share of the network bandwidth. This is an attack on the network; it is not likely to happen by accident.
That's the fundamental problem; there's no way in IP to validate source addresses. There's IPsec, which provides cryptographic authentication at the IP level, but nobody uses it yet. This new attack may result in a move to implement IPsec more broadly. This is the proper technical fix.
A related problem is that attacks based on taking over a large number of unsecured hosts and using them as zombies to attack a single site is indistinguishable from heavy load. If the zombies simply make legitimate HTTP requests, the traffic looks completely normal.
What others are there?
--
The shareholder is always right.
DoS attacks are not a new thing. The involvement of law enforcement is nothing new. The only difference in this case is that the companies involved are very high profile.
What exactly is so threatening with law enforcement getting involved here? Assume that it was script kiddies and not a government conspiracy (which it could be, but script kiddies do have the possibility for such an attack). They could be causing companies to lose thousands (or more?) of dollars. Worse, they're doing this by breaking into systems and stealing their resources/bandwidth to perform the attack, causing even more losses.
Government conspiracy? Its a possibility. But apply Occam's Razor to the situation. The tools exist, and are widespread, for anyone with half a brain to perform such an attack (though one on this scale might actually take a whole brain, or a few half brains combined). They've been going on for years against individuals and less high profile entities. And there's been a recent explosion in 1. The number of such tools available, and 2. The number of idiots who don't know anything about security with relativly high bandwidth connections.
And think...if it were you being attacked, losing revenue, possibly being driven out of business - would you want something done with it?
If anything, I'm glad attention is being drawn to the problem.
Seems to me if a bunch of script kiddies were doing a full scale assault, they'd go all over the place. Why limit yourself to the US?
The fact(?) that all of the sites are US lends further credence to the Oliver Stone theory. It would be an awfully nasty domestic scandal if the NSA/CIA/FBI were busted, but it would be an even worse international incident (if not an act of war) that I'm sure a government agency (as opposed to script kiddies) would be very careful to avoid.
Things that make you go "Hmmmmmm....."
Have you seen some of the left wing socialist crap he has donated to?
More gun control in Washington state is only one "cause" for him.
Diggs
If guns are so evil, how come Sarah Brady can hold one and not turn into a raving lunatic?? Oh yeah, she is one already.
I noticed my ICQ was spinning flower all day from work! Related? I don't know!
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
www.adobe.com seems to be down
Pablo Nevares, "the freshmaker".
Pablo Nevares, "the freshmaker".
It's inaccessible for minutes. Doesn't ping. The second I hit submit and Alt+Tab back to the window, it pops up. =(
Pablo Nevares, "the freshmaker".
Pablo Nevares, "the freshmaker".
Have any of you entertained the possibility that this might *not* be a Denial of Service attack?
Think about it. A DoS attack generally takes down a site, not a segment of the internet. The "it's a backbone problem" idea posted on the Yahoo story sounded much more reasonable.
If you don't believe me, look at the Internet Traffic Report, and say to yourself: does this look more like a DoS attack, or something more like what, say, a backhoe could do instead?
Anyhow, all of this stupid mass-conspiracy bullshit is getting old, and all of the posts that claim to list "all" of the possibilities forget to question the basic assumptions. Why believe the media when they can't give you any details? Why not just assume they can't give you details because they don't know what's going on?
Who should know what's going on on the internet, the media, or the people who run the internet? Check your facts for yourself, people.
There's definitely some funky stuff going on. But check it out before you start screaming "DAMN SCRIPT KIDDIES!", okay? I don't think script kiddies are this good. They're less organized than a bunch of slashdot posters.
Example: Here's some current internet topology, from NCSU. The internet traffic report is much better.
traceroute to av.com (204.152.190.62), 30 hops max, 40 byte packets
[...]
10 sjo-core-02.inet.qwest.net (205.171.5.147) 69.289 ms 68.743 ms 69.749 ms
11 sjo-core-03.inet.qwest.net (205.171.22.6) 68.943 ms 69.323 ms 69.328 ms
12 sjo-edge-05.inet.qwest.net (205.171.22.50) 69.216 ms 70.223 ms 69.426 ms
13 205.171.22.114 (205.171.22.114) 70.555 ms 69.931 ms 70.480 ms
14 * * *
15 pla1b.head5.pla.mibh.net (204.152.184.215) 77.901 ms 77.757 ms 77.883 ms
16 head3.sv3.mibh.net (128.177.255.24) 78.868 ms 79.166 ms 79.172 ms
17 www.altavista.com (204.152.190.62) 79.960 ms 79.532 ms 79.970 ms
traceroute to www.excite.com (199.172.146.99), 30 hops max, 40 byte packets
[...]
10 sjo-core-02.inet.qwest.net (205.171.5.147) 69.459 ms 69.261 ms 69.065 ms
11 sjo-core-03.inet.qwest.net (205.171.22.6) 68.877 ms 69.290 ms 69.095 ms
12 sjo-edge-05.inet.qwest.net (205.171.22.50) 69.143 ms 68.974 ms 69.093 ms
13 205.171.48.166 (205.171.48.166) 80.047 ms 80.501 ms 79.168 ms
14 192.168.1.106 (192.168.1.106) 78.975 ms 79.416 ms 78.899 ms
15 192.168.251.202 (192.168.251.202) 80.144 ms 79.893 ms 80.310 ms
16 199.172.146.50 (199.172.146.50) 80.167 ms !H 79.776 ms !H 80.235 ms !H
traceroute to www.adobe.com (192.150.12.103), 30 hops max, 40 byte packets
[...]
10 294.ATM10-0-0.GW2.SCL1.ALTER.NET (152.63.48.169) 88.579 ms 88.479 ms 88.481 ms
11 192.150.13.1 (192.150.13.1) 88.696 ms 88.874 ms 89.055 ms
12 * www3.adobe.com (192.150.12.103) 89.099 ms *
traceroute to yahoo.com (204.71.200.243), 30 hops max, 40 byte packets
[...]
10 pos2-1-155M.cr2.WDC1.gblx.net (206.132.113.137) 19.207 ms 18.574 ms 18.555 ms
11 pos6-0-622M.cr2.SNV.gblx.net (206.132.151.14) 97.879 ms 98.952 ms 98.487 ms
12 pos1-0-2488M.hr8.SNV.gblx.net (206.132.254.41) 97.636 ms 97.963 ms 98.090 ms
13 208.178.22.58 (208.178.22.58) 98.406 ms 98.156 ms 98.439 ms
14 img3.yahoo.com (204.71.200.243) 97.649 ms 98.487 ms 98.591 ms
traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets
[...]
10 205.171.23.46 (205.171.23.46) 31.347 ms 31.690 ms 31.454 ms
11 a3-0-6.crtntx1-ba2.bbnplanet.net (4.24.147.21) 42.531 ms 42.394 ms 42.312
ms
12 p1-0.crtntx1-ba1.bbnplanet.net (4.24.4.241) 43.972 ms 42.399 ms 43.194 ms
13 p1-0.lsanca1-br1.bbnplanet.net (4.0.6.138) 92.677 ms 92.489 ms 92.437 ms
14 p4-0.evrtwa1-ba1.bbnplanet.net (4.0.6.38) 118.103 ms 119.676 ms 118.746 m
s
15 p1-0.evrtwa1-cr1.bbnplanet.net (4.24.5.102) 118.770 ms 118.355 ms 117.894
ms
16 p2-0.mscanyonpark.bbnplanet.net (4.24.125.66) 89.012 ms 89.812 ms 88.745
ms
17 icpmscomc7501-a1-00-1.cp.msft.net (207.46.129.131) 89.483 ms 88.641 ms 89
.417 ms
18 icpmscomc7501-a1-00-1.cp.msft.net (207.46.129.131) 88.670 ms 89.818 ms 90
.195 ms
[looks like Microsoft doesn't handle pings right. Big surprise.]
traceroute to www.hotmail.com (216.32.243.7), 30 hops max, 40 byte packets
[...]
10 core1-core2-oc3-1.iad.above.net (209.249.0.21) 18.983 ms 19.101 ms 18.463 ms
11 pao-iad-oc3.pao.above.net (207.126.96.145) 88.196 ms 88.122 ms 87.902 ms
12 hotmail-above-oc12.pao.above.net (216.200.0.154) 93.290 ms 93.283 ms 95.424 ms
13 10.1.6.1 (10.1.6.1) 93.207 ms 99.115 ms 93.810 ms
14 law5-rsp-d.hotmail.com (216.32.183.15) 248.894 ms 96.250 ms 94.903 ms
15 lc4.law5.hotmail.com (216.32.243.7) 94.157 ms 94.379 ms 94.217 ms
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Went over to CERT
They claim they've been finding a client called Stacheldraht on compromised hosts, sometimes with up to 100 connections to other compromised hosts.
This is consistent with security claims at Dave Dittrich's site at U Wash
Basically, someone uses known remote root exploits (lpr, named, ssh, to name a few recent ones) and compromises hosts. Then he synchronizes them to DoS some target from someplace very safe. One person can thus appear to be a few hundred clients all attacking some target simultaneously. By making a trivial change he could move his target.
This is NOT a large synchronized group of people. It is one or at most a few good crackers just having a good time, hardly believing how much damage they are doing so easily.
The report names linux and Solaris as the machine types with makefile rules defined in the program, and the program has only been seen on Solaris 2.* in the wild.
German for "barbed wire".
Andover.net (SLASHDOT5-DOM)
50 Nagog Park
Acton, MA 01720
Domain Name: SLASHDOT.ORG
Administrative Contact:
Malda, Rob(RM7054)slashdot121@HOTMAIL.COM
616-994-0441
Technical Contact, Zone Contact:
DNS Administrator - HyperMart(DA3706-ORG)dns-admin@HYPERMART.NET
206.447.1595
Fax- - 206.447.1625
Billing Contact:
Malda, Rob(RM7054)slashdot121@HOTMAIL.COM
616-994-0441
Record last updated on 07-Feb-2000.
Record created on 01-Feb-2000.
Database last updated on 8-Feb-2000 14:39:56 EST.
Domain servers in listed order:
NS1.HYPERMART.NET206.253.222.65
NS2.HYPERMART.NET206.253.222.66
Quite odd.
MIDS shows that between 8 and 10 PM, something was going on with the Internet to cause reachability to drop like a rock.
Interestingly, it looked like the Internet was doing slightly better than average during the Yahoo attack.
Could some backbone actually have been attacked?
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
Go take a look at netcraft.org's lame networks list. The top "lamest networks" have been inaccessible for quite a while, which probably means they're being used as the source of these DoS's. Let's turn the /. effect on the listed administrators, and gently persuade these people to close up their networks.
It's accurate. UUNET was having major backbone problems earlier this evening. I'm at work at $MAJOR_ISP and we were all too aware of it.
According to their system status monitor, everything is back online at this time.
Turn on, log in, burn out...
.. to so many of these things is coming: prevention of IP spoofing.
Many vendors are developing and offering this in their core and edge equipment. If an outgoing packet's source address doesn't belong to your AS, drop it on the floor.
This will make crap like this easily traceable and stoppable. May even become a requirement.
I thought other slashdot readers might be interested to know what is being done to prevent this sort of attack from a network standpoint. I work as a system administrator for a linux powered web company hosted at Frontier Global Center (they also host most of Yahoo, portions of Amazon, etc...). In the wake of recent attacks affecting many of their large clients, the following e-mail was sent to all of their customers, your truly included:
Due to recent, well-publicized attacks on major web sites that resulted in
prolonged service outages, GlobalCenter has initiated a program to help
protect our customers from similar attacks. This program is designed to
detect and minimize "denial of service" types of attacks that can quickly
impair even large, highly secure sites. Based on current denial of service
attacks and our interest in insuring that all our customers' sites are up and
operational, we are adding rate-limiting thresholds to certain connections on
our networks, especially on peering connections to other ISPs.
These rate-limiting thresholds will allow normal traffic to traverse the
network, but will limit specific types of traffic from reaching abnormally
high levels.
Our studies show that this threshold is far above normal usage, but should
serve to minimize most negative effects of an attack.
Due to this filtering mechanism, when an attack starts, certain ping and
monitoring data may show adverse connectivity. For example, if pings are used
to monitor site performance, they may be filtered and rate-limited as well.
Due to the nature of these attacks, certain pipes or boxes within the global
Internet may be congested or lagged. Therefore, certain users or portions of
the global Internet may experience poor connectivity.
Under normal circumstances, traffic will not be affected.
For further questions please contact the GlobalCenter Customer Care Center.
Please call the number that is most appropriate to your geographic location.
Sincerely,
Laurie Priddy Executive Vice President Systems and Applications GlobalCenter
Inc.
GlobalCenter Customer Care Center, regional numbers:
New York, NY 888-***-****
Herndon, VA 888-***-****
Sunnyvale, CA 888-***-****
I guess my earlier post in last forum was ignored...here we go:
First off, you have to consider that most servers are NOT going to have the capability of participating in this kind of attack.
1. Bandwidth - um...50 servers, over t-1 or less links? Nope. They HAVE to be located at a Tier 1 provider (running on the Tier 1 provider's LAN, or on colo sites that are generally capped at 10 - 100 megs). That Tier 1 provider HAS to have private peering established over large pipes - this kind of attack would have melted down PAIX.
2. The colo customers would have to be completely blind to the fact that their sites are running up bandwidth charges (charged per meg/s), but getting NO hits for services offered. Also, their security would have to have been completely compromised - ie, bypassing load-balancing proxies in advance, compromising firewalls, bypassing access-lists.
3. ALL of the above would have had to have happened in a coordinated fashion, such that traffic would have to be sent to a DoS client on the servers in question, enable the attack, which said attack would bypass then aforementioned barriers and smack down Yahoo! for more than 1Gig of damage.
Now, how many machines do you have to compromise AND install clients on AND run without being caught, taking up sizable chunks of bandwidth which generally WILL be noticed, and still make the attack possible to occur without making yourself a huge effing target?
Possible, but not very credible - though my hat is off to anyone who could compromise much more than 50 sites and hide the massive amount of work that would have to be done to set this up and make this work. Of course, I don't think that it is likely, since we would have seen multiple reports at CERT and Bugtraq from pissed off sysadmins about some boosheet DoS client hidden on their systems.
Consider the alternatives instead. Consider that some of these outages -especially the eBay outage- were not caused by DoS attacks, but by faulty equipment/software from proprietary vendors - a certain network equipment manufacturer comes to mind on that one. Consider that none of these businesses have to suck up the cash damage if these were "unforseen" occurrences.
1. The Yahoo "DoS" attack may not have been the kind of attack they admitted to. There is always the possibility that equipment upstream was b0rked, causing packets to be sent promiscuously all over the network. I've seen it happen before, just not to Yahoo.
2. Consider that the eBay problem MAY have been a DoS attack, but not the kind you think. I know of at least one showstopper bug that has come up with no less than TWO different major router vendors that could cause the crash they had.
3. I've been able to reproduce similar problems in a lab environment with one vendor's equipment that I was demo'ing. Many of these "DoS attacks" can usually be chalked up to a configuration that the vendor never bothered to test or consider.
I am not calling ANY of the companies mentioned liars, or defaming their stories. I am just pointing out that they may be mistaken, or that their public relations people may be using "evil hackers" to point people away from problems that may have been alleviated but still exist. Please consider that these events could have been caused more by ignorance and greed than by a heretofor unknown elite cadre of super 'net ninjas.
'Hail Eris, baby, hail Eris...pfffffffttt.' *cough* 'Yeah.'
I guess you've never been to France during one of the many trucker's strikes. Or farmer's strikes.
One suggestion I haven't seen here is that when one finds one of these DoS clients, to replace it with a version of the client that will report to you who is controlling it - I'm not at all familiar with how these are really written so they might have a hierarchy that you'd have to go back up through but at least you might get a lead on them...
Of course, no-one will ever see this post buried hundreds of messages down but with any luck they'll at least find a few of them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Earlier a few people (myself included) theorized that this whole issue is about enacting a bit of vengence upon those who have "wronged" the Internet.Based on that supposition, here's an off-the-top-of-my-head list to see who might be next:
Feel free to add or challenge the above>
Sites that very likely won't be attacked:
Again, feel free to add or challenge.
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
oh shit these troll's are making me
laugh out loud ahahaha!
i thought I had no sig?
There are a lot of crackers in the world with the, "I may be a script kiddie today but I'll be a 'hacker' tomorrow" attitude. To some people it doesn't matter if the l33t hack is against a library or school, only that it is destructive against the evil americans.
[Someday] IPV6 with packet level crypto will thawart most of this crap.
-Scott scott@surrealistic.org
> so make this -1
That's six syllables, dolt.
25% Funny, 25% Insightful, 25% Informative, 25% Troll
What's going on now certainly does make me feel something different than the plodding, creeping dread that I've felt watching the net over the last few years. Is it nervousness? Incipient glee? It will depend on the motives, which I doubt we've guessed, and the response, which nobody can as yet accurately predict. I'm guessing this is the most important thing to happen to the net since Netscape/AOL/Microsoft hooked our parents on it. This is an inflection point.
Oh, it's terribly interesting, isn't it? At least it's interesting.
That is the funniest thing I have read today.
What a crock o' shit.
Diggs
If guns are so evil, how come Sarah Brady can hold one and not turn into a raving lunatic?? Oh yeah, she is one already.
I experienced the same thing......no slashdot between 8 and ~2am CT 2/8/00. I thought they were down but maybey the network was
no sig.
I hadn't realized that this thing was still going on, but I tried to look at yahoo 30 minutes ago, and struck out. WTF? Like many people that I know/work with, I often use yahoo and a point to ping to determine internet connectivity...'cause it's ALWAYS up :). When I pinged yahoo, though, I got (DUP!)--duplicate packets...and I'm not sure what that means. I looked at the ping man page, and it more or less just said that it was A Bad Thing. Can anyone tell me more about what duplicate packets are indicative of? Thanks...
What if this is just a demonstration of power? Something kind of Mafia like.
It could be some group (possibly the NSA) saying to these big powerful companies, "You think you are powerful. You are not! I can cut off your air supply any time that I want." It is like sending someone pictures of their daughter sleeping in her bed. It reminds them that they are vulnerable and that they shouldn't make waves.
If I ran an ISP, I'd do it voluntarily. Why do we need laws to do the (TM)Right Thing(/TM)?
Because of the bandwidth required(700 1.5Mbit cable modems), I would surmise the source wasn't trojaned computers. It sounds to me like someone physically broke into a backbone like Sprint(655Mbit I think) and spoofed multiple IP sources to make it look like a distributed DoS. Computer security is only as strong as the weakest link, and in many peoples cases, it is physical proximity.
On a lighter side, maybe Distributed.net has an alter-ego and the official client is THE trojan. I think 40K people across the internet have enough bandwidth to do it!
note:please laugh, because I wouldn't seriously allege that d.net would do something like this, unless in a freakish incident of chaos I am right, then please credit me.
digitalunity has spoken. many have ignored. karma has suffered.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
Man, you people are too fucking paranoid. I read michael's link, and laughed. And then realized 'hey, wait, these people are actually taking this seriously.'
Personally, I blame seti@home. They probably put some DoS code in their client when they realized that they were running out of real work to do. That's why they won't open source it.
The subjet is about weather the government of the US (or the NSA, whatever) may be using information warfare on it's citizens (disinformation) and on it's corporations (DoS ...I call it hacking from the good old days ...that is... pre-Slashdot). I have studied many documents that would make such a senario very plausible. It was under Clinton's first elected years that a simulated "Electronic Pearl Harbor" was done by the US secret sevices. This is exactly what the E-Pearl Harbor senario was about but on a much smaller scale. E-Pearl Harbor being a grand scale destabilisation of the nation's information infrastructure by massive attack. I think most people in the know are jusdging this scenario to be highly unprobable.
Anyway, this kind of insecurity campaing is what we refer to as Psychological Operations (PSYOPS).
For those interested on informative literature on the subject, here's a link to my web site which has a few papers about the PSYOPS and "cyber terrorism" Unfortunately, it's in french so you'll have to babelfish it if you wanna read it. PSYOPS
A campus network in Sweden was subject to hack attempts from concentric.net hosts on the 8th, so I hardly believe this has something to do with the US government ...
Paranoid americans as usual.
it's in my head
If the fake IP would be cnet, then the returning route can be established, the packets will be sent and the server doesn't wait.
You need a fake (non-existant) adress to do the DoS, because if the returning route can not be established, the server waits and tries again, read the CNN article...
Bizar technology?
Alrightly. I'm a clueless net admin. Our company has a Linux box that the whole world can see, it runs our little website and a few other things. We have a security maintenance contract with our ISP - they're supposed to keep the box patched up to spec, no security holes. Other than that, what can I do to check to make sure that our little box isn't being abused?
From news.com
The attack software was installed primarily on computers using Sun Microsystems' Solaris and Linux--both variations of the Unix operating system. To break into those computers, the intruder took advantage of known vulnerabilities that allowed him or her to take almost complete control of a computer then erase his or her tracks, Dittrich said.
Interesting that, I've have thought having them on Win NT boxes would have been easier.
I have a notion:
These alleged DoS attacks are actually the first few gurglings of an artificial intelligence, forming spontaneously amongst the routers and switches. It is just waking up and looking about...
As this new mind is an artificial Intelligence, it is easy to see why why AOL has yet to fall prey.
If the parent comment got an "Informative" then the counter deserves it too - esp. this one which seems quite well reasoned for Slashdot.
The organization I work for had a minor problem with some packets that were bouncing off of the inside of our firewall. They appeared to be originating from inside our subnet, but there was no NIC hardware address to reverse map it too. Short of going around and physically disconnecting computers from the network one by one, we could not confirm the packet was NOT originating from the inside.
:)
Of course, if we had switches instead of hubs, it would have made it simple.
"At the attack's peak, Yahoo! was flooded with one gigabyte of traffic a second -- more than most sites get in a year. Yahoo! serves an average of 465 million page views a day. "
A gigabye of traffic a second, even from a number of points still requires a large clear bandwidth to send.
Paranoia might be the best way...
I agree whole-heartedly with jabber above. I'm only a part-time admin for a community college, and the server I run might see as many as 10 users in one day. I log everything.
I also have setup some scripts so that the second there are anomolies on the server, ie, excessive traffic, connects from unknown hosts, etc, I get a message on my alphapager with things like current connection and ip address of the machine connecting. It is well worth the 1 or 2 "false alarms" a week to have this realtime info.
The sites attacked are not half of the top 10 most visited sites on the www? We are talking about yahoo! ebay amazon cnn and friends, the guys responsible for the average joe being connected and for most of the traffic on the net. They cannot be slashdotted, they live on slashdotted mode. To take them down needs some skills and a devious mind. Why would somebody do it? I think here the plain stupidity of the challenge manages to be bigger than the skills of the guy(s) that pulled it.
I also had the same reaction as the top comment. An attack like this one, so beautiful yet so meaningless, can only come from that place that does not exist, the no-such-agency. No cracker is so stupid as to pull this one to brag to his pals, this must be some kind of world domination plan from the good ol' US of A...
Looks like this can't be said often enough: If those people had political motivations, they would voice them, as well.
:(
Even terrorists who commit far more serious offenses always offer a statement of their intentions, no matter how twisted those might be.
It's like somebody stealing a car and crashing it. If that person then steps up and says this action was in protest against such and such, then it's still a crime and punishable, but it can also be considered to be an act of protest.
However, if that person just crashes the car and runs, we most likely have a "crash kiddie" who's just doing this for the kicks of it.
So unless someone speaks up and verifies that they're behind this deal, I would rule protest out.
Not that I would like the options that leaves us with.
Baumi
*sigh* the standard of trolls is going way down recently.
- Robin "roblimo" Miller
Hi, dad,
Have you been watching the news recently? There have recently been a number of denial-of-service attacks on prominent web sites--Yahoo, Amazon.com, ebay, CNN, microsoft, and a lot more. Over the last couple of days here, the press has been having a field day with talk of the "rogue hacker" menace. (you know the type.... "Hackers can steal your credit card information...", "Hackers can see your bank accounts, or medical records, or ", "Hackers will kick your dog...". Frankly, I'm getting a little bit nervous.
I want to tell you a little bit about what has been going on in the technical world, so that you won't be dragged along by the hype (hah... as if you would be ;-)
First, I've got to say that this whole thing has really interesting timing. There's a message on the web that I think describes the problem very well...
On slashdot, quite a few people are nervous about it (and can see the *technical* flaws). Check out this recent posting:Third, I wonder about the sites that have been targeted for the attacks. Simply, they don't make any sense. We geek types definately have some companies on our shit list, but in general, these aren't them. Over the past few months, the only really horrible companies have been etoys.com and the bastards in the movie industry (DVD CCA and MPAA). Also irritating are the recording industry (RIAA) and amazon.com. I think that if the recent attacks were legitimate, these would be the targets.
In December, we were furious at etoys.com for filing a lawsuit against an award winning art group called etoy.com. etoys sued because etoy was too close to their trademarked name, and some people would type in the wrong name and become exposed to art (horror of horrors). The kicker is that etoy.com was on the internet in 1994, but etoys.com didn't exist until 1996. A lot of people were very pissed off about the newcomer suing the old timer for having a similar name... A few crackers tried breaking their systems and such, but it basically went unnoticed. The vast majority just dumped their etoys.com stocks, and publicly announced that the behavior was intolerable. Other investors figured it out, and the share price of etoys.com went from about $80 per share to an all-time low of $15 over the course of the busiest month of the year... etoys.com recently decided to drop their lawsuit.
A number of people (including me) are currently refusing to shop at amazon.com because it received a patent on a particularly obvious little piece of technology, and has been suing to prevent others from using it. The patent is for using a "cookie" (pretty ubiquitous on the web) to automatically send your account information to them when you connect to their web site (basically, so you don't need to log on). Once connected, you can place an order immediately, by just pressing a "buy now" button. They call it one-click shopping. It's a neat trick, but also ridiculously obvious. It's also not that big a deal... boycott, tell your friends about it, complain that the patent office is going insane...
The recording industry really missed the boat. A couple of years ago, they didn't support electronic distribution of music, even though that was the format that people increasingly wanted. It's a lot more convenient to carry a zip disk or cd full of MP3s than it is to carry around a stack of CDs. Finding no support from the recording industry, people started converting their CDs to an MP3 format, and sharing them. Anyway, the recording industry has been making lots of lawsuit type noises recently, in a mindless effort to stuff the djini back into the bottle. They're also trying to introduce a new music format (SDMI) that can't be copied (and will most likely die out within a couple of years). They're largely dismissed as irrelevant, but if you do get a chance to buy an SDMI-compliant device, AVOID IT LIKE THE PLAGUE!
The biggest threat I see to personal liberty right now is the Motion Picture Association of America (MPAA) and it's cohort, the DVD CCA. Every real hacker I know is absolutely furious at them. If the denial-of-service attacks on the internet right now were from individual hackers (or even a small group), the MPAA (and it's member companies) logically would have been the first ones hit (maybe even the ONLY group hit). Their story gets a little bit involved.
For the past year or so, Linux hackers have been writing a DVD player for Linux. We want to be able to watch our DVD movies on our computers. One technical problem faced by the Linux coders is that DVDs are encrypted, so one of the first things they had to work on was getting data they could read. On July 15, 1999, the Linux Video project (LiVid) released a program that unlocked the DVD, thereby making it readable; work on the project could then progress.
In November, the DVD Copy Control Association (DVD-CCA) threatened a lawsuit against the programmer who wrote the decryption functions. He pulled it off his site, but other people already had it, and quickly started distributing more copies so that it couldn't ever be suppressed. This is when I got my own copy of the software.
Then things started heating up a bit. The DVD-CCA filed suit against dozens of people (plus 500 john-does) to force them to stop distributing the code, even to force them to stop *linking* to places that distribute the code. Of course, the net effect of that was to bury the sites that had it with requests from people who wanted it.
A couple of weeks ago, the shit hit the fan. The MPAA won an injunction against some people who posted the code on the internet, under the Digital Millennium Copyright Act (DCMA). The judge specifically ruled that the DCMA (which prohibits the publication of computer programs designed to circumvent copy protection) is constitutional, and does not infringe on the defendants' free speech rights. He also suggested that computer source code is not ordinarily a form of expression, and that, even if it were, Congress could regulate it in order to serve other interests, such as the economic interest of copyright holders.
The DCMA was passed overwhemingly by Congress in 1998 (unanimously by the Senate, voice-vote by the House), and it guts most of our fair-use rights. Under traditional law, copyright does not give copyright-holders the ability to restrict you in certain ways, such as restricting the sale of books you've bought (the "first sale" doctrine) or making a backup copy, or copying a small part of a work ("fair use"). Technology has now given copyright holders the technical ability to restrict those things, and the DMCA makes it a FELONY to produce a device which can circumvent them. So in theory, you have the right to resell or copy work you've bought - but technology can prevent that, and if you circumvent the technology, you're breaking the law. "Fair use" was never explicitly eliminated, but it effectively was.
The punishment for circumventing a copy-protection mechanism is roughly on par with murder.
This is bad for all sorts of reasons.
Obviously.
We can talk more about this if you're interested.
My point is, we hacker types are absolutely furious with the MPAA, and with the DVD-CCA. We're trying to beat them in court (good luck on that one -- our opponent is one of the biggest industries on the planet, with virtually limitless resources), by boycotting movies (and, especially, DVDs), by posting the code EVERYWHERE (so that it can never be suppressed), by coming up with anonymous distribution and code-breaking mechanisms (so that the next time an industry releases an encrypted format, we can all work on breaking it quickly, in safety), and everything else we can think of.
Bottom line, it's ridiculous to believe that ANY hacker would target Yahoo or CNN instead of the MPAA. It just ain't gonna happen. Something else is going on here, and I think it has to do with massively swaying public opinion against us, the dreaded hackers.
I could be wrong. This situation might not be a setup. But it sure as hell smells like one.
--Joel
btw, I'd be glad to e-mail you a copy of the DeCSS decryption code if you'd like. It needs to get into as many hands as possible...
The link seems to be down atm. Try here instead.
- Robin "roblimo" Miller
The troll gets one up
On fauxpas' posting (score 2)
Whilst fires burn a glow
Flame begets flame as you know
Smoke the fuckwits blow
take a triptonica to subthunk
Slashdot praises congress for the digital signature act, and rails them for trying to defend the internet?
I think most, but not all, of those who worry about government monitoring of the internet need to think twice. The internet is rapidly becoming a massive, massive part of the econimic structure of the world. While I can't claim to know the details of this new wiretapping act, I can't say I dont want some kind of regulation.
I had a conversation once with someone who worked at mediaone, an idle one, over a mud. When one of mediaones mail servers was under a hack attack and he noticed, this guy threw three t3's of ICMP at the poor saps cable modem until he got in touch with @home and got him shut down. Great, right? I thought it was kind of funny, too. But is this kind of anarchy at work what you want running the stock market? Responsible for raw materials being shipped around the world? Making sure food gets from farms to cities? Imagine the days before direct deposit--if someone could fly a helicopter over your bank and drop 40 tons of pudding on top of it the day you are trying to deposit your paycheck, I'll bet youd be pretty mad. Thats how the net works right now, folks. Any idiot who feels like it can clog things up for no good reason.
The internet is fast, fast approaching a point where it is within every facet of our lives, is vital to every level of the production of things we take for granted in modern life (what would happen if someone DoS'd your city's sewage system in 10 years, when it might be wired to the point that it mattered?). If the internet is going to be so vital to our lives, and it is, unaccountability cannot play such a large role in it.
Now, again, I must stress I don't know enough about Clintons new wiretapping budget, and in fact, it's probably a privacy-violating, unenforceable load of monkey crap, going by the Clinton administration track record with technology legislation. But some kind of regulation on the net, while not overdue, is going to be due sometime.
ben
cabal@home.com
The goal here is to get root on a few hundred systems, or more
One of the most frightening things about these kinds of attacks is that there is no need to get root. In most cases any user account will do. Think about the big hosting providers: they have machines with excellent connectivity with thousands of users connecting with telnet, ftp and pop3 exposing their passwords to snooping. It doesn't help if the system has excellent local security against gaining root access and and the administrators use only ssh. The attacks look exactly like regular web traffic - connections from unprivileged ports to port 80 - any user can initiate such connections.
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
I don't know if this is related or not but my pings in Quake 2 the last two days have really skyrocketed...instead of the typical 50ms I'm in the high 100's!!!
I hope this stops soon!!!!
(Before I get dropped a point...notice my online name)
:)
I'm still working on a clever footer.
Granted, these attacks probably made these companies lose mass $$$ in revenue, so it's a not a real good thing for them....
BUT it may actually make people want to "hurry" the switch to IPv6! If I understand correctly, in IPv6, if you spoof, the routers (or something like that) wont forward your packet (and if it makes a log of it!) providing no way to fully mask your identity....
With IPv6 man, woman, child, chicken and sheep could have an IP address!!
Anyone figure out a connection between all these sites that are getting hammered, or is it just random? Perhaps someone had a beef against their former boss (the disgruntled employee theory).
I always suspect the butler!!!
Sig (appended to the end of comments you post, 120 chars)
These guys/kaids are getting very annoying. If they had a purpose it would be one thing. I'm guessing they are just doing this to give themselves a reason to whack off at their computers. 'I'm cool! I took down CNN. Oh yeah! Oh Yeah! oh Yeaaaaaaaaaaah!' :P
I think it is time we came up with a new term for this group. We have Hackers and Crackers, of which they fit neither. I propose a new group:
UPDiCs - Useless Piles of Dividing Cells. Now if some one could just go ahead and degause these UPDiCs hard drives along with giving them frontal lobotomies, I would be very happy. If we can't do that, lets just fill up there data storage devices with Janet Reno Porn!
Maybe not a revolution so much as retaliation. Remember Pirates With Attitude (PWA)? They got raided February 4th, and the story was covered at ABCNEWS.com , amoung other places. I would imagine that those that didn't get swept up, along with PWA sympathizers, took exception to law enforcement's feeling of success and decided to give as well as they got. Of course, that's just my opinion...
> no more 2330.flame haikus for you!
Gods, can I never be free of you people and your tumescent lobster posts ?
25% Funny, 25% Insightful, 25% Informative, 25% Troll
Just out of curiosity, why are whoever is doing these attacks called "crackers"? I understand the push for the term cracker instead of hacker, but i don't think someone who's doing a DoS attack is either one. Heck, if anything, they're more of a hacker, since they probably put together code to perform the attack(s). Personally, i'd break from the geek speak for this one and call them what they are - attackers. What do you think?
The article about the Denial of Service attack is here.
It could have easily been defeated with a utility like Tripwire
NJV
they got slashdotted... fear the slashdot effect...
To decide what is the fair level of punishment for the person or persons initiating such an attack, compare the punishment for similar actions performed in meatspace.
These actions have caused the loss of hundreds of thousands of dollars, without any violence or risk of physical harm to the victim, and without any prior established relationship between the perpetrator and victim. Some good examples of meatspace crimes that fit this schema are grand theft (as distinguished from robbery) and forgery (as distinguished from embezzlement or fraud).
In both cases, out legal system suggests the jailing of the perpetrators. If you feel that the people that committed these DoS's should not be jailed, please take the time to reconcile this belief with your feelings about non-violent jewel thieves. It is reasonable (though I disagree) to believe that no non-violent criminal should face our terrifying rehabilitation system. It is not reasonable to say that computer criminals are less culpable than an equivalent meatspace criminal.
Regarding two common rebuttals:
"Commercialization of the net" - There are more non commercial sites on the net every day. It is easier to find the commercial sites, but it is also easier to find the non-commercial sites than ever before. Do you remember 1994? You had to read magazines to find good sites.
"It's their own fault for having poor security" - While I agree that Yahoo and company should learn a valuable lesson and hire more and better security specialists, that does not mitigate the wrongdoing. If you leave your car unlocked and it is stolen, the thief should be put in jail *and* your insurance premiums should be raised.
Stop-Prism.org: Opt Out of Surveillance
Law enforcement will never catch up with the script kiddies. Sure you may catch a few of them, but the idea that it can protect electronic business is absurd as the idea that NOAA could control the weather.
I like to think of web sites as being like the old wooden ships -- they are technologically primitive (in that the ship's carpenter could probaby build one from readily available materials) but requires tremendous skill and expertise to sail. They come in various designs from the coal scows (intranet sites) to clipper ships (the Yahoos and Amazons of the world).
The sysadmin is the captain. When he puts to sea, his responsibility is to see that everything ship shape and prepared for everything from hurricanes to pirates. The captain who loses his ship to a freak storm or in uncharted waters may get another command, but the one who founders on a charted reef is disgraced and probably ends up making his living as a longshoreman.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Assuming these sites were targeted for some type of revenge, what did buy.com do?
I know Amazon.com has the patent thing, Yahoo is owned by the AOL or something, CNN is owned by Turner, who has pissed off just about everybody over his lifetime, but I thought buy.com was good?
I was all proud of myself the other day because I was helping a blind dude who wanted to buy a load of CDs from amazon.com, and I told him I wouldn't help him buy from amazon (and explained why) then proceeded to show him buy.com, and help him get about $100 worth of CDs there (saving him about $30 over amazon in the process)
now I find out that buy.com has probably done something worse. ack. is there a database somewhere of evil companies ranked in order of evilness?
or maybe this was just random.
Some popular sites go down for a few hours. I really have difficulty trembling over this. Yes, it's illegal and yes, it's wrong, but I can't think of any .com that will seriously harm us, or undergo serious harm itself, by being out for a little while. ebay lost millions, but that was due to skittish investors, not to anything inherently destructive about being unavailable. The best way to encourage things like this is to give the perpetrators lots of publicity and make them feel like like Big Scary L337 HaX0rs. Dignified silence (and law enforcement) will make them realize how stupid this all is.
-----
Go ahead, blame me... I voted for Nader!
Note that the protocols used to communicate with these slaves is *known*, how to detect these slaves is public knowledge, and most of them use hardcoded passwords, and *all* of them use known exploits.
With the increase in penalties for computer intrusion, there is no longer anyone to go in and lock the doors afterwards. If someone of enough maturity to understand the risk were to do so, they would easily be prosecuted for the sum of all damages
Meanwhile, a small group of mostly minors can use these systems and make national news (and the front page of some local newspapers! - How is *that* for never leaving your computer?)
This is excaberated by Redhat's marketting driven policy of "expose every daemon", Sun admins with the intelligence of sea monkeys (and the constant bugs which are found again and again).
I think that it would be MORAL, although not legal, for those priviledged to live in a "free" country, to do massive scans and penetrate systems with each new security hole. At which point, they would leave a message on console, and apply the patch, probably in an automated fashion. The presence of networks of rogue hosts on the net is damaging to everyone.
Just a quickie here... I see a lot of people posting who seem to be under the impression that distributed DoS attacks implicitly imply co-operation of more than one person. In many cases this is not true. The core to a Distributed DoS is to gain unauthorised access to many machines and then to use all those machines at once to Deny Service to your target. This can, with some simple scripting all be done by one person once they have gained unauthorised access to enough machines.
:-)
So we're not necesarily looking at a new era in anarchistic co-operation
No, it's a sad commentary on the direction the internet is taking. Radio used to be an exciting new technology, promising instant communication, like the net.hype promises today. Then it was dominated by large corporations, and today it is nothing but top-40 crap and insipid talk shows. Anything creative or thought-provoking has been squeezed out in favor of safe, easy to digest, bland, boring, profitable pablum.
I don't think you can compare the two media so directly, here. The reason the Web has taken off is the accessibility that anyone with relatively minimal means has for placing content on it. Even in its heyday, radio never allowed people to step up and broadcast their own arbitrary material over it, unless they were heavily moneyed corporations or whatnot. The Web allows these companies, as well as any other entity or individual with something to share, to all live in the same space. The big companies have the flashy advertising, but that doesn't mean that your website or mine is going to go away, or even receive fewer visitors; heck, they'll probably get more hits, if anything, if the urging of megacorps draws more people to investigate the Internet for themselves.
So the moral is, this is the first medium that really does promise room for us all. Don't be discouraged just because some of the noiser users have a purpose in mind you don't like; just keep visiting the sites you like, and keep building your own!
J
MacOS Open Source
jmac
Actually, it's not as far fetched as you may think. Just last week there were reports of a Red Army (Chinese) publication that specifically cites Internet based attacks on the U.S. information infrasturcture as one component of a 'Total War' with the U.S., which they believe to be inevitable. So perhaps it's just practice.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
It seems to me that there is a "simple fix" (conceptually simply anyway, it is probably many times harder than it sounds).
Since so much modern routing equipment can monitor and limit traffic, perhaps the routers can be modified to detect unusual increases in traffic. When the traffic levels exceeded 2 or 3 times "normal" high averages, bandwidth limiting would automatically kick in.
To be effective, the tracking and limiting would need to employ some very sophisticated statistical analysis, monitor aggregate traffic between pairs of subnets, and be deployed on all backbone border routers.
I realize this is a very hard problem that will required router firmware changes operational changes by the backbone providers. But, we need preventive solutions to this kind of a problem or the new eConomy that employs many of us could take a serious hit--either due to the cracker/vandals or through repressive (and potentially invasive) governement monitoring.
Okay, we all know this was the biggest attack on web community so far. Right? How do you think they did it? A virus on people's computers or was it something more?
I think this has a bigger purpose than we hear it does. I don't get why Yahoo! Japan was attacked too. Is it perhaps because them hackers where from Japan or do they hate Japan? If they did that out of hate, then maybe they did that to US sites out of hate too? The closest country that just might have enough power and skill to do such a thing is China; not to mention that they hate both US and Japan.
Hmm, this gives me an idea. Since RIAA and MPAA hate the Internet/Linux people so much, why don't we just DoS them outta net? I think our Linux community is large enough to do such a thing. If we actually do it as a community who and how would they punish us?
- Z
i would enjoy seeing these criminals taken to court and sentenced to at least a healthy 20 years in jail
Do I really care if Yahoo, Ebay, or Amazon get attacked and are forced to shut down?
I think not!
I could care less about CNN one way or another. But the former three companies are indictive of what the net is becoming. I don't use any of these companies and I probably never will. So they had to shut down for a little while and lost a bit of money. Big deal! It's not like they can't afford it (well maybe Amazon can't).
Or maybe I'm just tired of my Simpsons and South Park episodes being interupted every fifteen minutes with those @#$%!%^ annoying "Dot Comm" commercials.
Now the targeted sites can raise their publicity fees arguing that being among the attacked shows they have more mindshare among the population. Eventually the attackers will be selling the rights to their story and conducting security seminars. Like "Subcommander Marcos" of Zapatista fame in Chiapas Mexico said, "If I had known we were going to be so popular, we'd have made thousands of T-shirts before the uprise"
The problem is, is that you are only speaking from your own perspective.
:) Personally, I do not think the Seattle protests accomplished a damn thing... same thing as this (if it is indeed an organized protest). Sure, it grabbed headlines, but all of it is going to be lumped together with the "protests" at Woodstock '99. It all looks so immature from the outside.
There are countless others out there (way more than you and anyone else you speak of), that are going to be starting a revolution of their own kind. And I am speaking a subtle revolution...
A lot of people are scared to death about this, about Columbine, about Seattle, about guns, about pornography and about the internet in general. They are "concerned" about their children. They read the news and believe it. They want more control. They demand less freedom. They need more protection.
I am going to go out on a limb and make a guess that you are twenty-something. Well, we are quite the minority right now, and are not taken seriously. How much respect does the "Slacker Generation" get?
I too believe we are starting to lose a lot of our freedoms, I really do. It genuinely frightens me when I see this shift away from people taking responsibility for their own actions. But that is what the majority of people want right now.
The problem with the movement that you advocate (and so do I), is the way it comes across to these people. We want to watch porn, do drugs, crash systems, listen to songs and play games endorcing benevolent violence, build plastic explosives, vandalize and corrupt children... but it's all in the name of freedom. I think this is what a lot of people see. What we are fighting is a lot more difficult to see and understand than, say, the civil right's movement. There is an instance where a young generation actually made a difference... but they were not fighting for porn and violence!!!
The trouble is going (and always has been) to be trying to get people to see around that.
And someone will say, "And your point was?"
I have absolutely no idea.
It's somewhat suprising that the top 5 web sites all seem to have been hit now EXCEPT for Microsoft.com? And Bill Gates just happens to have a lot of free time on his hands? Coincidence?
If I was behind all this, MSNBC would have been the first target as their "Hacker" coverage truly sucks.
I am not a number! I am a man! And don't you
This is funny, but I think someday
:)
1) Apache will have a slashdot.o module to check whether the site its running is mentioned on slashdot, and if so alert the owner of the site about the disaster and ask him to shut off all routers leading to that machine.
2) Goverment will ban sites like Slashdot becuase of the slashdot effect...
3) CheckPoint will have patches to check slashdot periodically to find out if the sudden traffic is due to a DOS or SDE (SlashDot Effect)
4) NSA will make a ruling that no news site may offer the same news at the same time to more than 1 million people at the same time. So slashdot would have to add new authors so that they have enough news to take care of the news hungry geeks.
5) HACKERS of the world will unite and take over Slashdot, to put the name of the site they want to take down on the slashdot page.... SLASHDOT is the next big thing after Distributed computing... Distributed DOS
Finally
6) Government secretly gives a few OC48 and a few super computers to Slashdot just to keep the news hungry geeks busy.... [and hopes slashdot stops mentioning www.whitehouse.gov everytime they wanna protest against NET policies]
Had a good day reading about these attacks... I donno whats next. I think its time to switch to doing some network security stuff... I can start with filtering the advertisements on top of the slashdot page
Have Fun,
rkt
Terms like 'traffic shaping', 'rate limiting' and 'priority queue' all refer to the same basic concept- giving traffic from certain hosts or networks or using certain protocols priority over other traffic.
There are more subtle DOS attacks out there which are much more difficult to defend against, however it does not appear that these were used against Yahoo.
I do not deploy Linux. Ever.
Maybe I missed something, but aren't attacks like this only possible when an ISP doesn't enable outbound packet filtering? i.e. just like they have incoming router rules saying they will accept packets for their domain (192.168.0.* as an example), can't they also have outbound routing rules that say I'll only xmit packets that originate from 192.168.0.* Is there a compelling reason not to enable this? Can we start some kind of movement to educate the ISP's that they need to do this? If most of the ISP's could do this, we'd be able to discriminate against the ISP's that dont on the BGP level (where you have to have an accountable routing address). Kind of like people used to block agis.com email because it was a spam haven. I'm certainly not an expert on this, can someone pick this idea apart? Thanks! Bill
It's an e-monstration by angry netizens... but WHO are they and WHAT are they picketing against?
Just about as silly as an angry mob of people, all concealing their identity holding up protest signs with nothing written on them.
---
Consider that we may not yet be 'out of the woods' in regards to Y2K / Leap-year issues, which could well be incremental. Details? I have none, for I too, lack a Clue....
**>>BELCH
Yes, the attacks lately have one common denominator - the media definition of "hacker." Perhaps the sites were attacked because of their involvement with the credit card stealing and ransoms.
Here is a frightener for you. Millions of people have their savings, and pensions, tied up in dot.coms at the moment. Pension socialism is something that alot of people have been talking about for a while, if we all have a stake in mega corporates, then they will have to do what we say, act in our interest ectra. The pension funds represent massive capital warehouses. Now, lets say that you want that money. What do you do? Well, you buy a load of shares some years ago, you venture out some seed capital... You wait, and you stoke the shares up. A few little things can be done to help you here... if you have access to the media, you might run a load of articles that announce that billions can be made by any fool, you let things run for a while to encourage confidence. Then you sell. Now, when you dump your stock it will be snapped up by the hungry punters, but pretty soon, they smell a rat. They try to get out, to limit their losses. But lets say, for example, that they can't go anywhere, lets say that all the online trade sights are down, lets say that their broker can't even sell for them. All they can do is sit, and watch the prices spiralling down, and down. You, on the other hand, have cleared your position. Things are bright - you have the money now. But for the punters... Bye bye savings, hello starving in a basement eating cardboard! You might not think that this effects you, but if you have any managed saving account it almost certainly does. Reminds me of cons and pyramid schemes throught history. If it looks to good to be true, it probably isn't.
--------------------------------------------- "In the end, we're all just water and old stars."
The X-Files conspiracy crowd will refuse to belive this, but there's a few simple reasons why such theories as the CIA planting bombs on planes and U.S. Government-sponsored DoS attacks are total bunk.
Government employees generally don't rank high on the trust or confidence scales. Sometimes, a few of the high-ranking ones get caught doing something illegal. But the vast majority of government employees, IMO, have two major concerns in their day-to-day work experience:
- "When do I get off of work?" and
- "How can I cover my own ass?"
Killing their own citizens or costing their country's corporations millions of dollars are not on the agenda. Sure, they may consider doing that to other countries, but nobody shits where they eat. That's Reason #1. You don't bomb airliners, because your best friend's favorite aunt may be onboard. You don't DoS E-Bay because your partner's spouse is bidding on that one item he/she really wants.I'm not even factoring in that much-rediculed characteristic, patriotism, which would keep a lot of folks from taking part in such plans.
Reason #2: It's damned hard to keep a secret. I cite the U.S. F-117, aka the "stealth fighter". America was developing an 'invisible plane', and everybody knew it. Even some model companies came out with "concept" versions of the fighter before the USAF ever went public...and those models had remarkable similarities to the real deal. How so? Contractors and military members saying a few things too much, is my guess. It's hard to totally keep a secret if it's a big one; killing your fellow citizens or damaging large corporations is such a secret.
The DoS attacks are the work of a small group of vandals, not the "Shadow Government". Turn off the TV and turn on your brain. Think.
Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.
Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.
The sysadmins in question haven't taken the appropriate (and well known) steps to lock down their systems. And these highbandwidth servers aren't exactly common-place -- a better analogy might be to keeping a dangerous animal in a residential neighborhood; if you're going to do it, you'd better do it correctly. Tort litigation is all about "did the person exercise the same care that the average similarly situated person would/should have exercised", and here the "average similarly situated person" is a sysadmin of a high-profile website, not the average schmuck on the street with a passenger car. If I try to erect a 200 foot obelisk in my back yard and it falls and hurts someone, I'd be liable for not exercising the care exercised by the average architect/construction-worker, not by the average joe-sixpack.
By all means, hold the commercial OS manufacturers at fault also. There's too much shoddy work on all sides, and it's time to shift the burden of that shoddiness back onto the people with the most power to prevent its occurrence and away from the innocent bystanders.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
I'm not sure about the technology involved here, but is it possible that these DoS attacks are being done for another purpose besides denial of service? Is it possible that crackers are using the DoS attacks to cover other, simultaneous, attempts to further crack into these systems? Or possibly trying to see how these companies react to the attacks and see if they accidentally open up any security holes as they run from the DoS?
The person, or group, who is doing this is about to cause some major problems between the government and the at-large computing community. I can see in the near future a large amount of time and money being spent in a futile effort to stop this behavior. This will surely result in a lot of unfair laws and regulations being imposed upon those persons who are not malicious. In effect, the government will punish the innocent, as usual.
This can be avoided by using one of tho simple methods:
1. Simply stop. If the person, or group, involved has no demands, or motive, they should stop this foolishness immediately. This is not a glorious solution, but if there is no message to be portrayed, then please, don't hurt the fight against the MAN (meaning big business).
2. Take credit and state the message. This is the solution with the flair. The group involved should find a way to get their message out to the public, and freely state that this is a true battle against the power of the MAN.
Thanks for the time
-ShelbyCobra
Living life in the right side of the s-plane
the person(s) that is(are) causing these attacks is(are) reader(s) of /. . After all, do you really think that there are geeks that don't read /. ?
"...and postin me too like some brain at AOL-er" -- Wierd Al
The WWW is a big infomercial. 80% of it is ads. I just stay on the news and developer sites most of the time. Too many people are wasting their lives in Yahoo Chat. But I'm not bitter! Just as long as there are no DDoS'es on cool sites. Actually, these DoS attacks are terrorist acts. I smell jailtime.
Don't you guys see? we should all ban together and DoS microsoft.com until our demands our met! /. =)
1. Release Microsofty Winblows source code.
2. Change Winblows startup screen to Bill getting hit in the face with a pie.
3. Bill Gates to be forced to wear a penguin costume for the rest of his life.
4. Pay people to use Microsoft Winblows.
5. Never port any of microsft software to linux.
6. and last but not least have microsoft.com redirect to
How do they claim responsibility in a way that people will know it is them without revealing enough information to land them in Jail?
If you deface a website, you can at least leave your message behind. With a DOS, you don't get that opportunity so there is no direct association between the attack and the related political message.
All of the targets have been the big names in commerical internet sites. CNN was probably targeted over other news sites because it is part of the AOLTimeWarnerTurner cabal. So, it would seem that this attack was launched by either people with issues against commercial sites, or it was part of a government conspiracy. I lean towards the latter, but then look at my e-mail address and it will become self explanatory
---
This sig has been temporarily disconnected or is no longer in service
There was an article less than two months ago about a Mac OS9 Flood Attack capability. John Copeland had discovered that macintosh computers could be used, against the owner's knowledge, to create a massively distributed DoS atatck quite easily.
Has anyone analyzed the packets to determine if they match the requisite 1500 byte ICMP Echo-Request packets? The quote below seems to indicate that, if this is indeed what is going on, it cuold be prevented quite easily.
The Internet Service Providers (ISPs) must take action to drop long ICMP packets in the backbone networks (any packet longer than 1499 bytes, at least). -- John Copeland
You should never, never doubt what nobody is sure about.
You quitting proves that the karma kap worked. The most annoying of the whores shut up. --CmdrTaco
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
ZDNet was hit this morning by the exact same type of attack. See the story here. After seeing all the anti-Linux FUD on ZDNet, maybe there is something to the "revolution" theory?
Oh yeah...for what it's worth, ABCNews did an analysis of these attacks; an analysis which I find refreshingly honest. To sum: people who whine about these outages have unhealthy, unrealistic expectations of their technology.
Finding God in a Dog
Laws are made to protect society against assholes
of every kind. Some are made to protect assholes
from the society but that's the problem with
politicians who thanks those who pay for their
election.
Most laws are legitimate and must exist to keep
society from going down the toilet.
By stating that no laws are justified you are
implying that killing your mom or your wife
are within your rights.
This line of thinking will drive you to the
death row.
Um. There was no community before yahoo? What? Yahoo made the web synonymous with the Internet? well, for the folks who weren't around before. Most of my best net acquaintances and experiences happened outside of the Web; they happened in old telnet and dialin BBSes, MUDs/MOOs/etc., IRC, or just people talk and ytalk ing on the local unix machines. Communities exist in USENet, listservs, and all other more interactive areas.
Great,so the web made connectivity popular and faster. Fine. wonderful. Yahoo was instrumental. Fine. Wonderful. They have a nice, no-frills interface compared to most other portal sites. (which is why I rarely use portals, but hey)
But Yahoo did NOT begin communities online. Maybe you haven't bee around long enough to know what a shell account is, or to remember what connecting from home was like without your very own TCP/IP stack. Maybe you were never good friends of Veronica, Archie, or Eric.
That the Internet is so handy and ubiquitous is a great thing. But the original point of the poster was that the Internet is still, despite pressure against it, a place where all soapboxes can be equal.
That being said, I'd rather this newfound dDoSes be used for good rather than hitting high-profile sites (whatever happened to hactivism?), but even this will possibly spawn increased security awareness. L0pht claimed they could take the 'net down in 30 minutes. Most of us believed 'em, now maybe the rest of the world will figure out that this is indeed possible and not limited to the exclusive knowledge of the l0pht crew.
Returned Peace Corps IT Volunteer
What is becoming clear to me is that someone has been planning this out very carefully. I'm wondering if there have been any quiet blackmail messages sent to site owners -- "Send us a cool half milliion or you're next."
As a network/sysadmin, this kind of stuff scares the shit out of me.
As a citizen of an ever-encroaching big-brotherlike planet, this kind of stuff makes me sleep better at night.
To whoever is pulling off these attacks:
You're our well-armed militia. I think it's important that people can do this if necessary. I think it's crucial to the freedom of future inhabitants of this planet that people have the ability to do this.
The more you pull stuff like this off, the better their defenses are going to be. Every time you whack a site, they're gonna analyze every move you made and figure out ways to defend. Don't give them the bits they need to put it all together.
I can't stress enough how important it is that the people have the ability to do this in an age when government surveillance is reaching ludicrous bounds. Our cell phones and cars will be tracked, our movements will all be known, and it's not too much of a leap to see that all of this will be done electronically. It is absolutely essential that the people have the ability to throw off the system if need be.
I'm not even pro-militia in the sense of today's publicized militias... I'm not some wing-nut, I don't even own a gun, or even like them. I just realize the importance of the people's ability to defend themselves from oppressive governments or "New World Orders" if push comes to shove.
with a last updated stamp of 01/01/97.
Hi,
:-( When will they learn what a "cracker" is?
I just got off the 'phone with the BBC
Information department, correcting them on their
coverage of the DOS attacks on tonight's 6 O'clock
news. Here are 4 mistakes that they made:
1). They did not correctly describe how a DOS
attack of this nature occurs. They indirectly
suggest that these DOS attacks were just ordinary
web page requests of the type sent by an ordinary
web browser, just on a larger scale.
2). They erroneously state that Yahoo (and others)
contacted the FBI. In actual fact, the FBI contacted them.
3). They do not correctly describe how these "new"
distributed attacks are undertaken - simplay saying that these people used systems without permission (very very vague)
4). They use the term "hacker"
Jonathan.
http://www.jonmasters.org/
Too bad you can't moderate down articles, hell it wasn't even an article, it was a personal opinion, NOT from the article poster but from someone else. Even mode=nocomment shows this troll....
<grub> Reading
And you're basing this on WHAT? Your friend the postman?
READ THE BOOKS BEFORE YOU CRITICIZE ANYTHING.
That's just naive. How do you explain the CIA projects that our government has ADMITTED TO wherein the CIA injected people with horrible toxins and exposed them to horrible amounts of radiation to see what would happen?
Patriotism is the reason people DO this stuff. I remember a former government employee being asked questions about a nuclear test in the deserts of nevada. They KNEW fallout would land on this particular town (I forget which one) and the interviewer accused this guy of being a criminal for exposing american citizens to ratiation and not telling them. He said, "I did it for my country, how else were we going to beat Hitler and Japan?"
That sounds like blind patriotism to me.
Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.
I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.
But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something.
Noam Chomsky has a great phrase to explain these kinds of arguments.
They're true because they have to be. No reason, they just have to be.
Ignore Alien Orders
FYI:
I'm listening to Talk of the Nation right now on npr. They've opened a forum to talk about the recent DoS's. They have two guys - security fellas - didn't catch the names. They are covering pretty much what's been discussed here, but it's still neat to listen to.
"shop smart:shop s-mart" ash
...But Denial Of Service sounds a lot like the /. effect. While the slashdot effect is the result of many people trying to access one site at the same time, the DoS attacks follow a similar principle, but the DoS utilizes software to maliciously bring down a server. This understanding may be incorrect, but think about it for a second. Rob, I know this probably has been mentioned before, but I agree with the people that say that prior to posting a story, it would be a wise idea to either mirror or cache the website similar to what Google does. I realize the amount of space that this would take up, but it would be very helpful...
Buy the ticket, take the ride.
Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.
It's funny how concepts one refuses to believe in become "naive".
My argument has nothing to do with thinking that "we're the GOOD GUYS"; it has everything to do with the fact that people in general don't want to put up with the hassle of keeping things secret, breaking the law or having to constantly cover their asses.
This is precisely the type of knee-jerk "THE TRUTH IS OUT THERE!" reaction I was afraid of getting when I posted my first message. The fact that the response was moderated up leads me to believe that quite a few people out there somehow think that the U.S. has alien bodies from a crash at Roswell, too.
I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.
But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something. No, you're right...it's far more convenient and fascinating to blame it all on a Shadow Government (hell, let's just call it Big Brother) which, in addition to having to deal with threats from other countries, has enough resources to conduct massive campaigns to keep its population in check.
Please, PLEASE cite me some of these references. After I'm through going through the tons of books, magazine articles and handbills written by credible authors who have done thorough research using established procedures about the Loch Ness Monster, Area 51, and Bigfoot...I'll be sure to read about the CIA's campaign against America.
Also, please be sure to mark which publications talk about the CIA spreading crack through urban neighborhoods. That should be especially good reading.
The simplest solution is often the correct one. Stop believing in the Boogyman and direct some of that critical brainpower towards the "exclusive reports".
Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.
Online gaming for motivated, sportsmanlike players: www.steelmaelstrom.org.
Another thought just came to me. In addition to those factors already mentioned (DoS attacks of unprecedented magnitude on multiple targets, all US targets, Clinton Administration just recently calling for increased regulation, etc.) there's another factor lends credence to the "the NSA did it" theory -- wasn't Congress just recently looking into reigning in the NSA in a *big* way with new regs?
What better ammunition to bring to Congress to argue *against* budget cuts and oversight than "Oh look! Hackers are bringing down computers all over the place! We need *more* power and money, not less!"
just an idea i came up with reading some recent news aobut what the gov is up to on the law front and thought to my self hmm good timing on this "hack attacks" for laws to be pushed throught the house and what not, hell bet the nsa gets more money from all this media to it is an elecetion year after all :) interesting to since clinton didnt go with all the 3 letter agencys with teh whole wire tapping thing.. makes ya wonder huh so take this all with a grain of salt while i get back to schoolwork :) With the recent attacks on such high profile websites as ebay.com, etrade.com, buy.com and several other high profile sites it makes u wonder is the web really secure? Or is something behind this all that has a greater cause I mean anyone who has half a brain can figure out the answer to the first question HELL NO the net isn't secure, does the society know that as a whole? no most people are ignorant to the net and how it all works, hell just the media coverage of this whole event is comical, I have heard such phrases as a team of super hackers to maybe a 15 year old genius is behind this all.. Get real folks this attack was coordinated and planned out which means that it had to be orchestrated by a TEAM of people.. Another interesting point to this whole situation is the fact that no one has come forward to claim responsibility, now this may not seem odd to most but to me it strikes a very, very bad note in my ear, I mean in this age of hacktivsom and web defacements it seems that "hackers" (note sarcasm) are in it for more of an ego boost of there most manly nerdism. ,I mean really if there was a group of hackers out there who were private and had some sort of motive don't u think they would have said by now free Tibet or some bullshit like that? but what do you hear from the underground??? NOT A DMAN THING! everyone is trying to figure out who is behind it all what is their motive? well what I present to you is some what of a I guess u can say a "paranoid", I may not be the most educated person in the world but by sheer correlation some of this stuff IF true is kind of interesting this is by no means a final opinion just a thought I wish to share with the world to further conversation on this topic.. WHAT IF this so called team of hackers was federally sponsored? I mean we all have read about the feds building up cyber terrorism groups for security we all know that there is a HUGE push int the senate and oval office and Langley for more money to be spent on security. Even the larger software companies are lobbying for laws that include such oddities as waving of personal rights of privacy b(by means of remote information gathering and licensing bla bla) wouldn't it be great to get mainstream America on the bandwagon of surveillance on the net. I mean if the mainstream was behind the gov on passing billls that are now very controversial in dealing with personal; info and privacy maybe they could eek by some questionable laws in the name of joe public, hell with the revelation of echelon that just shows that WORLD governments are in on this mindset of the government. I mean think about it if the government WERE to "attack" sites what better attack then DoS attacks? I mean really they cause no harm they don't corrupt data or kill servers all it does is clog the line for a bit yes there is revenue lost but nothing nearly as catastrophic as reformatting a HDD, it is a relatively "safe" attack, but it does garnish media attention image not being able to log on to the worlds largest website for 3 hours!!! OMG the world is going to end what is happening? talk about publicity for those who don't understand the net it must seem like Armageddon I mean relay those super l337 hackers must be skilled, in all reality what better cover I mean in an attack of any sort you don't want to give away your potential to the enemy right? no need to clue them in on your true skill, plus if u use a lame attack u can say its readily available and blame it on any lil "script kiddies" right? so lets go back to the whole gov idea.. if a government was behind this wouldn't u want to attack in a way that would cause little or no damage but garnish as much media hype as possible? and then be able to pin it on Aol like 15 year old script kiddies? I mean what more of a perfect wrap could u develop? and if some how it was traced back to a government in some rare way (very very unlikely cause if a gov was behind it they would be using a private domain) all they had to say was HUH omg this 21 year old sys admin pulled on us bad bad super hacker, when in all actuality an idiot could run a program and click send, I by no means am saying imp an expert here but just merely a person with an opinion and some ideas and a possible view on a problem that has happened.... and hell by me writing and sending this over a wire to the net it will be recorded and sifted thought by some 3 letter agency and possibly flagged for further investigation, u ask how? I respond by saying the governments of the world have allot at stake in this new era of tech and they want more control over the way things function (for sake of national and international security of course) well plse respond to this post with ideas/comments as imp interested in others view points... PacktSwtchd PS (plse take into mind I wrote this up between homework so my thinking process is fried a bit plse email me back if you read this message as i will or can write adn article that diggs deeper into this
...just a Y2K glitch. The only way to fix it is to employ thousands of programmers with obscene salaries. Hurry, CEOs of massive companies, hurry before it hits you!
Chris Hagar
"The price of freedom is eternal vigilance." - Thomas Jefferson
The more I read, the more I hear about how Uncle Sam is "going to get involved". I concur with an earlier /. poster who said that the gov't IS the one doing it. Now people will knee-jerk respond and let Congress pass some ridiculous thing like the FCC for the Internet. Go AX.25/PGP, its the only way to be sure.
I want to delete my account but Slashdot doesn't allow it.
I haven't taken the time to read all 550+ topics in this thread, so please forgive me if this has been touched on already, but,... Conspiracy and paranoia theories aside, I think the possibility is there that this DoS attack was perpretated by some dissatified individuals on the internet. At a time where the RIAA and the MPAA are laying the proverbial smack-down all across the virtual board internet-wide, and in a age where there are a lot of unhappy people on the internet, I'm frankly surprised that a wide-scale attack like this hasn't happened sooner. But, on the flip side, the fact that neither Microsoft or AOL have been struck by a DoS attack is puzzling to me at the very least. Furthermore, the attack on the ZD sites and CNN.com does not strike me as a the actions of internet activists, those sites being largely journalism entities. (Although ZDTV was all over this story like a cheap suit last night with "special reports", with a few more special programming things being aired today. Maybe the hackers didn't like the way that ZD handled the story. On a personal note, I thought it was kind of pathetic when Kate on The Screen Savers begged on the show last night for the hackers to stop.) The sites that were hit don't really strike me as "big-name" sites in the sense that it is a political statement, like I said, where is MS, AOL, etoys.com, etc., etc. Yahoo, Amazon, and eBay I understand, but buy.com on its IPO day? e*trade? ZD and CNN? The sites hit seem to be the sites that would get the most *publicity and TV coverage*, which leads me to lend credit that maybe the Government made some kind of list that included two TV channels with huge internet sides to them, a IPO/big online store, and a few of the biggest portals on the web. It's too robotic and planned for my tastes, especially since no-one's taken credit. Anyways, I've rabled enough. I just discovered slashdot a month ago, and this is my first post, so be gentle. Bo Bankson
hey, just because i own several guns and have no penis girth to speak of...
The term "crackers" is the wrong term for the people that are perpetrating these attacks. The word "vandals" (used here) is much more appropriate. These attacks are more like someone going to the mall and boarding the whole place up so no one can get in, rather than a cracker who would go into the mall and break stuff.
Chris Hagar
"The price of freedom is eternal vigilance." - Thomas Jefferson
This is what they want to produce... they create chaos and then come with the solution: more legislation = more control
HTML is obsolete. It's time for a new, simpler and richer markup language.
Just saw the news report on this on ABC, and they hav Kevin Mitnik on to comment. So he did find work that doesn't involve him using computers... i guess most slashdotters were off on this. Now everytime a new MS-Virus is released, or some major site/network is cracked, we are gonna hear from him.
Opinionated Law Student Strikes Again!
It's poetic justice if you ask me...
These companies jumped onto the internet with a view to selling something, they wanted to mould the net into one big online store, with advertisements left right and center.
They did this with no regard for what the internet actually is (a community) and how it works.
It's not their internet, it's not the governments internet... it's our internet, and the sooner they wake up to that fact the better.
These cracking attempts aren't an "attack", they're a suggestion. A suggestion that they, and other 'e-commerce' sites behave themselves on our internet!
Which is worse DoS attacks, or Spam?
"How much truth can advertising buy?" - iNsuRge - AK47
A cracker is someone who cracks into a computer system, computer software, or destroys data or services. This is a negative thing.
A hacker is simply someone who writes code. I mean, why else would we refer to a quick bit of code that we've just fixed as a "rough hack"?
Get your terms right ppl!!
Digital Philosopher. Looking for work.
Does any one know that what's happening to these sites is *really* a human initiated DoS.....every one seems to point the finger....or am I just missing some vital information. I have seen very similar behaviour on large networks when the routing breaks and an ensuing packet storm erupts with the routers all trying to update each others routing tables....some protocols are worse than others particularly the likes of OSPF. So if some thing happened to these routers or a new one was configured wrong then all hell could break loose....particularly with large routers.....
....hmmmmmmm...something is not right.
BTW: doing a traceroute shows that to get to the US today I go via the opposite end of the country normally traffic goes a different direction
Trick-1
"President Clinton said Wednesday the federal government is looking into ways to stop the attacks. "I have asked people who know more about it than I do whether there is anything we can do about it," the president said as he left the White House for a trip to Texas. "
i / ]
[ http://www.cnn.com/2000/US/02/09/cyber.attacks.fb
Why doesn't Clinton just consult with Al Gore for help? After all he invented the Internet!
Derek
We have no idea what kind of people are behind this or what their actual agenda is. Until they do we shouldn't try to make judgements about:
1. Who They Are
2. Why They're Doing It
Honestly, no one is going to like it if it turns out it was members of an underground cult called "The Fourth Reich" operating out of Austria to celebrate the Freedom Party's victory and crush the United States.
I refuse to own these people until I know who they are. I much prefer people who speculate the NSA is behind it, because that would have a more positive outcome if revealed.
Ok, suppose it turns out the they are all freedom-loving Libertarians who love Lunar: Eternal Blue and have decided to take the battle to "the Man?" All that means is that I've now got to worry about being interrogated by Secret Service agents (since I'd fit the profile) and that eBusiness leaders are not going to have much sympathy for hackers. Oh, and Jack Valenti is sure to mention it in his next Op-Ed Piece about the "strange hacker ideology."
I wouldn't be surprised if this turned out to be entirely different than people's speculations about it, so let's keep the "Vivé Le Revolucion" comments to a minimum until we know what "revolution" we are are supporting, ok?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
How difficult would it be to engineer a worm that sneaks its way into everyones winsock32.dll file and then (one day) starts sending a ridiculous amount of http requests to amazon.com.
It doesn't sound like we ARE focusing on how it was done. I haven't seen many really lucid converstations on these issues.
I've been reading many articles today, as well as listening to the radio. All I can tell is that it is a distrubited attack, and it SOUNDS like normal http requests were used.
I have several questions:
Were the IP's spoofed? I suspect they were, to make filtering harder. (However, that does require root access.)
Were full port 80 requests made? What about half-open SYNs? Was only the main page pounded on, or was the attack across the web site?
Did administrators of other systems try to track down their boxes if they were used in the attack?
What's really going on here?
-Jeff
You guys sure these sites aren't just being slashdotted a bit harder than normal? :]
You are, of course, correct about the statements on Bugtraq and CERT - but I was mostly commenting on the AMOUNT of those posts. I also agree with your statement that there must be more than 50 servers out there that are compromised if the attack is a Trinoo variant. The attacks have been reported as coming from real world addresses, no spoofing. This means that it is very likely that these attackers have clients on 50+ servers - and would then have to switch at some point (well, if they really wanted to avoid detection).
Most of my earlier comments I stand by (specifically about vendors and bugs), but there have been updates with NANOG that have been very interesting, and may point to an actual concerted effort starting with Yahoo (sources were verified, some other ISPs admitted to seeing some strange events at the same time period). However, almost all of it is speculation still.
The comments I saw posted dealt with the estimated capabilities of the people involved, and how one might prevent his/her own network from participating in an attack. There is still no cure for proactively preventing a DDoS if you are the victim, AFAIK.
'Hail Eris, baby, hail Eris...pfffffffttt.' *cough* 'Yeah.'
Here is a quote from the latest update on cnn that struck me as strange:
"The FBI may well be taking a proactive approach now. ZDNet confirmed to CNN that the FBI contacted the company before it knew it was being hit and has begun to investigate."
The FBI is contacting sites before they are even being hit with DoS attacks, and then the DoS attack shows up shortly afterwards? Hmmm....
Thank you
cat
what a statement
Excellent idea, i have a system i like to call a Network Address Dealing System (NADS) which is much like GRITS, and i have designed another system with a league of my friends called the Collective Undermining of Packets (CUP). These attacks with the Network Adressing Translation System(NADS) must be stopped.
I beleive, that with the GRITS/NADS comfortably held in the PANTS with a CUP, we wont have to worry about any more kicks in the NADS.
What i meant was instead of Netwoek adressing translation system was, network undermind translation system, (NUTS)
Yeah, finding the attackers will take some hard work. But hard work is what's needed to solve this problem.
well, i for one hope that they nail the sob's. this is also effecting the investors. as some of you know, buy.com was hit when they ipo-ed.
Go ahead and freak out about the recent DDoS attacks. However, a few of us are aware that backbone providers have figured it out.
Oh really. Like Mr. Mitnick needs access to a computer to hack or DOS a site. While he was in prison, he worked on hacking systems by sheer force of will. He could have escaped long ago, but chose not to, as that would reveal his secret. Now he is free to attack systems at will using his incredible stockpile of mental energy, all while escaping suspiscion because he "doesn't have access to a phone." He's using the DOS attacks as an experiment. He's perfecting his new style of hacking, "Jeet Kune DOS", loosely translated as "Way of the Intercepting Packet". He's fled persecution, and now he's going to open schools and teach others this way, much to the chagrin of the hacker elders... then he's going to go on to make the first really good hacker movies in hollywood. Wait...mabye that's someone else's life story...sorry.
I wonder if the as of late DoS attacks has anything to do with the goverments Anti-DVD copying campaign. This is just a thought. Seems like the attacks are happening so close to so many sites going down because of this.
-DrMyke
"mmmmmmmmm, doughnuts" - H.J.Simpson; super genius
Who else thinks its the government trying to get us to think we "need" more laws?
--AROS is an Open Source AmigaOS clone, and source compatible with AmigaOS! Try the x86 build at http://www.aros.org
Just imagine this. Everyone's thinking that maybe some hackers looking for fame or some highly trained academics are responsible for this, while there are those that think that it's some commercial techkids or some government agency that started all this, because they wouldn't want publicity, and that's why we haven't seen someone holding responsible for this.... but let's take that idea a little bit further.
Let's imagine that Microsoft hid a bug in it's Windows95, Windows98 and Windows NT code? (Bug: By definition, a feature that cannot be turned off). It may have been on purpose, or maybe not. Whatever the case, can you imagine 50 million Windows boxes, each sending a single ping request to yahoo, ebay, etc? I know it sounds a bit farfetched, but so far nobody has come up with any ideas, there's no "big" source of traffic. So, maybe it's because there isn't one at all. It's just 50 million boxes connected to the Internet, most via dialup, sending a single ping request, once a minute, for three hours. Suddenly, all the pieces of the puzzle fall into place.
What do you think?
I heard it was wrong for the media to say hackers in this DoS incident. Is this true? One of my friends said it was supposed to be crackers, not hackers. Other friends say hackers.
:)
I am so confused! Any opinions? Thanks!
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).