Slashdot Mirror
ISP Forced Out of Business by DoS
flyhmstr writes "According to a report on ISPReview Cloud Nine have been forced off line and out of business thanks to the actions of crackers deciding to go play with some DoS tools." It's only getting worse.
The kids are getting more and more aggressive as time goes on and
it gets easier and easier to launch a large scale DoS. As any
techie knows, fixing the problem is far easier said then done... but
as a frequent recipient of the sharp end of the DoS stick, I sure
wish it wasn't an issue.
of course a nice healthy slashdotting right now doesn't help anybody's case. :grin:
Pedant.
Easy, Implement a £5000 fine and up to 5 years if proven to be a scripy kiddie willfully launching DOS attacks.
It's very sexy to support programmers who fight 'bad' encryption routines, 'ludicrous' copyright schemes, and the like, but when it comes to skript k1ddi5 hacking OUR stuff, we want to string them up by thier fingernails.
The tough part of this issue is that it begs the question (from the general population's viewpoint): "Which side of the law are we (slashdot community) on?" The unwashed masses out there see both of these as the same thing...
davejenkins.com |
How many companies has /. forced out of business with our very own special brand of DoS attack?
I'm not afraid of falling, it's the sudden stop at the end that frightens me.
...because having their site slashdotted surely can't be good for sales. =)
"We live in a backwards universe where John Lennon is shot dead, yet Barry Manilow continues to make fucking records." -- Bill Hicks
Judge Lynch never sleeps.
Best Slashdot Co
Can someone please clue me into why people do this? I don't quite understand this mentality. I have never done something bad like this simply because I could. Am I a rarity in this world? Do these kids need a hug? Why would you do this? Feeling "elite" because you can knock down an ISP? Take your energy and do something positive with it. IMO, this is petty and retarded. Maybe these script kiddies can go knock down a hospital or something next, hey why not, it doesn't hurt anyone right? RIGHT? forking iceholes.
Sent from your iPad.
IANAS(ysadmin), but this doesn't quite add up for me. Do they really need to go out of business? Heck, if the company is "solvent", it seems to me they could find a way to survive. In the worst case, they switch upstream providers, get new IP addresses for all their boxes, and even change domain names. Yes this is huge pain in the ass for everyone (especially customers), but I can't imagine that shuttering is any more convenient.
-- Brian
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
I don't think spellcheck would have caught that one; it is a grammar error. It did make me read that sentence a couple of times though...
Today looks set to be a sad and frustrating one for anybody who was ever a customer of the once popular unmetered dialup and broadband ISP Cloud-Nine.
At precisely 10:16am a few minutes ago Emeric Miszti (CEO) and John Parr (Operations Director) of the C9 ISP posted what's likely to be their final announcement on our forums. C9 is now the latest ISP to close, although it's the first we've ever seen to go from a hack attack!:
Cloud Nine regret to announce that at 7:45 this morning the decision was taken to shut down our Internet connections with immediate effect.
We tried overnight to bring our web servers back online but were seeing denial of service attacks against all our key servers, including email and DNS. These were of an extremely widespread nature.
We felt we had a moral duty not to expose our customers to possible attacks as well.
We must thank BT for all the help they provided us with in trying to bring these attacks to an end. We worked with them for the last few weeks to investigate this problems but ultimately we did not believe that we could survive these attacks and that it would be in the best interests of both ourselves and our customers to close our Internet service and seek a transfer of our services to another ISP.
We now wish to initiate a speedy transfer of servers, domain names, etc to interested Surftime ISP's and NT portfolio hosters since this would be the quickest way to get the affected customers online again. Please contact John Parr on 07740 423993 if interested.
We want to thank our customers for all the support over the last few days. Ultimately these attacks denied the service not to us but to many thousands of British businesses and ordinary people - this was an attack against everyone with no consideration for anyone!
The company is solvent but if a sale of assets cannot take place quickly then an administrator will be appointed. We have had to pay our excellent staff to the end of the month and we feel really sorry for them as well and would like to thank them for all their efforts over the years and the commitment shown over the last few difficult days.
All the directors are feeling absolutely gutted since we have all spent nearly 6 years building this company and its reputation to see it destroyed by a brazen act of cyber terrorism - well at this moment we can think of no words to express our true feelings.
Emeric Miszti
CEO
John Parr
Operations Director
We're extremely sorry to see them go, not least because they often provided a very important insight into the internal wrangling that goes on between ISP and operator, it often goes unmentioned.
However the fact that such a long standing ISP was forced out of business by hackers is also of great concern and will no doubt be picked up on by the media. We can only hope they catch the people involved.
but as a frequent recipient of the sharp end of the DoS stick, I sure wish it wasn't an issue
.. no /. has never DOS-ed a site... really i swear..
ha ha ha.. this comming from the kingpen of DOS
"Shut up brain or ill stab you with a Q-tip" Homer Simpson
It seems kind of silly to shut down your business because of some little hax0rs. Granted, in this economic climate it could certainly hurt business... however it simply doesn't make sense unless there are some underlying problems.
This isn't like 31337 warez d00d shutting down his FTP server and crying to his mommy because someone did a DELE on all his pr0n files. Closing down a business due to hacking attempts or DoS seems rather harsh action to take.
DoS attacks can be nasty, but why don't you use something like LaBrea to slow them down a bit?
First they go offline for days with no information available about why. Then they say they are coming back on line after a "hack" but that they will have to put their prices up. Finally they just appear to just give up and shut down.
It all seems very strange to me.
Sig is taking a break!
They had to have been in a dire position to start with, or merely decided to sell out. This gave them a reason to explain dumping everyone's accounts over to another ISP. They didn't specify how much they made off the deal.
I can't see a healthy, competent ISP being put out of business by dos attacks. Yet.
Sadly enough (and I certainly feel for the ISP), new laws concerning these attacks aren't going to help anyone. For laws to be effective, you actually have to catch the person in question, and with DDOS that's darn tough.
I'm not sure what the real answer is, though. I find myself reading these stories and articles and feeling helpless myself, even though I'm not directly involved. But I am a programmer, and we're supposed to have brilliant solutions to these issues....but I can't come up with one. The underlying structure of the 'net itself is to blame for allowing these attacks, and you know to change that will be like getting all cars to convert to bacon fat gas.
How does one instigate a major industry shift in how we do things? Would it even be worth it, or will we just see these random business fold due to stupid fucking kiddies?
Blog,Twitter
The efnet (www.efnet.org) IRC network has had these problems for years. I'm not sure how some of their servers have survived, seeing as though many companies donate bandwidth to the cause. I know that a lot of people seemed to have strayed away from it due to the large amounts of DoS attacks, which caused the server links to go up and down (which in turn made a very unstable network). I wonder if they've learned any ways to cope with these attacks? Anyone know of any other networks that have had these issues and are still around?
Kein Mitleid für die Mehrheit.
IMHO the effort should be made to catch a few of the little bastards and see to it than an eXtreme example is made for all. Old enough to run a script, old enough to be tried as an adult and spend the next 20 years doing tech support for Pelican Bay in between visits from their new 'boyfriend'.
And there is a pretty clear difference between 'white hat' and 'black hat' hacking. Did anybody ACTUALLY SUSTAIN *PROVABLE* DAMAGE? (and not like the frame up where they claimed that Kevin stole $100,000 worth of info, or some such BS). These punks do more real damage each day than Mitnick EVER did.
"Everyone is entitled to their own opinion, but not their own facts."
Any bets on they were hosting or providing spam services, and someone got a little tired of it? From what they "said" happened, it appears that someone went to a lot of work otherwise...
One of the main reasons DoS attacks work is because of misconfiguration at ISP's. If the ISP's blocked outgoing packets with forged IP src addresses, and known bad packets, then the severity of the problem would greatly diminish.
ISP's don't do this, because either they don't understand it's a problem, or they don't know how, or their poor NAS boxes would collapse if they were asked to filter the traffic, instead of just forwarding it.
I know this is going to get modded down but this is what the community as a whole gets for having the luxury of being pseudo-anonymous.
There isn't much for accountability when it comes to the net and everyone knows this. Lawmakers are doing very little about SPAM and it's a form of DoS but people cry afoul when some kids were pissed off at someone on IRC and DoS multiple large networks.
If people aren't required to be accountable for ALL of their actions then this isn't going to stop anytime soon. Unfortunately it's not hard to get access to connections with a lot of bandwidth so it's easy to pound anyone into oblivion.
I don't know what the solution is but as more companies get DoS'ed while their livelyhood depends on the net, you'll see more being done.
My question is if it costs companies so much to deal with SPAM, why isn't more being done? Isn't this a similar issue?
The Register is an effective mirror of the article too, but they also have a *tiny* bit more information.
UNIX? They're not even circumcised! Savages!
I run a small ISP, and two of our clients decided to run fragmented DoS attacks and ping floods that consumed the entire 100mbit connection to our main server. Our ISP got royally pissed and cancelled our services with them because it was against their TOS/AUP.
I have moved on to a better ISP that actually filters attacks leaving and entering the network.
See? Its exactly this kind of small-minded modding that makes /. a lame place to be.
>:PPPPPPPPPPPPP
Now that the Internet has shown to be a useful medium and is rapidly becoming an utility, it's time to make it more secure and robust against DDos attacks. The technology exist already, the telco's need to take the initiative and make it happen. From this document on ietf.org site:
7. Security consideration
Any public proxy is inherently a source of DOS attack. Rate limiting packet emission as suggested in 3.5 is expected to lower the risks.
A solution to the DOS problem was posed at the Adelaide IETF meeting a couple years ago. Basically, some small percentage of packets randomly selected get ICMP notices from routers, with last and next hop information, that is forwarded to the destination. So if you are getting a large number of packets from a single source, you get proportionally more of these packets, and can use a heuristical engine to model the source, even for DDOS problems. This allows you to trace back to the offending network/ISP and shut off the DOS
Why did no one do this? It requires changes to router firmware, I'm not sure about Cisco firmware upgrades, but I thought they were at least possible. Besides, they could use this as a selling point and declare their old routers obsolete.
Admittedly, the model breaks down under MPLS, since it is difficult to track the cloud, but you can at least track entrance and exit points from the cloud.
1) I wonder how likely is it that the DoS attacks were an excuse to find a reason other than the "we're really not profitable anymore thanks to big national ISPs" reason for bankruptcy (which is why lots of ISPs are going under lately.) I hate to say it, but after hearing all these companies blame the 9-11 attacks on going bankrupt, I've grown a bit cynical. I really wouldn't be surprised to find out that Could 9 was financially hurting already (regardless of their claim that they weren't.) The DoS attacks allow them to make a nice "good guy being bullied" exit.
/. This will just embolden these kiddies to do it again. sigh
2) This is awful news for other ISPs, since this will give the script kiddies incentive to do it again. Not only did you get an ISP to shut down ("Wow, isn't that cool" must be running through their heads) but they also got featured on
3) (yep, one more just came to me) Can you say serious implications for the future of Corporate Espionage?
I suspect there is more to this story. They may just be checking out due to DOS attacks as an excuse for their investors. There are many ways to combat a DOS attack and BT could have played a large part in that respect. The tools and techniques are available, even to mitigate a DDOS from multiple real hacked hosts.
The Register has a story on this as well, mostly a rehash of ISPReview. Link here.
From that article:
Speaking to The Register a dejected Mr Miszti said: "This is terrorism - pure and simple. I never want to relive the last seven days again.
You're thinking "terrorism? yeah right".
It's too bad (for them) they're in the UK... in the U.S., under the so-called "Patriot Act" this IS in fact terrorism. Read for yourself here.
I think its time now that we do more to script kiddies then let thier mommies hold them over their knee and spank them. I think the Sys admins should do it with with a motherboard so much that you can read the serial number off the cheeks. I know I would rather do that than have the little bastard go on probation for a year
In the UK, the Computer Misuse act is such a catchall, it would be easy to claim damages (less easy to collect though).
Slashdot is known for having a DOS effect, but at least it is people attempting to view a site for its content. Its tough if you pay your hosting company for bandwidth but, at least it's legitimate and its is coming from a lot of users.
The trouble is, so does a distributed DOS. This has a lot of unwitting users too. It is extremely difficult to trace who is giving the orders and the actual attack 'bots run on any suitably unprotected system that happens to have conveniant broadband access to the web. Even the Whitehouse was hit, liuckily the attack 'bot was dumb and a quick switch to a backup IP address solved the problem.
The only solution that I know is to use a private network (as done by several securities exchanges). You can block out all of an exchange's internet access, but you will not hit the private network. Users without a private network connection can fall back to switched circuit connections (i.e., ISDN) when the Internet is down.
See my journal, I write things there
if my business plans didn't work out.
(Read the final paragraphs of the announcement. Why do they stress that they are solvent?)
I could be a little out of date (maybe even a lot ;) ), but last time I checked you could do a lot of calming of DoSing by implementing proper packet filtering on routers.
IIRC most DoSing relies on the kiddie hiding their source address (so that they can't be traced). So ensure that the router closest to the kiddie knows all the IPs it is allowed to accept, and rejects (and logs) all others.
This puts an onus on ISPs to handle the situation. Any ISP which doesn't react immediately to a DoSer from it or a downstream stands to lose (all of) its uplink(s).
Most port handling equipment can handle quite complex filtering on its own, knowing the IP allocated to a port and filtering all packets without that as its source. Port handlers typically forward to a router anyway, so its easy for an ISP to say "that interface talks to that rack, which can use IP range X to Y, so filter everything else". Immediately your script kiddie is limited to faking addresses of other users in the range.
This screws up a number of DDoS attacks I know of (where the reply to an unwitting host causes shit for the replier), and makes it a lot easier to trace the kiddie at least to within a limited number of possibilities.
If the ISP supplies a link to another ISP it must ensure it toes the line. Bulk links to corporate customers or anyone with a range of IPs (rather than just one) at the other end of the link can usually be handled like dial-ups: port handlers filter out bad source IPs.
Does anyone know of technical and/or political reasons why this can't work? If there are no technical problems then maybe an IETF policy committee needs to make it a standards issue.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
I don't think a NAS box does what you think it does...
As usual this is a question of ethics.
It has nothing to do with hackers, crackers, RIAAs, MPAAs or the color green - it has all to do with freedom of information:
- I support freedom of information, and by extension those that help make information free.
- I'm against restriction of information (any kind of information - bad, good, usefull or useless). Naturaly i am by extension against those that try to constrain that freedom.
- Which side of the law am i on?
Neither side. My ethics are independent of the law.
Going back to this specific case, i'm against however did the DDoS attacks because they went against other people's freedom to give and receive information.
There is a world of difference between trying to maintain our fair use rights or exposing bad "security" methods and launching a DDoS attack against ANYONE.
:( )
This is not a black and white issue. A DoS attack is both illegal and imoral, as what you are doing hurts a large group of people. Exposing bad security in e-book files will help people in the long run. (Although it will help the copyright holders and not us
As for the general population, it depends entirely on what the media reports. They can report that "hackers" have cracked a protection scheme, or they can report that a digital protection scheme was proven inadequate. Both are technically true, but each favors one group as the good guy. Unfortunately, since news is an entertainment forum, the first is more likely to be reported.
Until the general population is tech savvy enough to understand these issues, the media will have complete control over their opinions.
Cheers,
Phathead
but as a frequent recipient of the sharp end of the DoS stick, I sure wish it wasn't an issue.
You're a frequent recipient of DoS attacks? What about the sites linked to in Slashdot articles?
Y2K Compliant since the late 1890s
firstly, i wanna go off on a rant, saying that i hate HATE packet kiddies... it's just sad and pathetic how call yourselves "1337 (anyone who types like that should be shot)".. there's more i'd like to add... but i'll hold off on it :-)
secondly, i came upon an interesting article that talks about a reverse firewall. Though unfortunately, it's not effective as we wish it to be, because it just stops DoS's from the source. And who knows how many sys admins will bother to install a device like this
"The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
I saw a comment in here blaming the Internet's end-to-end design for the ability for individuals to cause such interruptions to service. BUT...
With all the designs available to us today, as engineers, we should be able to employ traffic shaping devices to limit the amount of load any given site can generate on the net. Cache, throttle and filter. We build routers that can switch ungodly amounts of packets per second (obviously enough to flood the link to Cloud 9's boxes.
So why can't Cloud 9 invest in a few black box traffic shapers (I know they exist) to smooth out the requests?
Just where is the point of failure, anyway?
As long as we continue to design our edge devices to be layover victims, we'll always have these problems. The network delivers, the computer abides. Well, perhaps the computer shouldn't be so quick to respond.
-b-
Steve Gibson was able to deal with a DoS and it didn't put him out of business, so surely an ISP could too.
Unless of course, it was a mom-and-pop shop ISP who didn't know an ethernet jack from a phone jack (hey, I only did that once!), and I've certainly seen plenty of those...
Didn't they originally host jegelhof's AOLsucks page?
Damn, one of our own.
This is really great for some retarded kiddies to pull stupid shit like this - as if we don't already have lawmakers trying to pass legislation to punish use of a computer in non-MPAA/RIAA sanctioned manner as a terrorist act. These punks have nearly committed a terrorist act that could drive more stringent legislation.
Or did some corporation/govt. do this to push exactly the reaction described above...?
there are apparently more than one cloud 9 internet service providers, because the one at www.cloud9.net is still up and running.
We had a DOS issue once,
Kinda funny actually, poorly done, we tracked down who it was, Unknown to the dimwit on his dads T1 (at home his dad was playing hosting provider) The admin at his upstream was a friend of mice accross town, I called paul up and said hey what you trying to pull here, he chuckeled and said I know, I know, I just saw the traffic, you wanna know who it is, you want me to cut him off ?, I said nah, leave him up, I dont want him to know I know, My friend kindly gave me his name and address,
I showed up at around 3:30 since I figured it was they guys kid, and he should be out of school by then, I took a friend(witness along) I didnt want this punk saying I beat him up or anything. I had a cell phone in one hand and rang the bell with th other, he came to the door and I said, right now the Police number is on this phone, I am good friends with a detective there(true) now, you either pull the plug on your end or I press send and well see how long it takes for them to come and pull the plug permanetly, although I dont think you dad would be real happy, I thought this kid was going to wet his pants, Ive only seen somebody so scared a few times, he fell back over a chair in the foyer and took off ? I looked at my friend and it was all we could do to keep a srtaiht face.
He came back 20 seconds later and said its off, and the n stared to enquire about if I was going to tell his dad, I said no but Im sure the bill from your provider will, He was on a transfer pricing plan and this had been going on over 2 weeks while I was on vacation.
I have "Knoked on doors" twive one was a 2 hour drive but I had other business in that area , most certainly the most effective DOS stoppages Ive ever had.
Maybe we should form an allicance of Administrators geographically dispersed to start knocking on their doors, sort of an Administrators Militia , you knock on his in BFI and Ill knock for you when you need it. Police scare the shit out of most of these script kiddies, probably more the fear of knowing being arrested is not something easy to hide from the parents that pay for their computers and bandwidth.
Sig went tro...aahemmm.....fishing........
Now, I don't doubt that Cloud 9 was/is a great ISP, but I have to take their statements with just a wee grain of salt. I don't see anything there that indicates that they came under any worse of a DoS attack than scores of ISPs before them...why is it, then, that this particular ISP decided to just pack up and die over it? Something smells a little funny here, and I can't just take their attribution of the business failure to hackers as gospel.
For your security, this post has been encrypted with ROT-13, twice.
Unless ISP's start using Ingress/Egress filtering to block faked addresses, there is NOTHING that can stop DDoS attacks. Consumer grade OS's are so easy to hack to for DDoS usage, so the only way to prevent attacks is to get proper identification info (eg. real network addresses of attackers).
So, it seems your plan go like this one:
1. Make a law
3. The script k1dd13 will be ass-rammed every night for the next 5 years.
BTW, how would you implement step 2 (catch them) ? you can't just put their forged IPs in jail, you know.
The problem is that sysadmins see the scans from these kiddies and ignore them (those that even have a portsentry or similar application in place). If you saw someone walking around your house and trying the doors and windows, you'd call the police right away, wouldn't you?
So why do the kiddies get off free? Sheer apathy from most of the sysadmins in the world.
When you get scanned, you have the address (if it's not spoofed), you can send a mail to abuse@domain. But most people don't, because It's too much hassle or we can't be bothered or no harm was done.
Script Kiddies will have a far harder time when admins start practising zero tolerance.
----- Documentation is worth it just to be able to answer all your mail with 'RTFM' - Alan Cox.
Although the news item does not justify saying that the ISP was going out of business because of DOS attacks (they were still financially solvent), perhaps the owner decided he had had enough of the problems from vandals. A well-run business will shut down and leave the neighboorhood when windows get broken repeatedly before they loose all of their money.
Computer vandalism -- This will not decrease until we (as the technical community -- including management) decide to make some changes. Without changes, it will only get worse.
1) Although technological solutions are useful and necessary, they are not enough. The trusted network model does not work in the real world. There must be rules, accountabilty and penalties (without penalties, nothing stops me from continuing to break the rules).
2) Many network rules exist, some are poorly enforced.
3) Because of packet-spoofing. Some (D)DOS attacks can be nearly impossible to shutdown. We need to make sure only legitimate packets can Internet at large. Without this rule, tracking down the vandal and applying the penalty is not practical. If packet spoofing were eliminated, it would be possible to identify culprits at a modest cost.
4) Accoutability needs to be improved by everybody. If Nimba2002 is released tomorrow, Microsoft should be expected to make it well known, and supply a fix. Network servers should be patched. People running compromised server should be cut-off until they get fixed. These things happen by and large in a haphazard fashion today. The problem needs to be addressed at the source whenever possible.
4) Penalties need to be commensurate with violation. A hand-slap for vandalism does not deter, a death-sentence for jaywalking deters, but it not justice either.
5) Then maybe we should get rid of junk email for an encore.
Ok, I admit that in my k00l years I did some bad stuff, but this is terrible. I don't understand why someone would want to destroy a wonderful public network.
Over the past several years I DoS attacks have effected me personally. IRC servers tend to be a big target for these skript kiddies... please, for the love of god stop this foolishness. They are only destroying something which we all can use! Its like taking a dump in your own bed.
Anyone wish they could find one of these assholes? I know if I *ever* found one of these bastards I would beat the living bejesus out of them.
Word to the wise kiddies... If I am ever able to catch one of you I am coming after ya with my good ol' bombbat and I plan to hit a homerun.
/.
Back in the day, before the Internet went commercial, if you abused your connection your upstream provider (typically a bunch of long-hairs at a land-grant university) would cut you off. If they didn't do it, their upstream provider would cut them off.
Currently, there is no real penalty for large ISPs who do not implement egress filtering (which prevents IP source spoofing) and/or refuse to co-operate in tracking down DOS sources.
The anti-spam vigilantes have been partially effective in cutting off ISP service to the worst spammers; perhaps something similar is needed to influence the ISPs who refuse to implement egress filters.
--Charlie
I'd *love* it if ISP's were forced/prodded into doing some egress filtering!
Why did the DDos on yahoo not prompt any calls for this?
I realize that there are problems with this approach, but is it more fundamentally flawed than the alternatives?
Would it not be possible to build anti-DOS features into routing protocols? If you detect a DOS attack from a link, wouldn't it be possible to push a block-list towards the router on the other side of the link? It needen't propagate, because you just want to get far enough out to block before the DOS packets reach high "density". Think avoiding them from entering the bottleneck. So if a router detects a problem, it will do a simple push in the direction.
The goal in approaching the problem like this, would be to avoid having the anti-DOS solution become an indirect DOS.
The block should only be temporary, too, and possibly protocol-specific, so we'll need a TTL, along with optional port numbers.
Whaddya think, fellow geeks? Has this been done? Should it be done?
Stop the brainwash
Think about it: you've just brought down a major ISP, sent their sysadmins to the unemployment lines, and now they have plenty of time on their hands, probably have copies of all the logs, and nothing better to do than go through them with a fine tooth comb to find who messed up their lives.
Nosiree, I would not want to be in those script kiddie shoes. Not that I'm saying the sysadmins would stoop to anything illegal, but there's lots they can do legally if they find out who's behind the attack.
-- This
I find it hard to believe that it's really THAT easy to drive an ISP out of business. Maybe it wasn't perpitrated by some script kiddy but actually some corporate competitor. I wonder how much off-the-record corporate-funded hacking actually occurs?
The same could equally apply to software piracy, some of those protections are pretty techy but still apparently get hacked by groups of such low intelligence that they can't spell or write gramatically correct text.
...Or perhaps Cloud 9 were having problems anyway and found it easier to put the blame on an a fictitious DoS than actually admit they've gone bust due to their own bad management.
Finding a scapegoat is the first lesson of Upper Management 101.
Niz.
Perhaps we are putting our resources out to the wrong people? Who are we actually mad at? What we should be doing is stopping people from creating the tools that these "script kiddies" are using. Take that away and those lame unknowledged kids will be helpless. Not to mention if you are hosting a site that is giving these programs away or if you give internet service to those who compromise systems then you are partly to blame as well. Its time that we take responsibility for our little islands in the Internet and discipline those who live there.
Now there's a couple hundred 13 year olds at home masturbating to the idea that they actually can close an ISP down for good with actions like this.
That's rather worrisome.
In Soviet Russia...michael would be rotting in Siberia!
In the post the C9 said that they had 1000s of business offline for days. Now with commercial customers many ISPs give some type of compensation for down time. If they had 1000s of commercial customers down for that long some of them may have been banks, hospitals, government agencies and other companies that need there feed. It is very possible that this attack causing all service to be down for a long time could have caused a lot of underlining problems
That has to tell you something about the platform and the mindset of those who choose it (choose one or more of purchasers, users, admins, or meatheaded script kiddies to consider. Discuss).
BTW, I wonder what happened to Bill, to give him a security epiphany? Maybe Jennifer's copy of XP got free porn wallpapers all of a sudden, or he's suddenly figured out how all of those confidential emails are leaking?
Got time? Spend some of it coding or testing
Clearly DoS attacks like this don't work as well when you spoof source addresses. When are ISPs going to start filtering for source addresses at their border routers?
I know the old argument was that there wasn't enough CPU, but is that still true?
http://www.theregister.co.uk/content/6/23770.html
"...What followed was first a Firewall password brute force attack resulting in successful hash and destruction of the firewall,"
If they leave their firewall accessible to any sort of brute force password attack, its a good bet they don't know what their doing and would have no idea how to stop a DoS attack.
I agree with some of the other posts suggesting that this DoS was just a handy beard, and that they were in some sort of financial difficulty.
Fsck the millennium, we want it now.
Millennium Crisis Line: 0890 900 2000 [calls cost 50p/min]
There may be hundreds of attack 'bots involved. Each one is run by a user who has no knowledge of the attack and probably very little technical knowledge. To mask all of these and hunt them down would be non-trivial (even if you just pass the info to their ISP).
See my journal, I write things there
Legal action has largely been considered the only way to use force on the Internet. To do this you need to know who someone is and it is very costly. If you know who they get their Internet connection through there are laws in effect that you can use to shut them down. I think this is the latest proof that non-legal force is a reality on the Internet and it is directed towards the weak link in the legal chain. ISPs have to co-operate with law enforcement or legal copyright bullies to shut down attackers like this and they are likely to be attacked in this way. Let it be known: There's a new sheriff in town and he can force you off the net.
How we know is more important than what we know.
I was just going to say this. Clearly, every compromised system used in these DDoS attacks bears some responsibility. If it were possible to impose some small fine on every system involved (or worse yet, if the suystem's ISP were fined, encouraging them to shut down offending systems), then people would start to take notice. Hopefully, people would start to realize that it is everyone's responsibility to maintain safe systems. We do it for automobiles, requiring yearly safety inspections. Why not for computers connected to the Internet?
Obviously, implementing this would be a very sticky technical and legal issue, but I still think it makes sense.
Your Servant, B. Baggins
Am I reading this right?
=====
"Firewall tightening prevented further intrusion beyond the firewalls. What followed was first a Firewall password brute force attack resulting in successful hash and destruction of the firewall," it said.
=====
The firewall password was brute-forced? Kind of makes you wonder about the security of the rest of the network...
maru
It could be that they're covering up something touchy with this, that we'll never know.
Dumbassed moderators!
It was "script kiddies"? Everyone seems quick to blame some juvenile delinquents but many people can/will/do use DoS attacks as a effective form of assult not just sub7 IRC brats, what if it was a local ISP rival? What if it was a disgruntled ex-employee? Also like others have suggested what if they just used the 'hack attack' as a way to cover up a business problem? I think people are quick to dump it on "script kiddies" and give them too much credit! In all reality these children are not that powerful and are more of a nuisance then a real threat.
Nam et ipsa scientia potestas est
let's magically remove that from "the military" too.
me
Although this isn't my field, my friend the criminologist tells me that severity of punishment isn't a very large deterrent to crime. According to her, the largest deterrent is certainty of punishment. This theory is bolstered by several studies regarding drunk driving, and I'm betting it would apply to DoSing.
If every punk who dabbled in DoSing got slapped with a nasty (and embarrassing) fine, we would probably have much fewer attacks.
(-1, Raw and Uncut is the only way to read)
This is a goat sex trap.
But, it does beg the question: How are they able to do this? Is it a redirect?
A few people in their comments said that something sounds fishy here. I agree.
I run the servers for a big Internet site. We log something like 5 attempts/second against our servers average across the day.. Once every month or so, we'll see someone try to send 100Mb/s at a server. There is a lot to say for redundancy and well configured firewalls and routers.. The famous teenage kid that took down several major sites with the DDoS that made the news a few years back also hit us.. We could only see his effect in our inbound bandwidth usage, not in the service of our web, mail, or DNS servers.
I don't work there, so I can't really say that it was positively a wrong decision. I know there have been days that I felt like we should just give up, but honestly no matter what the script kiddies find to DoS us with, there is a solution to stop them.
I hadn't heard of this provider before, but some people here have said they were large. They should have had the experence by now to deal with it. If not, they should have at least been able to find someone that could. The admins of the IRC networks have been dealing with DoS and DDoS attacks for longer than I have, and they do it successfully. They find a way to stop it, and continue as if nothing happened.
I'm sorry to see anyone bullied out of business, especially by some 13 year old kids who don't really understand what they've done.
Er, "don't work as well when you can't spoof source addresses." My Bad.
If I were inclined to solve problems by force, I'd recommend slicing a finger off of underage malicious hackers, and throwing adult offenders into Enron-approved industrial paper shredders.
However, since I am a humane individual who recognizes that people can sometimes do stupid and nasty things, and in the end neutralizing their ill will is morally preferable to forcing their thermodynamic exit from the universe, how about giving them some real jail time (for juveniles as well as adults), just like the way we award people who break and enter physical buildings? That's a reasonable response for non-violent crime that causes substantial monetary damage to the victim.
ok so the kiddies and the death metal T shirt brigade have won again. But there is no point crying in your beer. If your technology level sucks then maybe you shouldnt be in buisness.
That seems like a pretty snobby attitude to me. First off so you don't get the wrong impression, I'm a programmer by trade and not a script kiddie, cracker, etc. of any kind.
.wav files to .mp3 files, I just want to know how to use the codec to make good sounding small files. I couldn't write an mp3 or ogg vorbis codec myself. And I wouldn't try. But I'm glad someone did since I want that functionality. I don't need any DoS tools. But if I did, I wouldn't know how to write them, I would just use something someone else wrote. The bad part would be using those tools. It wouldn't be any worse because they weren't my hand-written tools. It wouldn't be any better if they were my hand-written tools.
Does a soldier understand an M-16? Not can they do field maintenance on it, but could they design or build it themselves? How about an ICBM? That seems like a good analogy. Online weapons will be much like real world weapons, those who build them won't necessarily be the ones using them, and also won't necessarily be the most skilled in their use. Those who use them will become the most skilled in their use. That's what technology, especially software, is all about - one person figures out how to do it once and grants that ability to everyone else, who then don't need to bother to figure out how it works. And it's a good thing that you don't have to figure it out. I am uninterested in the mathematics and sound theory used to compress
Where was the upstream provider? I work for a backbone company, and we routinely nul route and ACL routes to our customers who are being DoS'ed.
I agree that Writing a DoS tool is not a crime. Using it on someone else is.
The above replies which make comparisons to nuclear weapons etc. are also difficult to disagree with, but I think we can reconcile them.
If we take a step back from the problem we'll see it more clearly. Most laws are passed with the intention of improving the society we live in (insert your favorite sarcastic comment here), or at least they are presented that way. Just like any other problem solving excersize we need an endgoal, and here is mine:
In an ideal society most kids will learn how to build nuclear weapons in school, and this will not frighten anyone. Governments will be completely transparent, national secrets have no reason to be kept, and terrorist will only be read about in history books.
Figure the odds right? But the point I'd like to make here is that weapons control laws, national secrets acts, hell even the military, should be seens as temporary measures, hacks, work arounds and not as solutions. The solution is the perfect society where we all get along just fine without these laws. This is what's missing, a vision of the perfect society that we're all working towards. That this perfection is impossible is not the point, the point is we need something to work towards.
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
No, a DoS is vandalism. And the 5kr1pt k1dd13z who started it are criminals.
to read this story, but I guess www.ispreview.co.uk is in the process of being DoSed by all these Slashdot readers . . .
*All* of my servers block all traffic to/from private IPs - except subnets they know - and block outbound traffic not from an externally visible IP that they own; they've done this for years, it's a fairly simple set of ipchains/iptables rules. The 2.4 kernels have a heap more options such as automatic martian (alien packet, ``it can't have come from there'') assassination.
Oh, and they complain in the logs, which are monitored. They also use tools like portsentry to temporarily block all traffic from IPs that sniff them.
And they all stay updated (thanks Mandrake, even if it's not quite as simple as Debian).
These things are all easy under Linux, presumably most BSDs, and probably not that difficult under Solaris, HP-UX, OS/X et al. But Windows? Hmmm...
Shortlist of private IP subnets to drop: 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.127.0.0/16; there are a few others you could use as well.
Do a traceroute 192.168.99.99 from your box (try a few other private IPs as well) and see what happens. From here, RadioWAN don't filter, EfTel don't filter, Paradox don't filter, and AlterNet only drop private IPs after a few hops into their LAN (hey, at least they don't route it!), which is all very sad from a bullshit-deterring POV.
Got time? Spend some of it coding or testing
I'm posting this message to try to explain to all the little dweeb kids that I know read slashdot. You aren't elite because you can run a script to trash someone or some business just for the sake of doing it. Running DOS scripts or IRC bots or 90% of the other crap that most of the supposed hacker sites have available for download. Here's a hint if the site has a domain name and is still aroung after 1 day then it a lame site that the authorities don't care about.
/I would break into a system just to see if we could do it or use the system to learn that platform. Occasionally, there would be a VERY specific reason to do something negative (Cyber-vigilante) - but only in rare cases.
I used to be a 'hacker' (many years ago), My handle was and is in quite a few books about hacking. (Now you all know why I posting this as an AC). Back then nobody did destructive stuff! We
Today, I consult companies on keeping their systems secure. I have even hung some of you lamers that think there elite out to dry with the feds. I'd be willing to bet you don't even know where the idea of substituting number for letters came from (elite = 31373 BTW)! You have given all the "old-timers" a VERY bad name and I hope you all get nailed to the wall.
To all the people that work at a company that has had problems with these little lame kids - Reply to this comment and let me know - I'll help you for free so long as you are willing to prosecute!
No he wasn't. Basically he was a 60's version of a Backstreet Boy.
Anyone who produces "Happy Christmas" deserves to get shot.
Script kiddiez fault for toying with the web?
Microsoft's fault for leaving security caves in its OSes?
Actually folks, I guess it is our fault. Think about it. Where do most DoS attacks come from? They come from DSL/cable users which are 24/7 online. How come? They have a Trojan on their computer and don't know about it. Any how did they get a trojan? They are not educated enough.
As I once heard: people should be issued licenses for using computers (we issue licences for driving cars and expect everyone who drives a car to know what how to operate it). Well, there's no need to be so strict about computers, but think about it for a while: if an avarage user would have enough knowledge to know what a firewall is good for and not to open just anything s(he) gets, DDoS attacks would not be possible.
It is our job (the techies) to educate the users. DDoS attack would not be possble if everyone would be as concearned about their PCs as they are about their cars...
Just my 0.02 Euro
boky
Why? Sure, its possible, but I think it far more plausible that the attacks originated by someone with something to gain.
Why target this ISP? To what end?
There are valid reasons why crackers would take this action, most likely the ages-old motivation for many nefarious activities: Because they can.
I just think it is very suspicious. There seems to be an attempt from the large ISPs to control access to the net by squashing the smaller guys. Can this be part of that? Sure.
Seems awful convenient that such an attack is attributed to 'script kiddies' without even the mention of other possibilities.
-Legion
Shutting those machines down would be pretty straightforward for the ISPs that host them -- snort on their side would detect the scan as easily as snort on my side will. But the profit margin for ISPs is so low that most of them can't (or don't want to) afford technically competent people who would actually set up such a solution. Even if such things were mandated in one country, that still leaves the rest of the world to launch an attack from, as well.
If you want to make a big impact on all this, hold a company (ANY company) accountable for damages stemming from misuse of their network unless they've made "reasonable" efforts to lock the network down. Some thought would have to be put into what "reasonable" comprises. I'd think at the very least it'd require hiring a number of information security people based on the number of machines you had exposed to the network.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This Article now moved here (mentioned in this story) gives quite some insight into the psychology of script kiddies.
It is basically about a sysadmin who tracks the people behind the DOS attack and observes them for a while.
Quite interesting read, too paule_
On the other hand, /. has probably been one of the biggest DoS mechanisms on the 'net, in a manner of speaking. Can you think of anything more bandwidth-destructive than being slashdotted? :)
usually there is more than one reason. I don't think, that the DDoS attacks were the main reason. Sure, they may have been the final drop, but i guess no company delivering profits when not attacked would have done the same.
CU, Martin
CP/M Was also forced out of business by DOS.
For one section, they had cameras sit in on a bunch of young military techies studying the logistics of combating a huge hack-attack; like nuclear power plants being shut down or hacked into danger zones. Airlines losing planes. That kind of thing.
I've been pondering just how exactly the developed nations could be whammied into a state of martial law. The current world situation doesn't have enough momentum to actually put thousands of Americans in prison camps. And the forces which drove the Nazis just aren't there. ("We are descendants of superior Aryans from space!" -No joke.) People today, while easily manipulated, haven't been sold that kind of propaganda, but it remains quite clear that a form of undeclared fascism (That is, "freedom", so long as you eat shit, breath shit, think shit, absorb shit media, and work too hard, and don't mind being overseen by Shirow-style O.R.C.S. with machine gunes, in order that you be reduced to the position of Zombie-like Serfdom), this it seems to me, will be the natural conclusion given the forces of greed and corporate evil moving in the world today.
Choice means that people might not buy your product. Remove choice, while maintaining the illusion of a free society, and bingo! You have the perfect consumer; driven because s/he still believes in the American Dream, but a serf nonetheless, whose task it is to pour wealth into the coffers of the powerful. And to be miserable for those who eat misery. . .
Anyway, it was interesting; the documentary basically said the following:
One military analyst basically said, with a straight & serious face, that in the event of a huge digital attack, "Declare martial law. Shut everybody down and take control of the situation. That'd be my recommendation."
Hmmm.
I don't know how true the above is, but the fact that it was being sold by a respected authority voice, indicates that they're trying to soften people up for just such a turn of events.
-Fantastic Lad
If you block incoming ICMP at your gateway routers, then DoS attacks should not be a possible attack. Without the target being able to send a ping back to the reflector because of ICMP filtering, DoS will fail. And if your network is the target, the reflector will not be able to attack either. As far as I know, DoS is simply ICMP floods to the whole subnet, and ICMP access lists in Cisco equipment is a piece of cake. Just my $.02
The grammatically correct word is "than", not "then". If you're going to nitpick about grammar in articles THEN at least be correct, rather THAN using the wrong correction.
KTHX.
Time for Egress filtering everyone... I don't know why this isn't standard practice, but Egress filtering would stop alot of these DoS's or at least make them easy to swat. Everyone of you with a linux or bsd box protecting your network, take 2 minutes out of your day to do egress filtering.
I don't think this would help much in the case of DDoS attacks. If the distributed attackers are victims themselves, unintentionally running some malware, the malware needn't forge the source IP. The initiator doesn't care if the distributed attackers can be tracked down.
It's monkey nature. Everyone needs to remember we're monkeys at heart. We hurl shit at other monkeys to mark our territory and make us feel good about ourselves.
We only refrain from hurling shit when we're afraid of a bigger monkey. This is the role of law and punishment, to restrain our inherent monkey behavior. The little script monkey who wouldn't do this in real life because the other meat monkeys will see him destroying their property and beat his meat monkey ass is overjoyed to find himself the biggest cyber monkey on the block.
Isn't the basic DoS attack where the return TCP/IP address is invalid [thus wasting server time on the other end]
Wouldn't a trivial fix for servers be to force all outgoing TCP/IP traffic to be legitimate.
As for spam, isn't a quick fix just to turn off all forms of relays? Seriously why can't you just send email to your server and from there directly to the other server.
This isn't the days of using FrontDoor and long distance calling plans. Sending email world-wide is as easy as sending TCP/IP packets world-wide [which is fairly trivial given the infrastructure in place].
By closing relays [or dropping email that was relayed] spammers would have to have their ISP given to the recipient [since there are only two steps in transit, their ISP and your ISP]. That would in turn make black listing bad ISPs easier.
Whoa...
Tom
Someday, I'll have a real sig.
back in '98 (i think), Charles Schwab and i believe Amazon (or e-bay) got DDos. Apparently for ransom. what is remarkable is that Schwab do about 2 billion USD e-commerce per week. And declared no loss from it, even though there web site was down for 3 trading days.
Clearly DDOS can be used for ransoming/ extortion........
perl -MIO::Socket -e 'IO::Socket::INET-new(PeerAddr="some.windoze.box:1
They're monkeys hurling feces. They will stop if they think a bigger monkey will kick their ass. That's why they're not firebombing people, because if they did that they'd get caught. But the cop monkeys don't understand DoS attacks so there is no fear of reprisal. Look at how monkeys deal with the issue. Do you really think humans have any better a handle on it?
Check out SecurityFocus, particularly the ARIS. You can set up a cron job to submit snort reports. This is exactly the thing you're talking about, and it's been around for a while. Why don't people use it? Because it costs money (to subscribe -- submitting reports is free), because they don't know how, because they don't care...
Oh, go on, check out my job.
sPhealley has given us the obvious solution.
Let's build lots of empty buildings and equip them with deadly traps. Chances are that the script kiddies and the vandals are the same. When the 1 in 500 perp walks in with a spray can, ZZAAAP! Followed by the CLUNK of the spray can hitting the ground and the WOOSH of the collective sigh of relief from the other 499 people.
Whaddya mean, inhumane? Only the spray can industry will suffer, and just a tad at that.
P.S. In France, the government recently reversed its stance on security. Rampant crime was "right-wing propaganda", they know admit it is a "major concern". The change occured shortly after the son of an important minister was mugged outside a movie theater in Paris. See how if works? So let's all give our Congresscritter's email addresses to as many spammers as possible!--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
If you block incoming ICMP at your gateway routers, then DoS attacks should not be a possible attack.
Yeah, and let's stop UDP, too.. and TCP - if you block them, then there's no way anyone can DoS you! While you're at it, let's block IP altogether!
there is a reason that ICMP isn't blocked.
It's because it's necessary for the internet to function.
ICMP is used to indicate network failures, MTU disovery, and a whole host of things that are necessary for the internet to function normally.
Kids don't need to be smacked. Hitting is not good discipline. Training a kid is a lot like training a dog, and I don't hit my dogs, why would I hit my kids? Of course, a lot of s.o.b.'s abuse their dogs.
This said, anyone old enough to launch a DoS attack is not a little kid. Maybe not an adult, but hardly a toddler. As moral agents they need to realize there are consequences for their actions, and the lack of consequences is the biggest reason people are more likely to launch DoS attacks, start flame wars, etc. online rather than in real life. In real life you're always wondering if you're going to get your ass kicked, this is missing right now online. It will eventually evolve though, the tools will get easy enough to use that everyone will have them and your group of online friends will stick together to DoS people that mess with you. Primitive societies. Eventually evolving their own police, 'local' laws, etc.
What is a bad thing?
You should *really REALLY* be careful about what you say, or you might get what you claim you want.
Look at past history. Do you want to be personally sued for bitching about a company?
Do you want to be potentially subject to hundreds of thousands of dollars in fines for installing, say, distributed.net on a cluster you administrate. (When there's nothing in the computing policy that says you cannot do that.)
Do you want to be held responsible if you write software that gets misused by someone else. Right now, they're going after napster/kazaa, but will they go after IRC? Have you ever coded an IRC robot, server, or client?
Ever worked on a packet sniffer? Ever downloaded DeCSS? Ever tried to reverse-engineer?
Be careful.. 'abuser' is frequently defined to be anything that a monied interest doesn't like. Or, it is defined as any random arbitrary thing that an ignorant person randomly chooses as bad.
I feel sorry for all the people at Cloud 9 who ended up losing their jobs because some 14 year old kid got their kicks bringing down a whole ISP. Hopefully by the ISP closing, the group of people will get more brazen until their caught. I just hope no other companies had die because of it.
Maybe one day, we will have fusion...
Yes Francis, the world has gone crazy.
it's down. so this is the only way you can see the article now. a bit of karma whoring maybe, but if this was standard with each story maybe we wouldn't be DoS'ing all these innocent sites.
I'm the sysadmin at a small ISP, so I figured I'd weigh in here.
/. crowd who often calls foul when an ISP puts any sort of restrictions on their traffic seems to be calling for the opposite here, but as /. is very diverse, I'll assume that it's not the same people.
Unfortunately, with Windows XP spreading throughout our userbase, I fear that such filtering will become necessary. Many DoS attacks originate from compromised Windows boxes, and the first person to use WinXP's ability to create a raw socket and spoof addresses is going to suck.
Firstly, the worst DoS attacks we've been hit with recently (only a couple over the last year, which I'm thankful for) were large ICMP packets from legitimate addresses (appeared to be ping -s 65000 -f), and large UDP packets from legitimate addresses (appeared to be Sub7 or something similar on IIS-compromised hosts).
Secondly, I'm leery of doing egress filtering as there are legitimate reasons to send a different source IP (one-way tunnels being a prime example). It's interesting that the
Someone mentioned mailing abuse reports whenever they see portscans and the like--while this is good in theory, almost all of the connections I see get stopped at the firewall are from Korea, China, etc. In these cases, I don't bother--do you know where mail in a language that I can't read and can't find a translator for goes? Besides, whenever they get a mail in English, they probably just say something like Damn SPAM! I do not want to make my penis larger, thanks! <delete>
Anyway, like I said, the DDOS weapon of choice seems to be compromised Windows boxes these days--this has the benefit of both hiding the attacker's IP address while still sending legitimate packets. This problem will be around until people are educated enough to not open attachments when they shouldn't, and until there haven't been any major security holes in MSIE/OE for a long enough time that most people have upgraded.
www.scriptkiddiessuck.com is available for registration.
:P
Since most of them are immature little kids (mentally or physically), maybe it's not so much as protecting our servers that's important as directing their ire onto ANOTHER server.
Or you can make like Steve over at GRC.com and go to their IRC channel and kindly ask them to stop pinging your server to death.
InfoHighway Communications - but since their customers are leaving 200-300 at a clip (now almost non-existant) it seems they're going out of business all on their own...
Seeing a isolated snapshot of the situation doesn't provide alot of information, so I'm a little confused. How is it possible that a DOS alone could drive an ISP out of business. Was it really a healthy business that was destroyed by a DOS, or was this the straw that broke the camel's back. It was mentioned that they did have insurance, but that the insurance wouldn't cover "rebuilding their network". "[A] Firewall brute force attack [resulted in] successful hash and destruction of the firewall" = bad password, no backups. I'm just trying to figure out what kind of DOS can lead to the destruction of an otherwise healthy network and company. The press release paints the picture of a smoking crater, but of course, it's all just data. There's no defense against the various flood attacks, but they should be easiest to trace, and temporarily filtering the flooding IP's should prevent widespread damage. Any ISP admins care to comment.
Other than saving face, ("Hackers did it" vs. "unchecked spending did it"), is there any practical advantage to claiming that evil hackers destroyed the business. Something just doesn't add up.
> If 1000 people walk down a backstreet past an empty building, 998 will just pass by. 2 will throw a rock through a window and spraypaint the walls
One impact of the internet is that the 0.2% of the population can find and talk to each other, swap ideas, and build a sufficient sense of community that they no longer feel the pressure to conform to the morals of mainstream society.
Scary - but unstopable ?
As someone who was put in this same situation at the end of '99. I can only say -- if the big boys were concerned -- it would not be a problem. Although its not a trivial problem, dynamic blocking rulesets on bordergate routers who get a rush of ICMP (or other sorts) of traffic to a single target would not be hard to block.
.ca. After the attack our ISP was quick to disconnect us with no alternatives we closed our doors (noone else in town wanted to touch us).
My small ISP which had been doing okay had been stranded without an uplink after a 150Mbit attack took out sprint links in our part of
After the attack we were quick to contact the NOC of a few schools with unused 'open' blocks who refused to claim responsibility (of the DDoS packets) or fix the problem. About a month and a half later they had FBI knocking on their door after the ebay/yahoo etc attacks.
The question --
Do you think DDoS could be a tool for the bigger ISP's and players to squeeze smaller guys (ISP/ASP) out of business? I know that one quite is a stretch.
What other reasons have kept ``Tier-1'' networks from implementing fixes?
Both long-time residents of the English Language neighborhood - though they are not living on the same street - Than and Then were caught fighting in front of Then's house. Witnesses heard murderer Than screaming and sobbing at Then: "You're a fraud! I'm so much more adequate, so much more fitting than you! I can't believe he would choose you over and over again! And I just can't stand seeing you with him all the time! Argh!!!" Four gunshots were then heard.
Apparently, the two belligerants were fighting over the love of a certain CmdrTaco, whom never hid his preference for Then. When asked about the tragedy, CmdrTaco swore to the investigators that he had no recollection whatsoever of Than.
I think additional router fixes in, for example, IOS 14 should include TCP fingerprinting. If it comes from a Microsoft OS, drop the packet. That would relieve a lot of the congestion problems. :-)
Sorry for posting anon...
What's the point of DoS? Does it prove that you are "31337"? Does it give you a rush? It's pointless...
############# # m@ hunter # #############
The internet needs new protocols for ISP's to be able to put upstream IP blocks in place for IP's belonging to them. Combined with enforced traceability of IP's this would let ISP's stem attacks quickly, after which the people who's machines were compromised can be approached to fix it.
The problem is that the information producer is
paying for bandwidth, not the consumer.
If people could pay per packet to access web sites, then it would not cost anything for a popular provider to serve millions of gigabytes.
This is orthogonal to DDOS attacks, but actually, if the infrastructure were in place for micro-payments for packet billing, then tracking
DDOS attacks would be easier.
Not malicious, but perhaps reckless in some cases. Some (many) sites can't withstand a Slashdotting.
Just because it CAN be done, doesn't mean it should!
If the source address is usually (always?) spoofed in a DDOS attack,
the solution is simple: ISP's should never let a packet out of their
routers that has a source address that is spoofed. If I have DSL, and
I'm connected to a router owned by my ISP, they KNOW what my source
address is and they could prevent me from spoofing.
In my mind, the ISPs are all lazy. They could prevent a lot of this,
but they don't care.
OK, what's wrong with my argument?
There's simply no way to prevent such attacks unless by changing the infrastructure of the internet significantly. ISPs For economic reasons they dont change it, so they implicitly accept the risk of not doing it. As of more severe penalties against hackers and script kiddies, this is getting a bit ridiculous because in the end you really can't compare a smurf attack against going and breaking someone's head...
crackers dont DoS dipshit. neither do "hackers." script kiddies do DoS. now stfu taco.
Stage One: ISP is under attack.
Stage Two: Floods of e-mail from customers, whining and screaming about the terrible lag on 'their internet'.
Stage Three: Techies figure out that they're being attacked. Inform management, attempt countermeasures.
Stage Four: Customers continue to complain, whining about taking their business elsewhere, how they should get refunds, free service, a new car, etc.
Stage Five: Someone up their has a clue and figures out they should try to limit damage to customers. Hey, if they're going after the ISP's servers.. They might start picking off random customers who are connecting. *yank cords*
Stage Six: Customers continue flooding ISP with angry letters.
At this point, people want refunds and free service, or they'll be jumping ship. In most areas, there's an abundance of ISP's. Many aren't huge, and many can't afford to give a large percentage of their customers 'free service'.
I don't know exactly how huge this ISP is, or if this could've happened to them - but it could easily happen to a small ISP.
Remember, kids, the average ISP user still bitches to their tech support people when, say, www.microsoft.com gets Slashdotted and is unresponsive, as if their ISP can do anything about it. Explain to them that the ISP was under attack, and they'll go into paranoid ramblings of 'being hacked', all while screaming for handouts of free service and refunds.
Let's start with the awful customer service, unreliable connections, awful customer service, immoral and possibly illegal business practices, awful customer service and awful customer service.
Her firm had a problem with the mail relay, it's only a small firm and they'd left the relay open and some spammers had found it. Cloud 9 terminated their connection without notice of any kind, and when finally they found a human being to talk to (they like to do their tech support by fax) they basically tried to blackmail her firm into handing over control of their domain, hosting etc etc to Cloud 9 before they'd reinstate the service. Needless to say, they got dumped very quickly indeed and went to Demon.
Frankly they're a shitty outfit and they've got their just rewards.
Never email donotemail@WeAreSpammers.com
We'll keep DOSing them out of business.
That simple.
I am under the impression that this is currently impractical for large sites. Otherwise, I agree with you. I tend to set up ingress and egress filtering, with lots of anti-spoofing drops (e.g. traffic to or from 0.0.0.0/8). Of course, this makes a firewall rule base more complicated, so most people don't bother.
For example, I use ipfilter and NetBSD. To get proper ingress and egress filtering, my rules break down something like this:
rule group 200, all inbound traffic on the internal interface (i.e. from me to the Internet)
- rule group 201, limit valid sources to the internal network
- rule group 202, inbound on the internal interface, from the local network, but stays local (e.g. SSH to the firewall, broadcasts to ignore on the local net)
- anti-spoofing rules (has to be after group 201, otherwise the anti-spoofing rules would drop traffic to/from the internal network)
- rest of egress rules
Needless to say, this, along with a lot of dynamic "keep state" rules (NOT THE SAME AS "established", which just trusts the flags on the packet), is more complicated than most example firewall configurations floating around the net. And the sad thing is, it barely protects me from DoS because it only filters out attacks from reserved nets, while most of the crap is DDoS fed by hacked machines on broadband nets.So proper ingress/egress filtering will only get you so far, at a cost of increased complexity, and hell, most network engineers believe security is a transport layer issue, anyway. (The transport engineers think that security is an application layer issue, and the application programmers don't bother with security, they just trust the network.)
Ok, sorry, rant mode off. :)
Hey, if anyone's interested in my ipfilter configs, I'd be more than happy to post them to the relevant mailing lists, news groups, or web sites. They are super complicated, but there aren't too many examples of a proper, paranoid firewall configuration lying about on the web. It's my home stuff and I don't mind people beating on it too much.
I'm proud of my Northern Tibetian Heritage
I, for one, would love the opportunity to see a well-crafted example in order to learn and see how it's done properly. The email here is fine, or to djpotter(at)rushmore(dot)com would be great, also.
Thanks!
"If there's hope, it lies in the proles..."
And this is a fine example. Mircosoft cost money right. If you are an ISP with losts of money you are fine. You can buy all the M$ crap you want and hire all the M$ certed people you can. You get bandwith peaks, so what. A systems is down, he you are running a M$ product that is the best and your clients will allow this. Now take the ISP who has little cash. He runs a free OS, cause he just cant afford anything else. Well he get a spike in traffic and blamo, he gets charged up the wazo from his uplink. A system goes down and the client realizes you get what you pay for. The ISP has to close up shop. So where does M$ fit into all of this? Well they have know for a while that being the most used and most saturated OS has it advantages. From that no one can swtch to anthing else. They are stuck. Back it up with Marketing that says yours is the best, or will be, don't buy anything else that is better now. Have some security holes in your OSs to allows DoSs to happen and boom you can blast away your compition in no time. So in actuality there Security PR problem is a Marketing solution.
It was dark and I didn't have my contacts...
>Not that I'm saying the sysadmins would stoop to
>anything illegal, but there's lots they can do
>legally if they find out who's behind the attack.
I wouldn't be so sure. Here in the UK it would seem that the Data Protection Act would stop the hacker's ISP from handing over details. See this recent story from Silicon where a UK ISP has refused to cooperate over hacking allegations.
Yet another case of UK law helping the miscreant & not the victim.
Matt
Any affiliation with Cloud 9 elite? Ahh I remember those days, and everything they stood for. Thankfully I found GNU and Linux and those days are over for the most part.
... I am not off the hook either.
Two weeks ago somebody took over my home server using an sshd loophole and used it to attack sobobody else.
Now I only have a postgraduate degree in CS, so maybe I need to be educated.
Yeah, I was aware of the loophole and I was determined to patch it up one of these days... However, I was appalled to find out that even SuSE 7.3 was vulnerable and had to be patched.
Marko
Do they *know* that script kiddies are truly the ones to blame? How can anyone be sure it isn't hired minions of the major ISP players hoping to hasten even further the demise of their smaller competitors? Given the difficulty in tracing the true perpetrators of DoS attacks, this would seem like a low risk proposition for the majors...
Meanwhile, mandate that cable modem and DSL providers must validate outgoing IP addresses. Turn on fair queueing at major bandwidth drop points.
...if you understood the difference between a comma and a period. (Hint: the period is that little dot on the key next to the comma. It is used to end sentences.)
Well from the sounds of the "script Kiddie" seems to be safe in this one. If the sysadmins were able to go through the logs to find him/her/theim then do you night think they would have spent every hour they could stay awake doing this before they had to go home with a box in hand.
It seems that the wrong person is getting blamed here (kind of at least). Yes what the kiddie's did was bad, but the admins should have had half a brain to stop this, or at least slow it down (DDos attachs are much harder to just stop).
man
No manual entry for
Law enforcement in cyberspace is a joke. The FBI will spend millions harrassing SJGames but the local police won't even take your report on your site defacement. Show them printouts of headers, traces and syslogs and they'll stare blankly.
When the official law enforcement is incapable of action, it's time the citizenry take back the power they -lent- to the police. It's time for online vigilantes. Hack the cracker sites and infect their warez. Track the bastards down and crack their systems. Mailbomb their parents to let them know that Junior is misbehaving. Give them a steady stream of virii and trojans. Granted, most of these sociopaths lead lives of self-inflicted solitude and misery, but they can't live in utter isolation. They have other sociopath confederates. So infiltrate their box and attack their friends. Get them attacking with each other.
Yes, I know that vigilantism is "illegal". But the law enforcement community won't do anything. You can sit back and do nothing while your ISP goes down or you can act in your own defense.
The typical cracker is a moron. They couldn't code "Hello World" in English. All they do is download new warez. We're smarter than they are.
And oh, by the way, if you actually get ahold of one of these turkeys in the flesh, take them out back and beat the shit out of them.
A Government Is a Body of People, Usually Notably Ungoverned
It is not the New York ISP.
This worked until the US navy turned up and enguaged in "gunboat diplomacy". Having realised that they had made a mistake the Japanese actually learned from it (and decided to pay a return visit on the US Pacific fleet some time later.)
And I'd say they got a pretty good learning lesson shortly thereafter as to what a great learning lesson THAT was.
If the US lacked the cultural/economic triggers that spur on violence, the presence of guns wouldn't matter much.
Similarly, if the script kiddies had any sense of self-respect and responsibility, they wouldn't be out causing chaos just for the jollies they get from it. Some might think they're proving some sort of techno-anarchistic viewpoint, but the truth is most of us in the technology community think they are (expletive deleted) idiots. They prove nothing, they achieve nothing of any particular use (security never seems to tighten, only laws do), and they really just piss everyone off. Does that enhance their lives? I have my doubts. But they aren't bright enough to understand themselves or their place in the world.
The name says it all... Why do these little wankers do this kinda crap. It makes the rest of the techies look bad.
The Only Person Willing to be Me is ME!
Secondly, I'm leery of doing egress filtering as there are legitimate reasons to send a different source IP (one-way tunnels being a prime example).
Can you explain this further, or provide some references? I can't see how this would work, and I didn't find anything about it using Google.I dont believe or understand how a business can be over run by DOS attacks for "weeks". Working in a very visible corporation and having dealt with a few DOS attacks in the past... i found there is always a pattern.. they will come from a certain ISP's network range.. a certain geographical region. Once you find that pattern toghether with your top tier ISP .. you contact the ISP's which are at the root of the problem and convince them of the business sense it would make to stop/disconnect those hosts so as not to be removed from certain routing tables and sued to next heaven. You wont catch the culprit behind this but you would stop the attack.
Seriously though, I could care less about the proliferation of DoS/DDoS tools. What bothers me is that the ISPs where this crap is coming from have never been blackholed by the rest of the community. It's not THAT hard to implement a widespread policy of filtering source packets, and that cuts down on a LOT of the methods used by the skript kiddiez.
The pathetic part about it all is it was already a problem in '95, and source-filtering was strongly recommended then. Soon after, no ip directed broadcast became also strongly recommended. Sadly, I can still get a 250:1 return on a forged ICMP ping (thankfully, their outgoing bandwidth is only a T1)
The real culprits are the people too lazy or inept to be allowed to run a network.
--Dan
I don't think this would help much in the case of DDoS attacks. If the distributed attackers are victims themselves, unintentionally running some malware, the malware needn't forge the source IP. The initiator doesn't care if the distributed attackers can be tracked down.
The primary point of tracing the source, in most cases, is to stop the attack, not find the initiator. If you can't find the source, then how are you going to stop the attack?In a name, Captus Networks! It's not for small users, but ISP's should be able to handle the costs! They sell a few boxes that stop DoS attacks...check em out http://www.captusnetworks.com/
Someone should mod up the parent post! The poster has the right of it.
To further amplify the point, many successful cracks aren't reported to anyone (insurance, law enforcement, etc) because to do so would be in breach of the management team's responsibilities to its shareholders to protect the share value. This is a non-trivial situation and places corporations in a position where they have to not report a crime in order to not commit a crime (of sorts - breach of trust) upon their shareholders.
This is all too common. I haven't the vaguest clue how you fix it, but it smacks of wrongness. There should be a way (as far as the market is concerned) to not report a crack, while simultaneously actually reporting it (perhaps annonymously?) to the people who track and investigate these things.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
If the ISP doesn't know how to stop/prevent a DoS, they should be out of business..
One solution to the problem would be to establish randomly distributed honey pot computers which act as if they're infected by one of the various script-kiddie trojans. Log everything that happens to those computers, but do not allow those computers to actually perform DoS attacks (the script-kiddie probably won't know the difference).
After collecting evidence, the perpetrator should be fined and prosecuted. It would likely cost nothing to the tax payers since it could fund itself from the fines imposed on the perpetrators. If it's just a kid, then hold the parents responsible.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Back in the days of 2.0, I used the kernel's IPIP tunneling driver. It worked by having the remote host send packets destined to an IP address (say 192.168.1.10) to your IP address (say 192.168.5.50). Any packets that the client host sent out on the tunnel would actually go out over the Internet interface--I'd be sending packets as 192.168.1.10 from 192.168.5.50. My ISP at the time DID do egress filtering, so I had to have the network administrator disable it for the tunneled IP address.
Admittedly, I know a lot more now than I did then, and perhaps this was the Wrong Thing to do--perhaps my tunnel was misconfigured--but it worked at the time.
FWIW, I think I also saw some VPNish software pull the same stunt once upon a time, but I'm not sure.
When an idiot gets mugged you still blame the mugger. Trying to foist the blame off on the victim is fucking bullshit. That is not the way of civilization.
A Government Is a Body of People, Usually Notably Ungoverned
As the owner/admin of a small web/shell hosting company, I of course have a lot of views on and experience with DoS. I haven't read everything here, but bits and pieces, so sorry if I repeat some stuff... anyway, on with my general reply to a few things here.
1. Why script kiddies do this retarded shit - at least in the shell host biz, the main reason is they are pissed off at one of your customers who has an eggie with you. They decide to take over the channel, so they DoS the hell out of the server to take the eggie down so they can take over the irc channel... retarded.
2. I see many people talking about exposing security holes and whatnot, but DoS attacks really have little to nothing to do with exposing security holes, most of them anyway(I realize many that hardly work now used tcp/ip stack flaws and the like). Anymore, most DoS attacks are just floods of some sort... trying to squeeze a 5 sq. ft. board through a 2 sq. ft. hole, more or less. This is not a server security problem, there's not much an admin can do about it except shell out the money for more bandwidth.
3. Some of you may be happy to know that I have found UUNet great to work with on stopping DoS attacks. They have been right on top of things and got ingres filters (to stop the spoofed IPs, since most DoSes use spoofed IPs) up within about 20 minutes and continued to watch the subnet the flood appeared to be coming from. If you're a target of a DoS, check with your uplink, see if they can filter for you or have them contact UUNet and work with them (UUNet can't do anthing directly unless the DoSer is directly connect to their network, but almost everything goes through them, so they may be able to track down where it's coming from so you can contact that ISP or server admin).
Cloud Nine is based in Basingstoke, UK, out in the Hampshires? It must be those damn Watership Down rabbits gnawing through the cables again!
Luke, help me take this mask off
Geez, mod that up. It does make ya wonder why the firewall was allowing connects from outside. It really makes me wonder what password they were using... "msce1"? "cloud10"? While there may have really been a DoS, the story does reek of being a cover for either substantial incompetence or financial difficulties.
Expanding a vast wasteland since 1996.
There has been many times that I wish I could pay back a company for screwing me, either because of bad customer support or some fee or policy. I bet they just pissed off the wrong person and they paid for it with their business.
Just firewall port 6667, and most DDOS would go away...
IRC is THE SINGLE LARGEST TARGET OF DDOS ATTACKS .
If something is going to replace IRC, its going to have to have a much more distributed infrastructure, and anonymity (at least by IP address) of both the servers involved and the clients will be a must. You must remove the identifiable targets if you want DDOS to stop.
Of course the authorities wouldnt much like the anonymized nature of such a network...
"This network protected by Hells Angels"
I'm sure other countries have similarly frightening organizations. A little donation to the club and an address to make a visit to - nonviolently. A little verbal warning might make a world of difference: Your online actions do have real world consequences.
i'm perfectly happy with cloud9.org
it wasn't me
i swear!
If a and b in c, and a can create b, and a can create a, and b can create b, and b cannot create a, then a created c.
Hackers. Kiddies. Neither. Both. There's a fundamental problem with saying the "Slashdot Community" is on any particular side at all, it's just not that cohesive. Some people have posted very passionately against copyright infringement here. I don't know about anyone coming out in support of script kiddies, but I'm sure it's happened.
I think in general, people are more likely to support haxoring copyright protection schemes and stealing mp3's because they feel little or no sympathy for the corporations that are the victim, and because most of us have pirated mp3's and enjoy listening to them. On the other hand, DDOS attacks are an activity that knocks off our favorite websites and ISP's. We are all the victim and nobody benefits but a bunch of maladjusted teens who get to boast about how 31337 they are.
There are stories of white hats hunting down the ip's of spammers and doing various horrible things to them. Same attacks, different target, that makes all the difference in public opinion- here as elsewhere.
why don't these kids use their bad habits for powers of good? (or pseudo-good) Why don't they dDOS a couple of the millions of white-supremacy or (insert your favorite bigot fsck here) websites that are up? And I know you're going to say that those types of websites are protected by free speech, and I agree with you, but I think we can all agree that these kids are going to trash something, it might as well be something that SUCKS
We dance to all the wrong songs.
--Refused.
I think since the FBI typically has some idea what kids are doing it and where they should watch the kids and just start fining their parents for what the kids do (or if the parents can't afford millions a hefty percentage of the damage).
Seems to me historically (for better or for worse) that if you hit people in the pocketbook they'll be more active in helping a cause. I mean it's like what I heard about Sweden (iirc) giving traffic fines based on income. If all of a sudden that millionaire has to pay $100,000 for going 10 mph over the speed limit instead of say $100 or so, they'll more likely get the message.
Just one man's perspective...
I think you may be looking at that stick backwards. Slashdotted is in the Jargon file!
Hmm, if we setup a mechanism on the net where upsteams sites can be told to stop forwarding "hostile" traffic (with some means of identifying it), then it seems to be that the next stage in DoS would be to forge these "stop flooding me" requests so that nothing is sent or recieved from your servers - basically dropping you off the net, at "your" request.
(anon - posting on the office side of the firewall)
What other reasons have kept ``Tier-1'' networks from implementing fixes? Lily Tomlin's classic phone operator routine comes to mind, "we are the phone company, we don't have to care".
Obviously, such a scheme requires some form of authentication, yes.
You could've hired me.
uh.. what?
"We still don't know who's behind it - nor do we know who's next.
"This is not just an attack against us, but against all our customers."
Yeah.
Right.
Who's next? The next podunk ISP that needs to blame its poor business practices on "terrorism".
Face it: if DDoS was a real, true problem, *on this scale* it would have been all over for a lot of ISP's a long time ago...
t_t_b
I'm on PJ's "enemies" list! Are you?
What was their domain name by the way? When I first read the article, I thought it was an ISP located 15 minutes from me in NY, cloud9.com. I guess it would have been cloud9.co.uk?
Being a previous business customer of Cloud Nine in the UK it wouldn't suprise me if they were already in dire financial problems. The service was awful and expensive.
We had to get Nominet (UK internet name registra) to wrestle our domain away from the money grabbing oiks when they refused to change the tag to another ISP:
"We don't deal with ex-customer problems" was the snotty reply from their helldesk.
Bankrupt by a DoS???! sounds like an 21st Century insurance scam!
You know, if is paranoid of course but...upon reading the short /. blurb, I immediately thought "What a way for a bigger boy to knock out a smaller kid." Of course, this sort of tactic could also be used by smaller competitors too but the BIG boys (MSN, for instance) have more than enough resources and a total lack of ethics...they could do this without batting an eye or breaking a sweat.
It was highly likely to be a few buttwipe, snotnose kiddiez but I have that little doubt sitting in the back of my mind. If not this particular episode, what of any others? Who gained by the shutdown of this ISP? MSN? AOL?
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Well think of a snake, sometimes they have to use the snakes own venom to cure the bite, so applied to hacking, its created to protect (as in the snakes case) but it can be used to harm, lethal evan--
so theres no real answer, yes I think their wrong, but theres always going to be that script kiddie to fire up an exploit and cause a DOS, which only means we'll get stricter laws eventually because the government really has no interest in the way the crackers get the script, just that they used it...and don't evan get me started on the media.
> something about an editor being of a different sexual orientation cmdr taco is STRAIGHT STRAIGHT STRAIGHT!
I believe that this is one of the /. articles where the value of the comments far exceeds that of the actual story.
I cannot begin to express my fustrations after having several IRC networks I administer smurfed ceaselessly -- one to the point of not returning for almost a year.
Kudos to those who have offered what little insign can be gleaned from these ignorant acts.
Looks like someone didn't know their CD\ and dir commands! :)
A rival ISP set out to attack and bring down these guys. Think of how easy it seems and how much market share they could get in a particular area. but this is probably redundant
i just remember a story about some campus fiasco a while back about some webspace or something and how a kid was basically paying his own back pocket with university money... that and i think he had a t-1 on the other side of town generating the traffic.
Why can't spammer ISP's be forced outta buisness like this? Where are you damn script kiddies when we need you?
#6495ED - cornflower blue
that The same people condemning these DoS attacks participated in the great KPMG /. DoS???
why is one correct and the other one not???
With what everyone was doing to the KPMG site there was malice and forthought of the result (i.e. a DoS on their website because they prohibited deep linking)
Slashdot... double standards a-plenty!.. thats why I love it...
Burma?
Every time someone attacks some group, or something that affects the economy in some way- people band together and defend the economy. Attacks help develop a stronger system with the initial intent of defending against the attacks- but eventually the benefits of the system being stronger are felt throughout the whole system- not just in the ability to defend against attacks.
Atari!!!! (translation:prepare to be attacked)
In the distance you hear an ominous moo.
Laws are neither required nor practical. Aside from the obvious idiocy of attempting to enforce nation-specific laws world-wide, the issue is more of a technical one than anything else. DoS attacks are so easy because the system currently supports such activities even when launched by complete morons using basic programs stolen from others. The kiddies aren't even required to know how the program works; they simply launch the sucker and sit back to enjoy the ensuing carnage.
The only way these attacks will be prevented is to change the way communications occur between machines on the internet. The current system, while nicely redundant and easy to employ, is virtually devoid of security features or accountability (i.e., identifying the source of attacks). Worse, most ISPs aren't at all interested in putting out the energy to track down attacks made by their own users and shutting them down. How many script kiddies would remain in the DoS business if an ISP sent a bill home to their parents in the tens of thousands of dollars for massive misuse of system resources? That would do more to put a stop to teen twits than anything else, I think, at least in countries where such bills are enforceable.
Of course, the fact that certain unnamed operating systems practically beg to be exploited doesn't help much....
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Maybe Privacy vs Freedom of Information would be one example (as in my privacy vs somebody else's freedom to find information about me)???
I can imagine a situation in which somebody would find and tell everybody about one of my dark secrets (no goatse jokes please). Or maybe start spamming my e-mail, or my mobile phone. Or maybe i'm not accepted by some employer because they got hold of some confidencial medical record that says i've got some mental disease X (again no goatse jokes please).
On the other hand there my liberty to find information about others. Like for example know that a prospective employer is actually a sweat-shop and their so-called bonuses are just hot air. Or that some guy that works with me is paid twice as much, has half the brains, produces a third of what i do and is only there because he's the boss's nephew.
As with everything a balance has to be achieved. Where to stop other people's liberty and start my privacy?
In practice, don't expect others to protect/respect your privacy if you don't protect it yourself. If you are willing to give it up for a few bucks a month - for example by signing in to your local shop's Costumer Card program and answering a form that asks everything about you and your family including the name of your grandmother's cat - then you will in practice have much less privacy.
What kind of idiotic ISP actually run DOS?!?!? If anyone does, of course it gets a DOS attack it deserves.
Problem is that IP spoofing has legitimate uses. We can't ban everything that may be bad.
What do you call an ISP with stupid admins going out of business?
A start.