Slashdot Mirror
Forum: The Yahoo Denial of Service
It's one of the larger news items of the day, but we've sorta avoided mentioning it here because it is really "just another Denial of Service Attack." But it's the biggest one ever. It took down Ya- 'we serve half a billion pages a day' -hoo. And they were taken down for several hours from a distributed DOS attack. What does this mean? I honestly don't know, but I figure you guys might have some opinions.
Wow, a DOS attack. Does Microsoft know about that? Isn't it supposed to be DoS?
kwsNI
I've been a bit out of the loop for info lately....
#1
No one is safe. Could /. be next? -Magnus
YAY GO PACKET MONKEYS
god when will these kids grow up.
...online businesses have to guard against people that do them harm. For example:
-Wal-mart has to guard against shoplifting.
-McDonald's has to guard against employees taking Big Macs.
-Microsoft has to guard against software pirates.
For any business, the risk of bad guys disrupting profits and assets exists. The technology and means of disruption may change, but the principle remains the same.
Well, the first thing that comes to mind is: If it can happen to yahoo, what's to stop it from happening to me?
Answer: NOTHING!! As far as I can tell, you're sitting out on a limb and there's nothing you can do to prevent becomming a victim of a DOS attack.
You CAN however do quite a lot to prevent being a source, or at least an untraceable source - you should take great care that no network traffic leaces your network whith bad (=not your own) source address. If this simple precaution was in more widespread use, tracking this stuff would be much easier.
Anyone know if there was a ransom asked for and not received?
'Nuff said.
Who cares? DDOS would kill anyones connection with the right about of nodes. Quit pointing the blame at yahoo and point it at the people who use the tools. The only reason they downed yahoo was for vanity and look what everyone's giving them.
probably does more harm than good. Need a smurfable subnet? they have a list of the 2048 worst offenders.
Only the State obtains its revenue by coercion. - Murray Rothbard
Who cares? DDOS would kill anyones connection with the right amount of nodes. Quit pointing the blame at yahoo and point it at the people who use the tools. The only reason they downed yahoo was for vanity and look what everyone's giving them.
orb
Who cares? DDOS would kill anyones connection with the right amount of nodes. Quit pointing the blame at yahoo and point it at the people who use the tools. The only reason they downed yahoo was for vanity and look what everyone's giving them.
Before the whole internet is brought down by a distributed effort. First Post? First Post ever !
First?
This isn't a troll, but is this really important.
Even though Yahoo! is huge, they should be just as vulnerable to a DDos as any other site. Just a matter of time!!
Did anyone lose sleep?
Say what you mean, mean what you say! But please know what #$@% you are talking about!
DOT attack. Denial of Troll. No, not today, on the Troll Rejoicing day. Please, I beg you.
If your system is cracked, and then used to attack me, can I sue you for negligence? How else do we get companies to put proper practices in place?
Like IP spoofing, for example. IP spoofing would more or less come to a halt if ISPs, Universities, and corporations would put some simple filters into place, preventing packets with impossible source addresses from leaving their networks.
This distributed DOS stuff can be stopped only if *all* of the sites in the community engage in sound security practices.
Can somebody explains me what are the different techniques for DOS attack ?
Exodus Communications got hit by a distributed Denial of Service attack this morning, causing a few hours of downtime for their Irvine datacenter. The problem will probably just get worse...
As I do not see a link out to anywhere I will guess that this refers to a problem that started yesterday and propigated throughout many top level routers. The problem originated at Alter Net and it would appear as though they had a bad routing update - which propigated to glbx.net and effected many sites such as Yahoo!, CNN and a few others. This all depends on who your connected into - and where the routing packets are forced, but for many USWest !nterprise customers yesterday half or so of the internet was "down".
When young ruffians can go around causing trouble you know it's a breakdown in the family/school life of the children. We must strenghten our ties to our kids and show them the proper way to behave in public, be it cyberspace or real space. Todays youth have no moral direction. They listen to music by bands like "Swearing At Motorists", what kind of lesson is that to a young mind? It's like I was telling somebody the other day, you should pour hot grits down your pants.
It means that every site is vulnerable to idiots who want to cause problems in the world. Its a lot easier to destroy than to create.
This is just another example of a Trin00 attack. Of course the media will take this to the extreme. Maybe more companies will be interested in security and I can justify a raise for myself :) -Fiji
Quote: A denial of service attack is increasingly becoming a common networking prank. By deluging a Web site's equipment with too many requests for information, an attacker can effectively clog the system, slowing performance or altogether crashing the site.
:)
I wish there was more information on what really happened. So if Yahoo is serving millions and millions of hits a day, why can't their web site equipment handle a "deluge of requests for information"? Either it's a denial of service (which I interpret as someone sending malicious packets) or it's a deluge of requests. Which one is it? A DoS could be just that, a denial of service, but more often it's referred to as some kind of "ping bomb" or malicious packet right?
Heh, I noticed it's not on Yahoo's frontpage and I had to hunt to find it in the Yahoo news area on my.yahoo.com
I'm not positive what a Distributed DoS attack is, but just as a guess... A bunch of people coordinated the attack, all sending packets. As to what this means to Yahoo... Well, I think they're getting too large to handle themselves.
--
Matthew Walker
My DNA is Y2K compliant
Matthew Walker
http://www.tweeterdiet.com/ - My Diet Tracking Tool
Isn't IVv6 gonna help fix problems like this??
Let's get the ball rolling on this... DoS is lame!! It pisses people (like me)off, and slows down connections. I hope that script kiddies that did this die slow!!!
-whyDNA
OK, I know what a denial of service attack is, and how it can bring drag a site to a stop-still... what I don't understand is how would one stop such an attack?
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
This was apparently a Multi-Source Denial Of Service (MS DOS) attack.
In other words, the attackers hacked into a bunch of other machines first, and then used them as a big distributed cluster to attack Yahoo. If it were harder to crack machines, this likely wouldn't have happened. It will be interesting to see what type of systems were used (Microsoft, Apple, or Unix). Regardless of the one used in this attack, all are potentially vulnerable, and significant attention to security is necessary.
On result of all of this is that Universities may need to look into setting up their networks more like corporations; i.e., using firewalls to protect from outside hacking (which will make running unofficial servers a huge pain).
it looks like im gonna be first post and 30sec later its 20 something. not as bad as a poll that went from a dozen votes to 700+ in 10sec. i think some stuff is a bit slow updating properly, now go fix it. and get rid of all the nasty red/yellow pages while you're at it, the standard green/grey is perfect.
To take down a highly available (read: HA) and massive plumbed site like yahoo, must take some coordination and resources
With 1000 386 processors, wasn't the CM5 running distributed DOS?
I recently installed a firewall at our company - previously we were reliant on protection of our private network by Microsoft Poxy Server which is by no means a security product. We now use the Sonicwall Pro product which includes a DMZ segement and halfway decent reporting facilities.
One thing I've noticed is how many DoS attacks are attempted by single hosts aimed at our network, we're not a large organisation and we provide services to a pretty small yet worldwide market.
Now I'm not entirely sure how well the firewall would stand upto a proper attack and would like to know what other options are available to me to help avoid this sort of outage.
Any takers?
Matt Thompson - Actuality - Insert product here.
Hmm. Not too much of a good news bite.
"Major site goes down due to distributed attack."
Woo. It's like Mad Libs.
" went down today for hours, losing approximately million dollars."
I mean, you could at least give us a little hint to the nature of the attack? Was it a bunch of lawn gnomes bent on world domination using 150,000 Hayes 1200 SuperModems? Or, was it the Amish Militia using a Beowulf cluster of VAXes to winnuke them? Oh well, I'm sure we'll figure it out.
Peace out, my homies.
this sig limit is too small to put anything good h
Well, first off, Yahoo probably deserved it. It's always nice to prove to people that even the big bad powerhouses are volunerable to attack. It would be nice to know why this attack was started.
... I haven't been able to load it for a couple of hours; I'd just put in an order and everything was fine, and then when I went back to check something, it was like somebody flipped a switch, and it was gone.
Those of you without the Hacker News Network slashbox on your front page might want to take a look at this story, which has a bit more information as well as links to a number of media stories about it (Wired, NYTimes, etc.).
to say
Thanks to everyone for making troll day the most special day in WHOLE world.
I wonder how long (or if it has already happened) until an employee of an online business decides to improve the value of his stock options by taking out his company's top rival(s) for a couple of hours. There are times (say around December 15th for many merchants) when something like could be devestating.
D-O-S: Not just for script kiddies any more....
jf
Slashdot does that every day. Hmm...
:)
There are lots of methods that are supposed to bring servers to their knees, but Yahoo is kinda big. Of course, it was kinda slow too, when I tried to use it, but...
Well, it took a while to ping the first time, but I see it now. I don't see anything about it on Yahoo News, though.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Yahoo! should have seen it coming. They have infested our homes with filthy trash and smut. I'm glad the Christian Coalition decided to take matters into their own hands and destroy those non-family centered corporate smuts. No really. Who has time to run a distributed DOS attack??? You know who you are. Come on do something productive. More stuff like this will bring the "hand of Man" upon use. Be stealthy. Eat oranges.
believing the big bang requires a certain amount of supernatural faith
How many machines did it take?
There's going to be a sort of law of increasing risks at work with something like this. The more people/machines/targets involved, the more likely that the people behind it will get caught. So that's the crucial question that determines whether this is a fundamental problem (rather, whether it will continue to be a problem) or not. If the threshold of risk is low enough so that people have to cross it in order to do something like this, it isn't going to be done all the time. If the threshold is too high, though, it may well become commonplace.
At least, that's my $.02
When Ebay went down their stock took a plunge. So someone wants to make a little bit of money, they short Yahoo stock, bring down the site, and clean up nice and legal. Maybe this attack wasn't from little kiddies...
When I first heard about it (it was on our 'superficial' morning TV news), I realised that it wasn't a 'hack' but just a DoS attack with some script kiddies not having enough time on their hands.
But now I'm realising that it would have been a large, very organised 'team' effort. After all, it's going to take more than just a couple of computers to put through 500 million page requests in such a short period of time.
The more worrying thing is this: If it was possible to take down Yahoo, what else are they going to try and take down? Was this just a one off, to see if it can be done? Or was this just the first.
A possible way to try and stop all this is to get the mainstream media to accept the term 'script-kiddie' and make sure they know what the meaning of it is, i.e. so that the next time a major DoS attack occurs, the media recognises that it was just script-kiddies playing around. This way, the script-kiddies will less likely to pull these stunts because they know they won't get called 'hackers', which is they're goal, but this derogatory term which makes them look uncool.
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
Yahoo was taken down by a major Denial of Service attack--this is true.
What's really scary isn't DoS attacks that are obvious, but ones which are indistinguishable from regular traffic.
Reasonably static and well hosted sites like Yahoo wouldn't be taken out, but the average E-Commerce site, with dynamically generated pages off a single-point-of-failure SQL Server architecture would be completely knocked out by what appeared to be nothing more than extremely heavy traffic.
Such an attack would require massive compromise of hosts(since they'd be able to execute only a few five minute random clicksessions per hour), but would show up on no security scans and would be indistinguishable from an unusually large horde of window shoppers.
How would you defend against this? How would you even know you were under attack?
And, most intriguingly, if you're getting paid by the ad impression, would you care?
A quick message to the people responsible...your behavior will eventually lead to the kind of IP network monitoring that the Russian Government is making all their ISPs pay for. It is one thing to describe the attacks and work to repair the infrastructure; it's something entirely different to execute attacks that will quickly lead to solutions that can only be described as nightmarish.
Think for a moment who <i>wins</i> when you take down Yahoo, and shudder. Because there is a winner, and in the long run, it ain't you. You're helping someone. Guess who.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
1) stacheldraht"
2) trinoo
3) tfn tribe flood network
4) tfn2k
5) Cert's denial of service tools
Useful?
- - - -
where are the moderators?
I want my -1.
...has to pay more attention to security. While I am sure there are quite a few people willing to cooperate in launching a DoS attack (and, BTW, who cares if it is typed DoS or DOS?), I'm equally sure the primary method is to launch the attack from the cover of a number of compromised systems. A DoS attack can be done with any compromised account, too. It doesn't require a "root" compromise if all you are doing is flooding a router or set of routers from multiple different networks. You only need a root compromise to do "cool" stuff with forged headers and illogical option bits (like SYN-FIN). If you are launching your attack from compromised accounts that you logged into from other compromised accounts, you don't care about forging headers. Your identity is already hidden by other means. What do you care if some suits come knocking on the door of the owner of the compromised host? You aren't there.
This means that we all have to take security seriously. That password matters. Don't share it. If you have resources, use two part authentication. Take reasonable precautions. Audit your setuid programs. Don't put "." in your path. Don't have world-writable files. If you can't afford commercial 2-part auth solutions, at least use ssh instead of telnet. Etc., etc., etc.
We can't afford to have security be the province of experts and miscreants. Responsible netizenship demands that we take security seriously, at least to enough of an extent that we can be confident our own systems aren't being used by others to attack systems.
Some people believe that cracking systems or launching DoS attacks are a legitimate form of civil disobedience. I actually agree with that. But you are only engaging in legitimate civil disobience if you are doing it on your own equipment and not concealing your identity. Protesters go somewhere openly and risk arrest. Vandals sneak around in the dark wearking ski masks and painting slogans. One is a principled stand and the other is a cowardly crime. Furthermore, when you use someone else's computer in your act of civil disobedience, it would be like the act of, when the police wade into your protest with their truncheons flailing, grabbing the nearest non-participant and using them as a shield. Cowardly.
So, as always shy with my opinions, that's what I think the giant DoS means.
Anyone know if this was mere mischeif or if there was a motive for this incident, BTW?
Ok I'm biased since I wrote this article, but it covers the Yahoo! DOS (I took a look at their network/etc) and goes over what you can do to prevent being DOS'ed, and what you can do to "be a good neighbour".
Yahoo! - Why denial of service (DOS) attacks work (http://www.securityportal.com/)
Kurt Seifried
A DOS attack? I get those all the time... Wait, what's that? Oh, he means Denial Of Service!
Anyway, now that that's out of my system, I have to wonder what the person who did this thought they stood to gain. Taking down Yahoo is sure to attract some attention, and its not going to be the hey-what-a-smart-kid! kind.
Personally, I don't like people who do DoS attacks much at all. They strike me as an immature way to "prove" your "skill" with computers. A better way, IMHO, would be to write some new piece of software that does something new or does something better.
-RickHunter
--"We are gray. We stand between the candle and the star."
--Gray council, Babylon 5.
Yet
Another
Hack
Ocurring.
Ooofah
Hates people who have stupid little sigs
Ha! I bet these dudes had shorted YHOO and expected that Yahoo stock would drop like a stone on the news and they could make a bundle.
YHOO up 18 7/8 today
Muhahahaha
Looks like Troll Day had a bigger impact than anyone suspected...
This has to be a router problem. I can get to yahoo just fine, to their dynamic pages and all. I just checked my yahoo E-Mail and it's working. I would suggest everyone that thinks otherwise do a traceroute and you'll see the issue for yourself.
"Out, OUT! You demons of STUPIDITY!" - Dogbert
Rob this was the only way I could get your attention! One night of passionate love and then you never call me again? I thought you said we really had something special.
please rob, i can't live with out your "little tux"
was there a noticeble effect of their stock price?
There was an analysis on a distributed DoS software on Bugtraq somewhat recently. It's called Stacheldraht, is designed to be installed on many unsecure machines on the net (i.e. they get cracked and don't notice it, it's not a voluntary network). There's also another package of which I don't remember the name.
The design is quite well thought-out, with multiple layers where DoS servers are responsible for a bunch of slaves which do the actual DoS work. These servers can then be controlled from a central point. Massive bandwidth to DoS at the cracker's hands.
I guess this incident shows that it or a similar package is in use. This is a new way of attacking, so I think it was worth a news item.
According to a story on Wired which can be found here, an engineer who's company also uses Global Center as their ISP stated it was due to a misconfiguration, not a DoS.
But, Wired then posted another story about it being a DoS attack.
I wonder which is true.
Ever since Feb 2 their 5 day stock quote charts were totally messed up. Basically they stuck in Mon Feb 28 instead of tues Feb 1. the stock data was right, but they dates and days of the week wer off. They just fixed it. Maybe it was a stupid Y2k miss. I e-mailed about it and got a "bot" answer, "thanks...blah blah...we are having difficulties..blah"
It will be very interesting to see if we get a bunch of posts here condemning DoS attacks, after the huge number of people who posted instructions and even scripts for executing these attacks on the Slashdot stories about eToys. If Yahoo did something you didn't agree with, would you consider it ethical to DoS them? Personally, I have a hard time thinking of any reason whys omeone would hate Yahoo.
Among the many things in life that bother me, this reminds me.. Why is it when we, the bottom feeders of the internet get DoS'd, upstream carriers could care less. UUNET for example can take 60-90 days to respond to complaints of DoS. That's their norm.
I call us bottom feeders, because we arent big companies with a team of lawyers.
This has been going on every single day for years now, but no one really cares if a small 25 user network is knocked off the net for a week.
My point is upsteam carriers need to give everyone the same respect when their network is being attacked and not ignore complaints based on the size of the legal department in the company that is being attacked.
There will be more and more of this unless upstream carriers take responsibility in investigating incidents.
Anyone who has been DoS'd knows exactly what I'm speaking of. If you dont believe me, wait till your day comes...
*sigh*
On another note, consider that there's some confusion as to whether this was actually a denial of service attack, hardware failure, or a misconfigured router. Since a DoS attack is difficult to verify, might "hackers DoSd our website" become the portal/ISP's version of "the dog ate my homework"?
Note: I am not accusing anyone in *this* incident of lying, and I have no inside information on this incident from any possible side :) - I'm speculating in general.
Seems like it may have been just a router problem: see here
everybody should check out HNN at http://www.hackernews.com . they have a list of a few articles about the attack. All the articles say something different but you can get the gist of the situation.
"Never wrestle with a pig, you both get dirty and the pig likes it."
Go to this url. It is from SecurityPortal, and it is worth it.
You also have this one from ZDNet, a little less geek-ish but much more formal.
Looking for a great online backup: Green Backup
No chat for hours
How does this impact Yahoo?
Stock up sixteen bucks, that's how
What kind of attack was this one ?
There are many ways to distribute such a DoS. One is simply to amplify ICMP echo replies by sending a ICMP_ECHO_REQUEST packet with a broadcast address as destination and the target address as source. Lots of machines will reply to the source, thus flooding it. That's called smurf attack.
Other attack is the Syn flood, in wich one (or various) machine send a TCP packet with the SYN flag on and a fake source address. That means it's pretending to start a connection, and it'll take a while till the target notices it's a fake IP address. In this meanwhile it'll drain resources from the machine.
There could be lots of other attacks. Does someone know what was used ?
BTW, a nice way to distribute such a DoS, wich I'm not sure if has already been done, would be to make a backdoor, distributed by a worm or something like that, that connects to one "master" site , wich the 3l33t guy has control and waits for instructions (1 0wn j00). The instruction could be something like: "Hey, all you machines there, go ping flood yahoo."
Has it already been done ?
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
No links... so here are a couple on that story... Cnet explanation and Cnet coverage
And this has been moderated 2 ?? Troll ....
Looking for a great online backup: Green Backup
Does this does attack have anything to do with the fact that the N et has sucked for the last four-five days here in North America?
---
DO NOT DISTURB THE SE
looser
Who cares about yahoo.. it is just one of those overrated companys that give you more shit to search on. Honestly, the world can do without it. And all of the DoS kiddies out there, with there T1 connections can pretty much 'shove it'. What they do is pointless and stupid. They are like a tick on a dogs back, but instead of one, there are 500 of them biting the poor dog all at once, trying to put it out of comission. Stop your lame shit.
>It's one of the larger news items of the day, but >we've sorta avoided mentioning it here because it >is really 'just another Denial of Service >Attack'. But it's the biggest one ever Actually, it was one of the larger news items yesterday, today it's just old news. And, it was the biggest one ever yesterday as well, so why wait 'till today to fess up that you missed the boat on this one? Also, where's the YRO news about the UCITA story? Yeah, I know... it's not news until you think it's news, right?
-- "In order to have power, I must be taken seriously." -Mojo Jojo
no, the post was started at a 2, and moderated down
I have to say I'm a little disappointed. As everyone already knows Yahoo runs on FreeBSD, it's always been my impression that this OS is very hard to bring down. But even the best OS's have a weak link.
Anyone still remember that linux vs. NT security thing a few months back. And when linux lost it was due to a banner add program, nothing to do with the actual OS? I bet it's something like that. Buffer overflow on a custom port of BIND or something like that.
It just goes to show, no matter how big you are, what OS you run, who runs you're network. If someone really wants to the can take you to the hole. All they have to do is not give up. They'll find something eventually.
Funny I think microsoft.com's never been down or hacked, however I understand they have like 3 mirror's of the whole site on a hot swap, so if it did get hack we would never see anything.
-Jon
this is my sig.
On result of all of this is that Universities may need to look into setting up their networks more like corporations; i.e., using firewalls to protect from outside hacking (which will make running unofficial servers a huge pain).
Most universities have already done this (at least the one I'm at), and yes, it makes sharing files with anyone off-campus a major pain.
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
Interesting that there is more than one 'they deserved it' comment posted. I'm assuming the people that made the comments are talking about Yahoo deserving it in some manner or another. I'm not exacty sure why a company would deserve that sort of damage...but then again...I'm not sure why I crave Jolt and feel the need to come on to Linux dudes...
AP via CNN: Yahoo! suffers attack from hackers, overwhelms popular site
CNET: Outage a deliberate attack, Yahoo says
DoS attacks in general and a few more details from CNET: How a basic attack crippled Yahoo
I also:
Shot JFK
Shot MLK
Shot the sheriff
But I didn't shoot the deputy (sneaky bastard!!)
Any questions call 212-563-5322
...every time slashdot links to a remote site!
Distributed Denial of Service (DDOS) attacks have been a growing problem for some time. It started with anoying things like SMURF and has expanded to worse things like TRIN00 and Stacheldraht. Good information on these types of attacks can be found on the bugtraq forums at securityfocus.com and here are a few other helpful links (sorry, my URLs may be wrapped):
w itz-hip-01.txt w itz-hip-enc-00.txt w itz-hip-dns-00.txt w itz-hip-arch-01.txt
http://www.icsa.net/html/communities/ispsec/
http://www.nanog.org/mtg-0002/
http://www.washington.edu/People/dad/
http://www.ietf.org/internet-drafts/draft-mosko
http://www.ietf.org/internet-drafts/draft-mosko
http://www.ietf.org/internet-drafts/draft-mosko
http://www.ietf.org/internet-drafts/draft-mosko
Basically what makes these things such a pain is that the only way you can hope to track them down is to get the cooperation of every amplifier network participating in the DDOS, and that is usually impossible since there may be thousands of them and the average attack wont last long enough to let you get intouch with all those network admins. Many of the attacks can be stopped if all the amplifier networks have disabled 'directed broadcasts' but many dont and its hard to force everyone on the internet to set their routers up the right way.
Basically the only way to stop it on the targets side, is to have enough bandwidth and processor power to just eat the attack, and have your routers set not to respond to garbage.
If anyone has more insite into how to stop these, or an interest in learning more, there are many conferences poping up discussing possible solutions. just keep an eye on bugtraq for details (one happened in san jose yesterday).
Hmm... I could imagine the crap that would be posted here bashing MSFT if Yahoo was using NT/IIS. However, since they were using FreeBSD, we won't hear a peep from anyone.
Go ahead, moderate me down. Couldn't care less.
You know, they are linked in that MP3.com vs RIAA story....
"You mean the whole time Darth Vader was such a badass, it was because he missed his mother?"
About three weeks ago, my ISP here in Seattle (oz.net) was brought down by a massive SMURF attack. I wonder if this is related? Has someone built some new toys out there?
On the other hand, about two weeks ago Yahoo's home page was redirecting to some random Geocities home page for about an hour. I was surprised this one didn't make the news, but I know a few people who saw it.
_____________
I'll bet / with my Net / I can get / those things yet.
_____________
I'll bet / with my Net / I can get / those things yet.
--Dr. Seuss
So, I'm not the expert on what happened to mitnick, but what I do know is what I just saw on CNN. Suzie Shaffer, or what ever her name is on Money line, had Mitnick on for a quick interview about what he thought about the yahoo DoS. Mitnick suggested that it might actually be a bad router on the fault of Yahoo's ISP. Which may be a possibility.... but then the interview got nasty. Suzie bitch face, or what ever her name is actually started grilling Mitnick about why he hacked, and why would any one do this... as though he was the one who had attacked yahoo. He tried to defend himself by saying that he would never do something as aggressive and flagrent as a DoS and that he went to jail for basicly software piracy, and that his goal was trophy hunting, not damaging acts against major companies. any way, it was pretty nasty...
Since it appears you're familiar with this, I thought I'd ask you about it. I've searched the howtos on how to configure sendmail to not allow certain IP addresses to use it, but allow the localhost to use it. Do have a fairly comprehendable reference on how to disable sendmail to all but the person on the local machine?
- Fred announces "isn't it crazy they're selling frizmos on EBay for $10M" on SlashDot
... the /. hordes go over to check it out .... EBay goes down - Fred gets pissed at EBay for some reason, and announces "isn't it crazy they're selling frizmos on EBay for $10M" on SlashDot
... the /. hordes go over to check it out .... EBay goes down
One is an indirect DOS attack on EBay, the other is just a 'normal' net traffic peak - how do you tell? do you care? (if you're EBay you may actually welcome the interest)Cyberattack Cripples Yahoo (APBNews)
Who's Behing Yahoo Attack? (ZDNet)
FBI talks with Yahoo! about attack (ZDNet)
How a basic attack crippled Yahoo (CNet) (with stupid protocol animations too!)
And in other news: A different type of DoS attack is being carried out against Yahoo. At least 40 web articles have been written so far, showing evidence of how many reporters must be calling Yahoo right now. Once the second round of DoS attacks are stopped, the techies can finally get some work done beefing up the site.
McNealy, you're next!
For the humor impaired: the statements in this post were said in jest, and are not a threat against anything or anyone. If you can't see this, then losen your tie because you are obviously not getting enough blood to your brain.
--
-- Slashdot sucks.
There is one sound security practice thats simple, and would clamp down on much of this. I would just love to be able to have everyone (ISP's included) only let packets out from their networks that origionate from their networks. It was as true 5 years ago as it is now -- be a good net admin and clamp down on spoofing!
If anything, ISP's should be more proactive about this, and block bogus IP addresses coming from their customers. Then if a site fails to block the spoofed packets, the ISP would drop them anyhow, and the network as a whole would be protected just as well.
This would be the ideal. Unfortunately, it's probably easier said than done. (Handling one large static block would be easy, but dynamic routing with BGP suddenly makes it more complex...)
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
Block packets from all hosts? When you think about it, the Slashdot effect is actually a distributed DoS attack! A great many users scattered about the globe all hitting one particular site. The "evil DoS attack" doesn't seem to come from anywhere. It comes from everywhere. And since blocking all incoming IP traffic would be the hara-kiri of DoS attacks, you're just screwed and can only wait for it to pass.
Who the hell moderated this up to 2? Show some maturity will ya?
By -X-(209.150.239.51) @ 3:53pm Monday [7/2/2000]
Real-time report for www.yahoo.com
[204.71.200.74]
Analysis: IP packets are stopping in network "Global Village Communication" between hops 12 and 13. Connections to HTTP port 80 are being rejected.
Some one kick those fools at Global Village Communications and turn port 80 back on.. :/
I posted this yesterday as this problem was happening.. I still don't know if it was a bad router and they are claiming foul play to avoid embaressment.. Wired News does not know either, they have conflicting stories posted!
One thing is for sure, Yahoo did not struggle stock wise because of this...
-X-
-X- webmaster@xgeneration.net
It wasn't a dos attack. It was really a win98 attack but the user hit ESC during boot, causing the pretty graphic to disappear.
I agree that companies should have better security. I'd love to see a day when ever network runs on tested, trusted, open source software.
But those ends do not require the means you suggest.
I don't think it's appropriate to sue for negligence.
E.g. Some thug steals your car, and runs me over with it. If I survive, who is responsible for my injury? I blame the bastard who ran me over, not you because you didn't fortify your car.
The story, as posted on Yahoo's site can be found: here.
It is a little curious that this particular instance of a DoS has been getting so much attention. My conspiracy theory of the moment is that it is a MS sponsored story, based on the fact that Yahoo runs FreeBSD (according to Netcraft).
Religion is the opium of the people. Evolution is the opium of scientists.
I wonder when we are going to start seeing subsets of the internet partition themselves off and only deal with other sites the implement certain policies (for example, contractual agreements regarding penalties from spam coming from your domain, failure to block impossible packets and so on).
It could be done pretty cheaply during the changeover to IPv6. Just use the first byte to indicate what level of security (or bitwise OR of different security features) the host network guarantees. Then you could just block, for example, any mail coming from someone who didn't guarantee they could track down the original author (whic implies that they have enforced similar rules on their relaying).
--Kevin
Well, Yahoos upstream ISPs both sent out messages to a number of tier 1 and tier 2 NOCs asking to search for the source of a possible TFN or Trinoo attack on Yahoo. They were asking because they couldn't detect anything funny going on. We couldn't detect anything more than the normal traffic heading there. Nothing massive like a TFN or Trinoo, and we have systems in place to detect the start of those attacks. I think that some unauthorised person at Yahoo misconfigured a router in their outer network, and brought the whole thing down in a broadcast storm, and it took them several hours of finger pointing before they got around to finding the source of the problem inside their border routers. That could be why no serious hack/crack/infocriminal group claimed responsibility. the AC
I am wondering ...
...
...
.sig very obsolete.
When you work for a company whose presence on the Internet is the essential source of revenues. When this company has lots of shareholders and starts getting bigger and bigger
When do sysadmins have time to apply patches, take the system down for at leat 3 minutes, educate their suppliers on what kind of application they need, etc
What I am saying is that zero downtime is not a possible thing. Why ? Because when you have some security experience, you know that downtime is better than seeing your credit card numbers on Usenet.
To all the SysAdmins working for a huge ISP, ASP or Big Internet Company, take example on Yahoo!. Downtime is needed, it gives the network some rest (c) (User Friendly I think).
That makes my
Looking for a great online backup: Green Backup
Yahoo (YHOO) is up 19 1/8 points on the news. Either investors are confused and think the DoS attack is generating millions of dollars in ad-impression revenue, or the stock market makes absolutely no sense. I have no good reason to suspect it's anything but the latter.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
What does it mean that Yahoo went down from a DoS?
Abso-frickin-lutely NOTHING.
Honestly, I'm amazed this hasn't happened before. DoS attacks are neither elegant, nor difficult if you grasp the basics, so it's really a matter of scope, risk and time. The only thing we should be impressed by is the fact that someone had the cajones to fiddle with such a Big Boy.
People I work with were so amazed that "Yahoo!" went down! *gasp* Why should we be amazed? The idea of a "secure" website is an utter fallacy, inasmuch as there will ALWAYS be more people trying to wreck things than there will be people trying to secure things. It's just a sad, stupid fact.
The best thing that could happen here would be for people to realize that it really ISN'T a big deal when some putz "takes out" a big website. It's no more impressive than someone having the brass tacks to vandalize the Whitehouse. Is it smart? No. Is it easy to do? Not really... Is it possible to avoid it absolutely? Nope.
IMHO, this DoS is no different than any other.
I guess the term "slashdotted" is obsolete, it should be now: "someone yahooed (at) it"
Here is the low down dirty info from an inside about what happened with Yahoo. DoS Attack: engineers have been heard saying that what happened to bring down Yahoo! was the scariest thing a person that really KNOWS how the string and gum of the internet is held together: a BGP Exploit. BGP is the protocol used to link almost ALL of the Internet together that uses laffable authentication. Apparently a barrage of spoofed BGP packets took out a GC core router near Yahoo! which, when it went down, caused a massive storm of BGP packets to permiate through Global Centers fiber SONET ring. Affecting at the very least colocated customers at neighboring GC facilities and word has it reached as far as GC's network to Seattle. THE STATEMENT FROM GLOBAL CENTER THAT NOBODY ELSE WAS AFFECTED IS FALSE.
What the hell kind of statement is that? Most likely the OS had nothing to do with, and more the fact that the connection(s) they have to their providers were completely flooded with bogus requests. Linux would've done the same thing. Get your head out of your ass.
I very much doubt that OS had much to do with this, and maybe that the DoS even took down any BSD boxes. According to what I've read from Yahoo, the problem was with the volume of traffic hitting their routers. It may not have taken anything down, but was simply "offline" because nothing could squeeze around the traffic from the DoS. I doubt there are many sites in the world that can handle 1GB/s of traffic gracefully.
In my experience with FreeBSD, you can bang on the thing so hard that it takes 15 minutes for a mouse cursor refresh(of course no one runs X on their servers), and it still stays up. Of course, FreeBSD can be taken down, but it's a mite bit harder than other OSes.
As near as I can tell, DOS attacks happen *all the time*, literally. Most of them are the work of 14 year old script kiddies who haven't yet figured out how to masturbate. So far there have been two, count em, which have been of any interest at all, IMO: this one, (not because Yahoo! is such a Net institution) and that etoy/Etoys situation. The etoy-inspired DOS on Etoys was interesting because it was sophisticated and inclusive, allowing for grassroots participation. This one is interesting because somehow (I'm assuming this is the first time, pls correct me if I'm wrong) the FBI has taken an interest. I wonder why? My take is that the DOS woke them up to the fact that the Big Boys on the Net, the corporate interests who send their kids to private school and put boats in their driveways, are as vulnerable as any other site -- and thus the Net-fueled economy which must be protected at all costs is vulnerable too. "They" being the Man, of course... you know what I mean.
.02 or so. I could be wrong.
That's just
-- Adam
I wonder if the government or the military pulled this one... think about it, who's been trying to scare up a couple hundred million dollars from Congress for programs to counter "Cyber Attacks"? That's right... the boys in Washington. Can't you imagine all of the clueless old politicians cowering in fright when the government holds up Yahoo as an example of what the "Criminal Hackers" are capable of. I think if it was street crackers they would want to deface Yahoo... what's the big deal about a denial of service?
hahahahaha
what scares me is that it took 4 people to bitch about the issue
haha
OH LOOK SOMEBODY MADE A POST I DONT THINK IS REALLY GOOD... LETS WASTE ALL OUR TIME BITCHING ABOUT IT!!!!!!
the real shiftaling has user number 5134
Karma: -43 and DROPPING!!!
After reading many of the comments here it would seem that the "highly intelligent" community here at /. is somewhat loosing sight of the issue.
1. Security...Ok, DoS is bad. The question is not so much how do we get people to stop letting users spoof IPs and so on...but more how do we who run systems out there stop the attack. By asking every entity with an Internet presence to implement anything you're getting into areas called REGULATION which we all know is something no one really wants.
2. This attack took out the worlds highest traffic Internet site. Not just one server, but the entire network. A network which, I'm sure, includes co-location and nearly every high availability mechanism known to geeks. This was not some script kiddie fooling around. This had to have been a concentrated, organized effort by a group of people.
The bottom line is to answer the question, How do I protect myself?
Hackers attack our network sounds a lot better than, we're hosted by a crappy ISP who messed up some routers. I work for a e-commerce company that hosts several different sites at Global Center. As recently as yesterday (gasp!) several people came running back to my desk to tell me that so-and-so site was down. After careful examination (traceroute) I was able to figure out that there were latency problems on the network between alter.net (our office ISP) and Global Center (co-location facility). Basically, most everyone _outside_ of our company could see the web sites fine; our packets just happened to be taking a crappy route. I'm betting on a Global Center snafu rather than some kind of massive attack.
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
Any Solaris users/admins care to comment on the whether it's sheer bad luck that these tools pick on Solaris rather than Linux ? Or is it just a matter of time before thousands of insecure RedHat boxen join the tribe ?
And wouldn't win95 boxes on dial-up connections be the ideal host to launch distributed DoS attacks from ?
--
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Time to stop linking to Yahoo! news, IMHO.
Time to stop linking to Yahoo! news, IMHO.
When DOS attacks! This Sunday on FOX! (Right after the Simpsons!)
It is sweeps week after all....
...would anybody buy their CDs?
I've been thinking for awhile about the possibility of making the Internet into its own country... not thinking about literally doing it, but whether or not it would be possible. With this, I think it would be. Now, it would only be its own country for as long as it takes the big companies that provide us with all the backbones to cut those cables...
Esperandi
Yes, Slashdot comes to you over a fat wire owned by a megacorporation! Fear!
What moderator in his/her right mind would mark Rommel's comment as "Flamebait"? One might disagree with it's contents, but I certainly didn't read a single diparaging remark anywhere in his post.
Flamebait is for PERSONAL ATTACKS ONLY!!!
fscking moderators.... (posting anonymously since I have moderated previously)
A DOS attack is just as bad as creating a destructive virus, since it can cause serious financial losses for the site/company attacked. It'd be good to see the government (FBI hopefully, since it'd likely be inter-state) go after one of these jerks and hang them up to dry. Too bad if it's a script kiddie - an example needs to be set.
I'd expect there might be a great opportunity for some company to create tools/services for tracking DOS attacks... someone like Cisco would obviously be in a good position to track coordinated attacks.
The Yahoo! servers (there are a ton of them) are located at the GlobalCenter NOC in Sunnyvale. They have thousands of machines there - it's a very impressive setup. However, that NOC is perhaps the WORST place in the world to place a server - it is completely overloaded, and the employees barely have command of the English language. A company I worked for hosted their servers there, and the latency created by the jammed connections virtually hosed the web-based service they designed.
I find it quite likely that GlobalCenter screwed up, and that Yahoo! is attempting to spin the story so that their stock price doesn't get hammered. Fortunately for the readers of slashdot, we usually remember that it's not necessary to attribute something to malice that can adequately be explained by ignorance.
I was wondering the same thing. Feb 29th is close at hand. Wonder if that has anything to do with it?
**>>BELCH
The thing to keep in mind here is that the problem was not yahoo's the problem was globalcenter. Now as a former globalcenter customer let me give some background. Most of their customers are attached to Cisco Cat 5500's. These devices only have a 3.2 Gig Backplane. (3 1.2 Gig backplanes) Its divided such that if you had a 24 port blade the first 8 are backplane 1, the next 8 backplane 2, etc. So if you have a 13 port cat 5 (5513) or a 9 port cat 5 (5509) you have 2 blades taken up for Redundant management, (1 for RSM [route switch module]) for routing between VLAN's. This will leave you 6-10 ports (depending on 5509 or 13) Now, if you have 6 blades, with 8 ports (Backplane 1) you could have 4.8 GB of traffic on that, now if you the backplane is only 1.2 GB (which it is), you can have a 4 to 1 oversubscription. This does not take into account the RSM Module either. This too is limited to not supporting a high amount of packets. It cannot keep up with the backplane and perform layer 3 routing. This is the case with places like globalcenter, and exodus. So, assuming that yahoo has some design in their network, lets say they have 2 sets of 400MB connections (2 400MB connections) (1 400MB connection to 1 cat 5), 1 to another cat 5. Note: if these are gig connections, thats even worse because if you have a 1.2 GB BackPlane and 1 GB going to yahoo, what about the other customers on that Backplane? One can only assume massive oversubscription then. Ok, so we know that there are bottlenecks both on the cat 5 itself and the RSM as well. Doing a Traceroute will show you what the IP of the RSM is. It would then be simple to go and smurf/DoS the thing into oblivion. Now, how does the blame lie with globalcenter? Well, maybe they need to do filtering on the RSM's. Well good idea, but that will increase the processing load, and reduce the amount of traffic that they can pass. (maybe it was already doing filtering and was just an easier target) The above are all known problems with their choice of equipment. But they could do things like filter at a non oversubscribed device, like their massive-backplane GSR 12000's. Doing Anti Smurf blocking there, or some sort of Intrusion Detection might be of an amazing help. They could also upgrade to equipment that is non blocking, and does wire speed routing in asic's. (Foundry, Extreme, etc) And now lets deal with the people. GlobalCenter has no testing facility, to test upgrades and future rollouts. Ok, they have one, I've just never seen anyone in it. When I was a customer there were daily outage notices of places going down and sites going out. The SNV2 facility (across the street from SNV1 [yahoo], would go down for hours at a time. Within the course of 2 months, I experienced over 24 hours of downtime total, All from the operations people at globalcenter not knowing what they were doing on their own equipment, and from not testing what they were about to roll out. Being on the contact list at above.net at that time was an eye opener, as it showed the great disparity in service. >Step down from rant box -- (a?)C
personally, I'd rather have time with more twat on my hands. Then move on from there.
more proof that linux is the only enterprise os available. if they ran redhat this would have never happened to yahoo.
freebsd, solaris, irix, hpux, aix all cannot stand up to the enterprise scalability that is linux.
Correct me if I'm wrong, but it's usually the number of times that the image has been requested, not a page on which the image is placed. A DoS script is unlikely to waste time requesting images.
Gates' Law: Every 18 months, the speed of software halves.
moderate this and the above comment down. It is spam pointing to this complete losers dorsai.org site about don knotts playing a hacker.
Today, I ate a cheeseburger.
What I think is the most important thing: it's the first time a commercial site went under attack of a distributed dos (the first commercial site i know about).
Until now only 'minor' sites (like universities) have been under attack of distributed dos tools. It seems that this tools like tfn, stacheldraht etc are now more common than a few month ago.
I'm worried, what might happen if in the next month these tools are widely used...
Keef
The original story yesterday blamed a downed GlobalCenter router. Having worked for a company that was a GlobalCenter customer, I can believe it. I had many experiences with them messing stuff up, and then being evasive about fixing it. Does DOS just have less impact on the stock price?
Think for a moment who wins when you take down Yahoo, and shudder. Because there is a winner, and in the long run, it ain't you. You're helping someone. Guess who.
Who are these people you think get helped, and how do you know they weren't in fact responsible for the attack?
A Yahoo guy on CNN(I think it was their CEO) said that they were getting 1GB/sec in requests from the attack. Wow.
If someone jams gum in the locks of Macy's in Manhattan, that would cause a
denial of service, disrupting business for a
time as well. Would we care? Would we see it broadcast in the news? You know we wouldn't.
However, this is the big, bad internet, and all
of us are unsafe for the dangers at hand are new
and daunting.... Bullocks.
It seems that we flatter ourselves by treating this any differently than any other act of vandalism. Big f(*&(*&- ing deal if some jerks
take down Yahoo or NYT. Compared to the 'non-virtual' vandalism, the damage is lest costly to fix, and the delinquents are easier to find.
I get embarrased for myself when I see people even
dwell on these subjects- mainly because it seems to be a clear indication of how we are taking ourselves way too seriously. Does society have lenghtly discussions about how to lessen the chances of having somone put a burning bag of dog crap on someones doorstep, or how to keep people from calling Joe's House of Pizza to have 15 pizza's delivered to somebody they don't like, etc?
Of course not. Although discussion IS important,
sensationalism helps no one. I have no problems with this D0S being posted on Slashdot, I do have
a problem with the people who are posting in regards to this issue who want to make this seem
to be an issue that is only known to the wild frontier of e-commerce. It isn't.
If you disagree, then you have obviously never seen the episode of 'I Love Lucy' where Lucy & Ethel called a fancy restaurant and made 100 phony reservations, so that they could have the restaurant all to themselves. That was a denial of service, too.
The more we flatter ourselves by acting like e-business is different than the capitalism we've been doing all along, the more reluctant people will be to embrace it.
was pulled off by one hax0r with a 900 baud modem.
He sent their router one small command and it diiiiiiied
:)
DOS.
Fight Spammers!
buy.com seems to be having the same types of problems that yahoo had, and they're hosted by exodus...
http://news.cnet.com/news/0-1007-202-1544910.html
kaiser soze? (sp?)
-- Viva FreeBSD --
maybe it was prep. for microsoft.com
With the advent of Linux on desktops, there are people like me who just use it as a replacement for win95. We are now being given more power than they know what to do with. I am at university with a 100 base T ethernet in my room. I could have someone hacking into my computer and use it for DoS without me knowing, cos I've got a great big industrial strength OS and don't have a clue what it all does. As the Linux revolution gets underway, it is going to be increasingly important for distros to turn off everything and provide the documentation to let people learn what they're doing before they can turn it on. Win95's best security feature is that it almost entirely featureless. You need to email someone and have them do something daft before you can run stuff like BO on their machine.
eBay has gone down, further down than I've ever seen. Not just broken search and updates like they often have, but nothing, no response. Another DoS attack?
I wish slashdot would do some RESEARCH on these things first before posting...
This isn't a co-ordinated effort of script kiddies. Rather, a distributed denial of service attack is the result of many machines being TROJANED. There are several distributed DoS programs out there...Trinoo and 'stacheldraght' are the most common.
This is how they work: the perp breaks into as many machines as he can using whatever vulnerabilities he can find. He then installs the trojan client, which does a pretty good job of hiding itself. Back on his home machine, he has the 'master' server. Using this server he can command his legions of client machines to DoS any host to it's knees, making it LOOK like a co-ordinated effort of script kiddies. In reality all this is is pure vandalism of one or two lone idiots. Typically they just mass probe lots of hosts for vulnerabilities and auto-install this hand-made trojan, and that's it.
Bottom line is this is the result of mass trojaning of -yes-, UNIX boxen. Stacheldraght specifically targets Linux and Solaris boxes as clients. Stacheldraght in general is really difficult to block because it uses Blowfish-encrypted communication channels, and ICMP itself to communicate...you need to effectively disable ICMP to stop it.
Please check www.securityfocus.com for more information on this. Get a clue, get informed (this is not a flame, but rather some advice for Slashdot as a whole). There is a very good document on there on how to detect and disable the 'client' as well as armouring your network against this kind of vandalism.
There is a difference between DOS and DoS, which you didn't quite catch. DOS is an OS made by Microsoft while DoS stands for Denia of Service. It was a play on words (acronyms even.) There was no MS bashing here.
the Internet is not reliable! most of you know that, but non-tech people in positions of power, i.i. politicians, don't relize that. Use this example next time someone tries to do something criticle on the internet.
The Kruger Dunning explains most post on
Please moderate up the poster who said this will be the new dog at my homework excuse.
Buy.com goes public, their site gets more traffic than normal, crashes and burns, and it is a DOS attack!
article here
"Reasonably static and well hosted sites like Yahoo wouldn't be taken out, but the average E-Commerce site, with dynamically generated pages off a single-point-of-failure SQL Server architecture would be completely knocked out by what appeared to be nothing more than extremely heavy traffic."
:)
I've heard of this before, I believe it's called the Slashdot effect.
Project Steve
Likewise, anyone with a system connected to the 'Net must take responsibility for its security. A machine that's wide open to being "rooted" is an "attractive nuisance;" it is innocent by itself but incites trouble by facilitating abuse. The "white hats" on the 'Net should be proactive and stay one step ahead of the "black hats" in this respect. They should be walking down the Internet's virtual streets rattling doorknobs, and if they find one unlocked, they should tell the owner of the house, "See here; your house is unlocked. This is not good." This is far better than having a thief slip in later.
--Brett Glass
Yes, I agree that the /. effect is UoS rather than DoS. What's the difference really? There was a story posted here recently about a LEGO machine gun and now when you go to the site you get a cute little message that the site is out of service due to the /. effect. Excessive UoS becomes DoS because eventually the pipe gets so clogged that no one can get through. So in a sense they are they same problem. More packets in the stream than the pipeline can handle.
There is no reasonable defense against an idiot with an agenda
:wq
Your kidding, right??
DoS is an attack.
Webster defines civil disobedience as:
refusal to obey governmental demands or commands especially as a nonviolent and usually collective means of forcing concessions from the government
The key word is "Nonviolent"
An attack is inherently violent
Are you off your rocker??
You are like those kiddies that say "I deface web pages to learn!!!"
http://enmasse.penguinpowered.com/
If there was indeed an attack, there might have been one person behind it (the point of the DDoS programs is to be able to remotely control many systems at once) or many. They might have been script kiddies, or highly experienced crackers hired by one of Yahoo's competitors. We just don't know. To start jumping to conclusions before we have the facts doesn't help anything.
A reliable OS? In the world of hacking/cracking, everything is an unreliable OS.
If you want to secure your computer from the internet, don't use the internet.
That's why everyone assumes it's kids.
"Reasonably static and well hosted sites like Yahoo wouldn't be taken out, but the average E-Commerce site, with dynamically generated pages off a single-point-of-failure SQL Server architecture would be completely knocked out by what appeared to be nothing more than extremely heavy traffic."
:)
I've heard of this before, I believe it's called the Slashdot effect.
Project Steve
It has been mentioned in this discussion that part of the problem of compromised machines, which may be used for DoS attacks, is that many broadband users are given their own IP addresses. This problem is not limited to broadband users. Many colleges (I know of two, and I am sure there are more) give each user an ip, and do not use firewalls because they cannot get them to work properly. One might blame the system admins here, and certainly they are to blame, but that still does nothing for the individual users.
/., who can probably figure out this security stuff, but to the average user.
The problem for any individual trying to secure their own computer is a lack of easy to understand information on the subject. I would hope that there would be a way for the windows or mac user to secure his or her machine easily. This information needs to be spread, not to the readers of
FreeBSD also has two special kernel options -- ICMP bandwidth limiting and TCP/IP RST restriction -- which can help with some DoS attacks. (No OS can do anything about a swamped pipe, of course, but if it knows how to throw away bogus packets and does not fall into the trap of trying to respond to them all, it'll be in much better shape. And, of course, it should never crash.)
I've seen some trolls in this discussion that suggested that FreeBSD was somehow responsible for Yahoo's woes. In fact, the opposite is true. If I'm going to get hit by TFN or Stacheldraht, I'll want a FreeBSD system -- probably the most recent version on the FreeBSD-stable development branch -- not NT, MacOS, or Linux. In our tests -- and we did a bunch of them when stream.c hit the streets -- it held up the best.
--Brett Glass
Not that I think any of these groups are involved, but there are groups out there with beefs against Yahoo.
Cheers,
ZicoKnows@hotmail.com
Just heard on CNN that today's DoS victim is Buy.com. The site is back online now, but here's an article on Excite about it.
Love 'em all and let God sort 'em out...
Man, if you *do* work for Sun then you must be a freaking moron: "the dot in dot com". Whatever... Please cut us all a break and go back to hustling your "free" $75 Solaris 8 to the unsuspecting masses. Wait till they have to upgrade or find an application on 8 that they actually use... Geesh...
The yahoo failure? No. Freebsds own servers have been crashed for over a week. Mail service was completely shutdown by hackers who broke into freebsd.org and trashed the system. Freebsd is not so good.
Bull. The mailing lists are active and working fine, and there has been no interruption of service. The above is a libelous troll.
--Brett Glass
How many times he got fucked in the ass while in prison, and if he enjoyed it?
We in the Linux community have to pay more attention to our own security. We're going to start to see more and more folks with always-up DSL connections and static IP addresses. If the default configuration as shipped by Red Hat, or Corel, or whoever isn't damn near bulletproof, you know that the DoS freaks are going to own a lot of these boxes, simply because you can assume that there are a lot of people who won't apply security upgrades, who think "I don't need to care about security, nothing on this box matters".
On the contrary, any DSL-connected Unix clone is an attack vehicle, if captured.
It's not good enough to have some specialized Linux distributions that focus on security. The market leaders are the ones that really matter, because if you find a flaw in Red Hat you've found an exploit you can immediately use on thousands of machines.
Recent Linux versions also have a number of kernel options to help with some DoS attacks, and Linux and *BSD kernel developers have been learning from each other on this issue. Just the same, if a recent Linux kernel didn't hold up well in your tests, we should know. Which version did you test?
Yahoo seems fine now.
CNN, however, is dead as door nail...
Yahoo gets over a million unique visitors per day. If Macy's had that many people going through its doors, a similiar shut-down would definitely make the news.
Cheers,
ZicoKnows@hotmail.com
All the ideas above make fetchmail not work. I think to do what I want to do I'm going to have to set fetchmail to only listen on localhost. That will probably do it. Any ideas?
FreeBSD had its mail servers shutdown by hackers this past week. It didn't get as much publicity as Yahoo but it was just another sign of FreeBSD failing. And let we forget, ebay lost 4 million dollars in one day when hackers took out their FreeBSD machines. Needless to say, ebay no longer uses FreeBSD. The yahoo incident is not the first and it won't be the last time FreeBSD is shown to be at fault.
Did anyone find out what exploit was used? Or was it done through a user account?
--Brett Glass
>But now I'm realising that it would have been a large, very organised 'team' effort. After all, it's going to take more than just a couple of computers to put through 500 million page requests in such a short period of time
Why? Actually, one person could have done it over the last month by cracking a bunch of sites and setting up a simple CRON job that called ping a set large number of times.
DOS attack? Well thats what they get for running a site that big on top of DOS.. I hope they didn' t use MS-DOS for it..
Maybe now they will upgrade to a more recent OS maybe one where the TCPIP stack isn't a TSR.
Theo has been telling the FreeBSD guys that this was a disaster waiting to happen. The FreeBSD core team laboring under a NIH -- not invented here -- syndrome refused to make the needed security changes. If you want a secure OS, FreeBSD is a bad choice. What do I recommend? OpenBSD.
The attack is primarily one that exhausts your bandwith, not your OS's ability to respond. Here's the scenario: You're sitting a T3 with 64 dual PIII-450's in a cluster. The attacker remote controls hundreds of compromised hosts on the internet, and floods your network with ~45Mbits data from those hosts. What could you possibly do to your cluster to fend off this attack?? even if you configure your systems to ignore this traffic, it still saturates your internet connection. The answer is: nothing. This type of problem would have to be addressed at your ISP, or your border router. Other options are doing things like distributing your servers among the big (tier 1) ISP's to make sure the bandwidth bottleneck is at the client end, and not at your end. But with enough clients, the attacker may be able to effect you even with that much bandwidth. I imagine it took a buttload of clients to saturate yahoo's pipe. Unfortunately dealing with these type of problems is a part of being on this global network. Several weeks ago, a big discussion of this phenomenon raged on bugtraq. Unfortunately, I never read through the whole thing, and I couldn't comment on possible solutions discussed there. This might possibly have to be addressed with unfriendly solutions like ISPs refusing to route traffic from "hostile" networks where this traffic is known to originate from. I can't think of too many other ways an ISP could protect a big customer (like yahoo) from these potentially devestating attacks.
Nathaniel P. Wilkerson
NPS Internet Solutions, LLC
www.npsis.com
Nathaniel P. Wilkerson
www.haidacarver.com
--Brett Glass
Ford Unleashes Power of the Internet for Employees Around the World
Ford Chairman Bill Ford, UAW member Mike Rawson, UAW President Stephen P. Yokich; Ford Mustang program product analyst Toary Taylor, and Ford President and CEO Jac Nasser, at the news conference.
DETROIT, Feb. 3, 2000 - Ford Motor Company is taking a step forward to reach its vision of being on the leading edge of technology and connect more closely with its customers. In support of this vision, the company is announcing that eligible employees worldwide will be provided a computer, printer and Internet usage at home for a nominal fee.
"This program keeps Ford Motor Company and our worldwide team at the leading edge of e-business technology and skills," Ford Chief Executive Officer and President Jac Nasser said. "We're committed to serving consumers better by understanding how they think and act. Having a computer and Internet access in the home will accelerate the development of these skills, provide information across our business and offer opportunities to streamline our processes."
Spamming for Ford Motor Company!!!
aaaaaaaaah!!!!!!!!
Do you realize that after reading this article and the posts that follow anyone with half a wit might be able to execute such an attack? Collectively we've either explained how to do it or linked to places that have the information.
"Ford, you're turning into a penguin. Stop it."
hey, Yahoo stands for
"Yet Another Hierarchical Officious Oracle"
so YADA:
Yet Another DoS Attack
isn't such a big deal
Hey BTW Kiddies, here are some new tricks:
a retro-gimmick would be to do a DoS attack by telephone calling up a toll free number using an automated telemarketing program consisting of dozens or hundreds of different dummy texts.
ultimate retro would be to group up into hundreds and do a DoS attack in a company lobby. Walk in and out of the room the whole day. tom 2c
The DOS attack is just a cover-up. ;)
What really happened is someone at Yahoo!
accidentally uploaded AOL 5.0 onto the system
and they were too embarrassed to fess up.
ThE iLlUsTrIoUs IdIoTt
Ouch.
Down 10 percent of the time? That's worse than Microsoft.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
This is another nail in the coffin. FreeBSD: ``where would you like to crash today?''
--Dan
CNN is reporting that Buy.com was under a massive Denial of Service attack this morning, and at the moment, EBAY is being attacked and is down.
Microsoft: We're the D.o.S. in dot.com
ABC News is reporting that two more web sites were hit in the last 24 hours, in attacks remarkably similar to the one that hit Yahoo. One website was Buy.com, which was hit just as their stock was going IPO with 800 megabytes of traffic per second in a coordinated DoS (smurf?) attack. The other website was eBay. The Yahoo attack used one gigabyte of traffic per second, according to ABCNews. Full story is here.
Finding God in a Dog
cnn.com has been down for a while - does anyone know if that's internal failure or DoS? Does anyone know if it'll be back up soon?
Every once in a while I get this sneaking suspicion that blame is being misplaced. This yahoo thing gives me the same vibes as I got back in '94 when alt.2600 was going to hell. For the longest time the newsgroup was flooded with posts of random English words. Of course everyone immediately starts blaming the "script-kiddies". At first it sounds like a plausible explanation, but after a while I started thinking. I can think of two reasons we should at lease consider looking elsewhere for the guilty party.
1. (The most obvious.) Who could possibly have anything to gain from doing this. Right on the top of the list you will find (in the '94 example) the people wanting to shut down alt.2600. They made the newsgroup, for all practical purposes, unreadable. Who might want to shut down alt.2600 is left as en exercise to the reader. More recently, who could have something to gain by shutting down yahoo, making it appear it was done by "hackers"? Not a week goes by that I'm not reading about someone trying to pass new laws to "regulate" the Internet. Some (if not most) of these laws are backed by some of the most powerful organizations in the world. There isn't a politician in the world that could have made a more convincing case that the CIA, FBI, NSA and KGBs (listed as examples, think including but not limited to) of the world needs to be able to better "police" the Internet.
2. An attack like this, like it or not, requires a certain degree of skill. To halt access to slashdot for a few minutes is a script-kiddie, to halt access to yahoo for several hours you need to know a little bit more the the location of perl on your system. And there is this funny thing about knowledge. Once you get to the stage where you figure out how something works, you are suddenly much less likely to go out and destroy it. This, I think, is the reason why lots of things work as well as they do. And I for one am 100 percent convinced that this is why the Internet don't fall over on a daily basis. Think about is. Who many people do you think has the knowledge to halt mayor parts of net? 100? 1000? I think more! So, then, why don't they? Respect and admiration. If I thought I could take down the net the first day I got on, I would probably think; Cool, I have to try this. I think the same goes for a lot of newbies. But newbies don't stay newbies forever. You start reading, learning, and with the knowledge comes respect and admiration. At least it did in my case. Could I take down the net today? Probably not, but if I put my mind to it, I could probably make a noticeable dent. But, you see, that's not the point. The point is that I would never do that, I have far to much respect and admiration, hell you might even say love, for it. It's the same feelings that stops normal people from robbing banks, blowing up bridges and what not.
So, back to my conclusion. I know this makes me sound like I may have skipped a few dozes of medication. But just think about it. We have organizations out there that will go as far at to start a war to further some political cause. Is it really that far fetched that they could do a thing like this? I think not. Well, I'll stop my ramblings now and let them take me back to my room with the soft walls :-).
Thanks for listening.
B. Johannessen
Acts@core.mailboks.com Acrux@core.mailboks.com Adam@core.mailboks.com Adar@core.mailboks.com Ada@core.mailboks.com
I can't help but wonder if the attack against Yahoo wasn't anattempt to punish them for their violation of their user's privacy. They are being sued right now for violating their Privacy Policy and the Judge is taking it so seriously he has allowed an injunction forbidding them from even displaying a privacy policy (since any displayed policy would be misleading to potential users).
a bag of either is no fun.
but the dog shit would probably moderate better.
But remember that FreeBSD doesn't come with any warranty. If it's broken that's your tough luck sucker. It is better to get a supported OS that actually has the backing of a responsible corporation.
The NYTimes has an article on the dsitributed attack on eBay today here.
Wow. This guy really is an diot.
Ken
--> Fight tyranny and repression.... read
What does it matter what your kernel is dooing if your bandwidth is gone? While I will agree that there is a point in a DoS attack where you can get data threw your network and your system is still purring like a kitten, and ther are also extrems wher a well placed ping will kill and otherwise helthy network(not to menction any names, but you can insert your least favorat OS here, and I am sure that you will) But this divergence is minamal and way off topic. What hit yahoo (and btw buy.com) does not fall into this catogory of hit. further more all this talk about the people this and that is not going to go any ware (or ther would be not terrorism you yutzes)
I have used another set of batteries for my remote. But it don't really matter to me because I have a couple of new ones in the other room!!! I always have backup for these things, just in case the ones I am usings dies on me. So I just plug in the other set and I am switching channels again in no time. I would never let it come to the situation where my remote dies on me and i don't have anyway to control my TV. I even have a spare one since the main remote I am using are a learining-thingy that can remember all the remotes that I need to use everyday, (except for opening my garage,,, hmmmm that gives me an idea,, oh no, that one is radio controlled). Anyway as i was saying,,, always have plan B ready, just in case!!!!!
--Brett Glass
...behaves as though it is undergoing a Denial of Service attack. It must be all those Perl scripts.
Since CNN reported that EBAY.com and Buy.com were hit, their site has been down. Weird coincidence? Been trying to get on CNN.com or CNNfn.com for about 25 minutes. Hopefully this is just an odd coincidence, but this unpunished could be big news. YAHOO estimated they lost about $500,000 in ad revenue for the time they were down yesterday.
Let's see.... Which OS would that be? Not Linux; the GPL disclaims all warranties, so, as you say, "If it's broken, that's your tough luck, sucker."
How about Windows or NT? Well, Microsoft can hardly be considered a responsible corporation, and their End User License Agreement disclaims all warranties as well. So, you're SOL if it breaks too. (Come to think of it, all commercial OSes -- even those from more ethical companies -- disclaim all warranties.)
So, we're back to BSD as the best choice, since it's open source and not encumbered by the GPL as Linux is.
And the support is actually pretty good, if you've ever tried the mailing lists.
--Brett Glass
1)FreeBSD rocks, fun to play with. and for your own websites. Yahoo! 2)Microsoft NT, IIS,Win98 etc makes sure that I have a job and plenty to do! Yahoo! 3)The internet hype help boosting my salary. Yahoo! Wouldn't live without Yahoo, FreeBSD, MS NT, Windows. Makes my world work. heh.
Damn, you guys figured us out. Yes, government regulators are attacking popular sites to create a need for more regulation. Clever slashdotters have found us out.... No wait, in an effort to stir up ANTI-regulatory sentiment, a secretive group pretending to be us, is planting rumors to make it SEEM that the FCC is trying create support for more regulation..... No wait, it is even more complicated, but if I told you, I would, as in all such cases, have to kill you. Genuine Government Agent (shhh! don't force me to kill you.)
--- I've been in school *way* too long....
They were warned ahead of time but no one would listen. Theo knew and warned them. But freebsd refused to apply theo's patch.
Hrm.. How many times has Yahoo gone down? And how many times has EBay bit the dust? Hehe.. BSD took a major hit today, but you conveniently forget all the rather public (and numerous) EBay downtime periods.
:P
Oops.
I have been trying to log into Ebay for several hours today from 3 or 4 different domains on the Internet and Ebay is inaccessible from all of them. Did the hackers who took down Yahoo yesterday move on to Ebay today?
As more and more news about Freebsd problems circulate it will accelerate the downfall of Freebsd. Already struggling to stay afloat, this may be the Exxon Valdez that sinks Freebsd for good. Once bitten, twice shy.
http://news.excite.com/news/ap/00020 8/20/yahoo
There have also been DOS against buy.com, and another company. This is pretty interesting.
Problem being that you're assuming that the compromised systems being used in these attacks are some form of UNIX being administered by someone clueful enough to understand your instructions. I don't have any statistics, but I suspect the majority aren't.
The big problems are your average everyday home users who get a dsl/cablemodem connection, and your schools/small businesses without the money to hire someone capable of maintaining security. Some decide to make home networks using some screwy shareware windows proxy program that leaves them vulnerable. Some use linux, but have had little or no prior experience with it, and couldn't make heads or tails of your instructions.
Add to that the widespread problem of trojan horse client/server programs which basically allow anyone to hijack your connection. And the widespread infestation of script kiddies with nothing better to do with their time than attack people.
That's where you're seeing the majority of your problems - and the problems that are going to be hardest to fix through education - not from people who are clueful enough to understand basic UNIX security concepts.
Better security tips:
Then again, probably very few of the people these are aimed at are reading this, so why am I bothering?
The solution for effective mail relaying control is absolutely free, and not rocket science to implement either. First of all, on your Internet connection router(s) block all smtp traffic except for a select number of designated hosts (running your favorite flavor of unix and sendmail 8.9.x) which act as your official smtp relays and/or mail servers. Run IMAP/POP3/LDAP whatever services for everyone in your organisation and KEEP political control over administering email services for your organisation. If anyone wants to set up interior mail servers which will need to relay outbound mail thru your smtp gateways, then make them agree in writing to a strict contract about how you will permit them to configure their machines and use their machines and if they fail to keep up their end of the bargain (i.e. any deliberate or accidental spam spewing from their machines, give them the smtp death penalty.
Do remember the sendmail worm? the guy who wrote it published/whined about the bug/problem for weeks..when no one listened he wrote a demo. I remember it being the first big DoS to make the evening news.
It's 9:07pm EST - I can't connect to cnn.com - a fairly reliable site.
Man, somebody is having a field day!
Steve
I'm not sure if this has already been mentioned, but if it really was a DoS attack against Yahoo, then the script-kiddies have been busy - Buy.com was also the target of a DoS, during their IPO, no less.
First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
Getting the mass media to mention "script kiddie" will only give the term "script kiddie" the cachet desired among that group, because it will be recognition in a big media organ.
Same reason the chechens don't give a damn about being called "bandits" in the russian newspapers. in their eyes, considering the source, it's a compliment
There are a few sites down right now and I am not sure why. It must be just us being a bunch of consipracy theorists or something. Anyways at 9:10pm EST the following sites are without a response: www.cnn.com www.amazon.com I suspect that the individual is going to take down as many sites as they possibly can while there trick is still new. It's sort of like a deathstar weapon. They seem to be targeting any large site they can. Is anyone else finding this to be true. Later, -ben houston www.exocortex.org
OK, so Yahoo came out and said it was a DoS attack. However, I don't believe them.
I find it very hard to believe that a DoS attack took out their west coast operations (east coast servers were not affected), and that it wasn't that backhoe at the Yahoo offices that there was an awful lot of commotion around at the exact time that Yahoo became unreachable.
How do I know this? I was speaking with a gentleman who works in the office across the street who was watching the ordeal from his office window. The timing was correct, and there were a lot of people around that backhoe right after Yahoo became unreachable.
Why would Yahoo put out this story about a DoS attack if it was, in fact, a negligent operator of heavy machinery? Search me. Maybe they think that the press would be better. Maybe they wanted the scare tactics. Maybe there's something else going on inside Yahoo and they need a scapegoat and this presented a good opportunity. Maybe whoever's doing the PR is just clueless. I really have no idea.
And sure, it could be a coincidence. But I just don't believe it.
-Todd
---
"The details of my life are quite inconsequential..."
= E.g. Some thug steals your car, and runs
= me over with it. If I survive, who is
= responsible for my injury? I blame the
= bastard who ran me over, not you because
= you didn't fortify your car.
On the other hand, in a really warped perversion of justice here in the USA, if I were a punk hoodlum trespassing on your property, probably looking to burglarize your house, and I (fall down your porch steps and break my leg / step on your garden rake and cut my foot / whatever else that might cause me harm while on your property) I can sue the holy crap out of you and with a better than 50/50 chance, win in court and be awarded huge monetary damages. The quantity of case law already on the books is in my favor.
Advise to all the nice people down here who've given links to the useful resources. Somethin' tells me that this might just lead to a breakdown of the oh-so-innocent media sites too (cnn etc) /. goes pop ?
Besides, how long before there are a coupl'a thousand messages in this forum and
Keep the faith
n.p
post a link to slashdot eh? good idea. then maybe it can get on wired and msnbc, thats good stradegy.
(IANAL) If it can be shown that your site has been used as a source for an attack, and that you have taken inadequate precautions to prevent such an attack, then yes, you can be sued for negligence. It is, in the eyes of the law, your responsibility to ensure that your site will not be used to launch an attack. This is network security equivalent to due diligence.
I believe that this is same (thought|legal) process that allows burglars to sue the owners of the building they break into, should they hurt themselves during the B&E.
As Woodward and Bernstein learned, "Follow the money." If you have deep pockets, and you want others to stay out of them, then protect your site.
We must confront our own mortality. And then we must remind ourselves of the sick, the hungry, the dying. We must realize how much we DO value our own places in this world. With this knowledge, perhaps we might be more inclined to help others to make their own way, and perhaps to pray that they will not impede our own endeavors to live.
This "New World Order" crap, and the self-proclaimed commandos who fight it; these are the musings of the ivory tower visionaries who can't see how fragile, how tenuous life remains to this day.
Hacker/Cracker/Shmacker...intelligence is too often wasted...this stuff is so stupid.
<bart
Advocates of the GPL tend to invoke the bogeyman of large, evil corporations just spoiling to use your code. But if you buy this argument, you'll in fact be hurting the little guy who might challenge the big ones.
It's unethical to participate in an agenda whose purpose is to hurt others -- especially out of spite. Therefore, you should not use the GPL.
--Brett Glass
I wouldn't be at all surprised if this is the case. The magnitude of bandwidth available wouldn't be quite at the same level as processing power dedicated to RC5 and SETI@home, but it's up there. How many of you sysadmins 'hid' rc5 on your computers? It'd be almost as easy to do the same for a distributed DoS.
That being said, good admin (such as denying spoofed IP traffic to exit a network) really would stop this, or help prevent it anyway.
This
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
FreeBSD is one of the least secure kludges available. If you want security, go with the really secure system OpenBSD. FreeBSD gets all the publicity but this time it is backfiring. All hype and no security makes FreeBSD a dull boy.
Apparently they can't count. They report that buy.com, ebay.com, cnn.com, and amazon.com are all having problems that seem to stem from a large DoS attack.
There are actually two possibilities: misconfigured routers or a deliberate distributed DoS attack. If it's misconfiguration it's technically interesting. If it's an attack then you have to wonder about the motivation. There is no "ransom note" or other document that terrorists typically release. That we know of.
The obvious presumption with the list of sites before us is that we have an angry hacker(s) who is ticked at the commercialization of the web. Yahoo, after all, used to be mostly noncommercial. Now, however, searches on Yahoo turn up a bunch of Yahoo content and e-commerce crap. As for CNN, they were somewhat forward thinking compared to the rest of the media, and got on the web bandwagon relatively early. Points for CNN. CNN has has been bought out by AOL. Points taken away from CNN?
But that raises a big question. If this is deliberate, why haven't they targeted the biggest commercialization "offender" of them all: America Online. And they apparently haven't even touched Microsoft.
Maybe AOL and MS are better buttressed against this type of attack.
The subject line of this message is taken from the many humorous, now pretty prophetic messages on Usenet when the neverending rain of Spam began to devastate that formerly superb, and yes, noncommercial Inteneret communication system. This is obviously not the death of the Internet. That will come when President McCain signs the "Mandatory Internet Filtering Act." ;-)
I am not a lawyer.
Here we go ... in the next 10 years this field of attack will become commonplace and the effects to unwary companies will become bigger than your average anti-trust case today.
...
The cyber wars cometh, and in my opinion we are living in very exciting times
-
Yahoo should've used a reliable OS. This is a great oppurtunity for Sun Microsystems to come in and show Yahoo how to do it right. We're the dot in dot com.
See: http://abcnews.go.co m/sections/tech/DailyNews/yahoo000208.html
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
Hey, I can't connect to www.perl.com, I think I will blame it on DoS :-)
I find it hard to believe that Yahoo wasn't set up to cope with the denial-of-service attacks I've seen described so far. I'm sure that everyone who works on a web site with more than 10-20 million hits/day has dealt with these attacks.
For example, for the venerable SYN flood attack all one needs to due is tune the kernel to cope with it. SYN floods happen to most large sites on a daily basis.
The connect-to-port-80-and-hold attack is hard for a multiprocessing server like apache to deal with since it has to fork() for each connection. For a multithreaded server it's no problem at all-- it just needs a large pool of threads at its disposal. Each open connection takes up a thread until it times out, but thread creation takes up minimal resources. These connections are not always logged with the IP address in the web server, though perhaps they ought to be.A worse problem, and perhaps this is what happened, is if an actual GET takes place. In this case the thread has to do something other than merely exist. Each IP address is dutifully logged, making it possible to track down the participants in the attack. (Of course this leads into the other thread here on whether people who are not malicious, but whose systems were hijacked, should be liable.)
Does anyone know exactly what kind of attack this was? Was it directed at the Yahoo site and the routers just melted, or was it directed at the routers themselves? (E.g. bogus routing messages flooding the routers with false updates or other routing-level attacks.)
I'd hate to see Yahoo's networking bill for this month.
On MSNBC:
... three cheers for us."
"A SOURCE CLOSE to the investigation of the Web site attacks told MSNBC he had read a threatening 18-page letter written by the alleged attacker. Included in the letter: "This is a watershed event of Net security debacle. We have shot across the bow of Yahoo. It's a real wake up call. This attack is just the first of the assaults that we will be launching on the Web
In the letter, the purported attacker complained about companies "capitalizing" on the Internet; the investigator MSNBC spoke to believes online brokerage companies such as eTrade could be his next target.
Check it out at:
http://http://www.msnbc.com/news/367495.asp
-ben
http://www.exocortex.org
And thank god, you know, because it would be, as you say, crap. But complaining about it in advance isn't the solution - you've only replaced regular crap with pre-emptive crap. Now we don't even need an actual troll/ignorant person to give us our crap. We can think ahead and magically create our crap out of the mere possibility that someone else might eventually create some real crap. "Wah wah wah. MSFT sucks. RMS sucks. Linux sucks. BSD sucks. GNOME sucks. KDE sucks. People saying stuff sucks, suck. Wah wah wah."
It's the same old crap, and we still hate it. Did you have to peep?
Pardon my off-topicness, and sorry for not practicing what I preach, and other apologies about bad stuff I've done.
What fun...
Now NYTimes.com is bring really flaky.
http://www.nytimes.com
-ben
www.exocortex.org
When I read this story, I knew I had heard about something like this before, and I eventually turned up the source: I was browsing a scholarly journal website collection and I saw a journal by the name of Network Security.
(side note: for those that are coming from .edu, your school probably has access to it online for free. Go to ScienceDirect, log in, browse the letter N in journals, and you should find it. The issue is Jan 1999)
In this issue, a gentleman by the name of Bill Hancock describes the vulnerabilities of network routers in his article "Attacking Network Routers" the vulnerabilities of these routers:
"To understand the problem, consider the fact that as far as most routers are concerned, a network router path, such as a leased line, technically never goes 'down'. Instead, when a line is determined to be 'dead', a router will shift the artifical cost of the line to a cost that is higher than the highest line....
"In a particularlly clever router attack, a packet [caused] havoc on a router for a specific protocol which caused the router to 'think' that it had lost multiple paths...."
(I take full responsibility for misspellings in above passage.)
The article goes on to say that the root of the problem is that there is no authentication on router-to-router updates, and if there is one sabotaged router it will quickly "infect" all the rest.
Further information about this attack and how to defend against it can be found in the above journal.
Hope this is interesting.
_____
Whoever is doing this (obviously a large group coordinated somehow) has got a LOT of power behind what they're doing. eBay goes down like a cheap whore, but Yahoo, Amazon, and Cnn are not known for their vulnerability.
Watch and enjoy. Those who thought it was kiddies should watch and learn.
Hi,
:)
After getting interupted from a game of AOE...I noticed that www.zone.com wasnt responding..nor was microsoft.com..nor ibm.com...nor novell.com.
ok big deal so I kicked the network cable....
not so:
traceroutes to these sites show that packets are getting close but then stopping:
traceroute to microsoft.com (207.46.131.30), 30 hops max, 40 byte packets
15 * icpmscomc7501-a0-00-1.cp.msft.net (207.46.129.3) 176.680 ms *
30 * * *
3:37~> ping www.sun.com
www.sun.com is alive
3:37~> ping www.microsoft.com
no answer from microsoft.com
earlier on www.zone.com wasnt resolving at all either.
bit wierd..or perhaps Im just tired
Cheers
al
I wanna see Microsoft DOS!
Where's Bill when you need him?
Where is my mind?
mfspr r3, pc / lvxl v0, 0, r3 / li r0, 16 / stvxl v0, r3, r0
Check out Project Upper/Mute, an all-around awesome compiler fra
http://www.msnbc.com/news/367495.asp?cp1=1
Well, i tried doing a traceroute, i don't know how it would look from the US, but from my point of view(Europe), everytime i had to go through Alter.net I have 99% packet loss. and not only on their Atlanta connection :-)
The hackers who perpetrated this crime are linux users. When the FBI finds out, Linux is going to start losing its luster.
Greetings All, Hey Ive been reading for the past few months about DOS Attacks and Buffer over flow attacks. And the one thing I have yet to come across is a description of what exactly they are and how they work. If anyone would care to explane this to a rookie like me. Drop me a line at Die_bill_gates_DIE@yahoo.com Thanks, DontAsk
Not that 1gb/s isn't a lot of bandwidth, but Yahoo claims that most sites don't do 1gb/year! Yahoo claims that the attack subjected them to *30 million* times the bandwidth that "most sites" use. Yahoo claims that most sites don't use 32bits/sec of bandwidth - that's right, less than the slowest modems used in the past two decades. So throw away your T3s and just use a 300bps modem. It's cheaper, and provides 10 times the bandwidth that Yahoo says you need.
t0m0rr0w w3 w1ll b3 attacking 3t0ys.
It looks like the attack on Yahoo! is not an isolated incident. Several major websites suffered similiar attacks today. Among them were ebay, buy.com, amazon.com, and cnn.com. The NY Times story can be found here. This is particularly interesting, as Buy.com had their IPO today. Furthermore, it appears that the FBI is becoming involved. Thoughts?
so back to what does this mean in the article...not sure how many people play in yahoo games, but over the last month or so their games have SUC'ED!!! big time. time outs, getting booted etc etc.......what is it.hmmmm 50B $ company now, and too damn cheap to upgrade the services they offer... who knows.. maybe some of those users FINALLY got pissed off at Yahoo, and implimented a DoS attack, instead of throwing there mice at there monitor, maybe yahoo will finally upgrade their system...who knows.. just a simple thought really
This was Stallman's intent: to destroy programmers' prospects for success. He has said so, repeatedly.
You're twisting his words, and you know it. I could as well say "Brett Glass's intent is to give all the big corporations a free ride at the expense of the little guy." You might not agree with RMS. I myself don't agree with a lot of what he says. But I don't go spreading lies about him.
RMS created the GPL to make sure source code would always be available, no matter where it was or what it was incorporated into. You don't have to agree with this, but your policy of countering RMS's ravings with your own just hurts your cause.
The decision to use the GPL rests purely with the developer. Some people like the concept of code that cannot be incorporated into a closed source project. I kind of like it myself. Others want to foster code reuse as much as possible, and don't mind it being used in a close source project. When you come along and attempt to dictate what the developer should use, you are doing the same thing RMS does -- trying to force others to have your opinion.
Don't be a hypocrite, Brett.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
When I first tried the signal9.com ConSeal firewall product for a WinNT machine, I was happy to see that it had a learning mode to get the basic ruleset down, and then a locked mode where it behaved the way firewalls should. The basic rules could then be tweaked, if new needs arose.
What I figure the NEXT step would be, is smart firewalls. Two features come to mind instantly, but I'm sure there's others.
ICMP/ping and other probes are useful. I ping slashdot.org sometimes just to see if my DNS is working. (Microsoft.com no longer accepts even utilitarian pings.) This smarter compromise approach will make script-kiddie attacks much more difficult, or much slower. I would wager that it would make more sophisticated cracks difficult, too, because most heavy cracks start with simpler probes.
[
Of course, that doesn't solve the problem of clueless relatives sending you infected file attachments. :(
--
Oh, no! You have walked into the slavering fangs of a lurking grue!
No, I'm not. In his more candid moments, Stallman states his intentions loud and clear. You may have seen him in "propaganda mode," in which he makes vague, warm fuzzy claims about "freedom."
Here are two quotes from Stallman -- spaced 14 years apart! -- which show that Stallman's intention is, and always has been, to hurt programmers via the GPL.
The first comes from Stallman's "GNU Manifesto," in which he says, explicitly, that his intent is to sabotage commercial developers and limit their career prospects so that they could make no more money than starving graduate students. In 1984, Stallman wrote:
In short, enraged that some of his colleagues were leaving the lab to pursue a commercial venture, he sought to sabotage them as a way of discouraging anyone from doing this in the future.
Stallman's more recent writings, speeches, and interviews confirm that this malicious intent still exists 14 years later. Here's what Stallman said when interviewed by a reporter for Forbes magazine:
(For the full text of the article, see http://www.forbes.com/forbes/98/0810/6203094a.htm. )
Thus, we can see that the GPL is a tool of spite. Its purpose: to attack commercial programmers and software businesses, and to reduce programmers' salaries to those of starving graduate students.
Now, I don't know about you, but I believe that to attack one's colleagues and hinder their progress out of spite and malice is unethical. Thus, I believe it's unethical to use the GPL. I hope that, now that I've told you some parts of the story that you may not have heard, you'll reconsider your stance regarding the GPL.
--Brett Glass
Here what they say:
"During the past few weeks the NIPC has seen multiple reports of intruders installing distributed denial of service tools on various computer systems, to create large networks of hosts capable of launching significant coordinated packet flooding denial of service attacks. Installation has been accomplished primarily through compromises exploiting known sun rpc vulnerabilities. These multiple denial of service tools include TRINOO, and Tribe Flood Network (or TFN & tfn2k), and has been reported on many systems....
Possible motives for this malicious activity include exploit demonstration, exploration and reconnaissance, or preparation for widespread denial of service attacks."
Here is the site:
http://www.fbi.gov/nipc/trinoo.htm
Enjoy,
-ben
www.exocortex.org
Hmmm. Some systems which I administer at a client's site have been scanned lately -- apparently in an attempt to see if RPC was running. (It wasn't.) The address from which they were scanned was 212.31.197.10. Could this be a clue to the attackers' identity?
--Brett Glass
Perhaps the net has just attained conciousness and has reached the human age equivalent of three!
no sig.
I just finished a 3 month stint as a contractor for an ISP I won't name, which actually was doing business mainly colocating servers and as a bandwidth provider selling T1 to ISPs serving individual users. It had been an independent ISP until having recently been bought by another unnamed company, whigh might be described as a "Verio wannabe", or more accurately an "IPO wannabe". While there I experienced:
- The Offbeat DoS Attack from Outside -
One of our customers, a rather famous provider of Open Source software yet, was having its bandwidth flooded by, of all things, ICMP Destination Unreachable messages. Someone evidently was making a hobby of sending packets (probably any type would have done it) with the victim's IP address spoofed as a source, to nonexistent hosts logically downstream of university routers - which naturally returned the ICMP responses. The strange thing about this attack was that it was so stupid. Since it didn't involve amplification like smurfing, someone was probably using as much or more of their own bandwidth to cause it as it was consuming of their target's. After it was analyzed it was filtered and filed under "pain in the butt".
- The Surreal Politics of an Attack from Inside -
One day, a trickle of reports to "abuse@unnamed.net" began and quickly became a flood, of invective if not of volume. Nastygrams instantly threatening legal action, originating from people who had installed software to detect port scanning (and who for some reason had the temperment of pit bulldogs), and who indeed had detected a scan - in one case even two! - against ports WinNT remote-control Trojan "viruses" listened on, from an IP belonging to an ISP we supplied with bandwidth (a largish customer from the local office's standpoint). Shortly I was in the middle of:
1. Our backbone provider who began getting threats of legal action unless they immediately cut us off, and who wanted to know what we were doing about it now
2. The owner of the ISP the attacks were coming from, who: ignored email and phone messages from us; later responded with something along the lines of "You think you've got problems, I don't want to hear about it - look at my abuse email!" along with a pile of reports from days past about his hacker customer - and that our TOS with him required him to have immediately forwarded to us when he got them; said he couldn't filter or scan for the origin of the attacks because of his off-brand el-cheapo router which didn't have the option; though he knew the exact, single IP address the attack was coming from, refused to cut it off or let us filter it because it was the wireless link he was supplying many of his customers from, apparently using NAT; and in any case disclaimed any technical ability to trace the customer involved.
3. The local office's manager, who had approximately zero authority to make decisions and stock options to worry about. He kicked the decision to enforce our TOS up to:
4. The people trying to create the multistate mega-ISP, who seemed to be totally clueless about the legacy contract with the downstream ISP, what could or should be done about the problem, and what their own TOS was.
The eventual outcome was, whole days after the screaming started, was that who was apparently the only security expert among the mass of mostly former telecom employees in "NeoVerio" determined that indeed it is illegal to try to take over other people's NT systems, and gave us permission to filter that one IP address. Just a few hours after the IP address's owner had found who the hacker was and cut off their account.
The Attack that Never Was
Just before I quit... the whole network seemed to go haywire. About every fifteen minutes, *nothing* could connect to anything else on a different router or switch interface for a couple of minutes. Period. This started, or appeared to start, just after we move our backbone connection to a new and sophisticated Cisco router while leaving most of our connections on the old one, now a secondary router. After several days, and after every network expert available had scratched their head and agreed we had somehow screwed up the BGP in such a subtle way it could not be debugged or fixed, the backbone provider (What the hell - Winstar) told us of the failing OC-3 router card between us and the Internet. What had actually happened was our stuff detecting the failure and frantically thrashing about looking for another route to The World.
Moral: Don't work for an ISP that hasn't figured out how to be an ISP yet.
Since there are lots of Windows boxes with no virus protection...
It seems like an obvious thing to me.
Also, this would make a DDoS attack using real http GETs more plausible. No way to tell 'em from real users. It just clobbers you with real hits.
You're funny. Rate this up. Money grubbin' netboys. Big news-- a website goes down-- whoaaaaaaa!!! Ha, Ha, Ha....They have crappy admins...blah blah blah.... Yer net worth should be buried with all of ya when ya all go jumpin' after the crash. Hollowed waste-- all of ya capitalist sickies. Don't give a damn about nothin' real-- shame on ya. :) Be happy! I would probably like you if we met in person.
Failing to do things for other people with no reward isn't unethical in any system of ethics I can think of. Certainly not mine.
However, what the people who take the code (no matter what their size) of BSD programmers, close source it, and give them no credit, while they are acting 'ethically' (because they were give permission to, however remotely), skirt the edges of morals in my book.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
There's a great little store and forward proxy mail daemon you might want to put in front of your sendmail. Allows you to block IP ranges, block spam, etc.
Take a look here.
-John
What you say is very true - that's why I started this
-John
First of all, programmers who build on BSD-licensed code are not "taking" it. It's still there, for all the world to see and use. What's more, because the functionality of that code is already availble for free, they can only make money from a derivative work if they add substantial value. And all the money they do make will be the result of the functionality they added. Thus, they haven't "taken" anything from you. They've created value and deserve to be rewarded for that.
Hrm. You have a weird defination of hurt...
No, it's quite a normal definition of hurt. If you offer the code to anyone in the whole world to use as he or she pleases except a developer, you're playing a vicious game of "keep-away" with that developer. You're destroying the market for the functionality by making it available for free. At the same time, you're asking the developer to reimplement it before forging ahead. This is, indeed, hurtful. It holds developers back by requiring them to reimplement the wheel needlessly instead of making forward progress. And it deters standardization by requiring them to create and use a different code base. Not good.
it's my code.
In that case, why use it as a weapon to hurt people?
If the little guy wants to challenge the big guys, how about he offers to pay me to write code for him? I could use the cash.
So could he! Unfortunately, once you've given the code away to everyone else, it's not fair to ask him to pay for it. He can't make money off it, since its market value is now zero. So, you're asking him to pay for something which he cannot get his customers to pay him for! He's starting out "in the hole," and that's not fair.
But he can't run off with my code and hide it.
He can't hide it -- not if you've published it. He can only keep his improvements. (And that's fair; they're his improvements and his only way of making a living.) Nor can he "run off" with it. It's still there for anyone to use.
I don't see how failing to let someone else close-source code I wrote is either unethical or immoral.
Again, see above. They can't "close-source" your code; they can only decide to keep theirs.
Failing to do things for other people with no reward isn't unethical in any system of ethics I can think of. Certainly not mine.
Well, in that case I think you'll agree that programmers should not be forced to publish their work for free. But this is what the GPL tries to do.
However, what the people who take the code (no matter what their size) of BSD programmers, close source it, and give them no credit,
Actually, the BSD license allows the author to ask for credit. Ironically, this is something that Richard Stallman vehemently opposes. He's opposed to authors' rights -- not only for code, but for books and music, too.
while they are acting 'ethically' (because they were give permission to, however remotely), skirt the edges of morals in my book.
Again, the author can ask for this. But the trend is toward not doing so. Under the BSD or MIT X licenses, it's not required; the code has virtually no strings attached. Which is what open source should be about! The GPL is an attempt to turn open source -- which is otherwise a good thing -- into a weapon designed to hurt programmers. The motivation: pure spite and malice. This is not a good thing and is certainly not ethical, and so we should oppose it.
--Brett Glass
yeah, but if using FreeBSD is going to turn me into an insufferable self-assured twit like you, I'd just as soon keep using linux, solaris, and windows. having a good operating system isn't worth selling your soul, and becoming a self-assured "I-told-you-so" five-year-old. call me crazy (no, please do), but I'd rather be a good person than a a deranged BSD sysadmin lacking in common powers of understanding.
Does 8 gigabits/sec seem like a lot for a few individuals to create? I don't know, maybe I'm just into conspiracy theory's, but why attack these high profile sites other than to show no one is safe? Of course it'll make the media pay attention, but for what reason? What motivation? Could it be the NSA did this and is trying to get more secutiry legislation pushed through on the Internet? Less freedom for us? 1984? I hope I'm wrong. Any hear the interview with Yahoo!? "Yeah, we not that worried about it. We have lots of backup servers. We are kind of worried they walked through four firewalls though."
Ryan Earl
Student of Computer Science
University of Texas
Phsaw, yeah right. Like the FCC has time to do that.
Text written here by me is placed in the public domain.
See this link, this link and this link for details.
It's well recognised that FreeBSD's networking stack is an outstanding piece of engineering which the Linux kernel folks are racing to catch up with, and certainly as capable of withstanding this DoS as any OS out there. However, Glass overstates the problems with Linux here: there are no known ways of crashing a Linux server running the most recent production kernels over the network without special privilege, even using a coordinated DoS.
This is because Glass is a fulminating anti-GPL fanatic; facts unfortunately come second. Let the reader beware.
--
Xenu loves you!
Backhoe Operator from Hell?
Cables cut by careless digging probably do account for more utility outages than anything else.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
think: IE buffer overflow on web page user has no or outdated AV protection attacker pumps in BO or netcat or netbus or... multiply by a million
I don't think you understand buffer overflows
Only 50 machines used in the DoS on Yahoo. There are thousands of compromised systems out there. The big boys are biding there time
Is it necessary to put content on powerful servers? Maybe you could handle stuff in a more distributed, Napster-like way.
Instead of sucking content from a server, you just get it out of the browser-cache of a neighbour. The system of every consumer would turn into a kind of micro-proxy.
But if you log the contents in a central way (like Napster), you still need a massive server to manage the requests. You'd need a system that distributes the information of where the stuff can be found itself.
This is of course anything but trivial. But I think it IS solveable.
You would get a web without dedicated servers. A system where content is distributed with minimal traffic and peaks are not a problem.
If I leave the keys in my car and it's stolen I could possibly be at risk of negligence...
If I allow anyone to send "impossible" IP-packets that is IMHO sorta the same thing...
DoS takes advantage of the TCP/IP protocol. It doesnt matter what OS your running. If I smurf attack you (thats forging the source address of ICMP packets to that of your target and aiming them at a broadcast address of an unprotected network) your gonna have problems no matter what your running, NT, Linux, AIX, Solaris, *BSD etc.. It all depends on what mechanisms you have in place to protect yourself. Be it router filters or a stateful firewall.
Microsoft aggravates my tourettes syndrome.
Apparently, you're so much in denial about the notion that there could be a bug in Linux that you've felt compelled to resort to name calling and personal attacks when one is mentioned.
--Brett Glass
You might find that some of the other folks who have reported crashes under stream.c can help you more, since I'm sure that some of them have systems that are still running as they were.
--Brett Glass
Now, I realize there's a lot of socio-political baggage with the word terrorist, but keep in mind, the whole concept here is that terrorists keep themselves anonymous so that you can never figure out where the attack is coming from. If you can't figure out where the attack came from, you can't protect yourself from it. (Generally speaking.) And thus, a climate of fear is projected - "If I can't protect myself from these people, and the government/society/authority can't protect me.." The end result is always the same - a loss of faith in those systems in which we depend on for protection. And that is always the end goal of terrorism - the loss of faith and confidence.
As for these hackers, I must admit, I have no respect for them. It's one thing to display a hole in a security system by knocking it out for a little while. It's another thing to attack multiple systems for the hell of it - it crosses the line from what could have been a warning to an act of vandalism and terrorism, a far cry from those who would help people to create safer and more secure server systems. It gives all those hackers that would help to create a better system a bad name.
Even organisations like those that protested the Vietnam war through bombings and other vandalism hid. It all depends on your form of 'protest'. If it entails breaking laws or violent forms of protest, you hide. You'd be dumb not to. The ANC planted bombs in shopping centers in S. Africa, you decide if they were right in doing that or not, but they would hide and only the organisation would claim responsibility, not the individual. And they would only do that from protected places (ie: other countries)or in untraceable ways. The same is in effect with theses attacks. They can claim anonymity from other people's ip's. Don't doubt for one instant that someone somewhere is bragging about the fact that they did this. They just might not have been heard yet.
I play keep away all the time. I only loan money to people I trust. I only give rides to people who need them. And I only write code for people when I'm assured they will give back changes. And, BTW, I don't worship the free market. If I destroy a market for something by giving it away for free, well, tough, deal with it. There's nothing unethical about it. Are car makers unethical for destroy the market in horses? What about libraries for destroying the market in bookstores? Now, destroying the market, then raising prices is one thing. But I can't do that after GPLing the code.
So could he! Unfortunately, once you've given the code away to everyone else, it's not fair to ask him to pay for it. He can't make money off it, since its market value is now zero. So, you're asking him to pay for something which he cannot get his customers to pay him for! He's starting out "in the hole," and that's not fair.
He didn't start out the hole, he started out where I started out. With no code. If he chooses to use my code, he has to do with my code what I did with it...hand it out. With changes. And, again, destroying markets by providing a service for free is not unethical. Markets have no inherit right to exist.
He can't hide it -- not if you've published it. He can only keep his improvements. (And that's fair; they're his improvements and his only way of making a living.) Nor can he "run off" with it. It's still there for anyone to use.
His improvements to my code. My code. If he feels restricted by my license, perhaps he shouldn't have used my code.
Well, in that case I think you'll agree that programmers should not be forced to publish their work for free. But this is what the GPL tries to do.
Yes, that magical GPL, we can just make everyone do whatever we want with it. Or, perhaps, it only applies when they start with GPL code. So, they get the head start I gave them, but no one else gets the code they write. Hrm. I can see how they would like that. But, tough. If anyone gets a head start from me, then if you accept it, you have to give other people a head start too. Up to where you are at the time, not to where I coded.
Actually, the BSD license allows the author to ask for credit. Ironically, this is something that Richard Stallman vehemently opposes. He's opposed to authors' rights -- not only for code, but for books and music, too.
You have a good point, I'm not going to argue with this. I can kinda see when RMS was coming from...the credit clause in BSD allowed the original coder to dictate, forever, what a program had to display at certain times. Which is decidedly un-free. But, without it, people can just take code, sed your name out, change the name, and release it. It's a Catch-22. And I see both sides.
Again, the author can ask for this. But the trend is toward not doing so. Under the BSD or MIT X licenses, it's not required; the code has virtually no strings attached. Which is what open source should be about! The GPL is an attempt to turn open source -- which is otherwise a good thing -- into a weapon designed to hurt programmers. The motivation: pure spite and malice. This is not a good thing and is certainly not ethical, and so we should oppose it.
Instead of actually responding to this, which I've done other times in this post to the exact same arguements (which is my fault, I rambled in the original), I'll say something else:
If people who put restrictions on code use that allow and disallow who can and can't do what with it are so horrible and unethical, then doesn't that make commercial software completely unethical? Ergo, isn't helping commercial software by write BSD code also unethical? Where in these last two sentences do you disagree?
Frankly, I fail to see how using any software license can be unethical, unless it's a shrinkwrapped one, or one that some tiny clause or law allows you to change retroactively. Maybe if they needed the software to live, or something.
I better post this quick before netscape crashes.
P.S...okay, I give up. How do you quote people without manually copying their text and putting I tags around it? Is it some option I'm missing?
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
And postin' "Me too!" like some brain-dead AOL-er
I should do the world a favor and cap you like Old Yeller
You're justabout as useless as jpegs to Hellen Keller
(hope ya don't mind Al)
I'd suggest that IDG come out with "Sendmail for Dummies", but I won't because I don't want them suing Vandover or myself ;P
I came home yesterday to hear the news proclaim "Yahoo Hacked!"...I thought somebody had actually "cracked" into Yahoo. I thought I heard Yahoo runs OpenBSD, so I wanted to hear this. I waited for the story, and it just turns out to be a DoS! Albeit a more cluefull distributed one, but still...
Jazilla.org - the Java Mozilla
It's 10 PM. Do you know if you're un-American?
This is from an article on ZDNet:
/ 0,3700,2434645,00.html
"I definitely think that a denial of service of an Internet service provider of the size of Yahoo! will definitely raise some eyebrows," said David Schindler, the Los Angeles prosecutor who tried convicted hacker Kevin Mitnick.
"There will be considerable concern amongst both federal law enforcement agencies and prosecutors... I would expect they would take a look at this instrusion and take a run at finding some targets."
Schindler added that whoever is behind the attack is facing 10 years in prison, with a stiff fine of $250,000-- if this is a first-time offense.
Ironically enough, the FBI has been warning about DoS attacks since the fall of 1999.
The agency said it found the tools needed to launch such an attack secretly installed on computer systems across the Internet.
As a final irony, the FBI itself suffered a denial-of-service attack on its website in April of 1999.
-----------------------------------------------
The FBI found the tools secretly installed on computer systems across the Internet?
How could the FBI do this? Could it be possible that the FBI is in cahootz with some major software
company, perhaps Microsoft or AOL to allow them to receive data about whats installed on client computers? I know this is conspiracy theory stuff, but how else could they find out this information? I wouldn't doubt it, remember the FBI wouldn't allow any new encryption method/standard without them having the decryption key!
http://www.zdnet.com/zdtv/cybercrime/news/story
Doesn't the reaction of the ZDNet folks seem a bit odd? Their spokesman talked only about how they must have been attacked because they are "the leading technology" site on the Internet, and how this must be a campaign against the top brands out there. It sounds like they were flattered...
Stop by my site where I write about ERP systems & more
Just so everyone knows where I stand: I personnally respect Richard Stallman wholeheartedly, and morally support the FSF in most all of its activities.
However, I can understand someone disagreeing with Stallman. But to disagree with someone, you first have to understand what they are seeing. You, obviously, do not.
You say Richard Stallman created the FSF and the GNU GPL out of anger. I think you are probably partly right. You say it was out of spite towards some ex-colleagues, or the typical programmer. There, you are wrong.
Richard Stallman was screwed, and screwed good by proprietary software companies. If you have read the GNU Manifesto, you know this. And the truth is, we all have. Yes, he was angry. But all I can say about that is "How could I be so comatose as to have not been angered by it?"
Today, I am angry when I have to click "I agree" to some outrageous claims just so I can play a game. I'm glad I get angry. It shows me I've woken up. And Richard Stallman is one of the people who did that.
Richard Stallman does not wish for free software programmers to be poor. He does wish for proprietary software manufacturers to make less money. Is he wrong?
Exploitation will make you rich. Slave traders (they still exist) have never been poor. Richard Stallman believes proprietary software to be exploitation. Looking at how much money Microsoft is worth, I'd agree. RMS would like software making to no longer exploit the end user. That will undoubtedly mean less money for those who try to exploit. All the better.
A few months ago, it was reported that Linus Torvalds had already cost Bill Gates several billions in shares value. I, for one, cheered. Many others did as well. Yet when you quote Richard Stallman as having done the same to proprietary Unix companies, he is somehow evil.
When people are free, the slave traders go bankrupt. That does not mean the the liberators were the bad guys to begin with.
Richard Stallman paid the rent for many years by selling tapes with GNU Emacs on it. So stop the "He's a commie!" lingo already. It's getting really old.
The reason why we don't use Linux except on a test machine or two, as I mentioned above, is the GPL. There really is a serious risk of contamination of one's code. And the last thing we'd ever want to do is support the GPL's agenda of spite and malice. We believe that open source should be exactly that: open. To turn it into a weapon by denying the full use of it to one group of people -- developers -- is mean-spirited. There should be no room for such unethical behavior in the open source community.
We recognize that, as Linus himself has said, the fact that Linux is licensed under the GPL is an accident of history. (Linus saw the GPL on GCC -- and, not realizing what Stallman's agenda was or that there were better alternatives, put it on Linux.) Linus himself develops commercial, closed-source software, and therefore I do not think he would have knowingly adopted a license which was intended to hurt commercial developers. But Richard Stallman's rhetoric, which is intended to obscure the true intent of the GPL, apparently was effective. The rest is now history.
Linus frequently states, in public speeches, that he dislikes the anti-commercial sentiment he sees among GPL supporters. But he has no way of reconsidering his decision. (This is another problem with the GPL: it locks itself in irreversibly.) The best he can do is ride the tide and preach against such malice. The trouble is that the GPL has a destructive mechanism built in. Even if you have the best intentions in the world, you do damage by propagating the GPL or GPLed code.
In any event, as for the attack goes: FreeBSD does hold up better than Linux under bandwidth-based DoS attacks. Some Linux machines do seem to crash under such assaults. (I'm not sure if all do; we didn't do an exhaustive test. However, our lab machine did crash, and others on the 'Net also reported crashes in response to the most devastating version of the stream.c exploit.) However, if the upstream router is swamped, the OS can't solve the whole problem. If packets can't get through, the site will still appear, to the outside world, to be down.
--Brett Glass
Perhaps you haven't met Richard personally. Have you seen the way he leers at every passing female?
Recently, a female acquaintance told me that she and other women had specifically asked that Richard not be invited to a party they planned to attend. They further noted that, if he was present, they would stay in a different room to avoid being stared at, slobbered at, and bluntly propositioned -- as they had been at previous gatherings where Richard was present.
At the Fall 1999 LinuxWorld Expo, I watched as Richard, having just stepped off the dais after a panel discussion, ostentatiously scanned each woman in the group from head to toe as if he was mentally undressing her.
This is not exactly what I'd call behavior worthy of respect.
and morally support the FSF in most all of its activities.
The FSF is neither moral nor ethical. Attacking people out of spite never is.
However, I can understand someone disagreeing with Stallman. But to disagree with someone, you first have to understand what they are seeing. You, obviously, do not.
I've talked with Stallman at length and have reviewed his writings, speeches, and activities. I have also interviewed others about his behavior. I probably don't know more about him than his closest friends, but I daresay I know exactly what his views and aims are.
You say Richard Stallman created the FSF and the GNU GPL out of anger. I think you are probably partly right.
His writings, his speeches, and accounts of his behavior at the time fully support the notion that the FSF and the GPL were created entirely out of anger and spite.
You say it was out of spite towards some ex-colleagues, or the typical programmer. There, you are wrong.
Not so. Read Stallman's GNU Manifesto, where he explicitly states his aim: to ensure that no programmer can ever make more for his work than a starving graduate student.
Richard Stallman was screwed, and screwed good by proprietary software companies.
Not true at all. All of the work which was used by the spinoffs of the MIT AI lab was bought and paid for by grants from government and industry. It was the express intent that the concepts developed at the Lab be incorporated into government and commercial projects. Richard, unable to see the big picture, resented this -- even though this process was the entire reason he could live in an academic playground in the first place!
Of course, when the commercial spinoffs did happen, Richard couldn't go himself; he was a creature of academia and not one who "played well with others." In a fit of rage, So, he vowed vengeance on those who would threaten his small, cozy academic nirvana by leaving.
If you have read the GNU Manifesto, you know this. And the truth is, we all have. Yes, he was angry. But all I can say about that is "How could I be so comatose as to have not been angered by it?"
I think you might want to reread the document from a broader and more informed perspective. Again, this was Richard's perception -- warped, as it was, by horrible rage, anger, and spite.
Today, I am angry when I have to click "I agree" to some outrageous claims just so I can play a game. I'm glad I get angry. It shows me I've woken up. And Richard Stallman is one of the people who did that.
Actually, the GPL itself is a "shrink-wrap" (or "click-wrap") license, with terms every bit as onerous to developers as the ones to which you refer. The GPL, as a cure, is worse than the disease.
Richard Stallman does not wish for free software programmers to be poor.
He desires all programmers to be put "on a treadmill" (to borrow a phrase from a Microsoft executive) so that they cannot prosper. This intent is explicitly stated in The GNU Manifesto and in other documents and speeches.
He does wish for proprietary software manufacturers to make less money.
If software vendors charge too much, others who charge less will come along and compete with them. It's a self-correcting process.
Is he wrong?
It is always unethical and wrong to attack anyone's livelihood out of spite.
Exploitation will make you rich. Slave traders (they still exist) have never been poor.
Commercial software developers are, by and large, neither exploitative nor rich. And to label them as "slave traders" is a deceptive and nasty slur. Most software companies fail, and the ones that do succeed often barely manage to remain profitable. Only a few, such as Microsoft, have done inordinately well. These can be counted on the fingers of one hand -- and you won't use up all the fingers.
Richard Stallman believes proprietary software to be exploitation.
By this logic, owning my own house or car and not letting anyone use it at any time would also be exploitation. "Exploitation" is a loaded and pejorative word. There's nothing wrong with owning property -- intellectual or physical. Unless you're just plain spiteful about the other guy having it.
Looking at how much money Microsoft is worth, I'd agree.
That's paper worth. Red Hat is worth billions on paper too, incidentally, though it has never made a dime and in fact has lost millions of dollars per employee. Want to talk about exploitation? I think enticing them to buy stock in a company that has always lost money and has virtually no assets (Red Hat doesn't even own what it sells) is exploitation.
RMS would like software making to no longer exploit the end user.
He clearly wants to exploit programmers instead. ;-) Seriously, though, "exploitation" is an unjustified pejorative. Asking people to pay to license the intellectual property you produced via your own hard work is perfectly reasonable and fair. If you created something good, you deserve to be rewarded. Stallman wants to deny programmers a just reward for their work.
That will undoubtedly mean less money for those who try to exploit. All the better.
Again, the pejorative. By this logic, the person who asks you to pay for your food at a restaurant or supermarket is also "exploiting" you.
A few months ago, it was reported that Linus Torvalds had already cost Bill Gates several billions in shares value. I, for one, cheered.
It sounds as if you are spiteful.
Many others did as well. Yet when you quote Richard Stallman as having done the same to proprietary Unix companies, he is somehow evil.
It is never ethical to hurt anyone else out of spite or malice.
When people are free, the slave traders go bankrupt. That does not mean the the liberators were the bad guys to begin with.
"Slave traders?" "Liberators?" Sorry, but it's code, not people, that we're talking about here. One of the most misleading (and, at times, silly) parts of Stallman's rhetoric is his anthropomorpism of code. He talks about software as being "free" -- and uses the word "free" in multiple senses, that is, as a "pivot word," in an attempt to lead the reader to fallacious conclusions.
Richard Stallman paid the rent for many years by selling tapes with GNU Emacs on it.
Good for him. Why, then, does he begrudge other programmers a livelihood?
So stop the "He's a commie!" lingo already.
If you look at any of my postings, you'll see that I've never called Stallman a communist. However, his propaganda does borrow heavily from that of communism. And, alas, it is intended to mislead.
--Brett Glass
I sincerely hope they are not asking this. System and Network security is far to big and vital a topic to be covered in forums such as this.
There are many, well publicised portals and locations for such information, both system specific and universal. www.securityfocus.org, bugtraq, and many other environments provide up to the minute information on security for a wide range of systems, and any systems administrator should follow these closely, as well as system specific sources.
Those on a lesser scale, DSL and modem, should also pay attention. If you feel unwilling to take the time to secure your system, you should invest in an operating system that is Secure By Default. OpenBSD is the most publicised of these, but there are several hardened variants of linux, and hardeners for popular operating systems like RedHat (check out http://bastille-linux.org/).
For linux guys, I recommend reading the Linux Admin Security Guide (http://metalab.unc.edu/lasg/) and learning about IPChains, or for the bleeding edge people, Netfilter (Which is proving to be very powerful)
Unfortunately I have no pointers for Windows, but perhaps other users can contribute URLs where information like that can be located. A quick search in a search engine may help too.
You can't win a fight.
These attacks on Yahoo! and the like raise a lot of questions that the media seems not to be asking. Who's responsible and why the hey are they choosing a DoS attack? It seems to me that whoever it is is primarily looking for attention... this is all over the evening news, whereas a lot more serious things such as security threats, like that Hotmail password fiasco awhile ago, was passed over by the media (as far as I've heard). Reno and Co. are all "well, we'll hunt down these rabid hooligans for the law-abiding public and string them up". WHY all of this is happening would be a better question.
Hackers probably are NOT responsible, unless they're just well coordinated script kiddies. As an AC rightfully pointed out, "No selfrespecting hackers past, present or future would/will/should find any sort of fulfillment in performing such an attack, seeing as this has no bearing on the 'free flow of information', actually it's quite the opposite." I've seen a lot of posts in various places by hackers who try to find security holes and such in order to alert major companies, and they end up getting ignored... such as recently the AOL AIM account theft thing. The only good possibility that any true hackers are actually responsible would be trying to show companies/the public how weak security on these sites actually is. But, DoS attacks have nothing to do with security, only capacity. So, well-coordinated script-kiddies... But so well-coordinated...?
I concur with what someone said about the government's call for more internet regulation being too well timed. These attacks, which are essentially undefendable because they are about sheer volume and nothing else, but make a big public splash on TV by felling giants like Yahoo, and pose no real security threat, come right after a call for government regulation of the internet? Uh, can you say Big Brother Alert? Nobody has claimed responsibility, which means that the attackers want the public's feeling of unease to remain nonspecific. That means building worries about the internet's dependability, essentially by driving home how much the Law of the Jungle rules the online world. Now, why would someone want to do that? I'm guessing, to make ignorant people look to a regulatory force to stop the Big Hacker Baddies. Anti-government-surveillance paranoia isn't my usual thing, but at the moment, it seems like the most likely explanation. So far, the evidence doesn't seem to add up to anything else.
But somebody needs to give the mainstream media a clue. They're just villainizing hackers and making the FBI, govt, etc look like saints as usual. Not that hackers are all good, or the FBI, govt, etc is all bad. But all the evening news did was make people like my mom call up their family techs (me) and panic. Ugh.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
Can the moderators please do their jobs? This is patently off-topic, and quite frankly boring.
-- /. ID is lower than Bruce Perens'!
Barry de la Rosa,
public[at]bpdlr.org
My
The "hacking" incedent is simply a battle between the wild-west web and the serious/commercial web.
It may result in some sort of "ISP certification" program that hurts the smallbies.
I suggest splitting up the web into a serious/commercial half, and the "cowboy" half.
Otherwise, the web will drift into coorporateville.
Table-ized A.I.