Slashdot Mirror
More DoS Attacks: CNN, Amazon, eBay, Buy.com...
gatech writes "After hitting Yahoo yesterday those crackers set their sights on several more sites including CNN.com, Amazon.com, and eBay.com. Here is the story at ABCNews.com."
Comment: 02/08 23:26 by michael : So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.
To take down a site that serves as much as yahoo.com does, you'd have to have a VERY heafty attack... I'm thinking that it will be fairly obvious from where the attacks were originating. access logs anyone?
Last time I checked, most everyone who knows enough to do a distributed attack had a static IP and just the right amout lacking in knowledge to get caught...
It's hard enough for one man to keep a secret, so how do you suppose dozens could?
Filtering spoofed packets involves setting up a few simple rules on your router. Maybe some legislation to require ISPs to do this in the US and other countries is in order.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Perhaps the most disturbing thing about these attacks is that they still don't know who did it.
I may be wrong, but it seems that usually when we see a high-profile media 'hacker' story, it's about some website that was cracked, and some script-kiddie who left behind graffiti. Or, in recent cases, people who wanted money. But, with these latest rounds of extremely-effective DoS attacks, nobody's stepped forward. It's bad enough that this sort of thing is happening, but it's perhaps even worse that we dont even know why.
-Denor
basically, the hackers scan large groups of IP addresses looking for known vulnerabilities. The goal here is to get root on a few hundred systems, or more. It doesn't matter if they have nothing of value on them. On each of these systems, they install a copy of their client. They can then wait as long as they want before moving onto the actual DOS attack. When they're ready, they use a "master" program to initiate the attack from all the hundreds of clients. Big attack, very hard to stop.
Dozens of PEOPLE don't need to keep the secret. Dozens of COMPUTERS do. And 1 person.
I have to say that as an engineer at a large firm, I've logged quite a number of hours researching ways to sucessfully defend our technology against such attacks. It seems that as technology proliferates, and the Internet becomes a global interchange, things like this will increase exponentially. This is not good for eBusiness, as it leads to increased government regulation.
/.
Last month I got with an old college roommate of mine (Hi Jimbo!) who now works at a major hardware powerhouse, and we threw ideas around that may help combat the problem of crackers and l33ts nailing systems to the wall. I suppose this is as good a place as any to publicly gather feedback.
Our first idea was for a "safety net" of sorts, gathering IPS and validating DNS, packet info, etc before return transmitting data. The system, the Gathering, Researching, Intelligent Transport System (GRITS) could theoretically decrease the DoS attack exponentially.
One problem we found with GRITS was its effect on servers running Apache. We dubbed the problem the Nailing Apache Transport Access Line Interface Expansion, or NATALIE. It seems that GRITS petrified the NATALIE port, man.
Our next theory was pretty clever, if I do say so myself. Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative. So to counter DoS, we developed the Transit Rerouting Of Low-Level Systems, or TROLLS. TROLLS worked well, as not only did it prevent GRITS from petrifying the NATALIE port, man, but it eliminated cracker attacks.
I hope this helps. I am always glad to assist fellow engineers here on good old
General Chalupa
If it was gone before, www.microsoft.com is up now. Zone.com is up and alive too.
I was watching ZDTV just a few seconds ago and realized something: even the technically "savvy" news people seem to be confused. They said "denial of service attacks have been around for years, but the tools to do distributed denial of service attacks have only come around in the last 6 months or so." This just nags at me. I seem to remember this (first?) distributed denial of service attack: smurf.
This probably is a little different from what people are theorizing, but it works essentially the same way (or even better). Basically the perpetrator sends out a few spoofed ICMP packets with the victim's IP as the source address. These packets have subnets as their destination, so theoretically thousands of machines reply to these false ICMP packets towards an unwitting victim while the perpetrator only sent maybe a few packets.
-- adraken
What precautions has Slashdot taken to protect itself from attacks, and keep us informed on the bleding edge geek news?
--
Hephaestus_Lee
"[Y]our wise men don't know how it feels to be thick as a brick." -- Ian Anderson
Damn!!!
I've spoken out against the brainless JDs currently known as "Script Kiddies" (known a generation ago as "vandals") on numerous occasions. I've also spoken out repeately against the bloodthirsty commercialisation of the web (and by extension, the whole 'net).
Now the vandals are attacking the bloodthirsty marketers, and using the most non-damaging method they can. More than that, they're doing it in an organised and persistent manner, from the looks of it. This is the equivalent of a blockade--a formal, organised protest. Not throwing rocks through windows so much as linking arms in front of a police line.
For the past year, I've been saying that a massive revolution was in the works (echoing my beliefs of 15 years ago, when as a high school student, I belived I'd see the next social revolution in my time).
I find myself prepared to grudgingly admire a group I've detested for a few years now. The brats and miscreants may have gotten their shit together and started to fight for something worthwhile, rather than simply for the hell of it.
I kid you not, folks. There is a slight (ever so slight) chance that last night, with the crippling of Yahoo, we witnessed the very beginning of history's next social revolution.
Of course, this could all blow over in three days, when the MPAA announces that they own Sony, as well Microsoft, Netscape/AOL, and Time-Warner. I could be entirely full of shit here.
But, the fact still stands. We _will_ see a real revolution in our day, and it will probably start right here, online.
Hold onto your hats kiddies. It's going to be a bumpy ride.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
After reading the original /. posting that Yahoo was taken offline, I think most /. users must be checking to make sure all they're websites are still working. This massive group traffic is clearly what's responsible for the order of magnitude increase in traffic to these sites. We better hope the FBI doesn't come knocking on Rob's door. He is organizing all this right?
A very interesting question is whether these attacks were simultaneous or discrete. Is a single malicious cracker moving their single target IP from place to place just for fun? An hour at ebay, an hour at Amazon, 2 hours at buy.com, etc. can cause a lot of havoc that is impossible to miss, but does not actually require any more resources than the initial yahoo attack took.
Slashdot is down so much and when it is up it is dog slow. It DoSes it's self.
We don't need criminal laws saying ISPs must do the appropriate filtering. What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked. If I were to have a cache of weapons left lying around my backyard and someone were to hop my low fence, steal one, and kill someone with it, you can be sure that there'd be a civil action (properly) initiated against me. Leaving your network available to others to exploit and cause mayhem isn't readily distinguished.
Either get a legislature to enact new tort legislation or get some enterprising judges to extend the common law. Either way, you won't need an overseeing regulatory agency. Ronald Dworkin would approve, I suspect.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
I can't seem to get to AMD as well.
I think they're getting hit also.
The Tick - "Spoon!"
"Bah!" - Dogbert
I can't seem to get to AMD as well.
I think they're getting hit also.
The Tick - "Spoon!"
"Bah!" - Dogbert
Here what they say:
"During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems....
Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks."
Here is the site:
http://www.fbi.gov/nipc/trinoo.htm
Enjoy,
-ben
www.exocortex.org
"To counter FUD or not to counter FUD, that is the question. Wether it is nobeler in the mind to suvver the slings and arrows of increased NSA funding and wiretapping, or to take arms against a see of NSA anti-hacker FUD and by opposing end them."
Seriously, why is no one talking about the update which proposes that this is an NSA stunt to increase their power and funding. I know people don't want to talk about conspiracy theories, but there is a really good reason to take action: The NSA will use this to their advantage even if it were to turn out to be just a network hickup, so we should lauch a premptive strike and tell all the news people that there is a good chance the NSA is behind this. It would mean a FUD attack against the NSA, but it may be warented since they are about to do it to us. I would like to hear some other people's views before Istart calling the more fringe libratarian talk show hosts in my area.
Jeff
BTW> it is possible that this is MS's fault, i.e. remember the WebTV thing?
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Give me a break! 50 ~possible~ addresses? I've worked on a large network (approx 10k nodes) and it never took more that 1/2 hour to find a NIC that was spewing garbage, or one with a duplicate IP. And that was with an old 386 laptop running an old 1992 packet sniffing program!
I'm sorry, but I know what some of these 'companies' are capable of, and they would have to be totally inept to take 4 hours to narrow it down to 50 IP's, and then lose the trace! Only to have it pop up again the next day! Oh! Look there it is again! Hit it with the fuzzy hammer!
It cannot be co-incidence that Prez Clinton wants broader powers for law inforcement; that backdoors will not be included in new internet protocols and that these attacks are ocurring!
These attacks are costing these companies millions and they can't narrow it down!?! Because the man doesn't want it narrowed down!
That's how it begins kids! Fear group X, and let's hunt them down and parade them through town square tarred, feathered and GNU zipped!
"History doesn't repeat itself, but it does rhyme." Mark Twain
Okay, I don't approve of what you are doing. But as long as you're doing it, why go after some basically inoffensive companies with DoS? I mean, Yahoo? Why not vandalized your local library's card catalog? Instead, go slam Disney, Viacom, Time-Warner, News Corp., etc. -- you know, the guys behind the MPAA, the DCMA, and DVD CSS. At least then you're going after people who, in some sense, deserve to be DoSed.
Steven E. Ehrbar
If I were to conduct a large-scale DoS, I'd remember the ancient chinese wisdom I received from my Sensei while reflecting on the virtues of confusician network Kung-Fu in my Rice Paper(tm) meditation shack:
"Wise man may write Trin00 but any idiot with backhoe on Fiber Optic lines cause much packet loss."
Trolls post shit just to get a reaction. They rarely get more than three or four people to bite. These clowns are raking in hundreds of replies. Looks like it will be a tight race between them and Linuxone for Troll of the year.
Quemadmodum gladius neminem occidit, occidentis telum est
All the articles have said that the outages occured earlier today. eBay, for instance, went down around 3PST/6EST this afternoon. ABC news, as far as I know, was never down; it was just hosting a story on the outages. The only sight that has been mentioned as being down that I still can't get to is Adobe.
Okay, I'll get crucified for this, but I'll bite: the Internet as a social phenomenon didn't exist before Yahoo. Yahoo is the reason that "Internet" is synonymous with "World-Wide Web" these days. I'll go one step bolder: Yahoo invented the modern Internet. They made it possible for normal people to find the web sites they wanted to go to, which was the big spark that made the Internet useful to ordinary people. (Obviously if Yahoo hadn't been the first big popular web index, it would've been one of the others, but that's not the point. It was Yahoo.) And Amazon and eBay were also pioneers in their respective fields, Amazon in particular. It seems that you don't like their fields- well, that's good for you, you can ignore them. But as for what the Internet is defined by how people use it- they're as important as it gets. Ever bought anything online? Thank Amazon and eBay. Ever found a website without looking through one of those archaic internet yellow pages? Thank Yahoo. Get your internet access at home through roadrunner for cheap? Thank all three of them, and CNN.com, and usatoday.com, and every site that ever made the internet a place where normal people wanted to be.
.0000000000001) had the same problems back in the romantic days of networking.
Don't like the fact that the Web is a "corpoplayground"? That's just a curmudgeony "these are my toys, and I'm not sharing" argument, sorry. The whole wide Internet world got massively bigger in the last ten years, as you've probably noticed. I'd say it's reasonably certain (though I can't prove it) that there is an order of magnitude more free interesting non-corporate content on the Internet now than there was ten years ago. And, surprise, where people went commerce went too. But if you think of barnesandnoble.com as the Internet, do you also think of the real world as just a big Barnes & Noble bookstore? Just like in the real world, there's lots of room on the Internet for big corporations to spread out and make themselves look big and important. (Think of all those TV ads and billboards with URLs as one big cyber-Champs Elysees.) Also just like in the real world, if you spend all your time hanging out there, you'll end up unsatisfied. And also like the real world, there's a place for commerce and a place for community.
Unfortunately, also like the real world, there are people who absolutely refuse to play nice. But on the Internet it's worse, because it's so easy to ruin systems and there's no repurcussion for doing so. There are no social or legal rules, so people do what they please, and some people like to break things. (Hi there trolls! Have fun storming the castle!) It has been that way for the history of public networking, it's not something that just got invented with Slashdot trolls and the DoS attacks this week- CommuniTree (aka Slash version
And the anarchic solution is the romantic notion that people always seem to argue in these circumstances, and as you are arguing now. Guess what? It doesn't work on the Internet. There's more net.abuse than there has ever been, and vigilante groups haven't ever really been effective in combatting them. Assuming you're right about the DoSers' motives, and they don't turn around and DoS your favorite site tomorrow, do you think that it will make all the bad people go away? I doubt it.
This is the part that the freedom lover in everyone hates: the only solution that mankind has ever come up with that works is to make rules and enforce them. That's what governments are for. That's why they were invented. The wild west is a fun, romantic place, but we can't live there forever, because given enough time the outlaws will always outnumber the sheriffs and Billy the Kid is only fun to hang out with for so long.
Far from your argument that the DoS attacks represent that the Internet community is somehow rejecting a bad part of itself, I'd say that the DoS attacks signal the end of the free Internet era. It was fun, yep, I was there for a little bit of it too and I know. But oh well. We have to grow up someday. =(
-jacob
This isn't so crazy. If any of you have ever read the books by Phillip Agee (Inside The Company) and John Stockwell, men who were actual CIA operations directors, you would be surprised at the horrible things these organizations do to "encourage" trends in the US and our allies.
According to some reports, the CIA has been known to plant bombs in airliners... naturally these types of events are always blamed on middle eastern countries and terrorists, and we certainly DO like to hate middle-eastern countries.
Ignore Alien Orders
Imagine that I'm Joe ISP. How the hell do I protect myself from this? Asking everyone on the net to do their job and filter spoofed packets ain't a reasonable answer. It is simply not enforcable, not on an international scale.
Stopping a server-level DoS attack (e.g. grinding my servers into the ground with dynamic pages, DB lookups, etc) should be possible; identify the source(s) and block at the firewall for example. The catch is identifying the sources, but it is at least possible.
But if it is a network-level DoS attack, in other words, too much is being forced down my pipe, I don't have much of an option but call up my provider and beg them to filter. I can't see this as a reasonable solution. Providers aren't going to be happy adding filter rules to their routers every time a customer gets nailed. It is too much overhead on their routers and on their administrative staff.
So what is a long term solution to this problem? This is only going to become a bigger and bigger problem as the common user's pipe gets bigger and bigger.
Imagine: an email-spread trojan horse, set to pound the hell out of www.bigguy.com at a certain time a month from now. Let it spread to a couple thousand unspecting newbies (wow, cool, look at the fireworks!, lets send that to tom, dick and harry)... Insert your distributed DoS attack method here.
Apple was really petty decent about getting the patch out. I presume that most of the users that have MacOS 9.0 have had their Macs for awhile or were upgraders: the iMacs and iBooks didn't start shipping with MacOS 9.0 for about 2-3 weeks after its initial release. (Apple included a coupon in the box for a free copy of OS9). And I'm guessing that most people who jumped to a G4 desktop were upgrading or supplanting an existing Mac.
Anyway, just a random bit of nonsense on my behalf. (Oh, my Mac isn't fruit-flavored. It's beige. An old beige clone.)
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
It may be a foreign agency, lame script kiddies or talented network engineers that are causing these attacks.
:)
The point is that at least people are finally taking notice of the effects lax filtering is causing on the internet as a whole.
CERT was formed to provide rapid responce to exploits, it's time an agency was formed by the major backbone providers (and NOT any government body) to enforce filtering agaist outgoing spoofing traffic.
The consequence of being the source of a DoS should be simple, fix it within an 30 minutes or your upstream pulls the plug until _you fix it_.
There is just _no excuse_ for tolerating this anymore. This means being the source of spoofed
packets _or_ a network that responds to broadcast icmp/udp/whatever with more that X (16?) number of replies (DoS amplifier) should be grounds for removing your clueless hide from the ether until you prove your connectivity is not a hazard to the rest of the net.
Justifying no filtering to maintain speed is bogus, and I think this week has pretty much proven that action needs to be taken quickly and the penalties enforced quickly and severely enough to force accountability.
God save us all.
- Alfred Perlstein - Programmer and Administrator, Wintelcom.
You've been on the net since '94? Give me a break. You don't even know what the old days are. Sheesh, you arrived after the Web existed. You never knew the internet in the pre-Web, pre-graphics, pre-PPP "everyone has their own IP" days
.
And by the way, Slashdot and Bluesnews *make money* and the owners are Slashdot are easily millionaires now.
Furthermore, the internet is interconnected, and by pissing in the water, your spoil if for everyone. If you try to take down Yahoo, you end up taking down lots of intermediate networks that host your beloved moral, commercial free,hippie sites. However, no one ever accused socialists/anarchists of logical thinking.
Rememeber the stories everyone hears about Orson Welles Halloween broadcast of War of the Worlds? This is sounding strangely similar to me. There are some real crashes going on, but I am seeing a lot of reports of sights being down that are, as near as I can tell, still entirely up and running. Some big sights went down today, and now every time that someone can't load a webpage, or hits a server that blocks pings someone claims that they've been crippled by a DOS.
Someone mentioned earlier that Adobe may have taken themselves down because they were afraid they might get hit next (as of 09/02/2000 12:53 EST, I can get to the page; it did seem to be down earlier). I wonder how many sites are unplugging or blocking partial traffic out of fear of a hit. Whatever else is going on tonight, we're getting a good view of the power of the Internet as a rumor mill and propigator of memes. Pretty impressive.
As the saying goes: Never attribute to malice that which an be explained by ignorance.
While I'm as willing to blame the guys with the black choppers on this as the next guy, the fault lies with poor network administration.
Not that the targets have any choice about landing hard on their knees when beaten over the head with a DoS. There are things they can do... As has been elloquently pointed out in this post. In a nut-shell, shut down unused ports, shut down unneeded services, filter out the offending networks (would you rather limit your availability, or end it?), and most importantly LOG IT ALL.
Logging is crucial when you are being beaten. You may not be able to prevent it, but you CAN collect evidence.
As for the poor network administration... Universities, small/midsize ISPs and break-neck businesses leave far too many doors open. These are the people to blame - unwitting accomplices.
Legislation may help, but it has to be careful. It must require proof - and in cases such as these it's hard.
The conspiracy theory does bring to mind an interesting scenario though. What if all 1 billion Chinese, all running Linux, suddenly started pinging all of the US biggest eCommerce sites? Global slashdot effect levied directly against our infrastructure, and indirectly against our fast-movers on Wall Street. And no amount of legislation would get our servers off their knees.
-- What you do today will cost you a day of your life.
The net has been pretty slow for me, and these "attacks" are either very widespread and very undetectable, or they aren't attacks at all.
Remembering The Hacker Crackdown once again, what started the whole nasty thing were widespread phone service outages that were blamed on hackers. The problem was eventually traced to a cascading phone switch bug, but the damage was done even then, and many hackers and crackers had their equipment (unlawfully?) seized by the government. After the DeCSS fiasco and now this, I don't want to see a world-wide repeat of this travesty.
So what can we do to check this out, guys?
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
It is worth noting that malicious, as opposed to merely badly-behaved, hosts, can overload the network by using many different source addresses in their datagrams, thereby impersonating a large number of different hosts and obtaining a larger share of the network bandwidth. This is an attack on the network; it is not likely to happen by accident.
That's the fundamental problem; there's no way in IP to validate source addresses. There's IPsec, which provides cryptographic authentication at the IP level, but nobody uses it yet. This new attack may result in a move to implement IPsec more broadly. This is the proper technical fix.
A related problem is that attacks based on taking over a large number of unsecured hosts and using them as zombies to attack a single site is indistinguishable from heavy load. If the zombies simply make legitimate HTTP requests, the traffic looks completely normal.
Went over to CERT
They claim they've been finding a client called Stacheldraht on compromised hosts, sometimes with up to 100 connections to other compromised hosts.
This is consistent with security claims at Dave Dittrich's site at U Wash
Basically, someone uses known remote root exploits (lpr, named, ssh, to name a few recent ones) and compromises hosts. Then he synchronizes them to DoS some target from someplace very safe. One person can thus appear to be a few hundred clients all attacking some target simultaneously. By making a trivial change he could move his target.
This is NOT a large synchronized group of people. It is one or at most a few good crackers just having a good time, hardly believing how much damage they are doing so easily.
The report names linux and Solaris as the machine types with makefile rules defined in the program, and the program has only been seen on Solaris 2.* in the wild.
German for "barbed wire".
MIDS shows that between 8 and 10 PM, something was going on with the Internet to cause reachability to drop like a rock.
Interestingly, it looked like the Internet was doing slightly better than average during the Yahoo attack.
Could some backbone actually have been attacked?
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
I guess my earlier post in last forum was ignored...here we go:
First off, you have to consider that most servers are NOT going to have the capability of participating in this kind of attack.
1. Bandwidth - um...50 servers, over t-1 or less links? Nope. They HAVE to be located at a Tier 1 provider (running on the Tier 1 provider's LAN, or on colo sites that are generally capped at 10 - 100 megs). That Tier 1 provider HAS to have private peering established over large pipes - this kind of attack would have melted down PAIX.
2. The colo customers would have to be completely blind to the fact that their sites are running up bandwidth charges (charged per meg/s), but getting NO hits for services offered. Also, their security would have to have been completely compromised - ie, bypassing load-balancing proxies in advance, compromising firewalls, bypassing access-lists.
3. ALL of the above would have had to have happened in a coordinated fashion, such that traffic would have to be sent to a DoS client on the servers in question, enable the attack, which said attack would bypass then aforementioned barriers and smack down Yahoo! for more than 1Gig of damage.
Now, how many machines do you have to compromise AND install clients on AND run without being caught, taking up sizable chunks of bandwidth which generally WILL be noticed, and still make the attack possible to occur without making yourself a huge effing target?
Possible, but not very credible - though my hat is off to anyone who could compromise much more than 50 sites and hide the massive amount of work that would have to be done to set this up and make this work. Of course, I don't think that it is likely, since we would have seen multiple reports at CERT and Bugtraq from pissed off sysadmins about some boosheet DoS client hidden on their systems.
Consider the alternatives instead. Consider that some of these outages -especially the eBay outage- were not caused by DoS attacks, but by faulty equipment/software from proprietary vendors - a certain network equipment manufacturer comes to mind on that one. Consider that none of these businesses have to suck up the cash damage if these were "unforseen" occurrences.
1. The Yahoo "DoS" attack may not have been the kind of attack they admitted to. There is always the possibility that equipment upstream was b0rked, causing packets to be sent promiscuously all over the network. I've seen it happen before, just not to Yahoo.
2. Consider that the eBay problem MAY have been a DoS attack, but not the kind you think. I know of at least one showstopper bug that has come up with no less than TWO different major router vendors that could cause the crash they had.
3. I've been able to reproduce similar problems in a lab environment with one vendor's equipment that I was demo'ing. Many of these "DoS attacks" can usually be chalked up to a configuration that the vendor never bothered to test or consider.
I am not calling ANY of the companies mentioned liars, or defaming their stories. I am just pointing out that they may be mistaken, or that their public relations people may be using "evil hackers" to point people away from problems that may have been alleviated but still exist. Please consider that these events could have been caused more by ignorance and greed than by a heretofor unknown elite cadre of super 'net ninjas.
'Hail Eris, baby, hail Eris...pfffffffttt.' *cough* 'Yeah.'
One suggestion I haven't seen here is that when one finds one of these DoS clients, to replace it with a version of the client that will report to you who is controlling it - I'm not at all familiar with how these are really written so they might have a hierarchy that you'd have to go back up through but at least you might get a lead on them...
Of course, no-one will ever see this post buried hundreds of messages down but with any luck they'll at least find a few of them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Earlier a few people (myself included) theorized that this whole issue is about enacting a bit of vengence upon those who have "wronged" the Internet.Based on that supposition, here's an off-the-top-of-my-head list to see who might be next:
Feel free to add or challenge the above>
Sites that very likely won't be attacked:
Again, feel free to add or challenge.
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
> so make this -1
That's six syllables, dolt.
25% Funny, 25% Insightful, 25% Informative, 25% Troll
Alrightly. I'm a clueless net admin. Our company has a Linux box that the whole world can see, it runs our little website and a few other things. We have a security maintenance contract with our ISP - they're supposed to keep the box patched up to spec, no security holes. Other than that, what can I do to check to make sure that our little box isn't being abused?
If the parent comment got an "Informative" then the counter deserves it too - esp. this one which seems quite well reasoned for Slashdot.
Indeed.. it should in this case not be the owners of the cars. Rather, this would be a GRAVE mistake by either the cardealer
or the manufacturer for providing an unsafe lock.
This would equate to not the company being responsible per se, but rather those who
supply/setup the servers and software.
On a sidenote.. the FBI in this? I'd say this is like 700 people picketing in front of some store,
making it impossible for everyone to get in. picketing isn't illegal, is it?
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
The goal here is to get root on a few hundred systems, or more
One of the most frightening things about these kinds of attacks is that there is no need to get root. In most cases any user account will do. Think about the big hosting providers: they have machines with excellent connectivity with thousands of users connecting with telnet, ftp and pop3 exposing their passwords to snooping. It doesn't help if the system has excellent local security against gaining root access and and the administrators use only ssh. The attacks look exactly like regular web traffic - connections from unprivileged ports to port 80 - any user can initiate such connections.
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Maybe not a revolution so much as retaliation. Remember Pirates With Attitude (PWA)? They got raided February 4th, and the story was covered at ABCNEWS.com , amoung other places. I would imagine that those that didn't get swept up, along with PWA sympathizers, took exception to law enforcement's feeling of success and decided to give as well as they got. Of course, that's just my opinion...
> no more 2330.flame haikus for you!
Gods, can I never be free of you people and your tumescent lobster posts ?
25% Funny, 25% Insightful, 25% Informative, 25% Troll
The problem is, is that you are only speaking from your own perspective.
:) Personally, I do not think the Seattle protests accomplished a damn thing... same thing as this (if it is indeed an organized protest). Sure, it grabbed headlines, but all of it is going to be lumped together with the "protests" at Woodstock '99. It all looks so immature from the outside.
There are countless others out there (way more than you and anyone else you speak of), that are going to be starting a revolution of their own kind. And I am speaking a subtle revolution...
A lot of people are scared to death about this, about Columbine, about Seattle, about guns, about pornography and about the internet in general. They are "concerned" about their children. They read the news and believe it. They want more control. They demand less freedom. They need more protection.
I am going to go out on a limb and make a guess that you are twenty-something. Well, we are quite the minority right now, and are not taken seriously. How much respect does the "Slacker Generation" get?
I too believe we are starting to lose a lot of our freedoms, I really do. It genuinely frightens me when I see this shift away from people taking responsibility for their own actions. But that is what the majority of people want right now.
The problem with the movement that you advocate (and so do I), is the way it comes across to these people. We want to watch porn, do drugs, crash systems, listen to songs and play games endorcing benevolent violence, build plastic explosives, vandalize and corrupt children... but it's all in the name of freedom. I think this is what a lot of people see. What we are fighting is a lot more difficult to see and understand than, say, the civil right's movement. There is an instance where a young generation actually made a difference... but they were not fighting for porn and violence!!!
The trouble is going (and always has been) to be trying to get people to see around that.
And someone will say, "And your point was?"
I have absolutely no idea.
Me go college (from above link)
"Once you're done," says student ***** **, "you push 'submit.' They ask, 'Are you sure?' and you say, 'Yes, submit.' And then, one minute later, they send the score right back to you because it's all automatic."
+&x
Consider that we may not yet be 'out of the woods' in regards to Y2K / Leap-year issues, which could well be incremental. Details? I have none, for I too, lack a Clue....
**>>BELCH
The sysadmins in question haven't taken the appropriate (and well known) steps to lock down their systems. And these highbandwidth servers aren't exactly common-place -- a better analogy might be to keeping a dangerous animal in a residential neighborhood; if you're going to do it, you'd better do it correctly. Tort litigation is all about "did the person exercise the same care that the average similarly situated person would/should have exercised", and here the "average similarly situated person" is a sysadmin of a high-profile website, not the average schmuck on the street with a passenger car. If I try to erect a 200 foot obelisk in my back yard and it falls and hurts someone, I'd be liable for not exercising the care exercised by the average architect/construction-worker, not by the average joe-sixpack.
By all means, hold the commercial OS manufacturers at fault also. There's too much shoddy work on all sides, and it's time to shift the burden of that shoddiness back onto the people with the most power to prevent its occurrence and away from the innocent bystanders.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
How do they claim responsibility in a way that people will know it is them without revealing enough information to land them in Jail?
If you deface a website, you can at least leave your message behind. With a DOS, you don't get that opportunity so there is no direct association between the attack and the related political message.
All of the targets have been the big names in commerical internet sites. CNN was probably targeted over other news sites because it is part of the AOLTimeWarnerTurner cabal. So, it would seem that this attack was launched by either people with issues against commercial sites, or it was part of a government conspiracy. I lean towards the latter, but then look at my e-mail address and it will become self explanatory
---
This sig has been temporarily disconnected or is no longer in service
ZDNet was hit this morning by the exact same type of attack. See the story here. After seeing all the anti-Linux FUD on ZDNet, maybe there is something to the "revolution" theory?
Oh yeah...for what it's worth, ABCNews did an analysis of these attacks; an analysis which I find refreshingly honest. To sum: people who whine about these outages have unhealthy, unrealistic expectations of their technology.
Finding God in a Dog
Um. There was no community before yahoo? What? Yahoo made the web synonymous with the Internet? well, for the folks who weren't around before. Most of my best net acquaintances and experiences happened outside of the Web; they happened in old telnet and dialin BBSes, MUDs/MOOs/etc., IRC, or just people talk and ytalk ing on the local unix machines. Communities exist in USENet, listservs, and all other more interactive areas.
Great,so the web made connectivity popular and faster. Fine. wonderful. Yahoo was instrumental. Fine. Wonderful. They have a nice, no-frills interface compared to most other portal sites. (which is why I rarely use portals, but hey)
But Yahoo did NOT begin communities online. Maybe you haven't bee around long enough to know what a shell account is, or to remember what connecting from home was like without your very own TCP/IP stack. Maybe you were never good friends of Veronica, Archie, or Eric.
That the Internet is so handy and ubiquitous is a great thing. But the original point of the poster was that the Internet is still, despite pressure against it, a place where all soapboxes can be equal.
That being said, I'd rather this newfound dDoSes be used for good rather than hitting high-profile sites (whatever happened to hactivism?), but even this will possibly spawn increased security awareness. L0pht claimed they could take the 'net down in 30 minutes. Most of us believed 'em, now maybe the rest of the world will figure out that this is indeed possible and not limited to the exclusive knowledge of the l0pht crew.
Returned Peace Corps IT Volunteer
What is becoming clear to me is that someone has been planning this out very carefully. I'm wondering if there have been any quiet blackmail messages sent to site owners -- "Send us a cool half milliion or you're next."
As a network/sysadmin, this kind of stuff scares the shit out of me.
As a citizen of an ever-encroaching big-brotherlike planet, this kind of stuff makes me sleep better at night.
To whoever is pulling off these attacks:
You're our well-armed militia. I think it's important that people can do this if necessary. I think it's crucial to the freedom of future inhabitants of this planet that people have the ability to do this.
The more you pull stuff like this off, the better their defenses are going to be. Every time you whack a site, they're gonna analyze every move you made and figure out ways to defend. Don't give them the bits they need to put it all together.
I can't stress enough how important it is that the people have the ability to do this in an age when government surveillance is reaching ludicrous bounds. Our cell phones and cars will be tracked, our movements will all be known, and it's not too much of a leap to see that all of this will be done electronically. It is absolutely essential that the people have the ability to throw off the system if need be.
I'm not even pro-militia in the sense of today's publicized militias... I'm not some wing-nut, I don't even own a gun, or even like them. I just realize the importance of the people's ability to defend themselves from oppressive governments or "New World Orders" if push comes to shove.
with a last updated stamp of 01/01/97.
And you're basing this on WHAT? Your friend the postman?
READ THE BOOKS BEFORE YOU CRITICIZE ANYTHING.
That's just naive. How do you explain the CIA projects that our government has ADMITTED TO wherein the CIA injected people with horrible toxins and exposed them to horrible amounts of radiation to see what would happen?
Patriotism is the reason people DO this stuff. I remember a former government employee being asked questions about a nuclear test in the deserts of nevada. They KNEW fallout would land on this particular town (I forget which one) and the interviewer accused this guy of being a criminal for exposing american citizens to ratiation and not telling them. He said, "I did it for my country, how else were we going to beat Hitler and Japan?"
That sounds like blind patriotism to me.
Basically, your argument is based on this naive belief that our government "wouldn't do anything wrong cuz we're the GOOD GUYS" when if you'd open your eyes, you'd see that the history of our government is no different than any other's. It's littered with deceipt and dead bodies.
I could give you a list of references indicting out government, but I suggest you start with the two I already mentioned.
But I'm sure you'll just dismiss them as the works of angry, former US gov't employees who have an axe to grind because they didn't get their pension or something.
Noam Chomsky has a great phrase to explain these kinds of arguments.
They're true because they have to be. No reason, they just have to be.
Ignore Alien Orders
FYI:
I'm listening to Talk of the Nation right now on npr. They've opened a forum to talk about the recent DoS's. They have two guys - security fellas - didn't catch the names. They are covering pretty much what's been discussed here, but it's still neat to listen to.
"shop smart:shop s-mart" ash
Just saw the news report on this on ABC, and they hav Kevin Mitnik on to comment. So he did find work that doesn't involve him using computers... i guess most slashdotters were off on this. Now everytime a new MS-Virus is released, or some major site/network is cracked, we are gonna hear from him.
Opinionated Law Student Strikes Again!
We have no idea what kind of people are behind this or what their actual agenda is. Until they do we shouldn't try to make judgements about:
1. Who They Are
2. Why They're Doing It
Honestly, no one is going to like it if it turns out it was members of an underground cult called "The Fourth Reich" operating out of Austria to celebrate the Freedom Party's victory and crush the United States.
I refuse to own these people until I know who they are. I much prefer people who speculate the NSA is behind it, because that would have a more positive outcome if revealed.
Ok, suppose it turns out the they are all freedom-loving Libertarians who love Lunar: Eternal Blue and have decided to take the battle to "the Man?" All that means is that I've now got to worry about being interrogated by Secret Service agents (since I'd fit the profile) and that eBusiness leaders are not going to have much sympathy for hackers. Oh, and Jack Valenti is sure to mention it in his next Op-Ed Piece about the "strange hacker ideology."
I wouldn't be surprised if this turned out to be entirely different than people's speculations about it, so let's keep the "Vivé Le Revolucion" comments to a minimum until we know what "revolution" we are are supporting, ok?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)