OpenProjects IRC Network Suffering DoS Attacks

Alowishus writes: "Open Projects Net, the IRC network which is home to Debian and other open source projects, has been suffering DoS attacks from a disgruntled customer of one of their server sponsors. Lilo, their sysadmin describes the attacks here, and asks for assistance." It's pretty terrible when a kid goes bananas and can damage the volunteer efforts of many people working really hard to create and support something so many of us use and enjoy. The sad part is that whoever is doing this feels self-righteous and justified in his actions, so nothing any of us say will matter. I hope they catch him. DoS attacks just aren't cool, ever.

Pathetic

[adion]

It seems this world has got to a sorry state when a pathetic script kiddie can bring the whole of a network to a halt. One person, ruining it for 1000 others.
On Efnet, servers are regualy attacked, because the people there are less specialised. But on OPN?
How very very sad.

Re:Leave DOS alone!!!!!

[gle]

DOS was just a rip-off of CP/M

____________________

Re:Why is it always "some kid"?

[lilo]

Mengmeng wrote:

Have you read the linked articles? I don't think anybody has been able to, since advogato seems to be slashdotted. I would assume in one of those articles, lilo mentioned that the perpetrator actually is a kid, therefore Taco made that comment... (since he was able to read it before it got slashdotted, obviously :-P )

Mengmeng,

I'm probably the source of the 'kid' comment. I do not really know the age or gender of the attacker, and intended 'kid' as a description of maturity level than calendar age. Apologies to younger persons reading this, but I have frequently seen 14-year-olds act precipitously without considering the consequences of their actions to others. Obviously, though, maturity varies from person to person, and I've seen adults who never achieved a very impressive level of it either.

Rob L.

Re:How to stop DoS attacks

[Skapare]

In a variation of Make spoofed packets illegal simply block outbound packets from your network that have a source address other than from your network. While this can be a big problem for core routers, it's really only needed at borders to other administrations. Logic could be added to inspect incoming packets by applying routing lookup to the source address. If the incoming interface is valid (not necessarily best, but at least valid) for the incoming packet, then it's OK. Otherwise discard it. Linux 2.4 now has this in the kernel. I've heard Cisco IOS has a form of this, too. It should be made to be the default configuration.

Re:IRC is example of open protocol failing miserab

[Enahs]

BWAHAHA you're a moron.

Re:How long before this goes into meatspace?

[wodelltech]

I've searched...I've surfed...I'm perhaps ignorant...but what is 31337? Mike

Re:Why is it always "some kid"?

[MustardMan]

Assuming that IS true, and I doubt that they KNOW that it was a kid, maybe I could agree with you.

Nonetheless, I commonly see this assumption being made, whenever something gets h4x0r3d, its immediately 31337 skr1p7 kiddiez. Does anyone stop to think it might just be some lazy pissed off jackoff IT guy?

Re:Coming back to haunt you. Boo!

[asink]

you can't blame him for the fact that people like that follow him. He is is own person, and the person who would do something like that because "the all mighty taco" said so is delusional. Judge a person on thier own merit.
"Hex, Bugs, and Rockn'Roll" --The Programmer's Digest

Re:6) Put the smackdown on these punks...

[jman11]

I have an anecdote about how vigilante justice once worked, so now it's a good way to solve a completely unrelated problem. Firstly vigilanteism punishes unpopular rather than illegal and immoral acts. While they sometimes coincide, they are not always going to. Also there is nothing to stop viglantes going bad, while there are some fallbacks and protective measures in most control structures. Your idea relies on what I presume is a benevolent group who only have the best interests of the majority at hand and are only called in when all normal attempts have been exhausted. This is not really a good idea for the real world. But of course the internet is not the real world, an immediate punitive system like this is possible, because the consequences for a bad decision aren't very great. I've lost my internet access, it's like losing your TV aerial - it's prefereable not to lose, but if your life depends on it - it's time to lose it anyway. The other issues still exist, but the internet is not important, it's not (yet) real life, you won't die or lose an arm if you make an error. Of course unpopular things will still be punished, wonder how an upstart, free, unpopular with the major players OS would go in such an environment?

To take him down...

[Magus311X]

Nuke the script kiddie from orbit. It's the only way to be sure.

-----

Re:Typical feminazi

[SlippyToad]

Either you're a troll or an idiot. But I repeat myself.

Re:Why is this offtopic? Pretty relvant

[Open+Source+Sloth]

People seem to carry their moderation points as if they were swords around here. It's really sad, but most would rather mod down as many posts as they can (whether they deserve it or not) than mod up even one insightful post. Just another reason the moderation system around here sucks. When you rely on the egotistical morons that go for as much karma as possible to moderate, there are bound to be problems.


Slow moving marsupials and the women that love them

Re:FRIST

[phook]

What?? You mean you actually, really, honestly do sit there monitoring the page with the refresh button? Wow. Your index finger must be exhausted.

Re:Mirror in Freenet

[Sanity]

Er - I read the FAQ, but have you? If so you will note that I addressed the points made in the FAQ in my post.

--

Re:Why am I not surprised?

[JohnnyCannuk]

Gee Ron, do you think you may have just found your man?

Re:How to stop DoS attacks

[anti-lilo]

As to items 1). Secure all servers. You're telling me they're not? *GASP* Heaven Forbid. 2). License ISPs. Make ISPs accountable? You're telling me their NOT? 3). Make Spoofed packets illegal? But, what about the legitimate use of a spoofed packet lets say for example by a FRAD programatically using probability to determine a session partner is heavily loaded spoofs a packet on its partners behalf to reset the ttl along a route. *GASP* You can do this? 4). Authenticate everything? You mean we dont make reasonable attempts? 5). Criminalize all scanning including pings and probes. And lets defeat other diagnostics such as tcpdump, traceroute, and the application of technologically sophisticated devices used as an assist to locate, isolate, determine and prevent problems before they become problems. Lets burn all the protocol analyzers. Lets do away with other tools such as nmap which make it very easy to thouroughly self-test the integrity of our networks. Hey... While we're at it. Lets forget all about this freedom and democracy noise. Voting for presidents and legislators who help to promote and work to make liberty and justice a reality and not just a pretty notion. Yea... thats it. Back to the good ol' days with Nikita encouraging nuclear war, economies and forms of government that had no clear chance of succeeding. Lets just toss our freedom and be equal to you. Small minded little drones who sing the song along company lines... Heaven forbid a creative thought.

Re:Most large ISP's Don't Care.

[fatphil]

Two points
1) If the attack is coming from _within_ an ISP, all bets are off.
2) How many people/corperations are there who do have 45Mb/s access? The last 2 fortune 500 IT companies (one 100, one 100-200) I worked for had 2Mb/s.
Surely that must narrow the attacker down somewhat.

I can't believe that ISPs are happy to _carry_ the attack. Why can't the ISPs be made responsible for the DoSs that they carry, maybe then they'd help trace them to their source as they pointed the fickle finger of blame further up the pipe.

FatPhil

Cool DoS attacks.

[SuperguyA1]

I suppose it might be cool to do a DoS attack against your brother/sister on an in house lan while playing an fps against them. But other than that...

No this isn't something I've done, I'm an only child.

SCREW opn

[Yog-Soth]

I left the network the instant I was asked to curb my language in one of the linux help channels. so much for a "free" exchange of ideas.

Re:6) Put the smackdown on these punks...

[Open+Source+Sloth]

Vigilante justice ain't perfect, but I'm thinking it would at least put power back in the hands of the people again. Sure, a few unpopular people would get wrongfully accused, but that sort of shit happens every day anyway. Why not just make it a little more 'by the people'?


Slow moving marsupials and the women that love them

Re:attack!

Hmm... is a "./" like the reverse of the /. effect? Would slashdot readers suck all the traffic away from the size, leaving them with infinite bandwidth?

Re:Why am I not surprised?

[anti-lilo]

I was k-lined for disagreeing with you. My position is the irc is a place for friends to meet and have a little fun and if we can help someone from time to time we do. You feel a need to make OPN a career. Fine for you but I have a career. I disagreed with your general philosophy in principal and never outloud until your endless rant forced me to decide that OPN just wasn't worth it. If you have doubts the lilo rant logs are still available for anyone who cares to see'm for themselves. As for your k-line. Your argument with me extended a k-line to an entire group of people. As you know all to well... You k-lined everyone, regardless of their relationship and/or affiliation with me. Even today there are at least 1/2 dozen extraordinary engineers k-lined who had no disagreement with you. No Fear Lilo Ol' Friend. We've got our own network where we can talk without your eavesdropping and nagging /msg's when something rubs you the wrong way. Which seems to be everything from you're ol' lady, to your ex-employers, to people you tried to bully, cajole, while begging for money or other favors using the IRC. In anycase... This is boring. I've got real work to do. Enough of wasting time on a long retired topic.

Death of IRC?

[Deluge]

I've never been able to understand why it's the 'good' IRC networks that suffer this way. Something as wonderfully free as EFnet is going down the tubes, yet ultra-lame browser-based chat networks (yahoo, msn, AOL) all seem to be proliferating without any major problems.

I remember when MS started bundling MS-Chat with IE and suddenly you had people getting on to IRC who wanted to "whisper" and always annoyed everyone in the "rooms" especially the "hosts". Yet, the same people who whined the most about this bastardization of IRC from MS, are the ones who end up destroying the networks where there are any 'true' IRC'ers left.

I for one hope to see the day when I'm relegated to commercialized chat services to get in touch with people.

---

Re:Death of IRC?

[zmooc]

`I've never been able to understand why it's the 'good' IRC networks that suffer this way.' Good IRC Networks have many users. Many users means many lusers. They get into trouble on IRC and want usually want to annoy a certain individual and are not really aware they're also annoying other IRC-users.

This specific attack is - in my opinion - an extraordinary one; it's target is the IRC-network itself and the one doing the attack is perfectly aware of the harm he or she is causing. I don't think you can compare this attack to the `everyday-attacks'.

Re:Death of IRC?

[chris\]

EFnet isn't dying entirely of DoS attacks, as the admins would lead you to believe. I've been a long time user of EFnet, and I think the DoS attacks coupled with very poor administration is whats slowly hacking away at the network. Opers just don't care anymore. All the ircd's are poorly written with the intent to stop spam, which ultimately stops the average joe, like me, from being able to do something as simple as a channel wallop.

I've complained plenty about this, but the opers don't listen/care. I hate this lack of concern/organization, and I truly believe it'll bring down EFnet eventually if it keeps up.

Re:Death of IRC?

[Deluge]

Big guys don't get picked on for a reason

It's a shame, too. If only we could somehow instill a David vs. Goliath attitude in all these script kiddies, I'm sure they could put *some* hurt on the big boys, regardless of how much money is thrown at the problem (viz. the Yahoo/CNN/etc. attacks a while back). The problem is the hypocrisy of these people who 1 minute rant on slashdot about how they want to be free and the next go out and because of some petty grudge, destroy the instrument of their freedom. Bleh.

---

Re:How to stop DoS attacks

[thexdane]

ummm that is nice but the ping will still hit the box itself. i am sure that any admin from one of the big 3 networks will agree with me here. you can filter all and block the whole universe but it will still hit your router or box or what have you and still knock you out. hitting a 5 meg link with a 45 megs worth of data something has got to give after a while and that 5 meg link is going down no matter what you firewall or block.

Another Consequence

[vergil]

The more this type of activity occurs, the easier it will be for the media to publish superficial, hysterical "exposes" on the ability of tech-savvy adolescents with overpowered software to meddle with the goals of more responsible folk ... and the easier it will be for jingoist politicians to pass laws criminalizing the use of legitimate tools (debuggers, hex editors, etc.) thereby making life more difficult for us non-script kiddies.

On the other hand, I'm not issuing a blanket condemnation on all hacking. Just saying -- For Jebus' sake -- at least do it artfully.

Sincerely,
Vergil

Re:Another Consequence

[FrostedChaos]

Ha ha... criminalizing hex editors? That's like criminalizing the delete key. Won't work at all...

Anyone who really has any skill can write their own (well, maybe a debugger would be harder)

Of course, we all know there's no way to get warez and such.... :P

Re:That's Life

[randomgeek]

> People really still ignorant towards IRCnet? No, we just don't care :)

Re:How to stop DoS attacks

[NateTech]

You forgot ...

#5 Require ISP's to throw away packets outside of their assigned IP ranges.

That would certainly help, but who'd police it? The enforcement is more problematic than the fix.

Re:Ha-ha funny funny, okay we *GET* it already.

[Enahs]

I assume, of course, that you never check out links in posted news stories.

Maybe its time for TCP2

[state*less]

I propose that we modify our network stack a little to get rid of some of these attacks.

Instead of the three way handshake(TCP's connection intiator) taking place on the content provider lets have it take place on a new server called a identity verifier. Now when you want to connect to a content server whatever it may be httpd, ftpd, whathaveyou. You send your tcp request to the verify server. if approved your TCP connection is transfered to the content server. Now there should be multiple verify servers so that you can't just take them all down( a few thousand should do.). Now your content provider only accept connections from these trusted verify servers. If one comes from another source it is dropped. I think we could implement this but i'm busy with another project called dgroups(a decentrallized network) so i am a little busy. if you have any questions about implementation email me.

slakowske@yahoo.com

Time is Change.

Re:Maybe its time for TCP2

[lilo]

state*less wrote:

I propose that we modify our network stack a little to get rid of some of these attacks.

Instead of the three way handshake(TCP's connection intiator) taking place on the content provider lets have it take place on a new server called a identity verifier. Now when you want to connect to a content server whatever it may be httpd, ftpd, whathaveyou. You send your tcp request to the verify server. if approved your TCP connection is transfered to the content server. Now there should be multiple verify servers so that you can't just take them all down( a few thousand should do.). Now your content provider only accept connections from these trusted verify servers. If one comes from another source it is dropped. I think we could implement this but i'm busy with another project called dgroups(a decentrallized network) so i am a little busy. if you have any questions about implementation email me.

It's an interesting concept but I see some problems. First, considering the size of the Internet, a few thousand connection verifiers seems like a needless centralization of traffic. Routing all traffic through a relatively small number of potential failure points is probably a bad idea. Second, how is the handshake between the connection verifier and the content provider verified? Why is that machine automatically trusted? More centralization here, and whoever holds the keys can control comunication. Who decides it's trusted? And third, how do you prevent spoofing?

Given a bit of time I can probably come up with more problems. Regardless, it's good to see people giving the matter some thought....

Rob L.

Re:Which is worse?

[|DaBuzz|]

You misunderstood my point, it was not about why a kid would *want* to do (this is obvious), but why a kid *could* do it.

Your comment illustrated my point perfectly that people focus on the why "little Johnny" did whatever evil thing he did as opposed to why it was so easy for little Johnny to cause such havoc in the first place.

Re:Why is it always "some kid"?

[ajs]

Being in network security, I can say that this impression comes from the fact that everyone that I have ever had contact with, and did this kind of thing, was under 20. Kids (and by this I really mean teenagers) have the double problem that they are just finding out that one of the largest technical achievements of the human race is available for them to play with and they also have the sense of adventure of... well... teenagers.

A lot of the "script kiddies" and "DoS weenies" out there are doing what they're doing because it seems cool. As they grow older, most of them smarten up and a) put those skills to work in industry b) get a lot more selective and careful or c) end up in prison. The latter is less common, but getting more common, woefully.

What I'd love to see is a computer security service where kids that get caught are put to work doing "community service". Nothing that they could exploit, but simple things like cross-checking log files; manning snail-mail campaigns to send out security bullitens and so on.

Now, that would be a political program that I could get behind. But, of course, it's not the "throw the bastards in jail" approach that's so common these days....

Re:Why is it always "some kid"?

[uberchicken]

OBVIOUSLY to disparage the mentality and maturity of the attacker.
it's propaganda.
maybe that was a troll, and I bit?

Re:How long before this goes into meatspace?

[zmooc]

What's 31337?
Beware, it's ASP!

Syn Cookies

[Eaps]

I'm no Linux/Unix admin but shouldn't Linux Syn Cookies prevent DoS attacks. Syn Cookies

Re:Syn Cookies

[Dwonis]

SYN cookies only prevent SYN flooding. They don't prevent UDP flooding, ICMP flooding, TCP connection flooding, or any other DoS method.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.

Re:discussion with the attacker

[chrisd]

And the real question is , if he is pissed at us, why didn't he just call me, sheeze, it's not like I'm hard to track down.

Course, if he does track me down now, I don't think I'd be very kind to him or her.

I personally think it's a red herring though.

Chris DiBona
VA Linux Systems
--
Grant Chair, Linux Int.
Pres, SVLUG

discussion with the attacker

[irq]

As admin of adams.openprojects.net, one of the servers that was DoS'd, I felt that I should give my own attempt at trying to find out exactly what was fueling his rage... he wouldn't tell me, or state any reason at all as to why he was doing this; he told me to ask someone else, who also didn't know.

This comment is mainly in response to one of the previous comments that basically scolded the slashdot crowd for not "understanding" the "pressure" this person was under, from VA Linux, apparently. How can we know what pressure he was under if he wont even tell us what happened? He's doing this practically as a "punishment", but we don't even know what we're being "punished" for.

I hope this ends with him being prosecuted, and I fully plan on submitting the 22MB log of eth0 traffic during the attack to the FBI and whoever else will be investigating it. I eventually plan on publishing the entire thing so everyone can see exactly how he formed these attacks. They were mostly the standard UDP floods, but the originating IPs are the interesting part.

Re:discussion with the attacker

[mheckaman]

Only 22 MB? I've collected 4 Gigabyte logs in a few hours over here from the DoS attacks we deal with. (I own a shell company, heh.) I must agree though, these packet kiddies just look for ways to justify for their attacks, but it all comes down to ego boosting. It's akin to a child throwing a tantrum in a store because their parent(s) did not buy them [insert ultra-cool kiddie toy here.]

Until the FBI (or in my case, the RCMP) decides to get off their asses and actually prosecute these criminals, the situation will never change. It's amazing the laws these people enforce while ignoring others.. Imagine:

If a group of gang members were standing in front of your store, preventing customers from getting in and severly damaging your business, you can bet your ass the cops would be all over them. Why don't they understand that DoS attacks are just as bad? Of course, all the major internet providers don't give a damn and happily let their networks be used to propagate these attacks. I can't count the number of times I've seen attacks from a few hundred @home cable modems, abuse reports of which went ignored.

-Matt

Re:discussion with the attacker

[jorbettis]

But if your company is on Nastaq, or the DoS gets on the news, the FBI will be all over it.

Re:discussion with the attacker

[lilo]

Chris DiBona wrote:

And the real question is , if he is pissed at us, why didn't he just call me, sheeze, it's not like I'm hard to track down.

Chris,

Nothing that skript kiddie said convinced me that VA was responsible for any real problem. I think it unlikely. I mentioned the rationalization because it was such transparent nonsense. Why packet our servers to get back at VA? Why cause our users problems just to annoy one of our sponsors?

I think it more likely that this is simply someone who enjoys creating problems, and clearly has some problems of his or her own.

Rob L.

And again irc goes down the toilet

[Pru]

How many networks will totaly fail before irc finds some real solution to all its problems. Or will irc just fade into oblivion... a relic like my atari.

Re:And again irc goes down the toilet

[egon]

Here's a question for you folks:

Is it that the protocol for IRC is inherently instable?
Or is it just the implementations?

--
Give a man a match, you keep him warm for an evening.

Re:And again irc goes down the toilet

[British]

Nahh, IRC will last forever, just like Citizens Band. 10-4 good buddy!

Re:And again irc goes down the toilet

[Deluge]

Is it that the protocol for IRC is inherently instable? Or is it just the implementations?

The IRC protocol is a nightmare. On just about any site discussing its technical merits you'll find praise of just how much life the current implementations, as limited as they may be, have managed to squeeze out of the IRC protocol. The problem is that it was designed as a quick hack, and scaling it to today's sizes never entered the creator's minds. (Who can blame them, back then there was probably less people on the 'net in total then today you'll find on Dalnet at any given time)

The problem is that IRC in its current form has no redundancy. A hub server goes down and your network's cut into a dozen pieces. Then, when it all tries to reassemble itself you have to send the information about the entire network's population to all the servers, since (and this is another major problem) all the servers must keep all the channels and clients in memory.

There have been solutions discussed to this, most notably in the IRC3 specs, things such as more compact user identification instead of a plaintext string of nick!user@host, intelligent message routing (i.e. you're not sending any text across the network that doesn't have to get to certain parts of the network), redundant server links, doing without each server mirroring the network's entire population, etc., but so far I've yet to see a working (or any) implementation.

Sometimes I wish I could code, this would be the most appealing open-source project I can think of.

---

Re:And again irc goes down the toilet

[damm0]

The IRC protocol is terrible. It lacks any reasonable guarantees about concurrency, and commands arrive and are sent in no particular order, so you can't synchronize commands and, say, the error the server sends back for it. Servers have broken the RFC so that is at least works (good thing, writing an IRC client would be a nightmare otherwise) but IRC is still a mess.

I am in the process of writing a framework for IRC in Java (Martyr) so believe me, I've seen my share of IRC. The project is aptly named.

Re:And again irc goes down the toilet

[ahzz]

Obviously you have NO idea of why DoS attacks are possible nor of the real problems here. Any service can be disrupted by these vandals, NOT just IRC.
A DoS attack can very simply be waged on any kind of service. There is very little you can do at the serverend to stop a DoS other than track itdown and prosecute the perpetrator.
IRC as a service is old and some networks do suffer from the masses of script kiddies that wage war over a stupid channel name. It's still a VERY usefull and viable system to facilitate large groups exchanging of ideas in realtime.

So PLEASE don't post crap like this when you have NO idea of what your talking about.

That's Life

[randomgeek]

If you're running an IRC server, you have to expect this. I'd imagine every network with more than 3 users will be DoSed big time at least once. For the "big three" I'm sure it's almost constant.

Re:That's Life

[vague]

Not caring is one thing, getting your facts straight is a different one. If you don't care about the _facts_ regarding a certain subject, keep your mouth shut and your fingers of your keyboard in matters related to that subject. If you don't know or CARE that there are in fact four big IRC networks where there was only three three years ago, don't go spreading your ignorance regarding IRC. At all.

:/

-

Re:That's Life

[vague]

Big three? And which one of the Big Four do you propose to exclude? =)

People really still ignorant towards IRCnet?

-

IRC network? DoS attacks?!

[NowIveSeenItAllGuy]

Now I've... oh wait, THAT I've seen.

Re:Ha-ha funny funny, okay we *GET* it already.

[Open+Source+Sloth]

HEheheuhuh, ehehuhehehe, um, what?!? ;-)


Slow moving marsupials and the women that love them

DoS attacks.

> DoS attacks just aren't cool ever.
Except when it's called "the slashdot effect". Has anyone tried to get to mozillazine since 12:49 today?

Re:Why is it always "some kid"?

[MustardMan]

So a childish mentality directly equates to a destructive nature? Children are inquisitive by nature, not destructive. Sure, that nature can sometimes cause them to commit bad deeds, but kids are not naturally malicious. If anything, its their parents and their environment that makes them that way. I have seen MANY more malicious adults than I will ever see in a group of children.

Being a child is a natural part of human life... theres nothing wrong or evil about it, so why do we use it as an insult to people for commiting acts that are more likely to come from the attitudes of bitter old men than children? I motion that from this day forth we call them script fogies. Heh.

Re:Hrmm.

[kootch]

DoS attacks aren't cool unless it's Microsoft, Hotmail, or MSNBC getting f&cked.

(not my feelings, but seems to be the general feelings in /.)

Re:Why is it always "some kid"?

[nothng]

Isn't anyone else bothered by how it is always assumed that it is a kid thats making these attacks? I used to be a kid once, and didn't appreciate everything being blamed on my generation. Be realistic, people, it takes EXPERIENCE to become a true asshole; kids are amateurs at best... the REAL jerks are the seasoned veterans

True, maybe it's just easier on the ego to say it's some pimplefaced 14 yearold kid that doesn't know a tenth of what you do. Maybe one of the reasons we are so succeptable to DoS attacts is because we underestimate the ability of the attacker. Just because he didn't root your system doesn't mean he can't, DoS attacks are very dangerous and attract alot of attention because they can last a very long time.

::sigh::

[whoppo]

With all the DoS activity that's been going on for the past year or two, I have to wonder when the ISP's are going to take it seriously enough to filter "spoofed IP" packets originating from their customers. If the packet-stormers are denied the veil of spoofing, they should be easy enough to deal with... assuming of course that the upstream providers actually give a sh*t. (I've been ignored by several large ISP's when offering logs of their users attacking my servers). Unfortunately, the rapid growth of broadband internet access hasn't been accompanied by an equal growth of responsibility... hence the script kiddies can play their games ::sigh:: (disclaimer: I refer to them as "kiddies" to reflect the aparent level of maturity, NOT age.. my 14 year old son is far more mature than these bastards)

Mirror in Freenet

[Sanity]

So - the site is slashdotted already - this is why I think Slashdot should mirror websites in Freenet. I understand that there is a problem relating to banner ads - however if the mirroring is done correctly the links to banner-ads can be retained (there is already a utility for mirroring websites for Freenet). I also understand that /. is concerned about the delay imposed by seeking permission to do this - however they could suck the website - publish it on /., while simultaenously seeking permission. When permission is granted the mirror can be made available.

--

Re:Mirror in Freenet

[kev-san]

Mod this up! This is an excellent idea. Yet another measure to prevent this from happening, to some effect, is Google's caching service. It tends to work quite well if a myriad of changes aren't made to a page in a short time. Just a thought.

Re:Mirror in Freenet

[MostlyHarmless]

This is already answered in the faq.
--

Re:It's probably just...

[norom]

Nah. Last I heard, he was attacking OPN because one of it's servers is hosted by linux.com. Maybe if someone can produce a mirror of the article in question we can get real answers.

TURN HIM IN

[Fas+Attarac]

I'm sorry but if somebody threatens to DoS me over IRC, and then proceeds to do so, CALL THE POLICE. CALL THE FBI. You know who he is. You know where he's IRCing. Log the information, and TRACK THE ASSHOLE DOWN. If he's IRCing from his own ISP (unlikely, but IRC is full of stupid kids), call the ISP and shut the account down. If he's bouncing from one or two sites, look up the IP address (do a WHOIS against ARIN) and call them up. Solicit their help in tracking him down. It should be obvious where he's connecting from (a 'finger' or 'netstat' should make that apparent, assuming the machine isn't compromised, in which case a network sniffer or 'tcpdump' will let you do the same), and back-track.

I know we all seem to think script kiddies have these l33t ways of hiding their identities, but it all boils down to a few responsive phone calls and you can nail anybody back to their ISP. Any competant ISP will have caller ID records for the incoming call. Granted, they won't give you this information, but they will certainly note it. Let the feds do the rest.

Why do people not even think about taking these steps? If you can't reach an ISP's network center, GO OVER THEIR HEADS. Contact their uplink.

The more we whine and say DoS attacks suck, and the more we DON'T pursue and put these fuckers in jail and slap enough damages on them so their parents lose their house and car, the more powerful and untouchable they feel, and the more bolder they get.

Re:Most large ISP's Don't Care.

[nchip]

2)How many people/corperations are there who do have 45Mb/s access? The last 2 fortune 500 IT companies (one 100, one 100-200) I worked for had2Mb/s

I think He has 22x2mb or something similar. Not one 45mb link. Most of his boxes are probably rooted.

Re:i got

[133t+j03+Fan]

Keep your jealousy off /.

It has no place here.

The only reason you fantasise about 133t j03 being homosexual (quite untrue, BTW) is because then he would be willing to screw you, and you would enjoy it.

You are jealous of the stable of adoring femmes that j03 services on a daily basis.

Well, nomatter how you try, you will never turn j03 into a faggot, so you'll need to take your dreams elsewhere.

Re:How to stop DoS attacks

[MostlyHarmless]

I was referring to the more general process of pinging someone to calculate latency.


--

Re:How to stop DoS attacks

[bad-badtz-maru]

Numbers two, three, and five would only help if the US were the only country with net access.
As for items 1 and 4, the damn .jp admins can't even close their open mail relays, so I don't think items 1 and 4 will be happening on a global basis either.

Maru

Re:Yeah it sucks...

[adion]

Rules are NOT there to be broken. The are there so stupid people don't mess it up for others. When the stupid people break them, the stupid people will be punished.

You also claim you have been on the network for yonks. If you have, then perhaps you should know the rules, what is accepted and what isn't.

I think before threatening an Oper, you should give due consideration. He offered to voice you if you promised to be reasonable. Since you clearly couldn't do this, I don't think it's his problem that he didn't voice you.

And not at one point did Jim act like a bastard. You couldn't even apologise for causing trouble, you may have not intended to do this, but from the reactions of the people in the channel, you did. You had the option to leave, but didn't. You were warned. He backed down when it should quite clearly have been you.

And I somehow doubt you could do the job of Jim, or any other Oper. If you call that peaceful, you'd probably call WWII a convention of Greenpeace.

Re:Leave DOS alone!!!!!

[srichman]

Nobody's attacking DOS. They're attacking DOSattackers. So they're defending DOS.

Re:With regards to moderation

[MustardMan]

The worst loophole I saw so far was when someone searches posts for mods a person they didnt like made, then metamods those posts. I saw some long decription about it once, but dont got a link handy. In theory if this is actually possible, a load of people could gang up one someone, mess with his moderation, and screw his karma VERY quick.

Re:Why is it always "some kid"?

[ajs]

"Don't bother wasting your time trying to teach these kinds of people how to live in society."

Great. Let's start with you, since you seem to not have the same sort of social graces as I. I recommend something between prison an a concentration camp... or, did you mean "other people".

"Weither they are 10 or 30, they should have learned this kind of anti-social behavior is inrolerable."

Well, let's see. When I was 10, I was shop-lifting (seemed harmless enough to *me*) and getting in fights at school. Would I have been a script kiddie? Probably. Would saving my future by showing me the concequences of my actions have been useful? Certainly!

"[If they had good parents] maybe we wouldn't have so many mentally unstable people."

Woah! There's a whole lot of mistakes all in one phrase. What makes you think that your average script kiddie is "mentally unstable"? I think most of them are just a) currious and unaware of the damage their doing, b) bored and/or c) trying to get a little attention from their peers (which even the most "mentally stable" among us do).

These are mostly younger people who have no real idea of what they're playing around with or why. Many of them are our future sysadmins and security experts. Treating them like rapists and murderers is not the correct solution. I proposed a way to deal with the problem which could probably even MAKE a little money, and CERTAINLY cost less than prison (community service always does, as you don't have to house, feed and provide medical services for your convicts).

What exactly was your problem with my proposal, or were you just looking for a place to flame?

Gah

[bruns]

These damn packet kiddies dont know when to quit. I was the one which brought in a server to help hub the net... Then hell broke loose. Before we even knew what hit us, it was over. Several T1s worth of bandwidth hit us suddenly and left us with no way to access the server to figure out what had happened. Then a second later we had recovered and things were back to normal.

One of those times where a cluebat or a clue-by-four would come in handy to bash this kids head in...

Re:Or do we?

[Open+Source+Sloth]

And what, exactly, do you have against fart jokes?

Sometimes jokes get funnier with repitition. If your mind can't handle it, then perhaps you need an infusion of squirel juice.;-)


Slow moving marsupials and the women that love them

Re:Lets Deal With it.

[blah9999]

naaah. I dont object to your owning a gun of any kind. Point it at me however, and I will gladly shoot you between the eyes. I believe the same thing regarding the use of exploits, have gigs of them if you like... use one on me, and let me catch you, and Ill gladly drag you out into the street and beat you to a pulp. (literally)

Re:Leave DOS alone!!!!!

[Assistant+Madman]

DOS was an amazingly stable OS. Of course, it is hard to fall out of the gutter....

Re:Why is it always "some kid"?

[uberchicken]

Yes, you're right, the script kiddie was just being inquisitive, not destructive at all.
what is all the whining about?

Re:How to stop DoS attacks

[pod]

Ping: ICMP
Quake: UDP?

It was a fair question

[Hanno]

So PLEASE don't post crap like this when you have NO idea of what your talking about.

Don't flame the guy asking the original question, since he's right. There *is* a clear symptom: IRC is being DOSed more often than other services on the net. It is only right to ask why. I personally think that it is a combination of both a) it's easier to DOS than with other services and b) chats attracts a younger, less mature audience that is easier pissed and does not know yet where they should limit their anger. (Hold on - I am not saying that *anyone* on IRC is a clueless teen without ethics. It's just my own experience of the IRC demographics that these kids are more likely to be found on IRC than on other services.)

------------------

Re:Why is it always "some kid"?

[MustardMan]

Not a troll, I assure you, but rather an honest question.

I am against stereotypes of all kinds; stereotyping all kids as immature troublemakers is assinine.

This is no better than when I tell someone I grew up on a farm, and they immediadely characterize me as a bigoted slackjawed sister-fucking yokel.

It's an unfair stereotype, plain and simple, and I would think those of us who call ourselves the more educated members of society would want to fight such blatant steretypes.

Or maybe not.

Re:Ha-ha funny funny, okay we *GET* it already.

[willfe]

Nope, I didn't contradict myself. You're right, that should have read "made up of" instead of "make up of," but you, too, are guilty of committing a typo, since I didn't use "mouthbreakers," instead I used "mouthbreathers." Try harder next time, buddy!

Re:FRIST

[phook]

I don't think you lack talent, just discipline.

Because it always is "some kid"

[TheDullBlade]

Adults don't bother DoSing IRCs, or committing other acts of petty vandalism.

It's like asking "Why is it always 'some kid' who spraypainted 'Sckool Suks!' on the cafeteria wall?"

Adults commit crimes for profit or principle, make annoying fools of themselves in public, or play mean and petty pranks on individuals who they feel have wronged them, but it is vanishingly rare for one to anonymously commit an act of public vandalism. Attacking the whole community out of pure spite is something that can't possibly produce any useful effect or profit, and even the worst "veteran jerks" learn this by their early 20's.

--------

Re:Because it always is "some kid"

[bugg]

I think this crime was commited on principle.

Grown men have gone to war on issues less important. Don't be quick to blame the attack on a child.

Re:Ha-ha funny funny, okay we *GET* it already.

[kootch]

I think you just contradicted yourself...

("... unless Slashdot's audience is <made up of> drooling sub-human mouthbreakers (I don't know what this is) who click on anything on the screen that's underlined.")

Re:Ha-ha funny funny, okay we *GET* it already.

[wuice]

Well, sometimes I wonder..

Re:Why is it always "some kid"?

[egon]

It's in our nature to want to diminish that which we don't like.
In this case, it appears to simply be a way to insult them. My $.02.

--
Give a man a match, you keep him warm for an evening.

How to gaurd against being slashdotted?

[Mtgman]

I've seen a lot of good websites go down the tubes due to the "Slashdot effect" Most of them learn after one hit, but is there any pro-active measures a person can take to keep their site up when it's slashdotted? One co-worker of mine came up with a daemon which scans /. every couple minutes for your site URL and then either adjusts your server config to handle massively more clients, or alert you via email, etc. But this is still pretty weak. Maybe a way to scan the submissions queue? A note from /. staff saying "we're about to hammer your site" is pretty unrealistic, they won't even spell check their stuff. Any other ideas?

Steven

Re:How to gaurd against being slashdotted?

[Nohea]

throw something on your site that checks the referer field for slashdot.org. If there are more than 100 hits in the last minute, fire off a warning, or trigger the safety measure.

if( $ENV{'HTTP_REFERER'} =~ m/slashdot\.org/ ) {
&go_bananas();
}

Of course, if you're going to take the time to throw that in, your going to have good measures anyway. And i don't think you want to limit the high-traffic capability to slashdot only.

Re:How to gaurd against being slashdotted?

[PTrumpet]

Why not have slashdot run a proxy web server like squid and then point all the URL's to this rather than to the actual web sites in question.

Of course, then you'd lose the one thing that sets slashdot apart from its competitors. Some other parts of the IT community regard being slashdotted as having some prestige value.

Re:Yeah it sucks...

[adion]

A piece of my mind:

You are the kind of low-life who spoils #debian for the rest of us. Yes, you will be kicked if you won't abide by the rules; thereby not allowing us to have a conversation.

Also, I know "Jim" well. He is very good at what he does, and is one of the finest opers I have ever met. If you have a problem with the opers, you don't have to be on the network

And finally. The people on OPN do the huge amounts of work required for it gratis. They get no pay, and very little recognition. So think about it next time you complain, they are just trying to protect you.

What is DoS?

[StopTheHate]

Please, this isn't a flame, I honestly don't know what DoS is, can someone explain it to me?

Thanks in advance, it is greatly appreciated :)

Re:Yeah it sucks...

[festers]

Please show me the rule that says "you are not allowed to say dumb things in the channel". Hmm, didn't think so. You see, the problem was that those paranoid freaks thought saying things like "Rendition is the way" = attack on the network, a flood even. I'm sorry, but floods involve bots and automated scripts, not a couple idiots typing moronic sentences on their keyboard. Like I've already said, a kickban was all that was necessary. Take a look at the log again, oh self-righteous one, and see that some people in #debian saw the humor in it. It's humorless nerds like you that make things no fun anymore...

Oh, and FYI, I did apologize for the distruption, but I still resent the way things were handled...


--------

Smileys mean he was joking, pal

[Goonie]

If you noticed, Taco also wondered out loud whether he could "kill him." Are you going to now claim Rob is homicidal?

Now, if you've got an example of Taco *seriously* advocating a DoS on anyone, come back and post it. Otherwise, go back to the hole you crawled out of.

Re:Why is it always "some kid"?

[Hanno]

Someone who still uses these tactics as an adult as usually told to "grow up". Go figure.

------------------

Re:Why is it always "some kid"?

[bruns]

In general, if someone thinks they are ultra leet and cool with their DoS tools and scripts, I call them a kiddie. No matter how old they are. Its such juvenile methods

There goes the network

[NightHwk]

I used to love the openprojects network, but now
if I connect, I risk having the FBI confiscate all my equipment!

Looks like I'll have to get help in newsgroups now...
That -I-N-C-R-E-A-S-E- -L-i-L-0 .s.p.e.e.d \f\r\e\e =CLICK=HERE= post looks informative...

NightHawk

Tyranny =Gov. choosing how much power to give the People.

Hold the Negligent responsible

[pvirdone]

How about they take action against the owner of every computer involved in the DoS attack?

If I left a loaded gun sitting around and some kid picked it up and started shooting people, I could be held responsible.

Why not hold the same precidence here?

Re:How long before this goes into meatspace?

[RickHunter]

Black IC? Can we PLEASE? Just for the niftiness effect. Since there's no cyberjack, there'd have to be other ways to harm the user... An exploding monitor, maybe...

-RickHunter

No diary entry tonight...

[Norny]

I couldn't figure out why I wasn't able to get to advogato to update my diary. Then I realized, maybe they're being slashdotted and sure enough they are. The diary entries were far enough apart that people could still have conversations... I guess that'll be different for a couple weeks while newcomers come and go.

How long before this goes into meatspace?

[msuzio]

With all the notes about how hard it is to prosecute this sort of activity, I really have to wonder... how long will it be before someone in a maddening situation like this cracks and puts a *real-life* hit on the luser?

I mean, sure, he's 31337 and all... but someone out there probably knows who he really is. And could be persuaded to go over there with a baseball bat and DoS his head.

Not that I advocate this at all :-). I just know I was sorely tempted at times when as an undergrad, high-school kids kept hacking into our school network. These were known to be local kids; hell, sometimes they would just walk in to the lab and shoulder-surf until they got a password, then sit down and log in. Our head admin chased one haX0r all the way out of the building and onto the dirt bike the kid had sitting outside the door...

Anyway, I predict the development of Black ICE soon :-).

Re:How long before this goes into meatspace?

[Some+Dumbass...]

31337
eleet
"elite"

Note that "eleet" should be in caps, but of course SlashDot's "lameness filter" stopped me from posting when I used all caps. Brilliant guys, just brilliant. Could you also filter out all "18+" links on the basis of a simple checklist?

Re:How long before this goes into meatspace?

[Pig+Hogger]

Our head admin chased one haX0r all the way out of the building and onto the dirt bike the kid had sitting outside the door...

Too bad (for the admin) it wasn't a British motorcycle...

--
Americans are bred for stupidity.

Re:6) Put the smackdown on these punks...

[Open+Source+Sloth]

This would never, NEVER work in todays fucked-up, PC(that's politically correct) world.

I used to work with a guy (during my farming days) that talked a lot about the "good ol' days" when people could get by with things like that. He told a story about how this guy kept beating his wife and kids. The nieghbors found out about it and the guy telling the story, along with four or five other neighbors, paid the wife-beating shit-head a little visit one evening. They basically left him close to death, and the hospital refused to see him (because they knew why he had had the shit knocked out of him). He eventually did recover, who knows how. But he never again laid a finger on his wife or kids.

I'm sorry if the above story offends you, but there are some people in this world that simply do not understand any language other than violence. And at some point we need to get over this "I feel your pain" bullshit approach and say, "Heh, you fuck with me and I'll take your goddamned head off." It isn't necissary in ever situation, and I'm not a real hard-ass about it. But for god's sake, let's be realistic. If someone doesn't understand repeated warnings, you don't need to go looking for all kinds of reasons that it's not his/her fault. I don't care if his parents abused him. I don't care if his god has forsaken him. I don't care if he lost his puppy at the wrong time in his childhood. If he is acting as an adult it doesn't matter what happened in his childhood. He should be fucking responsible for what he has done. Get over your childhood and move on.

Psychology is just as damaging to the human race as religion. And in the end, it will leave us all a bunch of homogenized, slobbering, drewling idiots. Equal but different isn't "fair". And some people just won't be happy until the world is completely "fair". So say goodbye to original thought. Original thought leads to conflict. And conflict is "unhealthy" (even if it is the way we progress). Bye, bye reality. Hello psycho-shit!

Sorry for the rant, but the above poster hit on one of my favorite bitches about the PC world of today. Kick some ass when it's necissary! And get over it if you think "it's not their fault". If you are the one doing it, it's your fault. Deal with it.


Slow moving marsupials and the women that love them

Re:wrong

[dankjones]

stop saying hella!!!!!!

Re:But there is no harm

[eebe]

There is always harm caused. Not only has this script kiddy hampered the use of a valuable resource, by his/her malicious acts. But from what I gather will continue to do so. These threats are no worse than a terrorist threat. "I will kill 1 hostage a day, until my demands are met". So while very few governments will negotiate with terrorists, very few Servers should negotitate with these terrorists.
And it has probably cost these people money, certainly it has cost the ISP's money.
I agree with someone above, who I forget, when they said that we should send him/her a bill for Monetary,and other costs. :)

What did I do?

[SuperQ]

I sponsor an openprojects server, vinge.openprojects.net, It's just for testing, we only have 5 users attached to it, yet this person felt it should be offline, so he sent over 100mb/sec down the pipe, slowing down the local backbone, (3 45mb DS3's at visi.com) and choking my poor ISP off for 15min.. that's not a long time, but to a modem customer who is surfing, or trying to get email, it's the end of the world. I just moved to this ISP recently, and I've allready got a bad rep with the admins. luckly I've known them for years, and they are personal friends, but it looks really bad when all i do is attract flooding, and DoS. they have enough problems with wu-ftpd scans, and netbios crap. I pay for the hosting, and the box out of pocket, so a few of my friends can get email and IRC, I ask myself, is it worth it? this is the closest i've come to saying no in the 2 years i've run nerp.net.

Re:Why is this offtopic? Pretty relvant

[MustardMan]

(Score:0, Troll)
wow, harsh mods!

looks like I can't even make a joke, one poking fun at MYSELF, without gettin modded down.

oh it is a sad day when passing ruffians can say "troll" at will to young posters. Why, even those who type and post insightfully are at considerably moderating stress at this period in history

I love script kiddies

[Code+Archeologist]

I love people who make the actions of the entire Open Source Community more difficult. People who's ignorance and arrogance makes it impossible for them to see past their own ego. And see that they are actually making it easier for large corporations and governments to take more and more of our freedoms away.

I love people who make my employers feel that they have to place overly burdensome firewalls on their system to keep immature kids from damaging their systems and data.

I love people who have taken the intenet from an easy way to exchange info back and forth in '90 made it into such an annoying place now.

Thank you all, I hope you burn in hell.

Link text

[Eric+Seppanen]

Advogato seems a little slashdotted. Here's the text of the article:

Open Projects Net: Denial of Service Attacks

Posted 7 Nov 2000 by lilo

Open Projects provides interactive facilities for coordination and support to groups and projects involved with open source. We run between 1,500 and 2,000 clients and are home to such projects as Debian GNU/Linux and Enlightenment. We've had our share of difficulties recently, but we're continuing on.

The past few weeks have been quite an experience. Last week one of our hubs on Open Projects started going up and down like a yoyo. I'd seen that behavior in this normally very reliable server in recent weeks and not thought much of it, since the company in question was in the process of moving its facilities and reliability issues do sometimes creep in during such moves. But we soon obtained a little bit more insight into the problem. After watching the server perform a loop-de-loop, I received a /MSG from a rather peremptory and anonymous skript kiddie informing me that if I didn't permanently remove the sponsor's server from the network, he would kill my home ADSL line and take down Open Projects until he got his way. It seems he feels the sponsor owes him money. I'm afraid I wasn't very polite in my response. Feeling that one can hardly allow psychotic delinquents to dictate network policy, I explained to him that while he might very well be able to take down our network, he was not going to set policy, and specifically I would not entertain the notion of removing our sponsor's machine.

The last week has been interesting. Apparently this petulant child has something over 45Mbps to play with, and he's moderately competent with SYN attacks and so on. In various incidents throughout the week he packeted ISP's and universities and small companies to death to demonstrate his, uh, prowess with borrowed equipment. Currently he has proclaimed that he'll be taking down our network once a day for an hour until his wishes are granted. All I can say is that he's going to be doing it for a long time if that's the case; the heat death of the universe isn't due to arrive for some time.

Throughout this experience I have noticed it's very difficult to coordinate much of a response from ISPs and backbone providers. An unofficial contact at uu.net explained that we must notify his security people while an attack was taking place for them to have any chance of thwarting it. They thoughtfully provided him with an email address rather than a telephone number to give to us, explaining that this is a matter of policy. Perhaps they don't understand that packeting can affect services like email. Or perhaps they are simply extremely comfortable, their owners having cornered much of the backbone market after the last round of industry mergers. My employer's ISP was targeted, and so far the people at the ISP seem a little bewildered, though they're game to fight the good fight. Some folks with very nice bandwidth contributed a server today to see if we couldn't keep our hubbing working through an attack, and the skript kiddie seems to have gone after their routers, leaving very little in the way of evidence behind him as to his point of origin.

As a first, one of our admins contacted the FBI at our request. I'm not sure this will accomplish anything useful, but it's certainly worth a try. It is worth noting that, as a philosophical anarchist, I'm usually not inclined to bring in the muscle of a law enforcement agency to resolve such disputes, preferring to reason with the party or parties involved. But in cases where the problem user has learned his manners from repeated viewing of Robocop, well, there's not much one can do but consider the business to be a declaration of war.

At any rate, it seems to me that this otherwise very mundane set of attacks points to a long-standing problem with the Internet: Denial-of-service attackers have location indirection, but content services and users are left in plain sight as targets for their efforts. I'm hoping Corridors will helpful in dealing with this problem, though it's a fairly long-term project (and constantly in search of additional expertise to finish the design and begin the actual implementation). Meanwhile, we go on, attempting to devise kludges to improve the robustness of ircd in the face of all-out attack.

Any assistance from the readership in combatting problems which we have never experienced in quite this magnitude would be greatly appreciated.

Thanks to the Magenet people and Diane Bruce and F. John Rowan of the hybrid ircd project for their assistance. Thanks to the many users and admins of OPN, whose patience and support have been impressive. And thanks especially to VA Linux for their help and support; they've been real heroes and deserve a great deal of praise. And no, we're not going to delink their server, however many or few seconds we have to comply. ;)
--

Re:Why is this offtopic? Pretty relvant

[MustardMan]

and as I typed it, I forgot to click the box.

I would not complain if one were to mod the above -1, overrated.

I REALLY wish I could set it to default to NOT use the +1

Re:PSA

[wuice]

Unless the DOS attack hits a Microsoft server, then it becomes "evidence" of their inherent inferiority.

Hell, I still remember the slashdot headline "Hotmail Collapsing Under Load." I read the article.. Didn't mention Hotmail collapsing under the load anywhere.. Still, wouldn't it be cool if it *were* man, just think

Re:Why is it always "some kid"?

[MustardMan]

and so the vicious cycle continues. Why don't they like to be called kids?

I for one would give my left nut to be a kid again

Coming back to haunt you. Boo!

DoS attacks just aren't cool ever.

From:
http://www.slashnet.org/for ums /Slashdot-05Oct00.html

[21:17:34] <CmdrTaco> bob_jones_iii is being an annoying prick.
[21:17:43] <CmdrTaco> can we kill him? someone dos him ;)

Sheesh. Not cool. Ever. Except when it's convenient. (I Quote from comment #125 by arcade on the comments thread from http://slashdot.org/articl es/ 00/10/07/0025253_F.shtml:

Cmdrtaco sounded a lot more like a scriptkiddie than I really liked. Comments like:

bob_jones_iii is being an annoying prick. can we kill him? someone dos him ;)

Really really disappointed me. Sure, he's got a smiley there, but still. I wouldn't be surprised if someone actually DoS'ed the sucker because "o allmighty Taco told them to".

Slightly offtopic? Perhaps. Making a point? Absolutely.

Most large ISP's Don't Care.

[MeNeXT]

They will bring down the attacked site. In a sense being part of the problem and encouraging the abuse to continue.

They should track the DoS, cut off the offending system and send them a bill.

This would only work if the backbone providers would cooperate, and track the hacked/DoS systems.

Re:Most large ISP's Don't Care.

[dougmc]

Yes, and it's very unfortunate that ISPs don't fight things like this more rather than just caving in.

But you should also consider the ISP's position. Attacks like this often throw the entire ISP off the net, affecting *all* of their customers. Only the very largest ISPs can handle such attacks -- which waste large amounts of expensive connectivity.

It's *much* cheaper to just get rid of the offending site in most cases, and since most ISPs are businesses looking to make a profit, that's what they do. They'd like to fight it, only the largest ISPs can afford to fight it.

Granted DoS isn't cool but...

[state*less]

It makes us protocol developers think about how to combat them. Eventually they(DoS attacks) will be harder to execute and more likely to be tracked. Unfortunatly in the meantime we have to bear with it. Be patient we'll get there, hopefully sooner than later.

Time is Change.

Re:Why is this offtopic? Pretty relvant

[MustardMan]

oh WOW THAT was clever. Even fooled me.

In case you hadn't noticed, a moderator actually modded me UP to make me look like a hypocrite. Underrated doesn't show on the main page, so it looks like I used my +1. Bravo.

6) Put the smackdown on these punks...

[david@ecsd.com]

I've been pondering this for a while. It's painfully obvious that law enforcement can't/won't do anything about this. As far as I'm concerned the way to take care of this is to do everything humanly possible to find out who has cracked/DoS'ed you and NOT report it. Instead, when you find out who it is go to their home and lay a beating on 'em.

If I were some pimply 15 year old, I'd be damned awful careful whom I'm pissing off if it were possible to actually get the crap beat out of me. Illegal? Very, but enough is enough. People need to know that there are consequences for their actions and that if you overstep certain bounds, you will actually pay a severe penalty.

It may sound rather Draconian, but once word got out that there are certain servers/networks out there whom you don't want to mess with if you want to keep all your teeth, things will get a bit quieter if they're not sure who'll get revenge on them.

If any of these networks don't want to be trespassed upon, they'll start to be a little less like nerdy Bill Gates and a little more like Charles Broson

David Schmitz
http://www.ecsd.com/~david

IRC Alternative?

[pong2015]

A number of people have mentioned that IRC is ancient, outdated. (One guy compared it to his atari)
<rant>
I cannot understand how people can go about saying this. IRC (IMHO) is still the best place to get help on nearly _any_ subject.
</rant>

Anyway... That aside, what would be a 'better' alternative to IRC? (Obviously not AIM/ICQ, they're only useful for 1:1 communication, anything else gets bulky)

(Slightly off-topic, I know; I have no karma, so Im not afraid to destroy what little I have ; P)

Re:IRC Alternative?

[Dwonis]

IRC is a protocol. Go read RFC 1459. We're saying the _protocol_ sucks, not the end user experience on a working IRC network.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.

Re:Lets Deal With it.

[THEbwana]

That kinda was my point. I dont mind the kiddie having tools to attack me. The online community should, however, have the chance to fire back just like you would if I was pointing my gun at you. The way it is today is:
1. scriptkiddies shooting of their gun at anyone
2. system administrators under attack unable to act.
3. incompetent government officials continuously barking up the wrong tree - most of the time doing more harm than good (read: laws against reverse-engineering, laws against personal encryption etc.)

Re:Hrmm.

[Black+Parrot]

> Nine comments into this and it's already /.'d.

Maybe people decided to read the article before posting... for a change.

Flamebait?

[flimflam]

What's up with that? At worst it's off-topic, but no more so than several other posts that got modded up!

FBI equivilent in Aus.

[eebe]

Everyone is talking about submitting logs to the FBI to hunt down and procescute the attacker. Does anyone know of it's equivilent is Australia?

Re:With regards to moderation

[MattBaggins]

Why the fuck should the karma cap be lifted? If you actually care what your karma is than you shouldn't have any.

Advogato performance problem fixed

[raph]

There was an O(n^2) inner loop for reading the trust metric cache, because it was using the Apache table functions. Also, as a more minor problem, this cache file was being stored as an XML file, which took a little while to parse.

After a little on-the-spot programming, it's now stored as a plain text file.

So thanks to Slashdot for motivating me to do this fix. I had noticed the performance was getting a little clunky, but it was good enough until now.

Re:Public Service Announcement

[Mtgman]

I think I'd rather be a "DoS attacker" than a "DOS Advocate" I think it's kinder to take down a site than promote M$ software.

Steven

Re:Why is it always "some kid"?

[mrfiddlehead]

Children are pure psychopaths. Adults normally learn not to be psychopathic, although you'd never know it if you ever rode your bike along the same route that I ride every day. Teenagers, on the other hand, have their judgement impaired because of hormones, coke, beer and drugs - I know because I was once a teenager. I'm down to beer and the occasional toke now so I tend not to do quite as many stupid things. Of course, I'm usually drunk whenever I do do something dumb.

The kids are not alright!

Which is worse?

[|DaBuzz|]

Its pretty terrible when a kid goes bananas and can damage the volunteer efforts of many people working really hard to create and support something so many of us use and enjoy. (Not an *exact* quote, my spellchecker fixed the "bananas" misspelling)

I think the fact that "a kid" can bring down such a system with relative ease is the real problem here.

I hate to say it, but people tend to ignore the root of the problem (ugh, a pun) and focus on the fall guys involved to draw attention away from the shortcomings of the system being discussed.

And this is not a slam of Debian, Linux, or any OS specifically, it is more a commentary on the overall lack of concern over the underlying reasons why "a kid" can do such things in the first place.

Re:Which is worse?

[phook]

'the underlying reasons why "a kid" can do such things in the first place.' Are you so old that you cannot remember that as a kid your number one priority was to attract the attention of your peers? The Internet gives the kids an oppurtunity to aquire peer recognition through spectacular technical stunts. Admittedly DoS attacks aren't particularly original, they rank somewhere between knocking on doors and fire-starting, but they do benefit from the fact that they GET PEOPLE'S ATTENTION. And that is all any kid wants to do.

With regards to moderation

[Woodmeister]

Ah, fear not. I had noticed the misuse of moderation on your post. Some moderators are so infatuated will the idea of being able to moderate posts that they fail to think if they should or how they should moderate.

I would have fixed it myself had I moderator status, but decided to post to it saying it should be back modded up. By the time I hit the link to reply though, it was back to +1. Goes to show some people are thinking......

I do believe moderation needs a bit of a facelift. To CmdrTaco: There have been several occations where I have been browsing /. and there has been awful proof of misrated posts. I suggest that the +1 to karma-wealthy posters be banished, and an improvement to the moderation system by increasing a moderator's "active" time to more than a couple of days, and perhaps a larger moderator pool.
--

Re:With regards to moderation

[MustardMan]

Step one: Destroy metamoderation, its horridly broken.

Step two: Have VA reach into their deep pockets and hire a few people who will FAIRLY patrol the mods and fix offenses, but only those that mod down. In other words, never take away someone having gotten modded up, but restore those who were unfairly modded down.

Step three: Allow those who got the +1 but dont wanna use it to turn it off permanantly - I post to start conversations, not to whore karma or get my name seen.

Re:Yeah it sucks...

[finkployd]

All that proves is that the network has some pretty good ops, while this "rendition" guy is a whiner who did something wrong (by his own admissions) and can't deal with the consequences of it.

Finkployd

Re:How to stop DoS attacks

[luckykaa]

You seem to have been misled by an obvious satirical article. "Nationally agreed standards"? Would be great for a US only internet.

I love the way he points out that White hat hacking is the way to secure servers, but suggests that any tool that might be useful should be banned.

Re:Lets Deal With it.

[phook]

Presumably you would also advocate the immediate machine gunning of any script kiddie caught with DoS tools?

DoS = Denial of Service

[TrentC]

As it says in the topic.

"Denial of service", for the curious, happens when an attacker ties up a system, typically by flooding it with invalid requests or otherwise tying up resources, to make it unusable.

Jay (=

Re:Yeah it sucks...

[festers]

I would have been happy with just a kickban, but instead it was all kinds of k-lines and grief for the next 90 mins. We were just being dumb for a few mins, something that didn't require such overreaction. Just because someone does something for free it doesn't give them license to act like assholes


--------

Spoofing filters

[OpperNerd]

If everyone would wake up and implement their fscking egress filters, at least there would be some way to track down DDoS zombies much easier.

Re:Yeah it sucks...

[festers]

We didn't get kicked, moron, they were k-lined. A kickban would have been 100% appropriate. But I guess that's asking too much out of a bunch of humor-impared jerk-offs.


--------

Re:attack!

[SigVn]

No you just get a boring page that everyone stays away from.

Re:How to stop DoS attacks

[MostlyHarmless]

Right...

1) Secure all servers

This works with cars and businesses with a high initial cost. OTOH, anyone with a decent OS can run an Internet service. You probably run a few at home. We've tried to stop Napster, drugs, and alcohol; so far, one out of three has been only slightly better than a huge failure. In addition, even well-known servers have holes discovered in them after they've been out for quite some time.

2) License ISPs
Can be done, but remember that the big ISPs are just as bad. Remember today's spam article? The top sources of spam were all massive ISPs.

3) Make spoofed packets illegal
See #1. In fact, this would be harder to track down than #1, since the packets are spoofed :-)

4) Authenticate everything
Like you said, Duh! :-)

5) Criminalize all scanning, including pings and probes
Re pings: The author has obviously never played Quake before. And about probes, where do you draw the line between legal and illegal? Is trying a few ports illegal? What if I go to a server and connect to telnet, http, and sendmail? Those ports all have legitimate uses; see #1. Ah ha, you (or the author) say, but I would only outlaw automated attacks. This is dubious at best, and it still runs into the same issues as #1.

Again, like you said, the Internet is structured as to be vulnerable. At this point, no amount of words can change that fact.
--

attack!

[romco]

Someone find a ip # on this kid so we can ./
him.

Why is it always "some kid"?

[MustardMan]

Isn't anyone else bothered by how it is always assumed that it is a kid thats making these attacks? I used to be a kid once, and didn't appreciate everything being blamed on my generation. Be realistic, people, it takes EXPERIENCE to become a true asshole; kids are amateurs at best... the REAL jerks are the seasoned veterans

Re:Why is it always "some kid"?

[Cramer]

Therein lies the problem: it takes NO experience to be an asshole or a script kiddie. (To some, being an ass comes natural.)

According to some articles I've read (sorry, no links), there are comparably few "hackers" and hundreds of "idiot" script kiddies who take the knowledge and (hard) work of the real hacker to do their childish shit. You've obviously never heard of a "rootkit" or a "DoS kit". They aren't entirely to the level of click here to break in but they don't require any "hacker" skills.

Personally, I think the Ido (ST:TNG) had a good idea... "There is only one punishment for breaking any law: Death." People (and I use the term loosely) perpetrating such things are more than proving their inablity to live and participate in a civilized society. I say treat them accordingly. If you had a dog that constantly ate the funiture, crapped in the middle of the living room, and pissed on the china, you would not tolerate it. It would be punished, exiled, banished, and/or executed.

Re:Why is it always "some kid"?

[Cramer]

"Political program[s]"??? Gez. Don't bother wasting your time trying to teach these kinds of people how to live in society. Weither they are 10 or 30, they should have learned this kind of anti-social behavior is inrolerable. They should have learned that when they were 5. All that matters to them is their own tiny, insignificant piece of the world. Someone wrongs them (as they see it) so they strike back at the entire world. If their parents had taken a few seconds of their lives to actually participate in the upbringing of their children, maybe we wouldn't have so many mentally unstable people. "Spare the rod; spoil the child."

There's little point in investing the time (and my tax dollars) in civilizing the uncivilized. We spend enough on rehabilitating criminals who go out to commit more crimes. And while jail time does correct some, it's statistically worthless.

(I think it's time for another flood. Oh, wait, He promised never to do that again.)

Re:Why is it always "some kid"?

[mengmeng]

Have you read the linked articles? I don't think anybody has been able to, since advogato seems to be slashdotted. I would assume in one of those articles, lilo mentioned that the perpetrator actually is a kid, therefore Taco made that comment... (since he was able to read it before it got slashdotted, obviously :-P )

Re:Why is this offtopic? Pretty relvant

[Cramer]

When you act like a two year-old...

Hrmm.

[Nidhogg]

Nine comments into this and it's already /.'d.

Didn't you JUST say that DoS attacks weren't cool?

Hypocrite.

DOS

[BugMaster+ChuckyD]

DoS attacks just aren't cool ever

Good one Taco.

Looks like the link is getting the most effective DOS attack known to man: "The Slashdot Effect"

Public Service Announcement

[srichman]

DoS attacks just aren't cool ever.

Don't do drugs. Drugs aren't cool.

Stay in school.

Nobody ever says "I want to be a DoS attacker when I grow up."

re:Dosing and packet kiddies

[djmoocow]

I would like to make two points in all of this #1 First off most of the DoSing done on the internet is done by little teenagers that find some hacker site and downlaod programs which they have no idea how it works but they think it is cool and want to be like the guys off of "Hackers"... because as a few of the reponses said... any older people have the common sense not to do this because Jail time can be involved.... a perfect example it MafiaBoy .. he was no more than a Kid from Quebec who used his computer every so often but he thought it would be cool to take down a few websites... he got all of his info on how to do this from the web... not understanding ANY of what he was doing.... or he would not have been caught... and for all those who will say he did not DoS them that is true... it is just an example..... My second point has to deal with Network security .... i am currently taking a Cisco Routing course... of which network security is a big part.... you soon learn that no network can be made fool proof...especially for DoSing...because of some packet kiddie is determined enough.... they could take down a router and a firewall.... it may take them some time... but they can .. it is unfournate.. but it is true.... in addition to this ... not alot of companies can afford a router of their own .... and rely primarily on their ISP which sometimes is fine... but even they can only do so much .... and the fact that the penalties for doing this are not strict enough encourages kids to do it because if they are underage then they have a get out of jail free card.... there has to be a few changes in both laws and the attitude of network administrators thinking that it will never happen to them.... becaause these packet kiddies are getting these comprised systems from somewhere Homer Simpson- All this computer hacking is making me thirsty i had better order a Tab

How to catch him

[teasea]

First off, we call him/her a kiddie because of perceived maturity, not for any chronological aquisition of years.

Second, the trail is already there; who has complained that the company owes them money? While the records may be extensive, there are ways to narrow it down further. 2

Why is this offtopic? Pretty relvant

[GoofyBoy]

Its a valid question. Why does it always have to be a "kid" as CmdTaco stated? (Note: I can't get to the linked article since it seems to be slashdotted)

Suppose the article stated "when a woman goes banannas" ?

Re:Why is this offtopic? Pretty relvant

[MustardMan]

NOW it's offtopic :)

and there goes my karma

but thats ok, I will call myself a martyr.

Oh, how my life was ruined by the evil karma nazis.

I bet I'll get an NBC TV Movie. :)

'Course, I COULD use my +1 bonus to post this drivel, but I am being good

Re:Why is this offtopic? Pretty relvant

[aenea]

oh it is a sad day when passing ruffians can say "troll" at will to young posters. Why, even those who type and post insightfully are at considerably moderating stress at this period in history

Oh crap. I'd pay money right now just for the honor of mod'ing that up.

Why can't you trade in karma for moderation points? Sure, you'd get the occasional horror of a Signal 11 mod'ing a whole article, but at least karma would be worth something.

Re:Why is this offtopic? Pretty relvant

[MustardMan]

Phew! I was getting worried that I was inadvertanly becoming a troll or something. :)

Re:Yeah it sucks...

[willfe]

Just because someone does something for free it doesn't give them license to act like assholes Incorrect. Sorry, but it's always been my impression that if someone's doing something for free that you find useful, you damn well thank them and are appreciative/supportive, or you get your ass away from it and stay out of the way of people who did develop frontal lobes. BTW, if you were to do something like these logs show happened on anything I run, you'd get kicked, banned, k-lined, etc. very quickly.

Re:A bit more explanation

[Zurk]

yeah. #linhelp ops suck too...openprojects has been going downhill and i dont really care about it...i'll b happy if it gets DoSed outta existance. although i should point out that you guys deserved a kickban but not a k-line.

Re:Yeah it sucks...

[willfe]

[Hits "PAUSE", turns to class] Now, here we see further proof that these "victims" are in fact trolls and otherwise *very* bored people. That silliness aside, which is it, "we" or "they?" How can you simultaneously expect sympathy and/or support from your fellow slashdot readers and call your adversaries "jerk-offs," thus proving your immaturity? The clue train is probably just over that next hill if you'd care to run after it and climb back on.

Leave DOS alone!!!!!

[FenrirWolf]

Yeah, stop picking on DOS! I mean, it was pretty good for its time! Sure, there was the whole 12-bit filesystem fiasco and the little mixup over protected mode, but hey... It's been a good operating system!

Now now, don't cry, DOS, nobody really meant what they said...

Re:Leave DOS alone!!!!!

[Dwonis]

Hmm.. What was around in 1985?

DOS, MacOS, AmigaOS, UNIX. (and others I'm sure).

Surely, DOS is the best of the pack. ;-P
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.

Re:Lets Deal With it.

[psionicalpha]

Isn't this kind of like curing the disease by killing the patient? :)

Re:How to stop DoS attacks

[egon]

5) Criminalize all scanning, including pings and probes.
[snip]
and #5 is perhaps a necessary evil.

I'm afraid I'm going to have to disagree greatly. I would be very interested to hear your view on what constitutes "scanning" in that case. What if I accidentally point my browser at the wrong server? I meant to put in a different URL, but ended up pointing at the wrong place. Am I now guilty of "scanning" that machine for a webserver?

--
Give a man a match, you keep him warm for an evening.

Dos Attacks on OPN

[KumaBear]

I had a short conversation with the sysadmin, it appears that this attacker has adequet bandwidth (45 Mbit) to do such DoS'ing, sad to say such networks doesn't limit bandwidth to their users. I'd hate it if my network with full bandwidth privillages would fall into the wrong hands. And of course IRC networks will have to expect this kind of thing. I hope this guy gets caugh, but for now it's difficult to track him down since he spoofs IPs.

This is nothing new

[toastyman]

I've been involved with IRC in one way or another for about 7 years now. It's reasons like this that I do NOT run an IRC server anymore.

Around 5 years ago, I ran toast.ne.us.dal.net, part of the DALnet IRC network (obviously). The bandwidth for it was generously donated by a local ISP, in exchange for borrowing some of my expertise from time to time. We only had a frame relay T1, but easily held more than 1000 users at a time.(Which was a record, for a short period) With popularity, attacks started coming.

The first thing that hit was SYN floods. Linux added the TCP cookies feature, which helped a bit. Then raw ICMP echo request floods, which caused us to get icmp blocked at our uplink, which hurt our customers, but was deemed worth while. Then when ICMP didn't work, people flooded the crap out of us with UDP. Then the Smurf attacks started. It came to a point that more often than not, during the evening, I was spending my time on the phone with our increasingly annoyed uplink getting things filtered and blocked.

In 1996, I moved to Illinois, and took the server with me. I started my own ISP on two T1's, and pretty immediately decided to pull the DALnet server, when the period of time that we're getting flooded exceeded the time we weren't. I then moved my IRC server to a much smaller network called NewNet. While the floods were much worse, it still was a perpetual annoyance that some brat in Israel decided he didn't like us, and would reguarly flood us from hacked .jp servers, who we could never get the admins to fix. I'd also get people attacking my router directly, affecting thousands of customers, all over a silly IRC matter...

Then one day, the "script kiddies" discovered Wingate. Wingate is a highly useful Windows proxy system, that was unfortunately shipped for quite a long time in a highly insecure state. They had a telnet and SOCKS4 proxy sitting wide open, with no passwords necessary. One script out there would go scanning through cable modem and DSL netblocks, gather a list of a few thousand insecure wingates, and connecting them ALL to our network, using them to flood the crap out of us. No longer could we even ban naughty users, because they had thousands of hosts they could choose from.

One VERY frustrating day, I ended up writing a little tool to scan EVERY user who connected to our network, to see if they were actually connecting from an insecure proxy server. Worked wonders, but we had thousands of nasty e-mails from people asking why we were trying to hack them (by connecting to port 1080 then immediately disconnecting?). Much education was required, and many notices of "You're about to be scanned, disconnect if you don't want this to happen" were necessary to prevent some idiots with a firewall they didn't understand from flooding abuse@dragondata.com with nonsensical complaints about hack attempts.

Today, floods are much more sophisticated than the ones we saw 5 years ago. Current floods are completely legitimate TCP/IP packets, that look real. Not floods of SYN's, but real looking data, that you can't just slap a simple filter in to get rid of. Now, unless you're using a stateful firewall that can detect this sort of thing, you're pretty much screwed. (FreeBSD's ipfw system is now stateful, and works quite well for this sort of thing.)

Really, here are the major problems.

1) Network administrators don't secure their networks. They may secure their machines, but they let their routers blindly pass off spoofed packets, when it would be pretty easy in 99% of the cases to block packets with source addresses coming from a port that they don't belong in.

2) Any complaint to any abuse@ address that involves IRC seems to go into /dev/null. A wonderful discussion has gone on on the NANOG(North American Network Operators Group) mailing list, the past few weeks about this very problem. "IRC is stupid, don't make yourself a target" is something heard all too often. If people would just secure things now, when someone's attacking a web server, or something else of yours, you won't have that problem either. What if someone decided to DoS one of the major political party's web pages today, with the same types of floods? It's the same problem, but somehow this is worth investigating, but not if it's IRC? Yes, IRC isn't as philosophically important, but it's a very popular service, none the less...

3) It's nearly impossible to prosecute the people who do this. I've talked at great lengths with the FBI and other law enforcement agencies. While they sympathize, unless they have a huge dollar amount in damages they can show, there's little they can do.

4) The same companies and universities get hacked over and over again. I'd like to see someone sue one of them for negligance one of these times.

5) Stupid battles like this are really putting a drain on the IRC community. IRCD server software has pretty much gone untouched over the last few years, because any technically competant coders are busy coming up with proxy detectors and fighting floods, than writing code. There are things with IRC that could be done that would blow people away. But, I'm burned out. 7 years of fighting with people who need psychological help, because they do things like take down a huge network, instead of dealing with their issues in a constructive ways....

6) People take IRC too seriously. It's just for fun, people.

Kevin Day

Re:This is nothing new

[toastyman]

One other thing..

I moderated/ran the Bruce Perens IRC Chat that was mentioned a few months back here. Idiots decided to ping flood his DSL line out of existance during the chat, and I had to call him on the phone and type his answers for him.

People will ruin anything that can, I swear. :)

-- Kevin

Re:Try contacting the company who leased the ATM

[Bill+Currie]

that 45Mbps could be 1000 56k modems from as many dialup ISPs. Now who are you going to contact? This is what DDoS is all about :(

Bill - aka taniwha
--

Mirror

[norom]

Now go /. psu's servers
http://www.personal.psu.ed u/u sers/d/r/drb210/198.html

The ultimate solution

[flimflam]

What if I accidentally point my browser at the wrong server? I meant to put in a different URL, but ended up pointing at the wrong place. Am I now guilty of "scanning" that machine for a webserver?

Well obviously yes. Clearly the only solution is to require written permission from the operator of any site before visiting it with your browser, otherwise you are just abusing their server's capacity. Hey, no more freeloading! It's time to bring some accountability to the web!

Mitigate Slashdot DoS

[Hard_Code]

I have a suggestion. Instead of linking directly to the tiny web server running on leech neurons or in a pizza box, can't slashdot just be nice and link to a Google cached copy (if one is available) instead of directly? For those who *really* want to pull directly from the poor victim, it's easy enough to read the big glaring "This is a Google cached copy" disclaimer and click through.

Re:How to stop DoS attacks

[Lemmy+Caution]

This would be analogous to accidentally walking into someone else's house because you were distracted and misread street names, or accidentally trying to open someone else's car in the parking lot. The first is not breaking and entering, the latter is not attempted car theft, and there are ways to make that obvious in a legal dispute.

Ha-ha funny funny, okay we *GET* it already.

[willfe]

Why must we endure *repeats* of jokes that were marginally funny the first time? BTW, the "Slashdot Effect" isn't a Denial of Service attack. Instead it's a "buttload o' people trying to hit the same resource at the same time" attack. They tend to be legitimate requests, not random DoS requests, unless Slashdot's audience is make of up drooling sub-human mouthbreathers who click on anything on the screen that's underlined.

Why am I not surprised?

[anti-lilo]

While I'm not an advocate of temper tantrums or pushing an entire group when your target is an individual, his or her business, wallet, pocket- book, whatever... The IRC has proven itself primed for Denial Of Service Attacks for more years then I care to think about. Combine that with Ron Levin's Anal Retentive behavior exasserbated by his delusions exasserbated yet again by his history and misbehaving OPN as well as his infuriating antics on the networks which preceeded OPN; I have to wonder why anyone is surprised. Furthermore... What kinda of network administrator cant divert an OC12 DOS into the bit bucket before it affects the host. I'm not saying its right. I see it happen constantly. Any network admin worth his/her salt knows how to divert the attach upstream falling back to any of 1 or more redundant backbones to the net. Perhaps you should speak to me about implementing a network that addresses the very issues you react to as opposed to anticipating, planning for, and are prepared to manage proactively. You bet... I can route that DOS into the bit bucket before my dual 7513s begin to feel the pain. Why is OPN a target? I've read the posts from beginning to end. I hear nothing but hearsay, inuendo, a bit of sarcasm along with a bit of humor. Just visit opn and #linpeople. Its easy to see why anyone from 7 to 70 or better might wish to beat #linpeople into oblivion. I read no proof that makes me believe with any moral certainty that 1). This is a kid or a dolt with destructive tendencies. 2). I have no reason to believe that these are DOS attacks at all. For all the evidence presented thus far... this could be inompetant administration complicated by a corporate IT move. Before "Community People" slips my mind again... Forgive me for asking... BUT, wtf is a community people? Are you folks in Silicon Valley back living in communitives of participants living in network ready Community Caves? Enough of this noise. The polls are about to close in Hawaii. The next president is more interesting then this noise. Cheers, S.L.Wicked

Re:Why am I not surprised?

[lilo]

S.L. Wicked wrote:

While I'm not an advocate of temper tantrums or pushing an entire group when your target is an individual, his or her business, wallet, pocket- book, whatever... The IRC has proven itself primed for Denial Of Service Attacks for more years then I care to think about. Combine that with Ron Levin's Anal Retentive behavior exasserbated by his delusions exasserbated yet again by his history and misbehaving OPN as well as his infuriating antics on the networks which preceeded OPN...

Steve,

As I told you before you were K-lined from Open Projects permanently for displaying this attitude toward hapless users on more than one public channel, Open Projects is supposed to be a friendly place. Your message is an excellent example of why you are persona non grata there now. Please feel free to keep my nick held up on EFNet, the web page you put in your REALNAME field there from time to time is very entertaining.

Sincerely,

Rob Levin
aka. lilo

DoS attacks are funny!

[phook]

"Hello, is that the fire brigade... yes? Okay, there's a fire at The Wookey Hollow Club" - standard reaction of a sixteen year old that has just been refused entry to a nightclub.

How to stop DoS attacks

[Anne+Marie]

According to Bill Machrone, the way to stop DoS attacks is:

1) Secure all servers
2) Liscense ISPs
3) Make spoofed packets illegal
4) Authenticate everything
5) Criminalize all scanning, including pings and probes

Now, would any of these solve openprojects.net's malaise? #1 wouldn't, because it's not their server which is launching the attack; #2 is a structural change which would take too long to implement (even if it's desirable); #3 is promising but would be an administrative nightmare; #4 we should be doing regardless; and #5 is perhaps a necessary evil.

The internet is fundamentally structurally vulnerable to DoS attacks. It's only a matter of pissing someone off and getting picked as a target. With the increasing politicization of everything on the net, the problems will only get worse.

Re:How to stop DoS attacks

[MegaFur]

I can't say about #1, 2, and 4, but #3 and 5 seem insane.

Facetiously speaking, if you criminalize spoofed packets and scanning, only criminals will spoof packets and scan ports.

Anyway, as someone else pointed out, it's difficult to understand how you'd make port scanning illegal without destroying people's legitimate right to do things like connect to port 80 for http...(it'd be kinda hard to read /. then.) :-)

Re:How to stop DoS attacks

[lilo]

Ann Marie wrote:

The internet is fundamentally structurally vulnerable to DoS attacks. It's only a matter of pissing someone off and getting picked as a target. With the increasing politicization of everything on the net, the problems will only get worse.

Your points are well-taken. I'm not sure I like any of the solutions you mention. Securing your server only does so much to prevent denial-of-service attacks. Of the rest, the administrative ones put too tight a rein on an essentially anarchic system, and the technical ones take away capabilities. Ultimately, this is why I'm working on Corridors. The skript kiddies have location indirection; the rest of us, clients and servers, need it too.

The thing to realize about the Internet is, realistically, you can't bar someone from a service, you can only choose not to include them.

Re:How to stop DoS attacks

[rjh]

#s 1 and 4 are desirable; the others are catastrophically bad ideas. Licensed ISPs aren't much different from a licensed press--and as any First Amendment lawyer can tell you, a licensed system of presses is illegal in the United States, as no government agency has that authority.

Spoofed packets being criminalized is tempting only on its face. While Congress could very well make interstate transport of a ham sandwich illegal, this law would be impossible to enforce. Criminalization of spoofed packets would be in the same boat.

Criminalizing all scanning is a case of throwing the baby out with the bathwater. Suppose that I own two machines, A and Z, and I traffic between the two is vanishing into the ether. Do I have the right to make a nonintrusive investigation into the cause of the outage? My instincts tell me yes, that the Ninth and Tenth Amendments cover legitimate inquiry into the world in which we live. Therefore, my use of traceroute and ping to locate the network outage is perfectly legal--after all, lacking mens rea, no crime can be committed.

Securing all servers is an extremely good idea, as is authentication and verification of data. Unfortunately, 90% of the programmers I know can't be bothered to worry about anything as trivial as making sure it's Done Right, instead of Done Fast.

The [I]nternet is fundamentally structurally vulnerable to DoS attacks.

Agreed, but I like to approach things from a slightly different perspective. The Net was designed to be immune to a huge array of meatspace problems. The Net was not designed, nor could it have been designed, to be immune to netspace problems; after all, netspace didn't exist at the time the fundamental protocols of the Net were being developed.

As the English techno band Shriekback noted, "[e]very force evolves a form." DoS attacks are just the form which force has evolved into on the Net.

Re:How to stop DoS attacks

[pjrc]

3) Make spoofed packets illegal

What about asymetric routing?

I have two ISPs. One is a 128kbps frame relay, and the other is a radio link and a 33.6k modem. The radio link is approx 2 Mbit/sec with a reasonable latency, about 50 ms. The frame relay circuit has 20 ms latency. The modem just plain sucks, slow and high latency. The modem isn't even plugged in. I use use the radio receiver as a one-way link.

If all spoofed packets were illegal, then it'd probably be illegal for me to send packets up the frame relay line, with the IP number belonging to the radio link. The ISP providing the upstream for the frame line says "we don't mind and we won't stop you unless someone starts abusing our network, and we'd probably have to upgrade the router to do it". The ISP providing the radio link doesn't really know... it's hard to actually get to talk to anyone there that knows anything... but from what I can tell, their scarce resource is the pool of inbound modems, they have more bandwidth than they know what to do with on the radio link.

It's a pretty sweet setup, and it's all possible due to asymetric routing (linux) and that my upstream provider lets me send spoofed packets!

Try contacting the company who leased the ATM

[nothng]

So far you have contacted UUNET and the FBI, but have you considered contacting the Company that is actually leasing the ATM? I'm sure they would be quite interested to know one of there employees or customers is abusing the line. 45Mbs doesn't come cheap. Also I've noticed people that abuse other servers also abuse they're own providers. If this person hasn't done so already I would expect him to DoS his own provider/and or employeer first time they do something to upset him. I'm sure they would love to be able to can this security/lawsuit risk...If it were my line I would certainly want to be informed.

DoS attacks just aren't cool ever.

[Jose]

You talk about DoS attacks not being cool? how many times have you taken down small web servers with the power you wield (/. effect)?!?!

You do it on an almost daily basis!!

=P

Re:Well

[luckykaa]

Naah. DOS is totally immune from DOS attacks. No service, therefore no denial.

Re:Shut up Taco. MODERATE THIS UP

[bugg]

He may have been trolling, but he brings up a valid point. The "Screw Echelon" day or whatever it was called was a [pitiful] attempt at a DDoS.

So, CmdrTaco, apparently you do find it justfied sometimes. And so does the attacker of OPN. What's the difference? Oh, you're biased towards Debian, but besides that ;)

Re:Lets Deal With it.

[THEbwana]

Of course not. That'd be plain stupid. I would just prefer script kiddies to be judged by people who know what these kiddies are doing instead of some ignorant represantative from a regional government (ie: a suit who takes a kids computer into custody as because that kid posted an article on a security newsgroup).

A bit more explanation

[festers]

I should have been more clear in the first post...for a few moments of being goofy, we had people getting k-lined (or the temporary opn equivalent) A kickban would have been perfectly acceptable, but instead I had to defend a group of law-abiding, peaceful irc members. When I got into #openprojects, every single op took a shot at me. Yeah, maybe there's a few reasonable ones there, but they sure weren't around that night. In the end, it was a huge over-reaction on their part about something that could have been laughed off as some people acting like dummies...


--------

How is this news?

[iamabot]

Ok, I may be missing something here but EF, Undernet and DALnet have been getting these attacks for WAY longer than openprojects. Undernet alone has lost 3 hubs to *sustained* 50mbit+ attacks over the past 3 years. This is not new, it doesn't help to publicize the attacks and only encourages more attacks for the recognition sites like Slashdot bring.

./SnApDaD aka iamevil

Re:FRIST

[phook]

Bollox! You've probably got a script monitoring the page.

Do you really want to stop him.

[Rahga]

Tell him that when we do find him, we will rip off his head and piss in the hole. Then, once you mobilize us, we will start doing random stuff like cutting his phone line, setting fire to his dog, and leaving... let's call it "illegal" material in his mailbox right before we report him to the FBI.
Just an idea. I hate people that jack with me and my friends, and I have a soft spot in my heart for seeing people get pissed on unfairly.
If I ever meet up with this clown and find his email, I'll subscribe him to every "lolitasex" mailing list I can find. Especially if I can find some covertly operated by the boys in blue.

Controlled devices

[Smallest]

I have returned from the mountain and this is what I have seen:

<prediction>

Because of the havoc caused in the past by simply clueless script kiddies and their truly malicious cohorts, the Internet of the future will have strict controls on the traffic it allows. Only a severly limited set of simple protocols will be allows (http and ftp, for example).

Computers will be regulated and monitored; there won't be any opportunity to write your own software to bypass the restrictions because all traffic will be encrypted, signed and filtered by the hardware - and only devices from government approved and certified vendors will be allowed to connect.

</prediction>

Think it can't happen? It's already happening with hardware - encrypted speaker connections, for example.

-c

Moderators on crack today.

[TheDullBlade]

Well, it's finally all over. The vandal moderators outnumber the responsible moderators.

--------

Re:Lets Deal With it.

[phook]

Yeah. I'm taking issue with your judgmental approach. Kids have a hard enough time already with authority without more constraints being heaped upon them. Freedom is a precious thing and those that would seek to curtail it are universally hated.

PSA

[Garg]

Doesn't this sound like a Geek Public Service Announcement?

'CmdrTaco sez, "DoS attacks just aren't cool ever!"'

Look for the poster in your school cafeteria soon..

Garg

Re:I AM SO GLAD THIS IS HAPPENING

[lilo]

Jason Salopek wrote:

For years I begged lilo to remove a user known to commit D.O.S attacks against users and me. Instead of doing that he chose to boot me a few times so that "the environment was not distrubed" How can someone knocking people off the net be less worse than me bringing it up. Anyways "LILO" now you know how it feels to be helpless against someone launching D.O.S attacks and mabye you will think twice before giving people the shaft. After I cool down mabye I'll help you crush the little skript kiddie.

Jason,

Begging your pardon, but this is silly. The reason we don't routinely remove people accused of packeting others is that the logs can be so easily faked. We are not in the business of trying to mediate disputes when we have no way to decide who is the victim and who is the aggressor.

But thanks for your offer of assistance.

lilo