Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoS for Fun and Profit

Posted by ryuzaki0 on from the swamped dept.

First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.

13 of 424 comments (clear)

  1. **AA behind DALnet attacks? by Chaltek · · Score: 4, Interesting

    from the conspiracy theory dept.:
    Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.

    ~Chaltek

    1. Re:**AA behind DALnet attacks? by drinkypoo · · Score: 3, Interesting

      Personally I think that the DoS against DALnet is actually an attempt to harm efnet. See, the DALnetters are all flooding into channels on efnet. In fact since DALnet has come under fire many efnet servers have started limiting you to five (!) ban slots. FIVE! So the signal to noise ratio has gotten worse on efnet, yet we have less tools to try to solve it with.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:**AA behind DALnet attacks? by C0deM0nkey · · Score: 3, Interesting
      Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.

      If I was going to get into conspiracy theory, I'd point the finger at any of the various commercial "Messengers" (AOL Messenger, Yahoo Messenger, MSN Messenger, etc.) before I'd point at the *AA's.

      People addicted to chatting WILL pick up one of the other chat venues if IRC is not available which means more eyeballs for the ads that support those venues.

      File traders already have other means: KaZaa, et. al.

  2. Activation servers off the net? by Anonymous Coward · · Score: 5, Interesting

    This is from HardOCP.com:

    It's 2:20 CST and I'm trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can't logon without activation.

    Except, I CAN'T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)

    ** Routine maintenance **. I mean, I asked: I said

    "You don't have some little stand-alone machine that reads a DVD database so you could stand in line and do it?"

    "You don't have a couple hundred "last resort" number ranges? You can call me back tomorrow!!!"

    "There's not some guy you can go ask? Ya can't call Bill at home?"

    So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.

    But, I'm still seriously pissed. Call 'em at 888-571-2048 and try for activation.

    And let's think about the true meaning of the fact you can't release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about "routine maintenance" on the 24.7.365 activation promise...

    Well, on to the next job...

  3. Bank ATM's knocked out by Maditude · · Score: 5, Interesting

    Heh, looks like it took out a big portion of Bank of America's ATM (cash) machines!
    Link

    I can't believe that BoA has their ATM's on the internet -- anyone know more about how it got to their ATM network?

    1. Re:Bank ATM's knocked out by DAldredge · · Score: 4, Interesting

      Believe it. Bank of America can not even do realtime updating of accounts on the internet. Sometimes it takes 48 hours for CASH transaction you DO IN A BRANCH to show up.

  4. Re:i don't get it by anubi · · Score: 5, Interesting
    I think the psychology is kinda simple:

    You know how it is if you hire somebody *else* to paint your house? There is usually a heckuva lotta stuff you would have done differently because its *your* house.

    But if you paint the house yourself, it takes a heck of a lot longer than you dreamed, but it's done right - to your exact satisfaction. You know everything about it - and if anything goes wrong, you know exactly how to fix it.

    There's a big different between *yours* and *someone-else's*.

    I feel the same about OS.

    If its really not all that important, I will go with whatever gets the job done quickest.

    But, if my life or reputation depend upon it, I need to be secure in my knowledge that I know exactly what I am doing - for it is I and I alone which must take responsibility for the outcome.

    I think a lot of it is like choosing rope - if you are a shopkeeper, you may choose a rope based on its markup and profit potential, but if you are a mountain climber, you probably choose rope based on a completely different criteria.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  5. Interesting site by larien · · Score: 4, Interesting
    Well, my firewall's been getting hit with port 1434/UDP packets (>150 so far today), so I decided to have a looksee where they were coming from by doing reverse lookups on the IPs. Most seemed to be Europe (.de, .fr, .nl) and some .au, but I did notice one in... navy.mil.

    Seems the US military managed to leave an unpatched SQL server open to the world...

  6. The DALnet attacks are the real deal by g00z · · Score: 4, Interesting

    Whoever might be thinking that this is just your typical round of script kiddies attacking dalnet is dead wrong. DALnet is in more that serious trouble -- for the most part it's already dead.

    As a DALnet vetran and an op of one of the top 20 channels (#80s-cartoons), I can tell you that almost all of the major channels have now moved to other networks for good. Ever since the begining of december we had outages that would last anywhere from 4 days to a WHOLE WEEK where no one could connect to a single server in the network.

    The gaul of some people is pretty amazing. Apparently, these current DDos attacks have been orchestrated by some one (or group of people) that are holding the DALnet network ransom and are demanding that dalnet pays them X amount of money to stop the attacks. Mind you, these attacks have been going on for about 2 months now, and these people still aren't in custody of law enforcement. It just goes to show you that the only thing that seems to get the FBI involoved in computer crimes is corporate cash. I guantee you if such an attack was launched against a commercial website, the feds would snag these fools within one day; But since this is a non-profit organization, they seemingly don't give a shit.

    A lot of the big channels from DALnet have gone to EFnet. The irony in this is quite painful (Since DALnet was initaly formed by disgruntled people from EFnet trying to escape shitty service in the first place.)

    One plus about leaving DALnet on to greener pastures has been zero PM spam on the new networks at least. Well, for now.

    --
    "The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
  7. Re:DDoSing and Script Kiddies in general by JohnFluxx · · Score: 4, Interesting

    Just one quick point I forgot to make...
    Note that hardly any of viruses, worms, etc cause any real damage. Imagine the harm you could do if you really wanted. Imagine if code-red wiped the drive. Imagine if this SQL worm spread really slowly and randomly modified the SQL database. If it wasn't detected for ages, yet had slowly deteriated the database over a matter of months hence rendering backups next to worthless.

  8. Re:For Fun and Profit? by TheTomcat · · Score: 4, Interesting

    No. It's a parasite.

    Its rate of infection is so high that the DoS is caused, which in turn uses all available bandwidth, just like when a biological parasite kills the host; the parasite dies off..

    As you put it, the payload doesn't do anything but try to infect other hosts -- no syn floods, no ICMP, nothing except sending packets that could infect other servers. That's why I think the DoS was unintentional.

    S

  9. I just drank an entire pot of cold coffee by MrRudeDude · · Score: 5, Interesting

    and in addition to needing to piss and shit like crazy, I just became too paranoid to go to the bathroom.

    That set me thinking -- windows XP activation is 30 days, right ? If you don't activate, what happens in 30 days ? It demands you activate or it locks up.

    How many people when installing or starting up a new computer for the first time ignore the activation because they've got to try it out right now ? A lot. What day was 30 days ago ? December 25th. What day probably features more people opening up new computers than any other ?

    Perhaps they didn't try to attack the activation servers specifically, but simply thought of bringing down the net to stop the wave of Jan 25th activations, and got the activation servers as a lucky bonus.

  10. Re:For Fun and Profit? by paganizer · · Score: 3, Interesting

    I doubt very seriously that we have to look any further than OverPeer for the origins of this attack; according to RedTeam, this has been going on in very localized spurts since Jan 5th.
    It would make sense to me this is a RIAA sponsered thing gone wrong.

    --
    Why, yes, I AM a Pagan Libertarian.