Slashdot Mirror
OpenProjects IRC Network Suffering DoS Attacks
Alowishus writes: "Open Projects Net, the IRC network which is home to Debian and other open source projects, has been suffering DoS attacks from a disgruntled customer of one of their server sponsors. Lilo, their sysadmin describes the attacks here, and asks for assistance." It's pretty terrible when a kid goes bananas and can damage the volunteer efforts of many people working really hard to create and support something so many of us use and enjoy. The sad part is that whoever is doing this feels self-righteous and justified in his actions, so nothing any of us say will
matter. I hope they catch him. DoS attacks just aren't cool, ever.
In a variation of Make spoofed packets illegal simply block outbound packets from your network that have a source address other than from your network. While this can be a big problem for core routers, it's really only needed at borders to other administrations. Logic could be added to inspect incoming packets by applying routing lookup to the source address. If the incoming interface is valid (not necessarily best, but at least valid) for the incoming packet, then it's OK. Otherwise discard it. Linux 2.4 now has this in the kernel. I've heard Cisco IOS has a form of this, too. It should be made to be the default configuration.
now we need to go OSS in diesel cars
People seem to carry their moderation points as if they were swords around here. It's really sad, but most would rather mod down as many posts as they can (whether they deserve it or not) than mod up even one insightful post. Just another reason the moderation system around here sucks. When you rely on the egotistical morons that go for as much karma as possible to moderate, there are bound to be problems.
Slow moving marsupials and the women that love them
Slow moving marsupials and the women that love them
Next time, on Geraldo...
--
Gee Ron, do you think you may have just found your man?
Never by hatred has hatred been appeased, only by kindness - the Buddha
Two points
1) If the attack is coming from _within_ an ISP, all bets are off.
2) How many people/corperations are there who do have 45Mb/s access? The last 2 fortune 500 IT companies (one 100, one 100-200) I worked for had 2Mb/s.
Surely that must narrow the attacker down somewhat.
I can't believe that ISPs are happy to _carry_ the attack. Why can't the ISPs be made responsible for the DoSs that they carry, maybe then they'd help trace them to their source as they pointed the fickle finger of blame further up the pipe.
FatPhil
Also FatPhil on SoylentNews, id 863
On the other hand, I'm not issuing a blanket condemnation on all hacking. Just saying -- For Jebus' sake -- at least do it artfully.
Sincerely,
Vergil
Insects and Grafitti Photos
I propose that we modify our network stack a little to get rid of some of these attacks.
Instead of the three way handshake(TCP's connection intiator) taking place on the content provider lets have it take place on a new server called a identity verifier. Now when you want to connect to a content server whatever it may be httpd, ftpd, whathaveyou. You send your tcp request to the verify server. if approved your TCP connection is transfered to the content server. Now there should be multiple verify servers so that you can't just take them all down( a few thousand should do.). Now your content provider only accept connections from these trusted verify servers. If one comes from another source it is dropped. I think we could implement this but i'm busy with another project called dgroups(a decentrallized network) so i am a little busy. if you have any questions about implementation email me.
slakowske@yahoo.com
Time is Change.
You misunderstood my point, it was not about why a kid would *want* to do (this is obvious), but why a kid *could* do it.
Your comment illustrated my point perfectly that people focus on the why "little Johnny" did whatever evil thing he did as opposed to why it was so easy for little Johnny to cause such havoc in the first place.
Being in network security, I can say that this impression comes from the fact that everyone that I have ever had contact with, and did this kind of thing, was under 20. Kids (and by this I really mean teenagers) have the double problem that they are just finding out that one of the largest technical achievements of the human race is available for them to play with and they also have the sense of adventure of... well... teenagers.
A lot of the "script kiddies" and "DoS weenies" out there are doing what they're doing because it seems cool. As they grow older, most of them smarten up and a) put those skills to work in industry b) get a lot more selective and careful or c) end up in prison. The latter is less common, but getting more common, woefully.
What I'd love to see is a computer security service where kids that get caught are put to work doing "community service". Nothing that they could exploit, but simple things like cross-checking log files; manning snail-mail campaigns to send out security bullitens and so on.
Now, that would be a political program that I could get behind. But, of course, it's not the "throw the bastards in jail" approach that's so common these days....
Course, if he does track me down now, I don't think I'd be very kind to him or her.
I personally think it's a red herring though.
Chris DiBona
VA Linux Systems
--
Grant Chair, Linux Int.
Pres, SVLUG
Co-Editor, Open Sources
Open Source Program Manager, Google, Inc.
As admin of adams.openprojects.net, one of the servers that was DoS'd, I felt that I should give my own attempt at trying to find out exactly what was fueling his rage... he wouldn't tell me, or state any reason at all as to why he was doing this; he told me to ask someone else, who also didn't know.
This comment is mainly in response to one of the previous comments that basically scolded the slashdot crowd for not "understanding" the "pressure" this person was under, from VA Linux, apparently. How can we know what pressure he was under if he wont even tell us what happened? He's doing this practically as a "punishment", but we don't even know what we're being "punished" for.
I hope this ends with him being prosecuted, and I fully plan on submitting the 22MB log of eth0 traffic during the attack to the FBI and whoever else will be investigating it. I eventually plan on publishing the entire thing so everyone can see exactly how he formed these attacks. They were mostly the standard UDP floods, but the originating IPs are the interesting part.
If you're running an IRC server, you have to expect this. I'd imagine every network with more than 3 users will be DoSed big time at least once. For the "big three" I'm sure it's almost constant.
> DoS attacks just aren't cool ever.
Except when it's called "the slashdot effect". Has anyone tried to get to mozillazine since 12:49 today?
With all the DoS activity that's been going on for the past year or two, I have to wonder when the ISP's are going to take it seriously enough to filter "spoofed IP" packets originating from their customers. If the packet-stormers are denied the veil of spoofing, they should be easy enough to deal with... assuming of course that the upstream providers actually give a sh*t. (I've been ignored by several large ISP's when offering logs of their users attacking my servers). Unfortunately, the rapid growth of broadband internet access hasn't been accompanied by an equal growth of responsibility... hence the script kiddies can play their games ::sigh:: (disclaimer: I refer to them as "kiddies" to reflect the aparent level of maturity, NOT age.. my 14 year old son is far more mature than these bastards)
chown -R us
--
I'm sorry but if somebody threatens to DoS me over IRC, and then proceeds to do so, CALL THE POLICE. CALL THE FBI. You know who he is. You know where he's IRCing. Log the information, and TRACK THE ASSHOLE DOWN. If he's IRCing from his own ISP (unlikely, but IRC is full of stupid kids), call the ISP and shut the account down. If he's bouncing from one or two sites, look up the IP address (do a WHOIS against ARIN) and call them up. Solicit their help in tracking him down. It should be obvious where he's connecting from (a 'finger' or 'netstat' should make that apparent, assuming the machine isn't compromised, in which case a network sniffer or 'tcpdump' will let you do the same), and back-track.
I know we all seem to think script kiddies have these l33t ways of hiding their identities, but it all boils down to a few responsive phone calls and you can nail anybody back to their ISP. Any competant ISP will have caller ID records for the incoming call. Granted, they won't give you this information, but they will certainly note it. Let the feds do the rest.
Why do people not even think about taking these steps? If you can't reach an ISP's network center, GO OVER THEIR HEADS. Contact their uplink.
The more we whine and say DoS attacks suck, and the more we DON'T pursue and put these fuckers in jail and slap enough damages on them so their parents lose their house and car, the more powerful and untouchable they feel, and the more bolder they get.
I was referring to the more general process of pinging someone to calculate latency.
--
Friends don't let friends misuse the subjunctive.
"Don't bother wasting your time trying to teach these kinds of people how to live in society."
Great. Let's start with you, since you seem to not have the same sort of social graces as I. I recommend something between prison an a concentration camp... or, did you mean "other people".
"Weither they are 10 or 30, they should have learned this kind of anti-social behavior is inrolerable."
Well, let's see. When I was 10, I was shop-lifting (seemed harmless enough to *me*) and getting in fights at school. Would I have been a script kiddie? Probably. Would saving my future by showing me the concequences of my actions have been useful? Certainly!
"[If they had good parents] maybe we wouldn't have so many mentally unstable people."
Woah! There's a whole lot of mistakes all in one phrase. What makes you think that your average script kiddie is "mentally unstable"? I think most of them are just a) currious and unaware of the damage their doing, b) bored and/or c) trying to get a little attention from their peers (which even the most "mentally stable" among us do).
These are mostly younger people who have no real idea of what they're playing around with or why. Many of them are our future sysadmins and security experts. Treating them like rapists and murderers is not the correct solution. I proposed a way to deal with the problem which could probably even MAKE a little money, and CERTAINLY cost less than prison (community service always does, as you don't have to house, feed and provide medical services for your convicts).
What exactly was your problem with my proposal, or were you just looking for a place to flame?
Adults don't bother DoSing IRCs, or committing other acts of petty vandalism.
It's like asking "Why is it always 'some kid' who spraypainted 'Sckool Suks!' on the cafeteria wall?"
Adults commit crimes for profit or principle, make annoying fools of themselves in public, or play mean and petty pranks on individuals who they feel have wronged them, but it is vanishingly rare for one to anonymously commit an act of public vandalism. Attacking the whole community out of pure spite is something that can't possibly produce any useful effect or profit, and even the worst "veteran jerks" learn this by their early 20's.
--------
Now, if you've got an example of Taco *seriously* advocating a DoS on anyone, come back and post it. Otherwise, go back to the hole you crawled out of.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Someone who still uses these tactics as an adult as usually told to "grow up". Go figure.
------------------
------------------
You may like my a cappella music
With all the notes about how hard it is to prosecute this sort of activity, I really have to wonder... how long will it be before someone in a maddening situation like this cracks and puts a *real-life* hit on the luser?
:-). I just know I was sorely tempted at times when as an undergrad, high-school kids kept hacking into our school network. These were known to be local kids; hell, sometimes they would just walk in to the lab and shoulder-surf until they got a password, then sit down and log in. Our head admin chased one haX0r all the way out of the building and onto the dirt bike the kid had sitting outside the door...
:-).
I mean, sure, he's 31337 and all... but someone out there probably knows who he really is. And could be persuaded to go over there with a baseball bat and DoS his head.
Not that I advocate this at all
Anyway, I predict the development of Black ICE soon
It's a strange world -- let's keep it that way
This would never, NEVER work in todays fucked-up, PC(that's politically correct) world.
I used to work with a guy (during my farming days) that talked a lot about the "good ol' days" when people could get by with things like that. He told a story about how this guy kept beating his wife and kids. The nieghbors found out about it and the guy telling the story, along with four or five other neighbors, paid the wife-beating shit-head a little visit one evening. They basically left him close to death, and the hospital refused to see him (because they knew why he had had the shit knocked out of him). He eventually did recover, who knows how. But he never again laid a finger on his wife or kids.
I'm sorry if the above story offends you, but there are some people in this world that simply do not understand any language other than violence. And at some point we need to get over this "I feel your pain" bullshit approach and say, "Heh, you fuck with me and I'll take your goddamned head off." It isn't necissary in ever situation, and I'm not a real hard-ass about it. But for god's sake, let's be realistic. If someone doesn't understand repeated warnings, you don't need to go looking for all kinds of reasons that it's not his/her fault. I don't care if his parents abused him. I don't care if his god has forsaken him. I don't care if he lost his puppy at the wrong time in his childhood. If he is acting as an adult it doesn't matter what happened in his childhood. He should be fucking responsible for what he has done. Get over your childhood and move on.
Psychology is just as damaging to the human race as religion. And in the end, it will leave us all a bunch of homogenized, slobbering, drewling idiots. Equal but different isn't "fair". And some people just won't be happy until the world is completely "fair". So say goodbye to original thought. Original thought leads to conflict. And conflict is "unhealthy" (even if it is the way we progress). Bye, bye reality. Hello psycho-shit!
Sorry for the rant, but the above poster hit on one of my favorite bitches about the PC world of today. Kick some ass when it's necissary! And get over it if you think "it's not their fault". If you are the one doing it, it's your fault. Deal with it.
Slow moving marsupials and the women that love them
Slow moving marsupials and the women that love them
Next time, on Geraldo...
stop saying hella!!!!!!
I sponsor an openprojects server, vinge.openprojects.net, It's just for testing, we only have 5 users attached to it, yet this person felt it should be offline, so he sent over 100mb/sec down the pipe, slowing down the local backbone, (3 45mb DS3's at visi.com) and choking my poor ISP off for 15min.. that's not a long time, but to a modem customer who is surfing, or trying to get email, it's the end of the world. I just moved to this ISP recently, and I've allready got a bad rep with the admins. luckly I've known them for years, and they are personal friends, but it looks really bad when all i do is attract flooding, and DoS. they have enough problems with wu-ftpd scans, and netbios crap. I pay for the hosting, and the box out of pocket, so a few of my friends can get email and IRC, I ask myself, is it worth it? this is the closest i've come to saying no in the 2 years i've run nerp.net.
(Score:0, Troll)
wow, harsh mods!
looks like I can't even make a joke, one poking fun at MYSELF, without gettin modded down.
oh it is a sad day when passing ruffians can say "troll" at will to young posters. Why, even those who type and post insightfully are at considerably moderating stress at this period in history
Open Projects Net: Denial of Service Attacks
Posted 7 Nov 2000 by lilo
Open Projects provides interactive facilities for coordination and support to groups and projects involved with open source. We run between 1,500 and 2,000 clients and are home to such projects as Debian GNU/Linux and Enlightenment. We've had our share of difficulties recently, but we're continuing on.
The past few weeks have been quite an experience. Last week one of our hubs on Open Projects started going up and down like a yoyo. I'd seen that behavior in this normally very reliable server in recent weeks and not thought much of it, since the company in question was in the process of moving its facilities and reliability issues do sometimes creep in during such moves. But we soon obtained a little bit more insight into the problem. After watching the server perform a loop-de-loop, I received a /MSG
from a rather peremptory and anonymous skript kiddie informing me that
if I didn't
permanently remove the sponsor's server from the network, he would kill
my home
ADSL
line and take down Open Projects until he got his way. It seems he
feels
the sponsor owes him money. I'm afraid I wasn't very polite in my
response.
Feeling that one can hardly allow psychotic delinquents to dictate
network
policy, I explained to him that while he might very well be able to take
down our network, he was not going to set policy, and specifically I
would
not entertain the notion of removing our sponsor's machine.
The last week has been interesting. Apparently this petulant child has something over 45Mbps to play with, and he's moderately competent with SYN attacks and so on. In various incidents throughout the week he packeted ISP's and universities and small companies to death to demonstrate his, uh, prowess with borrowed equipment. Currently he has proclaimed that he'll be taking down our network once a day for an hour until his wishes are granted. All I can say is that he's going to be doing it for a long time if that's the case; the heat death of the universe isn't due to arrive for some time.
Throughout this experience I have noticed it's very difficult to coordinate much of a response from ISPs and backbone providers. An unofficial contact at uu.net explained that we must notify his security people while an attack was taking place for them to have any chance of thwarting it. They thoughtfully provided him with an email address rather than a telephone number to give to us, explaining that this is a matter of policy. Perhaps they don't understand that packeting can affect services like email. Or perhaps they are simply extremely comfortable, their owners having cornered much of the backbone market after the last round of industry mergers. My employer's ISP was targeted, and so far the people at the ISP seem a little bewildered, though they're game to fight the good fight. Some folks with very nice bandwidth contributed a server today to see if we couldn't keep our hubbing working through an attack, and the skript kiddie seems to have gone after their routers, leaving very little in the way of evidence behind him as to his point of origin.
As a first, one of our admins contacted the FBI at our request. I'm not sure this will accomplish anything useful, but it's certainly worth a try. It is worth noting that, as a philosophical anarchist, I'm usually not inclined to bring in the muscle of a law enforcement agency to resolve such disputes, preferring to reason with the party or parties involved. But in cases where the problem user has learned his manners from repeated viewing of Robocop, well, there's not much one can do but consider the business to be a declaration of war.
At any rate, it seems to me that this otherwise very mundane set of attacks points to a long-standing problem with the Internet: Denial-of-service attackers have location indirection, but content services and users are left in plain sight as targets for their efforts. I'm hoping Corridors will helpful in dealing with this problem, though it's a fairly long-term project (and constantly in search of additional expertise to finish the design and begin the actual implementation). Meanwhile, we go on, attempting to devise kludges to improve the robustness of ircd in the face of all-out attack.
Any assistance from the readership in combatting problems which we have never experienced in quite this magnitude would be greatly appreciated.
Thanks to the Magenet people and Diane Bruce and F. John Rowan of the hybrid ircd project for their assistance. Thanks to the many users and admins of OPN, whose patience and support have been impressive. And thanks especially to VA Linux for their help and support; they've been real heroes and deserve a great deal of praise. And no, we're not going to delink their server, however many or few seconds we have to comply. ;)
--
314-15-9265
DoS attacks just aren't cool ever.
/Slashdot-05Oct00.html
;)
;)
From:
http://www.slashnet.org/for ums
[21:17:34] <CmdrTaco> bob_jones_iii is being an annoying prick.
[21:17:43] <CmdrTaco> can we kill him? someone dos him
Sheesh. Not cool. Ever. Except when it's convenient. (I Quote from comment #125 by arcade on the comments thread from http://slashdot.org/articl es/ 00/10/07/0025253_F.shtml:
Cmdrtaco sounded a lot more like a scriptkiddie than I really liked. Comments like:
bob_jones_iii is being an annoying prick. can we kill him? someone dos him
Really really disappointed me. Sure, he's got a smiley there, but still. I wouldn't be surprised if someone actually DoS'ed the sucker because "o allmighty Taco told them to".
Slightly offtopic? Perhaps. Making a point? Absolutely.
It makes us protocol developers think about how to combat them. Eventually they(DoS attacks) will be harder to execute and more likely to be tracked. Unfortunatly in the meantime we have to bear with it. Be patient we'll get there, hopefully sooner than later.
Time is Change.
Nahh, IRC will last forever, just like Citizens Band. 10-4 good buddy!
There was an O(n^2) inner loop for reading the trust metric cache, because it was using the Apache table functions. Also, as a more minor problem, this cache file was being stored as an XML file, which took a little while to parse.
After a little on-the-spot programming, it's now stored as a plain text file.
So thanks to Slashdot for motivating me to do this fix. I had noticed the performance was getting a little clunky, but it was good enough until now.
LILO boot: linux init=/usr/bin/emacs
I think I'd rather be a "DoS attacker" than a "DOS Advocate" I think it's kinder to take down a site than promote M$ software.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Its pretty terrible when a kid goes bananas and can damage the volunteer efforts of many people working really hard to create and support something so many of us use and enjoy. (Not an *exact* quote, my spellchecker fixed the "bananas" misspelling)
I think the fact that "a kid" can bring down such a system with relative ease is the real problem here.
I hate to say it, but people tend to ignore the root of the problem (ugh, a pun) and focus on the fall guys involved to draw attention away from the shortcomings of the system being discussed.
And this is not a slam of Debian, Linux, or any OS specifically, it is more a commentary on the overall lack of concern over the underlying reasons why "a kid" can do such things in the first place.
All that proves is that the network has some pretty good ops, while this "rendition" guy is a whiner who did something wrong (by his own admissions) and can't deal with the consequences of it.
Finkployd
Right...
:-)
:-)
1) Secure all servers
This works with cars and businesses with a high initial cost. OTOH, anyone with a decent OS can run an Internet service. You probably run a few at home. We've tried to stop Napster, drugs, and alcohol; so far, one out of three has been only slightly better than a huge failure. In addition, even well-known servers have holes discovered in them after they've been out for quite some time.
2) License ISPs
Can be done, but remember that the big ISPs are just as bad. Remember today's spam article? The top sources of spam were all massive ISPs.
3) Make spoofed packets illegal
See #1. In fact, this would be harder to track down than #1, since the packets are spoofed
4) Authenticate everything
Like you said, Duh!
5) Criminalize all scanning, including pings and probes
Re pings: The author has obviously never played Quake before. And about probes, where do you draw the line between legal and illegal? Is trying a few ports illegal? What if I go to a server and connect to telnet, http, and sendmail? Those ports all have legitimate uses; see #1. Ah ha, you (or the author) say, but I would only outlaw automated attacks. This is dubious at best, and it still runs into the same issues as #1.
Again, like you said, the Internet is structured as to be vulnerable. At this point, no amount of words can change that fact.
--
Friends don't let friends misuse the subjunctive.
Someone find a ip # on this kid so we can ./
him.
AdFuel
Isn't anyone else bothered by how it is always assumed that it is a kid thats making these attacks? I used to be a kid once, and didn't appreciate everything being blamed on my generation. Be realistic, people, it takes EXPERIENCE to become a true asshole; kids are amateurs at best... the REAL jerks are the seasoned veterans
When you act like a two year-old...
Didn't you JUST say that DoS attacks weren't cool?
Hypocrite.
DoS attacks just aren't cool ever
Good one Taco.
Looks like the link is getting the most effective DOS attack known to man: "The Slashdot Effect"
NOW it's offtopic :)
:)
and there goes my karma
but thats ok, I will call myself a martyr.
Oh, how my life was ruined by the evil karma nazis.
I bet I'll get an NBC TV Movie.
'Course, I COULD use my +1 bonus to post this drivel, but I am being good
I've been involved with IRC in one way or another for about 7 years now. It's reasons like this that I do NOT run an IRC server anymore.
.jp servers, who we could never get the admins to fix. I'd also get people attacking my router directly, affecting thousands of customers, all over a silly IRC matter...
/dev/null. A wonderful discussion has gone on on the NANOG(North American Network Operators Group) mailing list, the past few weeks about this very problem. "IRC is stupid, don't make yourself a target" is something heard all too often. If people would just secure things now, when someone's attacking a web server, or something else of yours, you won't have that problem either. What if someone decided to DoS one of the major political party's web pages today, with the same types of floods? It's the same problem, but somehow this is worth investigating, but not if it's IRC? Yes, IRC isn't as philosophically important, but it's a very popular service, none the less...
Around 5 years ago, I ran toast.ne.us.dal.net, part of the DALnet IRC network (obviously). The bandwidth for it was generously donated by a local ISP, in exchange for borrowing some of my expertise from time to time. We only had a frame relay T1, but easily held more than 1000 users at a time.(Which was a record, for a short period) With popularity, attacks started coming.
The first thing that hit was SYN floods. Linux added the TCP cookies feature, which helped a bit. Then raw ICMP echo request floods, which caused us to get icmp blocked at our uplink, which hurt our customers, but was deemed worth while. Then when ICMP didn't work, people flooded the crap out of us with UDP. Then the Smurf attacks started. It came to a point that more often than not, during the evening, I was spending my time on the phone with our increasingly annoyed uplink getting things filtered and blocked.
In 1996, I moved to Illinois, and took the server with me. I started my own ISP on two T1's, and pretty immediately decided to pull the DALnet server, when the period of time that we're getting flooded exceeded the time we weren't. I then moved my IRC server to a much smaller network called NewNet. While the floods were much worse, it still was a perpetual annoyance that some brat in Israel decided he didn't like us, and would reguarly flood us from hacked
Then one day, the "script kiddies" discovered Wingate. Wingate is a highly useful Windows proxy system, that was unfortunately shipped for quite a long time in a highly insecure state. They had a telnet and SOCKS4 proxy sitting wide open, with no passwords necessary. One script out there would go scanning through cable modem and DSL netblocks, gather a list of a few thousand insecure wingates, and connecting them ALL to our network, using them to flood the crap out of us. No longer could we even ban naughty users, because they had thousands of hosts they could choose from.
One VERY frustrating day, I ended up writing a little tool to scan EVERY user who connected to our network, to see if they were actually connecting from an insecure proxy server. Worked wonders, but we had thousands of nasty e-mails from people asking why we were trying to hack them (by connecting to port 1080 then immediately disconnecting?). Much education was required, and many notices of "You're about to be scanned, disconnect if you don't want this to happen" were necessary to prevent some idiots with a firewall they didn't understand from flooding abuse@dragondata.com with nonsensical complaints about hack attempts.
Today, floods are much more sophisticated than the ones we saw 5 years ago. Current floods are completely legitimate TCP/IP packets, that look real. Not floods of SYN's, but real looking data, that you can't just slap a simple filter in to get rid of. Now, unless you're using a stateful firewall that can detect this sort of thing, you're pretty much screwed. (FreeBSD's ipfw system is now stateful, and works quite well for this sort of thing.)
Really, here are the major problems.
1) Network administrators don't secure their networks. They may secure their machines, but they let their routers blindly pass off spoofed packets, when it would be pretty easy in 99% of the cases to block packets with source addresses coming from a port that they don't belong in.
2) Any complaint to any abuse@ address that involves IRC seems to go into
3) It's nearly impossible to prosecute the people who do this. I've talked at great lengths with the FBI and other law enforcement agencies. While they sympathize, unless they have a huge dollar amount in damages they can show, there's little they can do.
4) The same companies and universities get hacked over and over again. I'd like to see someone sue one of them for negligance one of these times.
5) Stupid battles like this are really putting a drain on the IRC community. IRCD server software has pretty much gone untouched over the last few years, because any technically competant coders are busy coming up with proxy detectors and fighting floods, than writing code. There are things with IRC that could be done that would blow people away. But, I'm burned out. 7 years of fighting with people who need psychological help, because they do things like take down a huge network, instead of dealing with their issues in a constructive ways....
6) People take IRC too seriously. It's just for fun, people.
Kevin Day
Bill - aka taniwha
--
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
Now go /. psu's servers
http://www.personal.psu.ed u/u sers/d/r/drb210/198.html
I have a suggestion. Instead of linking directly to the tiny web server running on leech neurons or in a pizza box, can't slashdot just be nice and link to a Google cached copy (if one is available) instead of directly? For those who *really* want to pull directly from the poor victim, it's easy enough to read the big glaring "This is a Google cached copy" disclaimer and click through.
It's 10 PM. Do you know if you're un-American?
This would be analogous to accidentally walking into someone else's house because you were distracted and misread street names, or accidentally trying to open someone else's car in the parking lot. The first is not breaking and entering, the latter is not attempted car theft, and there are ways to make that obvious in a legal dispute.
But you should also consider the ISP's position. Attacks like this often throw the entire ISP off the net, affecting *all* of their customers. Only the very largest ISPs can handle such attacks -- which waste large amounts of expensive connectivity.
It's *much* cheaper to just get rid of the offending site in most cases, and since most ISPs are businesses looking to make a profit, that's what they do. They'd like to fight it, only the largest ISPs can afford to fight it.
Why must we endure *repeats* of jokes that were marginally funny the first time? BTW, the "Slashdot Effect" isn't a Denial of Service attack. Instead it's a "buttload o' people trying to hit the same resource at the same time" attack. They tend to be legitimate requests, not random DoS requests, unless Slashdot's audience is make of up drooling sub-human mouthbreathers who click on anything on the screen that's underlined.
Read my stuff.
According to Bill Machrone, the way to stop DoS attacks is:
1) Secure all servers
2) Liscense ISPs
3) Make spoofed packets illegal
4) Authenticate everything
5) Criminalize all scanning, including pings and probes
Now, would any of these solve openprojects.net's malaise? #1 wouldn't, because it's not their server which is launching the attack; #2 is a structural change which would take too long to implement (even if it's desirable); #3 is promising but would be an administrative nightmare; #4 we should be doing regardless; and #5 is perhaps a necessary evil.
The internet is fundamentally structurally vulnerable to DoS attacks. It's only a matter of pissing someone off and getting picked as a target. With the increasing politicization of everything on the net, the problems will only get worse.
-- Anne Marie
SYN cookies only prevent SYN flooding. They don't prevent UDP flooding, ICMP flooding, TCP connection flooding, or any other DoS method.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
Tell him that when we do find him, we will rip off his head and piss in the hole. Then, once you mobilize us, we will start doing random stuff like cutting his phone line, setting fire to his dog, and leaving... let's call it "illegal" material in his mailbox right before we report him to the FBI.
Just an idea. I hate people that jack with me and my friends, and I have a soft spot in my heart for seeing people get pissed on unfairly.
If I ever meet up with this clown and find his email, I'll subscribe him to every "lolitasex" mailing list I can find. Especially if I can find some covertly operated by the boys in blue.