Slashdot Mirror
DoS Attacks Persisting, On The Rise
thelizman writes "One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack. While not getting you any access to data on a machine, DoS attacks effectively shut down machines by making them inaccessable to others. CNN is carrying and IDG.net story about how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really
a pain.
Everyone at my company has upgraded to Windows 3.1. I don't know why Slashdot is still talking about DOS
What, no mention of Slashdot DOS attacks?
We even have our own word for it: "Slashdotted".
someone writes a virus that spreads through the Kazaa or gnutella network. That will be a fun day.
p2p is the biggest ddos mess waiting to happen. If there is a hole in the client, then who knows how far it could spread before stopping.
/. has gotten more popular! That's probably why we're seeing more DOS attacks! I mean, there's been one (Linux PVRs) today already.
Or, maybe not...
> We get them constantly- some intentional, some not. It's really a pain.
/. effect? Hmmmm???
And what about causing them?
Get them? You produce them constantly.
And create them inadvertently all the time.
Slashdot doesn't just get DOS attacks, it also creates them. Isn't that what the slashdot effect is all about?
I can't count the number of times a site linked to by slashdot has been unloadable simply because of the number of slashdotters pounding on their server.
This sort of thing isn't limited to Slashdot, though. Any portal/news linking site does it. I'm thinking of Somethingawful and Fark specifically. Somethingawful has even had speed trials to see how fast they can max out bandwidth limits and take a site offline.
a DoS attack no one can resist.... the /. effect of course - with half a million geeks around the world clicking on their mouse in one swift move and crash comes whatever machinery there is buttressing their site ;)
And /. is one of the worst sources of DoS.
Having been on of the admins for a pretty large website (top 50 according to Media Metrix), I can definitely state that DoS attacks are a royal pain. Sure, you can throw infrastructure at a problem and alleviate it, but you can't defeat it -- and they just keep coming. It's the type of attack I've never understood: it doesn't gain the attacker anything (unlike rooting a box), it's nothing but being a hoodlum.
"You can never have too many elephants on your team."
West side smoke a blunt bitches!!
In exchange for the halting of DoS attacks on Slashdot...I demand 1 free subscription to yours truly. If you do not submit to my demand, you will feel the full wrath that is my 31337 |-|@X0r SkI11z.
Muwahahahaha!
The thing that really bugs me about DOS attacks, besides the fact that they cause damage and annoy admins, is that they don't show any real talent.
It's not impressive to bring a system to its knees by DOSing it. You do, however have to respect the guy who discovers some huge hole that he exploits on some system and gains access.
You gotta respect him more if he tells you about it, and how to fix it.
God save our Queen, and Heaven bless The Maple Leaf Forever!
-- dforce
SELECT * FROM USERS WHERE A_WINNER = "YUO";
At least now a days it a takes a modicum of sophistication to launch a DoS attack. I remember when it was possible to download windows programs to Win Nuke(win 95 vulnerability) people at will.
Veramocor
...its called a slashdotting. ;)
DOS attacks are rarely about sophistication - it's pure destructive potential. Script kiddies bragging on IRC channels about the number of "zombies" they've managed to acquire via the latest script that some grey-hat with genuine skills has written - eventually the bragging gets to a point where they have to do something with all their proudly acquired toys. Usually against some other l337 haxxOR who has impugned their skills.
Save rather than beating each other senseless (which would be so, so much more preferable), they're compromising systems and using them as their weapons - costing users and admins hundreds of work-hours so they can prove something.
Hell, at least "tagging" doesn't take down the damn company server.
-- Niherlas
Why is it that so many people find this amusing? What does it buy the person. I have never quite understood this.
.exe files. It made them hackers to the media to create a virus. And its not that hard. Do these people realize that it really isnt impressing anyone?
It seems to me that the media has a giant hand in feeding this monster. Someone finds out that this can be done, not very hard, and figures since the media hypes it up soo much it must mean that it will make them elite.
It was the same way when I was growing up and people figured out how to write TSRs and append them to other
Oh well.. another rambling..
If I were only smart enough to accomplish the things I dream about.. Or maybe too dumb to care.
How can one hack with DOS? You need Linux to be a hax0r
Isn't an unintentional attack an oxymoron? Like an intentional accident?
Allow a few minutes for people composing witty replies to finish up, then let it coast to a stop.
Note to the editors: when you write up an article in such a way as to invite an easy joke response, serious discussion gets crowded out (not to mention wittier humour than what I and everyone else posted).
We get them constantly- some intentional, some not. It's really a pain.
Does slashdot get slashdotted?
How comes that the hordes that usually take down everything but the reallly big boys trough the (largely adverised) slashdot effect don't take down slashdot itself?
Ok, then why not more often? Reload, people, reload!
-- No sig today
are they trying to accomplish!?
I don't understand how even a script kiddy could get enjoyment out of the attacks? Espesially when the don't even take down the server/site.
"1, 2, 3, lets go!"
A recent study has shown that there's a direct correlation between the number of denial of service attacks reported and the number of stories Slashdot posts in a day.
-- dR.fuZZo
Nope, all that activity on e-Bay is Osama Bin Laden working on his Pez dispenser collection
-------------
I sig, therefore I was.
Its a pity that a site gets slashdotted when ever its posted or talked about here but that also means the site gets that many number of hits and it wont hurt most of the time to get hits. There is also malice intended when a site goes down due to the slashdot effect.
/.ing a page is nothing compared to a DOS or DDOS(distributed DOS) attack.
On the contrary the last time where there were huge attacks against Yahoo, Ebay, Amazon...etc., the DOS attacks resulted in billions of dollars of loss of business to the victimised sites.
I dont want to start a Windows XP or M$ bashing argument but these operating systems are much more popular as desktop OSes and with the advent of cheaper broadband, these machines make perfect hosts to be used as machines to launch remote Denial of Service attacks.
I will not say the nix world is flawless but most of the people who use *nix know how to use it or learn quickly...can you say the same about an unsuspecting 9year child whos using WindowsXP (look ma there are nice colors).
DOS attack traceback and dealing with DOS attacks is a heavy research area.
Harumph. An article about DOS/DDOS that doesn't mention Dave Dittrich.
There oughta be a law.
Man, there is nothing like a good firewall configuration on BSD... But I am thoroughly sick of all the DoS attacks going around. I would be much more satisfied should an attacker attempt at breaking into my server rather than causing immature server failures due to lack of destructive creativity...
Silly lamers, DoS Attacks are for kids...
-da5id
Distributed Reflection Denial of Service
:D
http://grc.com/dos/drdos.htm
Looks nasty
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
I predict the majority of posts here will either say "Slashdot creates DoSes" or "DoS requires no talent".
"One of the most basic "hacks" (to use the media's bastardization of the term)
I read the article several times, and they seemed to call them "attacks" not hacks. So why are you claiming the media bastardizes the term when this author actually uses the correct terminology?
Blah Blah Blah.
One of the first widely used DoS scripts was Click nuker, which was packaged with the 7thSphere IRC script. I worked with 7thSphere at the time, and I can safely say if we knew the damage that unleashing DoS on the world would create, we wouldn't have. As an old hacker I beg you to consider what you're doing before you seriously incovienance someone, and cost people money. When I did it, a 28.8 modem used artistically could split 2 efnet servers, now it takes hundreds of machines packeting to knock down a larger server. There is no art in that, only suffering of those effected by it. Frankly I wish that we had never released click, and I believe most of the rest of 7thSphere would agree.
a bit more about me http://www.advogato.org/person/trelane/ or my private page http://trelane.net
Comment removed based on user account deletion
Hmmm... call me paranoid, but CNN carrying such an article in a time when a lot of limitations and regulations are attempted on everything even remotely connected to "digital", "internet" and "infrastructure" can't be good.
What better reason to sniff all the traffic, on the backbone? Oh yes, they'll get the mails also, but hey - nobody's gonna read it...
-- No sig today
WRT this: If someone 0wned the Windows Update server and used it for a DoS attack on other servers, would that be called an MS-DoS attack?
I've gotten a couple DoS attacks in the past few months. I suspect they're coming from someone who I was playing a game online with and who wanted an extra advantage. Just last night I was playing BZFlag (quite a fun game, btw) when I was attacked. It makes me hesitant to play games online with strangers, as it could affect the bandwidth of not only me, but others in the house who share a connection with me as well.
A very engrossing read can be found at Steve Gibson's homepage of his account of the DDoS attack grc.com was subjected to earlier this year.
In effect, Gibson tracked down the 13 year-old attacker by dissecting the zombie program (aka, trojan bot) used in the attacks and created his own version of the undercover bot to monitor the hacker's IRC channels and conversations. As I said before, an extremely interesting read. It really brings out the urgency of Gibson's alerts as to the future of DDoS attacks.
I think what they are really talking about are "Denial Of Sex" attacks during dates. The methods to protect oneself from DOS are the same as they have always been: Beer, peer pressure and roofies.
"One of the most basic 'hacks' (to use the media's bastardization of the term)"
Well isn't that a bastardization of a bastardization???
"Someone who applies ingenuity to create a clever result, called a 'hack'. The essence of a 'hack' is that it is done quickly, and is usually inelegant." reference
"The term 'hacker', in its original meaning, refers to someone who applies ingenuity to create a clever result - usually in a technical sense - called a 'hack'" reference
"The original meaning of the word 'hack' was born at MIT, and originally meant an elegant, witty or inspired way of doing almost anything...Now the meaning has changed to become something of a portmanteau term associated with the breaking into or harming of any kind of computer or telecommunications system." reference
Several raids and house investigations were performed today in holland at several people widely known for their ddos sk1llz.
0 02/040 9afrm.htmw ww.security.nl/artikel.php3?id=2956
Dutch people probably know who I'm talking about.
(Dutch articles, couldn't find any translated/english ones yet)
http://www.openbaarministerie.nl/persberi/2
http://nu.nl/document?n=54929
http://
Will there ever be an end to Dos Attacks?
:)
I don't think there can be.
If you look at the TCP/IP, and most importantly IP protocol, there is nothing you can do.
Some would say have a 'supersmart' router that would kill all packets that are from the same host.. but what's the point.. what if the router fills up its buffer?///...
It's like McDonalds at lunch... everyone gets there at the same time.. they all want something, they're going to pay (in a DoS attack, this is what it *looks*like, but its really one person doing this) so the lines get long.. Poor me can't get lunch as fast a possible..
there's nothing we can do to solve the problem unfortunately.
The only real solution is to beef up security on as many systems as possible. Once this is done, a hacker can't get the resources in order to launch a big DoS attack.
This is a really hard task, of course... but maybe security should be more of a main focus on the home desktop systems, especially since broadband is getting so easy to obtain.
Another reason why M$ needs to get their thumbs out of their a$$e$ and release more secure OS's... Open Source is already trying to actively take care of the problem
Whee
-Sase
------------
Sase
"It's the opposite of that."
One of the most common problems I've encountered in my years as a systems administrator is poorly managed networks. If a network is designed without the presence of mind anticpating DoS attacks, then frankly, the victim company deserves *some* of the blame for the problem.
One mid-sized ISP I worked for had been operating for 5 years prior to my employ and the network operators had never heard of monitoring tools like MRTG, RRDTool, Netsaint or Big Brother etc etc!
"We do it to ourselves and that's what really hurts" -- Radio Head.
-- Steve.
So what does hack mean anyway?
1. verb - Gaining access to or "rooting" someones box?
Ex: "I just hacked this windows loser's box."
2. noun - An unqualified person?
Ex: "Don't listen to that guy, he's just a hack."
3. another verb - Programming?
Ex:"It's two in the morning are you still hacking on that code?"
4. another noun - A quick and possibly ugly code fix?
Ex: "Well, its a nasty hack, but at least orders are going through the system now"
5. another verb - Coughing up something?
Ex: "Of course you're hacking up a lung, you smoke two packs a day dumbass."
6. yet another verb - Slicing up something or someone with a sharp object?
Ex: "Wow, look at the way Freddy is hacking up Nancy with his claws!"
Ok, so who's to say what the definition of "hack" really is? Webster? Roget? - come on those guys are hacks.
you can say that again.
___
It's the end of my comment as I know it and I feel fine.
Yeah, I respect them so much that I call the FBI instead of the PD to report the crime.
I'm doing this post anonymously because I don't want to waste k-points on telling everyone this and getting the inevitable mod-down, but I think it's essential:
Everyone knows when a site gets posted on slashdot, the chances are that it'll experience some down time as it's receiving too much traffic. Yes, we know it's the slashdot effect. But don't repeat it over and over again for christ's sake. I honestly would of debated spending any of my mod points on the first of the jokes, let alone the fifth or so, yet they still seem to get encouraged with positive points.
Redundant and off-topic applies to all of you who keep cracking the same lame-ass, repetetive, trite as all fuck joke.
and i dont have a life - getting a life is overrated like sex is. :P
I went to a talk by Roger Needham (a few years ago now, I don't know if this is still his view) on secure protocols. Lots of interesting stuff on strategies for designing secure protocols and algorithms, and theoretical attacks and so on.
But just passing mention of DOS attacks - these are boring to academics because they are easy to do and impossible to counter so there's no research to do and no papers to write.
(I paraphrase slightly, and I probably remember the details wrong anyway, so any flaming should be directed at me, not Roger.)
Sometimes you have to wonder about some of the targets of these DOS attacks and how they are organised.
Some of the major ones are obvious, Microsoft, Ebay, Yahoo, etc. But when you start to get to the small to medium sized companies being hit by large DOS attacks, because their systems are sufficiently patched against break-ins, something begins to become worrying.
The questions range from why such a small target for such a large attack, and how the target was selected. Occasionally you get to hear stories about how some small ISP had their lines choked by a huge DDOS, meaning that customers started leaving and going to the competition. There is one other post elsewhere here that identified that a British ISP was put out of business because of the efforts of continous DOS attacks.
Spite sometimes is a factor, but it takes a certain degree of organisation to launch a continous attack such as that. Spite of someone will only get you so far. And there is not that much prestige in taking out a medium sized company. After all within the current climate, medium sized and some large sized companies are finding it harder to remain in business from an economic sense.
Picture what Kazza is doing... Hijacking Gnutella... Just think if all those Gnutella clients were doing a DOS :)
:)
Just think if someone made a P2P client that allowed you to send browser commands through their computer
God spoke to me
Through by no means has our little webserver been hit by DoS attacks (it is way to low profile, and not listed under any search engines), we nonetheless get about 3000 hits monthly trying to exploit a windows-based webserver.
;-) and all. Since many of us are against a global policing body, we, at the very least, need to make sure the alarms and defences on our own properties are capable and effective.
We have been lucky that we run Apache on a Linux box, which also happens to be on a DSL line, limiting upstream bandwidth. And although 3k hits is minimal, there are only about 10 regular users of the website, which is maintained for downloading test files for music production inside our group only. All the exploits are rediculously similar, each one trying to access C:\ or D:\ or a Windows NT directory. I'm sure that this must be very common... and I can't image what these major sites must deal with on an hourly basis.
I find it sad though, that altogether too many webservers are managed by people who just aren't worried about this type of happening. The web remains the wild-west of the electronic frontier, brothels
Why does everyone allways accuse the scriptkiddies of performing DOS attacks - or worse they call it hacking a server with a DOS attack?
I mean it takes some cunningness to 0wn a couple of hundred machines with a simple dail-up aol account..
Some companies hire blackhat people to DOS their competitors once in a while, think of mail-servers. Other groups DOS certain sites because of their ethical/political/religious backgrounds. So now all of a sudden every "malicious" computer user is a scriptkiddie?
The only scriptkiddies in these stories are the journalists that form their conclusions according to a certain script that's allways used when it's a story about something "evil" with computers.
Don't be a scriptkiddie yourself by making these hollow statements
To avoid the /. effect, maybe it would be a good idea for the /. editors to create a local mirror of the sites they feature, because obviously they can handle the load of all of us lemming clickers.
Josh
steve gibson has no professional credability in the area of network security. the above link is entirely on topic.
CNN is now wondering why...
After publishing a story on DOS attacks it is receiving a DOS attack on the story about DOS attacks...
/.
Best Current Practice recommends egress filtering for all networks. Are yours in place?
The big problem with DOS and DDOS is the untraceability provided by networks who do not prevent address spoofing with egress filters. If traffic is traceable, criminals get caught.
Before anyone's knee jerks, let me point out:
1) this is not a performance issue. Routing hardware and software (LRP for example) is widely and cheaply (compared to line costs) available that can implement egress filtering without any noticeable effect on line speed. Face it, processors are faster than telecommunications.
2) Egress filters do not improve a repressive regime's ability to finger political dissidents.
3) Egress filters are unlikely to impact privacy - unless what you are trying to keep private is destructive activity. Post a real example if you disagree.
4) I know it's not a cure-all. It's a necessary first step, though.
While Congress milks the entertainment industry for campaign funds in exchange for "digital rights management" facism, they ought to be mandating specific monetary penalties for businesses that do not implement egress filters, and for ISPs that do nothing about hundreds of Code-Red infected nodes on their cable farms. I shouldn't have to pay Comcast if my bandwidth is being principally used by criminals to fill my firewall logs.
I post this every time the subject comes up; next time I'll just make a flippin' link to the BCP RFCs. I'm sure you'll all be relieved.
--Charlie
Spoofed attacks could be stopped if more ISPs did simple ingress filtering. Most don't.
Every leaf router should drop packets with a return address that is not in its internal IP space. So if I am the netadmin for www.xyz.com and my address space is x.y.z.0/255.255.255.0, then I should have a rule that any packet leaving my network should have a proper, ie x.y.z.0/255.255.255.0, return address.
Ever ping a the broadcast address of some network then look in the ARP cache?
You have a really fucking low threshold for what you consider humor.
I bet you find that when someone spells 'Microsoft' with a dollar sign that it's so hilarious you shit your pants.
I AM BILL GATES OF BORG. RESISTANCE IS FUTILE.
Hahaha. So funny you'll die from a seizure.
Distributed Reflection Denial of Service
Why do the names of these service-denial attacks tend to coincide with the names of 16-bit embedded PC operating systems? For example, the generic term "DoS" (denial of service) collides with "DOS" (disk operating system). The term "DRDoS" (distributed reflection denial of service) looks like "DR DOS" (Digital Research disk operating system).
Will I retire or break 10K?
fp
DoS for dummies
Sure it does! Can't make Hotmail work right? Well, just blast away everything else from AOL to Yahoo with spam. Don't like what Slashdot is saying about your "product"? Just sign up 100 troll accounts and flood the comments with enough highly moderated garbage to try a saint. Denial of someone else's service is good when you are a twisted greedhead that wants to own everything and tell everyone what to do.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Since 99% of these attacks come from compromised windows boxes... could Microsoft be held liable? Afterall, there new "security" push has them publicly saying that they were not doing a good enough job before...
One of the biggest problems in DOS attacks, is that you just can't get the attention of major ISP's or backbones to trace and solve the problem.
We had major DOS attacks on our site for ages. But when the customer of a major national ISP is the source of it, try getting ahold of someone at that company to track the problem. They just won't respond to these things, in our experience.
I think that for any company to provide internet service, they should be *required* by law, to cooperate in tracking and stopping DOS attacks from their customers. There needs to be a consistent, predictable, and workable national policy for this.
If someone calls me with threatening phone calls, I *know* it's possible to get the phone company to cooperate, track, and isolate the problem, even if it originates with another phone company. The same should be true with ISP's.
Love many, trust a few, do harm to none.
Steve Gibson wouldn't know his ass from a hole in the ground.
You of course realize that the DDoS capability Steve Gibson is ranting about is present in ALL modern operating systems (ie NT4.0, windows 2000, windows XP, all Unices, MacOS X etc.)
I am so sick of people attacking Microsoft for things they aren't even doing wrong, the ability to open raw sockets is a good thing that can and has been abused, but if anything microsoft has been holding out on this feature (yes, its a feature) for too long already.
Also, I wouldn't quote anything by Steve Gibson on Slashdot if you value your reputation.
That's called public discourse! Do something wrong, people will talk about you. Make a real monster out of yourself and they might stop and stare. People are free to say and think what they might. It's part of what free speech is all about.
If you don't want the public entering your web site, or building for that matter, you had better not make it public. If it's public, we might presume that you want visitors.
If your layer can't tell the difference between many people visiting a site and an attack of broken Windoze machines, they don't know the difference between a protest and rolling a bus into a building. They might not know their ass from a hole in the ground either. Find another one.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
The easy things to solve most DoS attacks are to:
/16 off of a router that has directed broadcast enabled, and change the source to someone else.
1. Turn off directed broadcasts on all interfaces. This will prevent a situation, where you have a person sending one packet, and the network replies with many DUP packets.. If the person changes the source address in the packet they are sending, the remote network (with directed broadcast enabled) will send its replies to whoever you want. i.e. someone can use this to do a smurf attack. So, for every one packet someone sends, an untold amount of addresses could respond to the source address of the packet. Disabling this is quick and easy in most cases.
2. If using a Cisco enable:
ip verify unicast source reachable-via rx
which will ensure that the source address of packets received on the interface have source addresses that are reachable over that interface. Have it enabled on all gateway routers, so that when customers try to issue a DoS attack against someone else, the source address of the packets have to be their own, or the packet is dropped. They can't just send a bunch of ICMP echos to a
Unfortunately both of those methods require somewhat cluefull network admins... Also, some things have legit uses (load balancing outbound traffic is a good reason not to have "ip verify unicast source reachable-via rx" enabled, in certain circumstances (i.e. the customer has 2 providers, with 2 seperate IP blocks, each only known through one provider, they can't really do equal cost load balancing on incoming traffic, but they can do equal cost on outbound)).
Again, the issue is having cluefull network admins.. There will always be people out there getting around it, but you can make it a lot harder for them to do it, and you can drastically lower the amount of DoS attacks that happen.
I was thinking.... if the make scripts for various stuffs included a ping... Say for example ping that Linux counter project at the end of each Linux install... perhaps they would have a more accurate representation of the number of installs, IPs, etc. You could also through in a ping or sendmail to Microsoft telling them you've found the way out!
Just a thought....
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Why are you moderating this down? Maybe this guy's a bit flamish, but his point is both valid and ontopic. Propogating (what you may perceive to be) the improper usage of a term isn't slowing down the adoption of that usage any.
I learned what's an editorial comment there. Let's see:
"One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack.
You mean the hacker term or the Denial of Service term? Clarify.
-1
While not getting you any access to data on a machine,
And since when is this the bastard hacker term meant to be? Hacker, by the media, would mean "cracker", and crackers don't want "information". Hackers do, crackers want to cause confusion (unless information == fast money/recognition)
-1
DoS attacks effectively shut down machines by making them inaccessable to others.
Yeah? And how does this happens? Another assumption I understand all anacronyms out there.
-1
CNN is carrying and IDG.net story about
No comments.
-1
how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really a pain.
Oooooh, finally the meat. That's what the news is about, not the opinion from who whatever wrote/published this article.
-1.
Grammar errors from me are a bonus.
Buy a Nintendo DS Lite
DDoS attacks make news more than single-machine DOS attacks for two reasons - one is that taking over a few thousand machines is a pretty impressive task for a Skriptz Kidd13 with too much time on his hands, but it's Been Done Now. But the other is that doing a non-distributed DOS attack on a server that's big enough to be interesting is pretty hard. Taking over a single average-quality-administation machine isn't hard, though it's harder than scribbling the front page of a web server, and even that makes news some times (e.g. the Central Stupidity Agency scribbles.) But taking down a big site means either attacking a bunch of heavily-administered machines hard and fast enough to outrun the administrators, or coming up with a really subtle and nasty attack, or finding a big security hole, or else just using a big bunch of zombies to do the job. Most vandals go for the latter approach.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I wish they would call this kind of attack a DoL (Denial of Liberty) or a DoC (Denial of Commerce). By disrupting our online work, whether it's for social, political or commercial reasons, these evil ones are practicing a soft form of terrorism.
Steve Magruder, Metro Foodist
Goddamnit, more and more I've been really amazed at what gets modded up and what is hidden at one and below. Wake up you fucking dimwit moderators.
Sometimes DoS can be a not-really-fine but very effective method of self-defense. In Germany we have a quite big problem with spam advertising dialers - little programs which redirect a w1nd0z3 box's internet dialup connection to an extremely expensive special number which is normally used for phone sex or premium services. One short connection can cost up to 900 € (that's no joke, there's no limit), and as some dialers hide well while replacing the default connection, some people got a phone bill of more than 10000 € at the end of the month.
During the second halfth of March, I got about five of these dialer spams each day. Other people got even more. The web hoster - a company selling these dialers - didn't act against any incidence of spam, the download accounts remained open for weeks regardless of any complaints. Their uplink... well, UUnet. As the discussion on the Usenet forum "de.admin.net-abuse.mail" went on, even the web hoster's boss himself joined and couldn't understand to be responsible for knowingly tolerating his customers abusing his service - of course he made a lot of money even by spamvertised dialers.
About a week ago, some spam victims were completely fed up. As the legal methods didn't work at all, the dialer should be made unavailable by distributed mass-downloading. The threat escalated in a clear message to the site maintainer - either go against your spamming customers or see your dialer being downloaded until the server blows the whistle.
The story appeared on Heise News which has a quite large reader base in Germany, to be read by lots of angry people whose inboxes were full of dialer spam. The "Heise effect" was enough for the site maintainer to become really scared - lots of DSL and broadband users started to download the dialer not only once but as often as they could. The web server became too busy to serve dialers even to people who would want it. The company selling these dialers didn't have any choice - either stop supporting spammers or have their dialer server slashdotted until it blows the whistle. Only a day later the company's boss agreed on getting rid of and seeking legal action against spamming customers.
A few days later, another spam went around, advertising a dialer hosted on an Eastern-European web server. Same game: the spam victims squeezed the dialer out of the web server as many times as possible. The site got hosed so badly that even a few hours after the spam incident, the dialer was no longer available.
As a result, if you really want to hit a spammer, DoS^H^H^H/.ing his web site - especially large files or CGI scripts - has finally proved as much more effective than blacklisting, LARTing or anything else (which still remains useful, though). Even big providers will notice a gigabyte-large traffic peak towards only one target.
Well i'm not the first person to point out that scrpit kiddies r the cause of the DoS's but as long ass they can download the progs from any given "security realted" website they're no gonna stop! /. so we can use the /. effect on them to force them to take the stuff off their website....!!!
So now i urge u find every site out there that has these progs freely availible and post a link on
WE'RE A MASS, WE HAVE POWER!!
or at least write them an email..i mean come on that's the least u can do...well of course u could do nothing but....
that's a lot of work for someone to do to trash someone else. almost like the infamous stalkedbyseth...
The htaccess directives in this example will eliminate the noise from your error_logs. They'll also redirect inbound Nimda or CodeRed requests to Microsoft. Not that Nimda or CodeRed grok the 302 Found replies, but it's nice to dream of giving M$ a taste of their own medicine :)
(I tried to post the directives here, but the lameness filter wouldn't let it through.)
-s
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Are you saying that Microsoft wrote a denial of service attack called MS-DOS (aka multi-source denial of service)?
Make sure everyone's vote counts: Verified Voting
What really gets me is how easily this problem can be (largely) remedied.
A router for an ISP is resonsible for (typically) routing to/from a certain range of IP addresses.
Configure the router to simply not route packets coming "from" the local network interface that's not in the designated IP range!
So if it's coming from ISPs network, the return address on the IP packet had better be one of ISPs network addresses, or the packet goes to the bit bucket, better yet logged.
This step ALONE, which costs almost NOTHING in latency or price would make dealing with DDoS or actual hack attempts SO MUCH EASIER!
Of course, you could "spoof" a neighbor computer, but at least you could trace things down to the ISP and neighborhood...
-Ben
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Some DDOSer once cracked one of my DSL lab machines and was pinging home to his box at MIT - except it wasn't really MIT, he'd gotten the byte order wrong on his IP address somehow and was trying to phone home to Japan.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In a less anti-social vein, is basically a system designed to let spammers DDOS themselves - it replies to SMTP v...e....r....y....sl....o...w....l...y, and won't bother the occasional smtp sender that accidentally sends mail to a teergrubed address, but if you're trying to send lots at once, all your sessions get stuck.
This company makes wirespeed "bump-in-the-wire" IDS/firewall (and I think virus checking) up to 2.1 Gbps.
No point of attack to aim at.
DoS, something we could all laugh about (soon).
Comment removed based on user account deletion
to use the media's bastardization of the term
You know, I keep telling people that "gay" means "happy", but nobody wants to listen, they insist on bastardizing the term. Whenever I use it in conversation to mean happy, I get strange looks. These idiots around me insist on using the word to mean "homosexual", but my trusty 1960's dictionary VERY CLEARLY states that it means "happy".
Duh. Language is defined by HOW PEOPLE USE IT, period. If 99% of people use "hack" to mean a certain thing, then guess what, THATS WHAT IT MEANS, by definition of how languages are defined.
My advice to all these whiny people on /. who think that using "hack" in its original computer-related meaning makes them superior to others: GET OVER IT ALREADY.
Would you respect the guy who discovers you forgot to lock your door, and gains access to your house?
What if you locked everything, but he had a nifty picking mechanism and knew how to use it?
What if he just had a big hammer? OK, that's kinda like DoS; ignore that.
Frankly, I respect the guy who keeps his distance.
HAHAHAHA I'm rolling.
HAHAHAAHHAHAHA
Why doesn't slashdot make a local mirror or a page on their servers, good while the story is on the front page? I mean the slash servers can obviously handle the pressure...
There are other alternatives too. Like automatically checking google to see if google has a cache entry, and providing a second link there. Or maybe copying the page to something like freenet. Use your imagination.
I understand that for a lot of pages and sites that fall within reach of slashdot destruction, the material is copyrighted. But isn't this just creating a cache of the page? This doesn't seem much different than an ISP transparently proxying all of the web connections via squid and caching their own pages...
Well anyway, there are things that can be done. Why not look around?
Actually, my ISP (iiNet) just implemented them. The article below says they block sat users (yeah, unfortunate side effect) but goes on to point out that it is in fact basic 'net responsibility.
http://whirlpool.net.au/article.cfm/794
> 4) I know it's not a cure-all. It's a necessary first step, though.
no it is postponing the inevitable. I want my multicast dammit! I want to have power of billion dollar broadcast stations in my home. Haven't we paid enough for that technology to work properly?
This year, 3 ISPs and a web hosting firm in the UK have been DOSed off the net
First, in January was Cloud Nine. They said it was so bad it trashed firewalls, and the network had to be rebuilt.
This was quickly followed by Tiscali. (Although they're such a spamhaus, the net probably only noticed because the amount of spam from the UK dropped)
Then soon after Donhost, a web hosting firm had 2 client web servers taken out in January.
Finally, yesterday, edNET was attacked, which caused, according to them a "catastrophic network failure". The attack here was via telnet ports.
Academically boring? No research?
.
As just one example that made its way into the popular press see this
Geez.
--Seen
"I used to be a dilettante. Then I thought I'd try something else for a while."
Please remember that Mr. Needham is now running Microsoft's Research Lab in Cambridge. If the Win family of operating systems were not so easy to misconfigure and thus infect, or so prevailant, there would be no big DoS problem.
Well, DDoS works because a large number of attacks can be concentrated on one host, causing a total shutdown of the target.
One simple way to prevent this: Have a large number of hosts in the DNS RR for said site, and either loosely synchronize them (P2P networks come to mind) or perhaps tunnel valid requests to a secure, central site unknown to the public.
In this case, attacking one of the publically availanle sites via DDoS does not effect much. One of the hosts in the RR doesn't work, but if there are 10 hosts that would be a disruption for only 10% of all accesses.Attacks on the central site are very difficult, as its address is unknown and appropriate filters would be in place.
This idea certainly isn't perfect; it works for web sites, but hosts that are necessarily unique (such as corporate firewalls) could still be attacked. But it shows that there are indeed research opportunities and solutions that can be (at least theoretially) put in place with current technology.
I wrote a white paper on the topic of Denial of Service attacks and presented it at the annual SANS Network Security Conference in October of 2001. I never released it publicly, but now seems to be a good time. My paper is now available for review at http://www.netpr.com/tools_resources/#netpr.
Please have a look. I think we provided a nice overview of some of the steps required from a high-level and low-level to combat DoS attacks.
If you'd like to email me about the paper, feel free to contact me at rjb@SPAMAWAYnetpr.com. Obviously remove the SPAMAWAY from the email. -Robert
Heya,
I recently released the first stable release of a GPL'd tool
to detect DoS attacks coming through a router. It is called Panoptis,
it can be found here,
and it's using Cisco NetFlow accounting data provided by (most) routers.
If you want, give it a try -- any feedback at all will be useful.
--C
-- fsck your brains
A method of denial of service wherein said denial
of service is caused by the effect of multiple
unsolicited responses by average web users reading
a web site which contains a link to the DOS site
through electronicaly delivered inflammatory
reviews and/or citations of the target DOS site.
This patent will be licensed at $5.00 US for every
hit delivered to the DOS site. By clicking on the
link in your favorite news site you agree to the
following terms and conditions.
1. Your cash payment will be received and invoiced
before you click the next link.
2. You agree that your email address belongs to
whatever company owns this patent.
3. You will donate all living offspring to the
Office of the Patenter of the Peoples Democratic
Republic of the United States.
4. You agree to give up all right of recourse
under law of any nation that you are a citizen
of.
5. You belong to me!!!!!!
Although DOS attacks are simple it would be harder and potentially ver profitable to hold websites to ransom with it.
a DDOS attack against charles schwab the online share trading exchange took their systems down for 3 days , (their weekely turnover is approx 2bn USD) , other e-tailers could also be held to ransom over this as well.
Additionally , government websites have been DDOS'd by activists (i believe recently the FBI i response to one of their sites being attacked in this manner crashed the clients web browsers).
Anyway DDOS can be much more than a lame piece of vandalism.
perl -MIO::Socket -e 'IO::Socket::INET-new(PeerAddr="some.windoze.box:1
We need to stop DoS attacks [and defacements], we need to educate the script kiddies into being more responsible and professional.
The script kiddies conducting DoS attacks think they are being clever and aiding the movement towards Internet Freedom and Openness, however they are playing into hand of the establishment.
DoS attacks are perpetuating the view amoungst the establishment that the internet is a wild unregulated place, that must be controlled, that it must be regulated.
Legislation like the DMCA in the US, and pressures for similar laws in the EU are a direct result of this type of threat.
If we truely value our freedom and the openness of the net, we need to self regulate otherwise the situation will get worse for all geeks and not just the grey/black hats.
Here's a nice page about Steve Gibson's "discoveries" as a security expert: http://grcsucks.com/ Pretty lame name, but a good read.
Arachne? I never had a hard time viewing sites in dos! *snickers* download it here and let your msdos/drdos/freedos browsing fun begin!
We get them constantly- some intentional, some not. It's really a pain.
No, its just people refreshing trying to make first post.
thelikesofwhich.com
I was shocked a few days ago when i found sites that offer mass mailing utilites for free. Jeez, these guys must be _at_least_ dDoSsed, altough i'd rather rip their heads off ...
./ effect in work: Could not locate remote server.
you have any mirrors?
Certainly long-haul communications protocols should be designed without unneccessary overhead - and what is "unneccessary" as opposed to "reserved for future enhancements" is another argument - but all that has absolutely nothing to do with what we're talking about.
--Charlie