More DoS Attacks: CNN, Amazon, eBay, Buy.com...

gatech writes "After hitting Yahoo yesterday those crackers set their sights on several more sites including CNN.com, Amazon.com, and eBay.com. Here is the story at ABCNews.com."

Comment: 02/08 23:26 by michael : So far, the best explanation I've seen for the massive network problems is here. Is it paranoid to note that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers? People are focusing on how it's being done. Nobody seems to be asking who.

DOS Solution?

[GenChalupa]

I have to say that as an engineer at a large firm, I've logged quite a number of hours researching ways to sucessfully defend our technology against such attacks. It seems that as technology proliferates, and the Internet becomes a global interchange, things like this will increase exponentially. This is not good for eBusiness, as it leads to increased government regulation.

Last month I got with an old college roommate of mine (Hi Jimbo!) who now works at a major hardware powerhouse, and we threw ideas around that may help combat the problem of crackers and l33ts nailing systems to the wall. I suppose this is as good a place as any to publicly gather feedback.

Our first idea was for a "safety net" of sorts, gathering IPS and validating DNS, packet info, etc before return transmitting data. The system, the Gathering, Researching, Intelligent Transport System (GRITS) could theoretically decrease the DoS attack exponentially.

One problem we found with GRITS was its effect on servers running Apache. We dubbed the problem the Nailing Apache Transport Access Line Interface Expansion, or NATALIE. It seems that GRITS petrified the NATALIE port, man.

Our next theory was pretty clever, if I do say so myself. Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative. So to counter DoS, we developed the Transit Rerouting Of Low-Level Systems, or TROLLS. TROLLS worked well, as not only did it prevent GRITS from petrifying the NATALIE port, man, but it eliminated cracker attacks.

I hope this helps. I am always glad to assist fellow engineers here on good old /.

General Chalupa

Re:DOS Solution?

[Skip666Kent]

Transit of packets is a genuine problem on servers hit by DoS, and rerouting these packets to low-level systems is imperative.

Exactly. The solution lies in what I like to call the Primary Array Network Transaction Service, a wrapper of sorts for the GRITS subsystem. When you put the GRITS into the PANTS, you'll find that most of your DoS woes disappear, to be replaced by a sensation of warm satisfaction.

Tort legislation, not criminal legislation

[/]

We don't need criminal laws saying ISPs must do the appropriate filtering. What we need is tort remedies for the people walloped by the people DoSed against the people who were negligent in securing the systems that were cracked. If I were to have a cache of weapons left lying around my backyard and someone were to hop my low fence, steal one, and kill someone with it, you can be sure that there'd be a civil action (properly) initiated against me. Leaving your network available to others to exploit and cause mayhem isn't readily distinguished.

Either get a legislature to enact new tort legislation or get some enterprising judges to extend the common law. Either way, you won't need an overseeing regulatory agency. Ronald Dworkin would approve, I suspect.

Re:Revolution?

[MrEd]

Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users (whether they be NSA agents, script kiddies as you claim, or international Men of Mystery) exploiting the vulnerabilities of TCP/IP to overload prominent websites. It's not a revolution. And it's not "the equivalent of a ... formal organized protest", it's a Denial of Service. The virtual people going to sell their souls to the capitalist god on Yahoo aren't seeing any virtual protesters, they're simply getting a blank screen and an annoyed look on their faces. It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters.

I won't try and tackle your label of "Bloodthirsty marketers" in full. You're going to have to accept that we live in a capitalist society, and given the technology to organize businesses on a large scale, large companies are going to form for the exclusive purpose of making money. That's the way it is. Nothing will eliminate the Big Evil Corporations save for complete social reform, which doesn't look too likely (communism's not looking too hot as a replacement). And reform will certainly not stem from the Internet, we're just all too rich! Look at yourself! Do you own the computer you're reading this with? Do you have a job? Your own house? Congratulations, you're safely ensconced in capitalism. You can whine and kick and scream, but knocking down web sites is not going to touch off any revolution. All it'll do is give the Powers That Be excuses to implement more security to protect the livelyhood of the folks at yahoo, eBay, Amazon, and CNN. This effort is counter-productive. You know of better ways to educate people about the problems of North American society than this! Please don't support the script kiddies (if that is who did this, the NSA's not ruled out for sure).

Moderators, realize that not every message with "Moderate me down if you must" deserves to be moderated up! Ignore that trash!

If I were to conduct a large-scale DoS ....

[Ex+Machina]

If I were to conduct a large-scale DoS, I'd remember the ancient chinese wisdom I received from my Sensei while reflecting on the virtues of confusician network Kung-Fu in my Rice Paper(tm) meditation shack:

"Wise man may write Trin00 but any idiot with backhoe on Fiber Optic lines cause much packet loss."

Re:Revolution?

[swordgeek]

"Sorry to be sarcastic, but honestly. History's next social revolution? All we have here is a bunch of computer users..."

and

"It's not a protest unless the participants state their opinions and goals and the public has a chance to understand why the shutdown of XYZ matters to the protesters."

Yeah, but as Red Green (OK, and a thousand others before him) said, 'first you have to get their attention.'

I said that this could be the beginning of a revolution. This isn't the revolution by itself, and in fact may be nothing.

As for the bloodthirsty marketeers, I won't deny capitalism, or even that it's a (fairly) good thing. However, we're starting to see the results of the gross abuses of capitalism, as it runs smack into the power of the Information Age(tm).

I'll be the first to admit it--I'm living well. I rent an apartment and drive a 20-year old beater, but I own my computer, have a good (and fun!) job as a sysadmin, and was drinking outrageously good wine last weekend (Yalumba Octavia, 1990 was the highlight for anyone who cares). Capitalism Is Not Inherently A Bad Thing(tm).

But that said, I'm starting to fear for my privacy more and more; and so are others. Look at the (serious) WTO protests. Listen to the cynicism growing in people. Look at the number of Americans who are starting to venerate Richard Fucking Nixon, because they don't believe that they've seen anyone less corrupt since then!!! The middle class is gradually dissappearing. I honestly and truly believe that revolution is in the air, and will start on the internet. (specifically, on the web, since that's most of the internet these days). Maybe not today, but in my life. However, I don't think it'll be a revolt against capitalism, as much as a revolt against abuse.

As for the moderators, don't worry. They've moderated me down almost exactly as much as they've moderated me up on this post. :-)

Re:Revolution?

[Spasemunki]

Sure this is a revolution. One on par with Woodstock '99, when a bunch of semi-drunken and/or stoned kids burned a bunch of trailers and tore the stage apart, occasionally mouthing something about being anti-materialist while robbing a gift shop. What we've seen today is nothing more than vandalism. Sure, there may be some sort of political ideology behind the choice of targets, and maybe there is some sort of organised group involved. But you neeed more than that to constitute a revolution. A real revolution is about taking apart old ideas that don't work and replacing them with new ones that do. These actions make no attempt to do that; they're just someone trying to cause people problems. If this is a protest, it is a very shallow and cowardly protest, and maybe even one that works against its stated goals. It reminds me of the masked "anarchists" in Seattle, proving their coolness to the world by commiting acts of "revolutionary terrorism" against unoccupied Starbucks coffe shops. If these people want to effect changes (and frankly, there has been no indication that they do; they may just get off on taking sites down), than they've picked a very superficial way to try and go about it.

One way to track down the "masterminds"...

[SuperKendall]

One suggestion I haven't seen here is that when one finds one of these DoS clients, to replace it with a version of the client that will report to you who is controlling it - I'm not at all familiar with how these are really written so they might have a hierarchy that you'd have to go back up through but at least you might get a lead on them...

Of course, no-one will ever see this post buried hundreds of messages down but with any luck they'll at least find a few of them.