Linux Blamed for DDoS Attacks

jd writes "In this article, Linux and Solaris were blamed for the DoS attacks. The claim was that rogue code could be inserted onto these systems, causing them to attack other machines. The article also claims that this cannot happen with Windows machines. Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchestrated the entire thing? " Update: 02/11 07:36 by CT : the article has been pulled due to 'flagrant inaccuracies.'

Shoddy Reporting

[Hrunting]

You claim the article is sensationalistic?! Hell, I can't believe this post made it through the editors with its sensationalistic undertones. I see one line that says the code can't run on Windows. It's absolutely right. What these people are looking for is a daemon that runs on Unix systems. I don't see Microsoft's hands in here manipulating the story and I don't see an over "Linux/Solaris is bad" undertone either. What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.

And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines. If you've got proof, fine, post it. But don't say it because you didn't like the fact that someone pointed out that poorly managed Unix systems were the starting point for a massive web attack. Basically, the Unix community just got slapped in the face for being so complacent about the security of their systems. That's it.

I really thought Slashdot was above this sort of thing.

Re:Shoddy Reporting

[ucblockhead]

They didn't say the code didn't run on Windows. That would have been correct. What they said was that Windows machines aren't vulnerable to this sort of attack. That's a crock of shit.

All a Windows version would need is "ActiveX" + "IP Stack" + "Thousands of cable modem and DSL systems managed by unknowledgable users".

Micrsoft's Fault?

[RAruler]

Okay, lets see.. we've blamed
A) Packet Monkeys, Script Kiddies, Crackers
B) The Government, NSA, CIA, FBI
C) Microsoft

The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON*
Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*

So, it appears the whole thing has been orchestrated by the Microsoft-Jewish-Communist-American Government-Echelon-Media and it is the first step in a global stranglehold on free speech where Bill Gates reigns supreme.

Re:Not FUD, just plain LIE!!!

[ucblockhead]

I'm a WindowsNT programmer with a moderate amount of TCP/IP experience. I'm certainly no IP expert. The only "cracking" knowledge I have is what I've read in various places, including the risks digest, and others. I'm pretty damn sure I could do this on a Windows box.

All it would take would be to take advantage of any of the numerous holes that have allowed people to run arbitrary code on a windows box. Sure, many of these have been fixed, but I know the Windows user community. Lots of those machines are run by people with no clue.

Hell, my own machine would almost certainly succumb. I'm tempted to try. Good thing it is behind a firewall.

Were I to actually do this, I'd throw up some website somewhere, with an invasive ActiveX control, and throw some porn on it. I'm sure I'd attract enough suckers run a DDoS attack. And once that code is one their machine, the rest is trivial. Basic sockets programming. The "hard" part would be doing it in such a way as not to get caught, but I am pretty sure even that would only require a few days work and access to a public machine.