Slashdot Mirror
DDoS for Fun and Profit
First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.
Geez, Dalnet and EFnet are beginning to sound like Apple - they're *always* "going out of business" or something like that.
Wait, the difference is that Apple is still on the net. Heh.
OK, I can see how some script kiddie might think that orchestrating a DDoS attack might be fun but how would he profit from it?
Anyone?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
from the conspiracy theory dept.:
Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.
~Chaltek
like when Apple started charging for .mac services.
I would put money on it that tommorow will be the generally fastest day of the internet all year (not saying much it's january). Everything important will be patched, and all the home pc owners that don't know jack about computers will say, "I don't want to catch that virus I heard about on the news, I better wait a day untill it dies down". Thus more bandwidth for everyone else.
leprkan...
why would they use online voting when they could simply use chad-laden punch cards??
microsoft can't even secure their own servers? How can we expect their OS's to run securely on our servers?
This is from HardOCP.com:
It's 2:20 CST and I'm trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can't logon without activation.
Except, I CAN'T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)
** Routine maintenance **. I mean, I asked: I said
"You don't have some little stand-alone machine that reads a DVD database so you could stand in line and do it?"
"You don't have a couple hundred "last resort" number ranges? You can call me back tomorrow!!!"
"There's not some guy you can go ask? Ya can't call Bill at home?"
So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.
But, I'm still seriously pissed. Call 'em at 888-571-2048 and try for activation.
And let's think about the true meaning of the fact you can't release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about "routine maintenance" on the 24.7.365 activation promise...
Well, on to the next job...
The Super Bowl will be on.
"Korean computers were cut off the net"...
Pity that they will be reconnected...
So torn...should I damn Microsoft for providing easy replicative means to fuck up the net all day, or thank them for providing the means to disable the XP activiation servers?
When your enemy is their own worst enemy, does that make them your friend?
Head...aching...
It's dated January 24. Nothing about April.
DALnet has had practically no public servers available since sometime early December, this thing is no joke.
Right. I've had enough f this crap.
/.?
But all this rage can go nowhere - you can't do anything about other people's stupidity - it's just so frustrating.
Are there any SK's reading
Reply to this, anonymously if you must, and please give me some insight into what is so amusing about destroying the hard work/livelihood of others for 0 gain on your part? I just cannot understand the motivation to do so. It's like tagging - pointless destruction of property that achieves nothing.
I guess if I thought for one second people might think about how junky most MS product offerings are, and replace them with high quality Open Source or Free software, I might see a point - but no one ever seems to.
Sigh. So. Very. Depressed.
Prisoner #655321
Does anyone ever check the dates on articles? Or the content?
Uhh...the Slashdot article on the sale of DALnet was a joke, but the DDoS attack on DALnet is very real. Actually, several IRC networks have been getting DDoSed in recent months.
Heh, looks like it took out a big portion of Bank of America's ATM (cash) machines!
Link
I can't believe that BoA has their ATM's on the internet -- anyone know more about how it got to their ATM network?
Feeling of power basically. They want to be "ph33r3d" and to run DalNET (or whatever else) into the ground would make them the most powerful people on DalNET because they have power over everyone else and the network is completely at their mercy.
That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.
I didn't get any spam today... can you guys do this DDOS thing more often? :)
I do not believe the people responsible for such attacks realize they are being self-destructive. The only end goal of such actions is not to increase security-mindedness in the computer world, but rather scare the normal users, the public, from ever touching the Net. Without the users, companies will be stretched to find the cash to keep up the backbone structure and I am sure it would fall apart. The media hypes anything that is detrimental to the public, including viruses, DDoS attacks, etc. This does nothing but a) scare users off the net 2) make the Net look bad to the public. So are all these kids out there pulling stunts going ahead with the goal of destroying the Net in mind? Even though that seems to be all they know? Interesting, work to destroy the only thing you know. Perhaps I should start a crusade to physically destroy computers too? My actions would teach people they do not *require* their computers to survive right? Just like taking down sites will serve to show people security vulnerabilities?
DDOS attacks ruin the productivity of others. Whether it is microsoft, or any other site... Many people use WindowsXP in the world, much much more than the amount who use linux, and attacking the servers ruins the productivity of many businesses who rely on windowsXP to get work done.
Sure you could say "Microsoft is wrong for HAVING this activation feature", but that is incorrect. Attacking ANY company's network is wrong, and very illegal. How would you feel if the servers you get open-source applications from were made unusable because someone attacked the network they were hosted on? This is the same thing.
I hope the people who are responsible for this attack (which is technically terrorism) are thrown in jail. It will likely be a long sentence.
Stanley Feinbaum, professional journalist and master debater! God bless the USA!
1.2 megabits per second
Your raw speed was 1156090.51 bits per second which is the same as:
Communications
1.2 megabits per second How communication devices are rated. Kilo means 1,000 and mega means 1,000,000. Examples include 56k modem and 10Mbit Ethernet
Storage
141.1 kilobytes per second The way data is measured on your hard drive and how file sharing and FTP programs measure transfer speeds. Kilo is 1,024 and mega is 1,048,576. 1MB file download 7.3 seconds The time it would take you to download a 1 megabyte file at this speed.
Rating
Compared to all connection types worldwide, yours is fantastic
Help fight continental drift.
Of course the modified version someone else now crafts that starts spreading sometime next week might actually aim to do some persistent damage, but this version didn't.
In fact, you might even regard this as a blessing in disguise. The worm spread on a Friday night/Saturday morning, when least business would be affected. As of this morning, most ISPs now have filters in place, so any follow up isn't likely to do much damage, and it will now be hard to launch a really destructive attack using this particular vulnerability in future.
- Fzz
... this would be the most interest anyone has shown in this leadership race!
When will the ISPs start getting off their respecitve behinds and start doing something about this? With the broadband ISPs subnets accounting for so much of the destructive power of these DDoS attacks, they have a responsibility to at least attempt to ameliorate their impact.
It's not hard to set up simple routing rules to at least curb some of these attacks. Hell, a lot of ISPs still even route spoofed IP packets out of their networks - this is nowhere near acceptable. Realistically, there is no real application for a constant stream of ICMP traffic coming from a single node - there should at least be a maximum allocatable bandwidth for ICMP set at the ISPs gateway. Obviously UDP and TCP based floods are more difficult to manage, but throttling ICMP based floods would be a step in the right direction.
All this is IMHO, of course - users have a responsibility to secure their machines, obviously, but it's going to be a hell of a lot easier to secure a few gateways and routers than a million home PCs.
From http://www.msnbc.com/news/864184.asp
Within a few hours, 25,000 back-end database servers had been infected, said Oliver Friedrichs, senior manager with Symantec Corp.'s security response team.
If they where truly 'backend', they wouldnt of been infected. This is because of all those open and live MS SQL servers.
Ah...it all makes sense now. So it is quite likely that the NDP online voting difficulties were caused by the MS SQL worm, since the company, Election.com, used M$ Windows 2000 as their backbone. I just wish they had announced it earlier, so that I didn't have to stare into the monitor for half an hour just waiting to vote. No conspiracy theories of right-wingers trying to sabatage the election then ;)
Which brings us to another interesting question: why didn't the NDP consider open source alternatives? Then again, they've hired Election.com to handle the whole process, so I suppose they couldn't really do much about it.
Seems the US military managed to leave an unpatched SQL server open to the world...
I guess it's good that Kevin Mitnick has started his own consulting firm. Hmmmm.
3 /0 1/20/1254218&mode=thread
http://interviews.slashdot.org/article.pl?sid=0
Let me try my first profit post:
1) Free Kevin
2) Start Consulting Firm
3) (cough... cough)
4) Profit!
Seriously - I'd hate to be Kevin Mitnick right now... There's probably 20 different gov't agencies all getting the warrants right now. "This much havoc can only come from ONE man!" Mwuwuwuwahahhahaha.
Like Teddy with an elephant gun.
Whoever might be thinking that this is just your typical round of script kiddies attacking dalnet is dead wrong. DALnet is in more that serious trouble -- for the most part it's already dead.
As a DALnet vetran and an op of one of the top 20 channels (#80s-cartoons), I can tell you that almost all of the major channels have now moved to other networks for good. Ever since the begining of december we had outages that would last anywhere from 4 days to a WHOLE WEEK where no one could connect to a single server in the network.
The gaul of some people is pretty amazing. Apparently, these current DDos attacks have been orchestrated by some one (or group of people) that are holding the DALnet network ransom and are demanding that dalnet pays them X amount of money to stop the attacks. Mind you, these attacks have been going on for about 2 months now, and these people still aren't in custody of law enforcement. It just goes to show you that the only thing that seems to get the FBI involoved in computer crimes is corporate cash. I guantee you if such an attack was launched against a commercial website, the feds would snag these fools within one day; But since this is a non-profit organization, they seemingly don't give a shit.
A lot of the big channels from DALnet have gone to EFnet. The irony in this is quite painful (Since DALnet was initaly formed by disgruntled people from EFnet trying to escape shitty service in the first place.)
One plus about leaving DALnet on to greener pastures has been zero PM spam on the new networks at least. Well, for now.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
I don't like that one of the linked articles suggests an end of IRC. Any server can be DDoS'd and there's nothing that makes IRC more vulnerable than any other service being provided. In general, the IP addresses of hubs are hidden from ordinary users, the the worst damage that can be done is taking some client servers offline.
/links. There's now a +x mode which if a user is logged into X/W, hides the user's host.
Yes, the kiddies get large botnets, but that doesn't mean they win. There were times a few years ago that most EFnet servers were offline for days, and that EFnet logs many servers during that time. But the kiddies were never able to destroy the network, and it's come back stronger than ever. If anything, the kiddies didn't hurt the network, they made it better. There's a chanfix, inspired by the attacks, to restore opless and some taken-over channels. This goes a long way to preventing attacks. Most of the EFnet attacks were motivated by channel disputes.
Undernet has hid which server a user is connected to and has disabled commends such as
Where I'm going with this is the best IRC networks generally survive the attacks and are stronger in the end. I don't think an attack on Dalnet is the end of IRC.
While I'm no expert on this, as a longtime user of IRC, in the past couple years I've seen a huge rise in the number of users who send you a website to visit upon joining a channel. Some networks take the steps of helping these users remove the trojan, or removing them from the network. On the other hand, some networks do nothing to solve these problems. If these are the same trojans that provide DDoS bots, opers could be doing a lot more to track down and solve the problems. I, for one, often report these to EFnet opers, and the opers are almost always quick to remove the user from the network.
What's my point in all of this? With some common sense, some coding skills, and opers who are willing to help, a network can solve a lot of its problems. If EFnet and Undernet managed to overcome DDoS attacks many times in the past, one wonders why Dalnet wasn't able to.
And the end of Dalnet doesn't mean the end of IRC. Other networks are better prepared to deal with this sort of thing, and can survive much more than Dalnet has. While the article raises valid concerns, it's written from the standpoint of someone who doesn't seem to know much about other networks.
Anyway, I hope Dalnet doesn't just cease to exist. Somehow I doubt it will, though.
ident is -almost- useless; it proves that at least someone has a reasonable degree of control over the box.
Two cases where requiring ident is actually helpful; there's thousands of open proxies which can be used to connect to IRC servers, but most of them aren't running ident. Also it's not too hard to get a non-priviledged shell on an awful lot of webservers, most of which aren't running ident. It's a lot harder to get root and enable ident in both these cases, so by requiring ident you cut down the size of Joe Random Skriptkiddie's botnet rather sharply.
455fe10422ca29c4933f95052b792ab2
Are you saying he should have 2 computers when he only needs one???? Not everyone can throw around money.
The Microsoft servers are a different story. They should have lots of backup systems running because they serve millions of people. Not to mention this is caused by a security flaw they carelessly created.
This guy is hardly being hypocritical.
Unless, of course, he did the install 30 days ago, and waited to install NOW. Point is, this really doesn't matter, and this guy can kiss my ass -- "I gotta stop my project for some unknown length of time" sounds like the lamest excuse I've ever heard. Maybe he's gotta make a run to Krispy Kreme. Regardless, XP allows you 30 days grace (beta versions 14 days).
Well, I can see why Bruce Perens added you to his foes list.
The 30-day grace is for an initial install. For hardware changes the rules are different:
Source: Service Pack 1 Changes to Product Activation. So apparently the guy had the nerve to install new hardware on an XP system that didn't have this service pack applied.
The take home lesson here: until the activation servers come back up, you should not install any new hardware on an XP system or your machine will be rendered inoperable. Unless you've installed SP1 first. In that case you can install your new hardware and cross your fingers that the MS activation servers are back up within 72 hours.
There have been at least two, possibly three or four, occasions where DALnet just shut down completely for a period of at least a few days (this latest one being in the range of like a week). After the first "big" DALnet shut-down, it seems a lot of channels moved to other networks; most of these channels have even gained numbers. Seems even if DALnet does return, a lot of the channels that left it will stay on their new-found networks. The few anime channels that came back to DALnet are very slowly gaining back their numbers, but they're nowhere near the levels they used to be. As of right now, the highest count is 51 users, which is really low for a DALnet anime channel. Highest warez channel count is 68, which is also really low for a DALnet warez channel. And even the MP3 channels, which probably were some of the biggest channels on DALnet, have lost major numbers. I seem to remember them being in the area of like 600+; current count is 166. So yeah, DALnet has really been taking it in the ass.
General consensus around the parts i hang out seems to be that losing DALnet wouldn't be such a bad thing. We'd all move our channels to other networks, and be done with it. Chat channels would really love EsperNet or IRCnet, and warez/MP3/ISO/PlayStation/etc. channels have a half-dozen networks to choose from, most notably EFnet (though i despise it). Anime channels would thrive on Aniverse. DALnet was great, but, unless things see a really dramatic improvement, i think there are many that would agree that it needs to be put out of its misery as soon as possible.
What has made this all really lame has been the fact that DALnet hasn't really said anything about this. Their eZine (the DALnetizen) has truly been the opposite of helpful throughout this whole ordeal. It seemed as though DAL was almost oblivious to what was happening. There would be a paragraph about Christmas, a paragraph about the benefits of PHP, a paragraph about poems, a paragraph about some new op or something, and then tucked away in a little corner would be a little sentence or two along the lines of "ps dalnet si getitng ddosed pls bare w/ us thx". After this most recent attack, however, they've started to get their act together a bit, and have posted a lot more information regarding the situation. Information can really be helpful to their users, if they want to keep them.
Also not helping the situation are rumours(?) to the effect that the DALnet administration has resorted to childish finger-pointing, and have pretty much detached themselves from each other. DALnet isn't really doing a very good job of assuring its user base that it'll be alright. :/ Hopefully, if DALnet is to survive, this will be remedied.
And, finally, the biggest blow to DALnet has been the de-linking of several of its (best) servers. Almost all of the "good" servers, the ones that everyone had as their first picks, have disappeared. Even the "fall-back" servers seem to be gone. Evidently DALnet is picking up a few new (or renamed, maybe, i can't be sure myself) servers, even in light of the attacks, however.
So DALnet's fate is really unknown. No one can be sure, but for now it's functioning, at least in the sense that it has the ability to carry users. Who knows, though, it could be down again tomorrow.
So, I did the thing any self-respecting geek would do. I download OpenOffice.org, and uninstalled Office XP. So, as you can see, software activation is a good thing for open source software, as it drives users like myself away from MS products. ;)
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
So you gotta be a capitalist before the FBI will help find out who is attacking them ? That doesn't sound right. The FBI helped ETG back in August. Before this issue, I didn't realize ETG was a cash cow capitalist.
What if the FBI is letting the Entertainment Industry do this on purpose, to one by one destroy all the warez swapping networks/mediums. As all the people migrate to the other networks, it is very easy for both the FBI & the Entertainment Industry to join in (pose as swappers) and start keeping track of who is swapping what, and eventually bust the bigger fishes.
Of course, I did eat green eggs and ham this morning, so my view of the real world is slightly distorted today.
Uhh...the Slashdot article on the sale of DALnet was a joke, but the DDoS attack on DALnet is very real. Actually, several IRC networks have been getting DDoSed in recent months.
The (new) article referenced in this article's initial post describes, not a DDoS attack on the IRC server, but a use of the IRC server as a control point for a DDoS attack on something else. (The "bots" - infected machines - connect to the IRC server and lurk on the channel for their master to give them orders.)
So perhaps the DDoSing of DALnet and/or other IRC servers is not an attempt to take out the servers themselves, but a side-effect of the progeny of a particularly fecund worm "phoning home" to ask for futher orders.
And perhps those trying to track down the authors of the worms will soon be bugging the worms' favorite IRC servers in the hopes of tracing the perpetrator when he finally logs in to give 'em marching orders.
(A marching army of worms. What an image. Something like an angry horde of bananna slugs on pogo sticks.
Worse yet would be an attempt to shut down IRC servers in general. Of course this wouldn't stop the worms, as the authors would quickly switch to another method of controlling them. So it would just eliminate another Internet tool without having any perceptable benefits.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
However, I suspect this new worm's ("Bill's Tapeworm" as I heard another slashdotter call it) DDoS payload was a side-effect and likely accidental.
/., I'm sure someone will "correct" me even if I'm right).
Perhaps the worm was really just trying to replicate itself and not meaning to do any damage yet...because that comes later.
Does anyone know if this worm offers its creators a way to do damage later? Maybe the goal last night was to infect a bunch of servers that would be put to use in a more permanently damaging way later on. After all, the slowdowns last night lasted mere hours and served only to make sysadmins sit up and take notice, and improve security--maybe the slowdowns were completely unintentional and unexpected. Mayhaps the ultimate goal was to use the worm to destroy the records in the databases, rather than just take out the databases temporarily.
I don't know, maybe some people get a kick out of an attack that gets lots of press but has no lasting effect--but it seems more logical to me to assume that the perp was going for a more permanent slowdown/loss of data.
Remember that the attack only affected MS servers, and MS has plenty of enemies. If the attack had wiped out the transaction, inventory and employee records of thousands of companies, people might actually think twice about using MS products in the future.
I'm not terribly knowledgable about these things and don't know if the worm could have been put to such a use had it managed to go unnoticed last night, so correct me if I'm wrong on that (though this being
I found the meaning of life the other day, but I had write-only access.
Your lack of understanding of the dozens of people that make the entire DALnet experience possible is amazing. You seem to think that DALnet just materialized out of thin air, and if it doesnt serve your purpose properly that it should be 'put out of its misery'. Well, guess what, DALnet will never just die off - because for some of us, its played more of a role in our lives than somewhere to trade porn. I can easily say that I would not be where I am emotionally, career-wise, and romatically if it wasnt for the role DALnet placed for me. And I'll continue to fight tooth and nail to make sure that medium exists to change someone elses' life.
Many stores, including Holt Renfrew, were unable to process credit card, credit, debit, or any other forms of electronic transactions today due to their central database being down. When will they learn?
14. exclusion of incidental, consequential
and certain other damages. to the maximum
extent permitted by applicable law, in no
event shall microsoft or its suppliers be
liable for any special, incidental, indirect,
or consequential damages whatsoever
(including, but not limited to, damages for
loss of profits or confidential or other
information, for business interruption, for
personal injury, for loss of privacy, for
failure to meet any duty including of good
faith or of reasonable care, for negligence,
and for any other pecuniary or other loss
whatsoever) arising out of or in any way
related to the use of or inability to use the
product, the provision of or failure to
provide support services, or otherwise under
or in connection with any provision of this
eula, even in the event of the fault, tort
(including negligence), strict liability,
breach of contract or breach of warranty of
microsoft or any supplier, and even if
microsoft or any supplier has been advised of
the possibility of such damages.
(tr [a-z] [A-Z] to read this in MS's original 'too-lame for slashdot' form..)
455fe10422ca29c4933f95052b792ab2
For those who don't know, in Canada we still use a pen and paper voting system -- not even punch cards. This vote was specifically for the leader of a political party, so I believe it was run by the party, not by Elections Canada. For me, these problems are evidence that we should stick with our proven voting methods until we're much more confident in electronic voting systems (if ever).
"I have never let my schooling interfere with my education." - Mark Twain
I don't agree or disagree with you, but say some free open source linux product being worked on by volunteers allowed the same sort of problem to happen. Who would you suggest should then be liable?
Isn't this kind of like blaming firearm manufacturers for a murder when some dirtbag kills someone?
What about auto manufacturers that build cars that can be stolen? Should they be liable when someone steals the car when it could have been protected by requiring the owner of the vehical to punch in a 47 digit code to operate it?
Or has no one checked things out there lately?
From the DALnet server I'm on at the moment:
There are 625 users and 17700 invisible on 22 servers
All I want is a kind word, a warm bed and unlimited power.
and in addition to needing to piss and shit like crazy, I just became too paranoid to go to the bathroom.
That set me thinking -- windows XP activation is 30 days, right ? If you don't activate, what happens in 30 days ? It demands you activate or it locks up.
How many people when installing or starting up a new computer for the first time ignore the activation because they've got to try it out right now ? A lot. What day was 30 days ago ? December 25th. What day probably features more people opening up new computers than any other ?
Perhaps they didn't try to attack the activation servers specifically, but simply thought of bringing down the net to stop the wave of Jan 25th activations, and got the activation servers as a lucky bonus.
This morning, I burned my last two CDROMs into coasters and needed to get more...so I headed over to the bookstore on the college campus near my apartment, figuring that even if I had to pay a little more for one or two CDROMs there, it would be less bother than driving across town to Best Buy. I arrived at opening time...to find the bookstore completely dark. I knocked on the door, and one of the student workers came out and explained that the university had taken all its computers off-line today because of a "big computer virus attack" that hit last night. "You might see something about it in the news," said worker said sagely. "It was world-wide." And so the bookstore was closed. And they couldn't sell me a single CD-ROM.
I ended up going up the street to Walgreen's and getting a 10-pack there...for probably what 2 or 3 blank CDROMs would have run me at the campus bookstore, so I suppose I can't really complain too much that university stupidity saved me some money. It was extremely annoying at the time, though.
Editor Emeritus and Senior Writer, TeleRead.org
ABC didn't even mention microsoft in their report.
CBS only mentioned the specifics at the very last of their report.
from the article "But this patch required manual editing of critical system files, something many administrators just aren't comfortable doing. "
WTF!!
What administrator doesnt feel comfortable configuring their fucking network/system!?@
what a joke...