Slashdot Mirror
DoS Attacks Persisting, On The Rise
thelizman writes "One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack. While not getting you any access to data on a machine, DoS attacks effectively shut down machines by making them inaccessable to others. CNN is carrying and IDG.net story about how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really
a pain.
Everyone at my company has upgraded to Windows 3.1. I don't know why Slashdot is still talking about DOS
someone writes a virus that spreads through the Kazaa or gnutella network. That will be a fun day.
p2p is the biggest ddos mess waiting to happen. If there is a hole in the client, then who knows how far it could spread before stopping.
/. has gotten more popular! That's probably why we're seeing more DOS attacks! I mean, there's been one (Linux PVRs) today already.
Or, maybe not...
Get them? You produce them constantly.
Having been on of the admins for a pretty large website (top 50 according to Media Metrix), I can definitely state that DoS attacks are a royal pain. Sure, you can throw infrastructure at a problem and alleviate it, but you can't defeat it -- and they just keep coming. It's the type of attack I've never understood: it doesn't gain the attacker anything (unlike rooting a box), it's nothing but being a hoodlum.
"You can never have too many elephants on your team."
In exchange for the halting of DoS attacks on Slashdot...I demand 1 free subscription to yours truly. If you do not submit to my demand, you will feel the full wrath that is my 31337 |-|@X0r SkI11z.
Muwahahahaha!
The thing that really bugs me about DOS attacks, besides the fact that they cause damage and annoy admins, is that they don't show any real talent.
It's not impressive to bring a system to its knees by DOSing it. You do, however have to respect the guy who discovers some huge hole that he exploits on some system and gains access.
You gotta respect him more if he tells you about it, and how to fix it.
God save our Queen, and Heaven bless The Maple Leaf Forever!
How can one hack with DOS? You need Linux to be a hax0r
A recent study has shown that there's a direct correlation between the number of denial of service attacks reported and the number of stories Slashdot posts in a day.
-- dR.fuZZo
"Isn't an unintentional attack an oxymoron? Like an intentional accident"
If I was doing a ballet move and slapped you in the face, would you rather label that as an accident or tell people that I used my powerful ballet technique to bitch slap you?
"Derp de derp."
Distributed Reflection Denial of Service
:D
http://grc.com/dos/drdos.htm
Looks nasty
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
WRT this: If someone 0wned the Windows Update server and used it for a DoS attack on other servers, would that be called an MS-DoS attack?
"So why are you claiming the media bastardizes the term when this author actually uses the correct terminology?"
Because the 'media' is a representation of the entire news broadcasting world and not the individual author?
"Derp de derp."
A very engrossing read can be found at Steve Gibson's homepage of his account of the DDoS attack grc.com was subjected to earlier this year.
In effect, Gibson tracked down the 13 year-old attacker by dissecting the zombie program (aka, trojan bot) used in the attacks and created his own version of the undercover bot to monitor the hacker's IRC channels and conversations. As I said before, an extremely interesting read. It really brings out the urgency of Gibson's alerts as to the future of DDoS attacks.
Will there ever be an end to Dos Attacks?
:)
I don't think there can be.
If you look at the TCP/IP, and most importantly IP protocol, there is nothing you can do.
Some would say have a 'supersmart' router that would kill all packets that are from the same host.. but what's the point.. what if the router fills up its buffer?///...
It's like McDonalds at lunch... everyone gets there at the same time.. they all want something, they're going to pay (in a DoS attack, this is what it *looks*like, but its really one person doing this) so the lines get long.. Poor me can't get lunch as fast a possible..
there's nothing we can do to solve the problem unfortunately.
The only real solution is to beef up security on as many systems as possible. Once this is done, a hacker can't get the resources in order to launch a big DoS attack.
This is a really hard task, of course... but maybe security should be more of a main focus on the home desktop systems, especially since broadband is getting so easy to obtain.
Another reason why M$ needs to get their thumbs out of their a$$e$ and release more secure OS's... Open Source is already trying to actively take care of the problem
Whee
-Sase
------------
Sase
"It's the opposite of that."
One of the most common problems I've encountered in my years as a systems administrator is poorly managed networks. If a network is designed without the presence of mind anticpating DoS attacks, then frankly, the victim company deserves *some* of the blame for the problem.
One mid-sized ISP I worked for had been operating for 5 years prior to my employ and the network operators had never heard of monitoring tools like MRTG, RRDTool, Netsaint or Big Brother etc etc!
"We do it to ourselves and that's what really hurts" -- Radio Head.
-- Steve.
I went to a talk by Roger Needham (a few years ago now, I don't know if this is still his view) on secure protocols. Lots of interesting stuff on strategies for designing secure protocols and algorithms, and theoretical attacks and so on.
But just passing mention of DOS attacks - these are boring to academics because they are easy to do and impossible to counter so there's no research to do and no papers to write.
(I paraphrase slightly, and I probably remember the details wrong anyway, so any flaming should be directed at me, not Roger.)
Sometimes you have to wonder about some of the targets of these DOS attacks and how they are organised.
Some of the major ones are obvious, Microsoft, Ebay, Yahoo, etc. But when you start to get to the small to medium sized companies being hit by large DOS attacks, because their systems are sufficiently patched against break-ins, something begins to become worrying.
The questions range from why such a small target for such a large attack, and how the target was selected. Occasionally you get to hear stories about how some small ISP had their lines choked by a huge DDOS, meaning that customers started leaving and going to the competition. There is one other post elsewhere here that identified that a British ISP was put out of business because of the efforts of continous DOS attacks.
Spite sometimes is a factor, but it takes a certain degree of organisation to launch a continous attack such as that. Spite of someone will only get you so far. And there is not that much prestige in taking out a medium sized company. After all within the current climate, medium sized and some large sized companies are finding it harder to remain in business from an economic sense.
Through by no means has our little webserver been hit by DoS attacks (it is way to low profile, and not listed under any search engines), we nonetheless get about 3000 hits monthly trying to exploit a windows-based webserver.
;-) and all. Since many of us are against a global policing body, we, at the very least, need to make sure the alarms and defences on our own properties are capable and effective.
We have been lucky that we run Apache on a Linux box, which also happens to be on a DSL line, limiting upstream bandwidth. And although 3k hits is minimal, there are only about 10 regular users of the website, which is maintained for downloading test files for music production inside our group only. All the exploits are rediculously similar, each one trying to access C:\ or D:\ or a Windows NT directory. I'm sure that this must be very common... and I can't image what these major sites must deal with on an hourly basis.
I find it sad though, that altogether too many webservers are managed by people who just aren't worried about this type of happening. The web remains the wild-west of the electronic frontier, brothels
Why does everyone allways accuse the scriptkiddies of performing DOS attacks - or worse they call it hacking a server with a DOS attack?
I mean it takes some cunningness to 0wn a couple of hundred machines with a simple dail-up aol account..
Some companies hire blackhat people to DOS their competitors once in a while, think of mail-servers. Other groups DOS certain sites because of their ethical/political/religious backgrounds. So now all of a sudden every "malicious" computer user is a scriptkiddie?
The only scriptkiddies in these stories are the journalists that form their conclusions according to a certain script that's allways used when it's a story about something "evil" with computers.
Don't be a scriptkiddie yourself by making these hollow statements
CNN is now wondering why...
After publishing a story on DOS attacks it is receiving a DOS attack on the story about DOS attacks...
/.
Best Current Practice recommends egress filtering for all networks. Are yours in place?
The big problem with DOS and DDOS is the untraceability provided by networks who do not prevent address spoofing with egress filters. If traffic is traceable, criminals get caught.
Before anyone's knee jerks, let me point out:
1) this is not a performance issue. Routing hardware and software (LRP for example) is widely and cheaply (compared to line costs) available that can implement egress filtering without any noticeable effect on line speed. Face it, processors are faster than telecommunications.
2) Egress filters do not improve a repressive regime's ability to finger political dissidents.
3) Egress filters are unlikely to impact privacy - unless what you are trying to keep private is destructive activity. Post a real example if you disagree.
4) I know it's not a cure-all. It's a necessary first step, though.
While Congress milks the entertainment industry for campaign funds in exchange for "digital rights management" facism, they ought to be mandating specific monetary penalties for businesses that do not implement egress filters, and for ISPs that do nothing about hundreds of Code-Red infected nodes on their cable farms. I shouldn't have to pay Comcast if my bandwidth is being principally used by criminals to fill my firewall logs.
I post this every time the subject comes up; next time I'll just make a flippin' link to the BCP RFCs. I'm sure you'll all be relieved.
--Charlie
One of the biggest problems in DOS attacks, is that you just can't get the attention of major ISP's or backbones to trace and solve the problem.
We had major DOS attacks on our site for ages. But when the customer of a major national ISP is the source of it, try getting ahold of someone at that company to track the problem. They just won't respond to these things, in our experience.
I think that for any company to provide internet service, they should be *required* by law, to cooperate in tracking and stopping DOS attacks from their customers. There needs to be a consistent, predictable, and workable national policy for this.
If someone calls me with threatening phone calls, I *know* it's possible to get the phone company to cooperate, track, and isolate the problem, even if it originates with another phone company. The same should be true with ISP's.
Love many, trust a few, do harm to none.
I was thinking.... if the make scripts for various stuffs included a ping... Say for example ping that Linux counter project at the end of each Linux install... perhaps they would have a more accurate representation of the number of installs, IPs, etc. You could also through in a ping or sendmail to Microsoft telling them you've found the way out!
Just a thought....
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Sometimes DoS can be a not-really-fine but very effective method of self-defense. In Germany we have a quite big problem with spam advertising dialers - little programs which redirect a w1nd0z3 box's internet dialup connection to an extremely expensive special number which is normally used for phone sex or premium services. One short connection can cost up to 900 € (that's no joke, there's no limit), and as some dialers hide well while replacing the default connection, some people got a phone bill of more than 10000 € at the end of the month.
During the second halfth of March, I got about five of these dialer spams each day. Other people got even more. The web hoster - a company selling these dialers - didn't act against any incidence of spam, the download accounts remained open for weeks regardless of any complaints. Their uplink... well, UUnet. As the discussion on the Usenet forum "de.admin.net-abuse.mail" went on, even the web hoster's boss himself joined and couldn't understand to be responsible for knowingly tolerating his customers abusing his service - of course he made a lot of money even by spamvertised dialers.
About a week ago, some spam victims were completely fed up. As the legal methods didn't work at all, the dialer should be made unavailable by distributed mass-downloading. The threat escalated in a clear message to the site maintainer - either go against your spamming customers or see your dialer being downloaded until the server blows the whistle.
The story appeared on Heise News which has a quite large reader base in Germany, to be read by lots of angry people whose inboxes were full of dialer spam. The "Heise effect" was enough for the site maintainer to become really scared - lots of DSL and broadband users started to download the dialer not only once but as often as they could. The web server became too busy to serve dialers even to people who would want it. The company selling these dialers didn't have any choice - either stop supporting spammers or have their dialer server slashdotted until it blows the whistle. Only a day later the company's boss agreed on getting rid of and seeking legal action against spamming customers.
A few days later, another spam went around, advertising a dialer hosted on an Eastern-European web server. Same game: the spam victims squeezed the dialer out of the web server as many times as possible. The site got hosed so badly that even a few hours after the spam incident, the dialer was no longer available.
As a result, if you really want to hit a spammer, DoS^H^H^H/.ing his web site - especially large files or CGI scripts - has finally proved as much more effective than blacklisting, LARTing or anything else (which still remains useful, though). Even big providers will notice a gigabyte-large traffic peak towards only one target.
Some DDOSer once cracked one of my DSL lab machines and was pinging home to his box at MIT - except it wasn't really MIT, he'd gotten the byte order wrong on his IP address somehow and was trying to phone home to Japan.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks