Slashdot Mirror
ISP Forced Out of Business by DoS
flyhmstr writes "According to a report on ISPReview Cloud Nine have been forced off line and out of business thanks to the actions of crackers deciding to go play with some DoS tools." It's only getting worse.
The kids are getting more and more aggressive as time goes on and
it gets easier and easier to launch a large scale DoS. As any
techie knows, fixing the problem is far easier said then done... but
as a frequent recipient of the sharp end of the DoS stick, I sure
wish it wasn't an issue.
It seems kind of silly to shut down your business because of some little hax0rs. Granted, in this economic climate it could certainly hurt business... however it simply doesn't make sense unless there are some underlying problems.
This isn't like 31337 warez d00d shutting down his FTP server and crying to his mommy because someone did a DELE on all his pr0n files. Closing down a business due to hacking attempts or DoS seems rather harsh action to take.
If the scrupt kiddies buy the hardware like we buy the DVDs maybe you have a case, otherwise it seems to me like apples and oranges to me.
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
They get charged through the nose for all the bandwidth the attack takes. Theres a certain amount of money budgeted for bandwidth, but the a DoS attack hits and suddenly you're running at 100x normal bandwidth cost for however long it takes you to break the attack - that kind of fee can certainly break a company that already lives on the edge.
Sadly enough (and I certainly feel for the ISP), new laws concerning these attacks aren't going to help anyone. For laws to be effective, you actually have to catch the person in question, and with DDOS that's darn tough.
I'm not sure what the real answer is, though. I find myself reading these stories and articles and feeling helpless myself, even though I'm not directly involved. But I am a programmer, and we're supposed to have brilliant solutions to these issues....but I can't come up with one. The underlying structure of the 'net itself is to blame for allowing these attacks, and you know to change that will be like getting all cars to convert to bacon fat gas.
How does one instigate a major industry shift in how we do things? Would it even be worth it, or will we just see these random business fold due to stupid fucking kiddies?
Blog,Twitter
The unwashed masses out there see both of these as the same thing...
That is the problem. I always try to explain it this way: There are good doctors, and there are bad doctors. There are good lawyers, and there are bad lawyers. There are good cops, and there are bad cops. (etc.) And there are good hackers, and bad hackers.
Can someone please clue me into why people do this?
Because they can.
Sad, but true - that is the long and short of it. DoS attacks are modern vandilism.
This just seems to be part of human nature; I haven't seen much change in the percentage of people who behave this way since my childhood (1960's) anyway. The problem is that the world today is so interconnected, and also dependent on technologies whose webs of interconnection are more fragile than we like to think, that the 2/1000 with the desire to damage can do a lot more damage to a lot more people than ever before.
I am a bit discouraged myself about whether or not this can be stopped on the Internet, personally.
sPh
I suspect there is more to this story. They may just be checking out due to DOS attacks as an excuse for their investors. There are many ways to combat a DOS attack and BT could have played a large part in that respect. The tools and techniques are available, even to mitigate a DDOS from multiple real hacked hosts.
the same side as always.
the 'slashdot community'is against unfair laws , but in favour of good laws.
destroying something without a good reason is just wrong.
I could be a little out of date (maybe even a lot ;) ), but last time I checked you could do a lot of calming of DoSing by implementing proper packet filtering on routers.
IIRC most DoSing relies on the kiddie hiding their source address (so that they can't be traced). So ensure that the router closest to the kiddie knows all the IPs it is allowed to accept, and rejects (and logs) all others.
This puts an onus on ISPs to handle the situation. Any ISP which doesn't react immediately to a DoSer from it or a downstream stands to lose (all of) its uplink(s).
Most port handling equipment can handle quite complex filtering on its own, knowing the IP allocated to a port and filtering all packets without that as its source. Port handlers typically forward to a router anyway, so its easy for an ISP to say "that interface talks to that rack, which can use IP range X to Y, so filter everything else". Immediately your script kiddie is limited to faking addresses of other users in the range.
This screws up a number of DDoS attacks I know of (where the reply to an unwitting host causes shit for the replier), and makes it a lot easier to trace the kiddie at least to within a limited number of possibilities.
If the ISP supplies a link to another ISP it must ensure it toes the line. Bulk links to corporate customers or anyone with a range of IPs (rather than just one) at the other end of the link can usually be handled like dial-ups: port handlers filter out bad source IPs.
Does anyone know of technical and/or political reasons why this can't work? If there are no technical problems then maybe an IETF policy committee needs to make it a standards issue.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
We (the slashdot community) (except for the trolls) don't cause inconvience to innocent bystandars/consumers, and we don't cause headaches for those who actually do something, only to the lawyers and politicians and freeloaders (RIAA, MPAA, et cetera).
The masses are the crack whores of religion.
Huh... But what did you do about the clients running fragmented DoS attacks, and using ping flood tools on YOUR network? Don't you have a terms and coditions of service?
Mod me down for this, or forgive me if I'm missing something here, but it seems like you passed the problem on to someone else instead of dealing with the source offenders yourself.
There is a world of difference between trying to maintain our fair use rights or exposing bad "security" methods and launching a DDoS attack against ANYONE.
:( )
This is not a black and white issue. A DoS attack is both illegal and imoral, as what you are doing hurts a large group of people. Exposing bad security in e-book files will help people in the long run. (Although it will help the copyright holders and not us
As for the general population, it depends entirely on what the media reports. They can report that "hackers" have cracked a protection scheme, or they can report that a digital protection scheme was proven inadequate. Both are technically true, but each favors one group as the good guy. Unfortunately, since news is an entertainment forum, the first is more likely to be reported.
Until the general population is tech savvy enough to understand these issues, the media will have complete control over their opinions.
Cheers,
Phathead
Why asking?
It is an old thing. Always and everywhere some young males have an urgeing desire to destroy something just for destroing it. Today if they have muscles they go and smash windows, destroy park benches or just bully others. If they don't - they rund DoS attacks.
Let us say it straight: there is no difference between a script kiddy and a brainless thug who ie. cuts bus seats with a knife.
Raf
Can't speak for the rest of the slashdotters, but I don't want them to be prosecuted... I want the insecurity to be repaired, which is what we've always wanted.
Taking this to an absurdly inappopriate analogy: If some pranksters fire bombed an old age home killing all inside, is the solution to call for old age homes to be built with fireproof walls and armed guards out front? Where does the responsibility of the criminal end and the responsibility of the victim begin?
Writing a DoS tool is not a crime. Using it on someone else is.
I agree. In support of that viewpoint, I would give the following example counter argument.
Guns are bad. Nuclear weapons are bad. Let's remove them both from the military. Studying how these things are built and used is not a worthwhile endevor. Since we don't believe in attacking someone for no reason, we don't need any weapons. We also don't need to study how offensive weapons might be used against us. Therefore there is no reason for their existance. Let's just pass a WMCA (Weapons Millenium Contraband Act) law and outlaw anyone even thinking about how weapons work or how reinforcements might be vulnerable to weapons.
(Disclaimer: I don't own anything which was designed to be used as a weapon; lest someone pigenhole me into a certian group.)
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Steve Gibson was able to deal with a DoS and it didn't put him out of business, so surely an ISP could too.
Unless of course, it was a mom-and-pop shop ISP who didn't know an ethernet jack from a phone jack (hey, I only did that once!), and I've certainly seen plenty of those...
Technically trivial, perhaps. Administratively, it is extremely non-trivial, and that's just as big a factor. Please get off the "If I can do it in my home network of three machines, it must be just as easy to do for the whole internet" horse.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Now, I don't doubt that Cloud 9 was/is a great ISP, but I have to take their statements with just a wee grain of salt. I don't see anything there that indicates that they came under any worse of a DoS attack than scores of ISPs before them...why is it, then, that this particular ISP decided to just pack up and die over it? Something smells a little funny here, and I can't just take their attribution of the business failure to hackers as gospel.
For your security, this post has been encrypted with ROT-13, twice.
The problem is that sysadmins see the scans from these kiddies and ignore them (those that even have a portsentry or similar application in place). If you saw someone walking around your house and trying the doors and windows, you'd call the police right away, wouldn't you?
So why do the kiddies get off free? Sheer apathy from most of the sysadmins in the world.
When you get scanned, you have the address (if it's not spoofed), you can send a mail to abuse@domain. But most people don't, because It's too much hassle or we can't be bothered or no harm was done.
Script Kiddies will have a far harder time when admins start practising zero tolerance.
----- Documentation is worth it just to be able to answer all your mail with 'RTFM' - Alan Cox.
Think about it: you've just brought down a major ISP, sent their sysadmins to the unemployment lines, and now they have plenty of time on their hands, probably have copies of all the logs, and nothing better to do than go through them with a fine tooth comb to find who messed up their lives.
Nosiree, I would not want to be in those script kiddie shoes. Not that I'm saying the sysadmins would stoop to anything illegal, but there's lots they can do legally if they find out who's behind the attack.
-- This
It's also a lot easier to be "anonymous" on the Internet than in real life. An innocent bystander can't happen by and notice a crime taking place on the 'Net due to the nature of the structure, so there's a sense of "I won't get caught if I DDoS". Because of this, I believe the ratio is more than 2/1000 on the 'Net -- probably more like 50/1000. Due to the anonyminity, people feel they can get away with more than they would normally feel comfortable with in meat space.
Without you I'm one step closer to happiness without violence.
Perhaps we are putting our resources out to the wrong people? Who are we actually mad at? What we should be doing is stopping people from creating the tools that these "script kiddies" are using. Take that away and those lame unknowledged kids will be helpless. Not to mention if you are hosting a site that is giving these programs away or if you give internet service to those who compromise systems then you are partly to blame as well. Its time that we take responsibility for our little islands in the Internet and discipline those who live there.
Now there's a couple hundred 13 year olds at home masturbating to the idea that they actually can close an ISP down for good with actions like this.
That's rather worrisome.
In Soviet Russia...michael would be rotting in Siberia!
You're far to direct to get any attention, alas. You deserve an upmod for sure.
To reiterate and expand:
The DoS-ers are causing material and practical harm to the equipment of others.
The LiVid guys etc. are doing something useful and practical with something that they own.
The two situations are _diametrically opposed_.
FP.
(I don't mind being redundant if it helps some people get the point!)
Also FatPhil on SoylentNews, id 863
Compare this to stuff like DeCSS, Felton's work on SDMI and the rest. Showing why something doesn't work or getting additional functionality out of a product just isn't the same as maliciously depriving a business of the resources it requires to survive.
It isn't hard to explain but what is hard is getting the message out when Disney and the like are spouting their propaganda at 11 and with the simple fact that this isn't a bullet issue for the proverbial Joe Average.
I don't want knowledge. I want certainty. - Law, David Bowie
This also breaks down when DDoS attacks occur. Most of the older DDoS daemons didn't bother to forge return addresses, the threat was strength in numbers, not stealth. It might help in shutting down so-called "zombie" hosts that are launching the attack, but won't help to trace back the original attacker. The real solution is for ISPs to get a clue and start doing better egress filtering and monitoring. (Take random sample of outgoing traffic and look for DDoS signatures, unusual numbers of SYN, broadcast addresses, unusually high bandwidth consumpution without meaningful replies.) Admins of compromised hosts are also at fault. Patch your system, it isn't difficult. You can't blame OS/product vendors for bugs, as long as they recognize and patch problems ...
Adam Lydick
If 1000 people walk down a backstreet past an empty building, 998 will just pass by. 2 will throw a rock through a window and spraypaint the walls.
But this isn't throwing a rock and spraypainting. That's more like trolling Slashdot. This is setting the building on fire. The difference between what these kids do and an arsonist is the FBI actually cares about arson.
God Fucking Damnit
A skript kiddy is pretty safe, as are spammers
Depends, if a spammer is trying to sell a real product they should be perfectly possible to track down.
How is that 'in support of that viewpoint'?
How about: Guns are bad. Nuclear weapons are bad. We'll build them and see how they work and could be used against us, because someone else might do it to us, and we need to know how to defend against and handle such a situation.
Building a DoS tool isn't a crime. Using it against another machine in a cleanroom environment to see how the overall system responds is not only acceptable, but critical if you want to defend & respond appropriately.
Can someone please clue me into why people do this?
This is a somewhat larger question than I think you realise and one that people have been struggling to understand for as long as there have been people. Why do people do bad things? Why are they selfish, cruel, malicious? Why do even good people not have the self control to always follow their better instincts? Why do some people not even seem to have those better instincts?
I'll be up front and mention that I am a christian (Now THAT is a statement to start a flame war on this board - not my intention but my experience is that there are a lot of people that are quite indignant with me for what I believe. But since it IS what I believe [I'm not making it up to start a flame war] & is relevant to your question I don't feel particularly compelled to keep silent.) Anyway, christians (and therefore, I) believe that every single person is 'fallen' and inclined to be 'bad' (or evil to use the old-fashioned term) and do 'bad things' (or sin to use the old-fashioned term). 'Bad' (or evil) ultimately being defined by christians as being selfish - living for oneself rather than for God & your fellow man. Though we are all the same in this regard it is expressed differently in each of us as individuals. The behaviour of these kids doesn't have any particular appeal to me but I think for them it is a way of selfishly having "power" they don't otherwise have. They are probably incapable of doing something positive that would have as much impact or bring them as much or notoriety. But here they are a few, or maybe even one immature kid that brought an entire company staffed by mature, technically astute adults to bankruptcy. Excersising power, having an impact, feels good, feels like importance - and in their self-absorbed state of mind the plight of the people affected does not enter in.
On the other hand, /. has probably been one of the biggest DoS mechanisms on the 'net, in a manner of speaking. Can you think of anything more bandwidth-destructive than being slashdotted? :)
It's pretty easy to tell good laws from bad ones, using objective standards:
Good laws protect individual freedoms and provide a level playing field for everyone.
Bad laws destroy liberty and favor special interests over the good of the whole.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
For one section, they had cameras sit in on a bunch of young military techies studying the logistics of combating a huge hack-attack; like nuclear power plants being shut down or hacked into danger zones. Airlines losing planes. That kind of thing.
I've been pondering just how exactly the developed nations could be whammied into a state of martial law. The current world situation doesn't have enough momentum to actually put thousands of Americans in prison camps. And the forces which drove the Nazis just aren't there. ("We are descendants of superior Aryans from space!" -No joke.) People today, while easily manipulated, haven't been sold that kind of propaganda, but it remains quite clear that a form of undeclared fascism (That is, "freedom", so long as you eat shit, breath shit, think shit, absorb shit media, and work too hard, and don't mind being overseen by Shirow-style O.R.C.S. with machine gunes, in order that you be reduced to the position of Zombie-like Serfdom), this it seems to me, will be the natural conclusion given the forces of greed and corporate evil moving in the world today.
Choice means that people might not buy your product. Remove choice, while maintaining the illusion of a free society, and bingo! You have the perfect consumer; driven because s/he still believes in the American Dream, but a serf nonetheless, whose task it is to pour wealth into the coffers of the powerful. And to be miserable for those who eat misery. . .
Anyway, it was interesting; the documentary basically said the following:
One military analyst basically said, with a straight & serious face, that in the event of a huge digital attack, "Declare martial law. Shut everybody down and take control of the situation. That'd be my recommendation."
Hmmm.
I don't know how true the above is, but the fact that it was being sold by a respected authority voice, indicates that they're trying to soften people up for just such a turn of events.
-Fantastic Lad
Have you tried recently to sue a 14-year-old in Singapore or Russia or South America?
They're monkeys hurling feces. They will stop if they think a bigger monkey will kick their ass. That's why they're not firebombing people, because if they did that they'd get caught. But the cop monkeys don't understand DoS attacks so there is no fear of reprisal. Look at how monkeys deal with the issue. Do you really think humans have any better a handle on it?
it's kind of ironic that it's really the ISPs that are to blame for the proliferation of DDOS attacks anyway, they are the ones allowing their users machines to send out ping floods and nasty UDP crap in the first place. ISPs seem eager enough to bump users off for exceeding their (usually unpublished) bandwidth limits, but they couldn't care less about virus and DDOS traffic.
That was classic intercourse!
I'm the sysadmin at a small ISP, so I figured I'd weigh in here.
/. crowd who often calls foul when an ISP puts any sort of restrictions on their traffic seems to be calling for the opposite here, but as /. is very diverse, I'll assume that it's not the same people.
Unfortunately, with Windows XP spreading throughout our userbase, I fear that such filtering will become necessary. Many DoS attacks originate from compromised Windows boxes, and the first person to use WinXP's ability to create a raw socket and spoof addresses is going to suck.
Firstly, the worst DoS attacks we've been hit with recently (only a couple over the last year, which I'm thankful for) were large ICMP packets from legitimate addresses (appeared to be ping -s 65000 -f), and large UDP packets from legitimate addresses (appeared to be Sub7 or something similar on IIS-compromised hosts).
Secondly, I'm leery of doing egress filtering as there are legitimate reasons to send a different source IP (one-way tunnels being a prime example). It's interesting that the
Someone mentioned mailing abuse reports whenever they see portscans and the like--while this is good in theory, almost all of the connections I see get stopped at the firewall are from Korea, China, etc. In these cases, I don't bother--do you know where mail in a language that I can't read and can't find a translator for goes? Besides, whenever they get a mail in English, they probably just say something like Damn SPAM! I do not want to make my penis larger, thanks! <delete>
Anyway, like I said, the DDOS weapon of choice seems to be compromised Windows boxes these days--this has the benefit of both hiding the attacker's IP address while still sending legitimate packets. This problem will be around until people are educated enough to not open attachments when they shouldn't, and until there haven't been any major security holes in MSIE/OE for a long enough time that most people have upgraded.
No, a terrorist probably wouldn't, but a hobbyist chemist might, just to see if they can.
Likewise, no a cracker probably wouldn't write a cracking tool/DoS tool/whatever unless they were intending for it to be used, but I might. Maybe I want to see what's involved, maybe I want to gain some sort of insight into how they're developed and how they work, the better to secure my own system(s). Hell, maybe I just have some time to kill, and can't think of anything better to do with it.
Knowledge should not be illegal. The use of that knowledge to the detriment of others is an entirely different matter, and should not be confused with the mere possesion of that knowledge.
Cheers,
Tim
It's official. Most of you are morons.
I think a lot of people are like this.... until someone comes along and does something horrible to them. Then they change their toon fast. I am not saying this against you Aceticon, but you know it's true. People scream for freedoms until they get abused by it and then the song changes. Just a thought.
Sent from your iPad.
If the source address is usually (always?) spoofed in a DDOS attack,
the solution is simple: ISP's should never let a packet out of their
routers that has a source address that is spoofed. If I have DSL, and
I'm connected to a router owned by my ISP, they KNOW what my source
address is and they could prevent me from spoofing.
In my mind, the ISPs are all lazy. They could prevent a lot of this,
but they don't care.
OK, what's wrong with my argument?
Do these kids need a hug?
:)
Actually, this is probably closer to the truth than most people realize.
I will agree with this. These kids are doing this to make themselves feel powerful. They want to feel important, significant. If they were made to feel their significance by the people to whom they should be significant - their parents - perhaps they would be less likely to seek a feeling of power in mindless destruction. Though there is no guarantee - even a person without excuse, loved, cared for, etc. can lack the self-control to tame their baser desires.
If you think about it, you realize it is only possible to hurt someone else (or their property) if you feel like you are hurting yourself.
Now I have to disagree - sort of. Their indulgence in malice and cruelty, their seeking after the thrill of power does them harm. But in their self absorbtion they are only aware of how good it feels to wield that power - to feel important. They do not feel hurt, they feel powerful.
The really sad thing is, when we find someone who is hurting, and has demonstrated this to us by hurting someone else, we hurt them more by punishing them. Thats a human approach, but it will only result in larger problems. When someone hurts us we should help them by giving them a hug... or something
Here I have to disagree - for several reasons. First: If someone cannot exersise enough self-control to refrain from hurting others they must be externally controlled by someone else (the state or their parents) - either by actual physical restraint or by the credible threat of punishment. Also, while they still need "a hug" love and acceptance from those from whom it is due - now that is not enough. I don't think their can be healing without honest regret (not just regret for being caught but for being *wrong*) - that is up to the criminal, no one can either force them through punishment or manipulate them through compassion to arrive at that repentance. There also can't be healing without suffering real (depending on the crime even harsh) consequences. Even kids have an inate sense of justice (that I believe is valid) and that even criminals will acknowledge. It does not do the do the victim or society at large - but especially the criminal - any favors by bypassing the requirements of justice. A penitant criminal who has been punished for his crimes can start again. A penitant criminal who has escaped punishment will feel the unfairness of that escape and a continued sense of guilt. He will be crippled in his ability to begin anew. An unrepentant criminal will take either scenario as an excuse to continue in their crime.
Seriously though, I could care less about the proliferation of DoS/DDoS tools. What bothers me is that the ISPs where this crap is coming from have never been blackholed by the rest of the community. It's not THAT hard to implement a widespread policy of filtering source packets, and that cuts down on a LOT of the methods used by the skript kiddiez.
The pathetic part about it all is it was already a problem in '95, and source-filtering was strongly recommended then. Soon after, no ip directed broadcast became also strongly recommended. Sadly, I can still get a 250:1 return on a forged ICMP ping (thankfully, their outgoing bandwidth is only a T1)
The real culprits are the people too lazy or inept to be allowed to run a network.
--Dan
but surely it's ONLY the ISPs who ever really have a hope of dealing with abusive users, as it's only them that can break the problem down into manageable chunks. Even a spoofed packet can be sourced if it's coming via an authenticated modem/cable modem/ADSL connection.
That was classic intercourse!