DDoS for Fun and Profit

First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.

For Fun and Profit?

[WIAKywbfatw]

OK, I can see how some script kiddie might think that orchestrating a DDoS attack might be fun but how would he profit from it?

Anyone?

Re:For Fun and Profit?

its all about their ego, no real life or real life issues to be compensated with non real life actions.

Re:For Fun and Profit?

[TheTomcat]

Hypothetically, say there were two major on-line auction sites. We'll call them auction.example.com and sell.example.com.

auction.example.com might want to attack sell.example.com's servers -- more business and credibility for auction.example.com (unless they get caught)

----

If, hypothetically, I run a brick-and-mortar specialty store (I sell cheese). I notice business dwindling off. I survey some of my customers and find out they're buying their Gouda from cheese.example.com. Attack the site, or the whole 'net: get customers back.

----

However, I suspect this new worm's ("Bill's Tapeworm" as I heard another slashdotter call it) DDoS payload was a side-effect and likely accidental. The worm is trying to reproduce, and the DDoS seems like an unintended payload (after all, if the work can't get to another target because of network congestion, it can't infect it (UDP packets DO get dropped in such situations)).

S

i don't get it

[pummer]

microsoft can't even secure their own servers? How can we expect their OS's to run securely on our servers?

Power.

[Second_Derivative]

Feeling of power basically. They want to be "ph33r3d" and to run DalNET (or whatever else) into the ground would make them the most powerful people on DalNET because they have power over everyone else and the network is completely at their mercy.

That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.

Re:Power.

[ez76]

That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.

As a sociological phenomenon, power-tripping is hardly limited to the Internet.

Self-destructive

[mu51c10rd]

I do not believe the people responsible for such attacks realize they are being self-destructive. The only end goal of such actions is not to increase security-mindedness in the computer world, but rather scare the normal users, the public, from ever touching the Net. Without the users, companies will be stretched to find the cash to keep up the backbone structure and I am sure it would fall apart. The media hypes anything that is detrimental to the public, including viruses, DDoS attacks, etc. This does nothing but a) scare users off the net 2) make the Net look bad to the public. So are all these kids out there pulling stunts going ahead with the goal of destroying the Net in mind? Even though that seems to be all they know? Interesting, work to destroy the only thing you know. Perhaps I should start a crusade to physically destroy computers too? My actions would teach people they do not *require* their computers to survive right? Just like taking down sites will serve to show people security vulnerabilities?

Re:hope the ddos'ers enjoy jail

[DarkKnightRadick]

You know, since 9/11/2001 it seems that every attack of any kind has been labled an act of terrorism.

Those who start these DDoS attacks are seen less like your standard fare and labled TERRORISTs. I don't see them creating terror. Perhaps we should all take a look at this definition of terrorist from Merriam Webster:

One entry found for terrorism.
Main Entry: terrorism
Pronunciation: 'ter-&r-"i-z&m
Function: noun
Date: 1795
: the systematic use of terror especially as a means of coercion
- terrorist /-&r-ist/ adjective or noun
- terroristic /"ter-&r-'is-tik/ adjective

Usama and his bunch are terrorists.

The people responsible for this attack are more akin to electronic warriors. Whether or not they are right in their methodology OR targets makes them no more and no less. Yes, they are criminals, but I really don't think any such attack against any company that experiences so many can be called a "random act of terror". It's more like a concerted effort to destroy said company.

Had they issued some sort of demand with a threat of physical violence, I'd change my opinion, but as it stands the people responsible are criminals/warriors.

Not cyberwarefare.

[Fzz]

I don't think so. The disassembled code I've seen indicates that the SQL worm only spreads fast - any problems were just due to the load it's spreading attempts generate. If it had been real cyberwarfare, I'm sure they'd have at least deleted the SQL database files on the machines they attacked.

Of course the modified version someone else now crafts that starts spreading sometime next week might actually aim to do some persistent damage, but this version didn't.

In fact, you might even regard this as a blessing in disguise. The worm spread on a Friday night/Saturday morning, when least business would be affected. As of this morning, most ISPs now have filters in place, so any follow up isn't likely to do much damage, and it will now be hard to launch a really destructive attack using this particular vulnerability in future.

- Fzz

Re:Activation servers off the net?

[escher]

This sort of thing is precisely why I will never run XP on any of my own computers. If I have to run a Windows program, it will be on Windows 2000. When new software stops supporting that platform I hope to have already switched everything over to either my Mac or Linux boxen.

ISP's fault?

[YellowElectricRat]

When will the ISPs start getting off their respecitve behinds and start doing something about this? With the broadband ISPs subnets accounting for so much of the destructive power of these DDoS attacks, they have a responsibility to at least attempt to ameliorate their impact.

It's not hard to set up simple routing rules to at least curb some of these attacks. Hell, a lot of ISPs still even route spoofed IP packets out of their networks - this is nowhere near acceptable. Realistically, there is no real application for a constant stream of ICMP traffic coming from a single node - there should at least be a maximum allocatable bandwidth for ICMP set at the ISPs gateway. Obviously UDP and TCP based floods are more difficult to manage, but throttling ICMP based floods would be a step in the right direction.

All this is IMHO, of course - users have a responsibility to secure their machines, obviously, but it's going to be a hell of a lot easier to secure a few gateways and routers than a million home PCs.

Backend?

[new-black-hand]

From http://www.msnbc.com/news/864184.asp

Within a few hours, 25,000 back-end database servers had been infected, said Oliver Friedrichs, senior manager with Symantec Corp.'s security response team.

If they where truly 'backend', they wouldnt of been infected. This is because of all those open and live MS SQL servers.

Why should one person have to own 2 computers?

[moncyb]

Are you saying he should have 2 computers when he only needs one???? Not everyone can throw around money.

The Microsoft servers are a different story. They should have lots of backup systems running because they serve millions of people. Not to mention this is caused by a security flaw they carelessly created.

This guy is hardly being hypocritical.

Re:hope the ddos'ers enjoy jail

[glwtta]

oh, I guess you haven't seen the new one:

One entry found for terrorism.
Main Entry: terrorism
Pronunciation: 'ter-&r-"i-z&m
Function: noun
Date: 2001
: any activity against which more extreme measures are desired than current law permits. commonly used to argue that due process and public debate are unwarranted in this instance.
- terrorist /-&r-ist/ adjective or noun
- terroristic /"ter-&r-'is-tik/ adjective