Slashdot Mirror
New Low Bandwidth Denial of Service Attacks
An anonymous reader writes "A paper from Rice University
appearing at the
2003 ACM Sigcomm Conference presents a new denial of service
attack where the attacker only needs to send at a low rate
to shutdown TCP flows. The trick exploits the retransmission timeout
mechanism in TCP. By sending small bursts of packets at just the right
frequency, the attacker can cause all TCP flows sharing a bottleneck
link to simultaneously stop indefinitely. And because the attacker
only needs to burst periodically, the attacker will not be
distinguishable from normal hosts. The presentation, and other
presentations from the conference, are available online (live
streaming)."
When I read the title, I imagined a hoard of old geezers, using walkers, coming at me with sticks... but seriously, I don't see how this type of attack could prove as unstoppable or undetectable as claimed; I'm not particularly briefed with the mechanics of Retransmission Time Out, but can the mechanism not be tweaked to avoid these types of attacks without sacrificing all of its benefit?
Yay, finally there's use for my trustworthy 2400bod modem :D
Ever heard of...Slashdot?
My God, another TCP exploit? This will all end when Microsoft releases their own TCP replacement.
I wonder if this had anything to do with the "coordinated DDOS" that SCO was experiencing the last couple of days? The one ESR was referring to and supposedly convinced someone to stop doing.
/.
Damn sneaky way to get another SCO story on to
Learning HOW to think is more important than learning WHAT to think.
This is a tough paper to read. It's going to be a long time before an "Insightful" post.
are available online (live streaming).
This guy is an amateur, wait until he feels the slashdot effect on his server. His next presentation will be entitled, how to knock down any server by just posting an article.
My other OS is the MCP!
1K of data dumped onto the Net from a dialup line moves pretty fast. In fact, it moves just as fast as one from a cable modem.
From all the links in the article, it is not clear where I can read about this. I don't have time to watch a streaming video but would like to find out more about this.
Best wishes
James
This article is just another nail in the coffin for IPv4. Look through the history of bugs, design flaws, and poor implementations in and of the infamous IPv4 stack. It's no coincidence that it was first developed at the same place BSD was, and again, no coincidence that it comes from the same place LSD did.
It's time to do away with IPv4 flaws and insecurity and migrate to IPv6. Slashdotters know it. Savvy internet professionals know it. IPv4 doesn't have a future on this planet anymore than dinosaurs do. Take a look at netcraft statistics to see current IPv6 host information to see it's current growth rate. It doesn't take a genius to see that is now is a better time than any to migrate our machines to IPv6 and do away with the train-wreck that is IPv4 forever.
IPv4: Slow. Expensive. Crappy. Pick any two.
I'm sure a bunch of companies who get hacked by this will sue Rice University and or whoever wrote this paper.
Maybe we will see Microsoft do this, they like to sue the little guy.
If you use Linux, please help development of Autopac
I'm pretty certain that my firewall would flag the bursts. If not, seems a simple rule or two would suffice to flag them. I'd like to see this in action. I suspect that it is pretty lame and easily detected.
My guess is that by Friday night, the kiddies will have thousands of these going. So, I guess I can do see for myself tomorrow.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
Actually the paper address defense mechanisms, such as randomly varying the time out interval, but it turns out that the performance lost in TCP efficiently nulls any benefits. Interesting paaper.
This is a duplicate storyfrom a looonnnng time ago. May 31 as a matter of fact. This means something considering the amount brain cells I kill with liquor everyday.
from the Michael is a crybaby dept.
Comment removed based on user account deletion
Then, I downloaded the
Here's a sample:And that's one of the more lucid sentences.
Anyone who would be able to put together an actual attack from this paper probably has enough education to get a real job -- something that doesn't go well with writing malware on the side.
Of course, now that the paper's being discussed on Slashdot, all bets are off!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Good grief, they are giving instructions for how to DoS people! Arrest them using the DMCA! QUICK, BEFORE THE CAT IS OUT OF THE BAG!
ASCII stupid question, get a stupid ANSI
a step-by-step recipe on how to screw up the internet even worse. I thought common sense dictated that you don't release documentation of a vulnerability until there is a fix available for it. I know security by obscurity doesn't work, but in the case of fundamental flaws in the TCP architecture... well, I'd rather the script kiddies find out about it later rather than sooner. Aren't we overdue for a TCP replacement anyway? One that supports sequenced packets as well as byte streams, and one that allows windows that scale to gigabyte sizes (yes, I know there's already a window scaling kluge). Do we even have a good defense against syn-floods yet? Seems like the only way of fixing the problems would be to add an unspoofable signature to ever packet so we can be certain where it came from, but this would add serious packet overhead... perhaps you could make the packet size much larger to compensate. (Will terabit ethernet still use a 1496 byte maximum packet size? How long a preamble does it need at that bit rate?)
"Freedom means freedom for everybody" -- Dick Cheney
[Scene: SCO Group, Utah. Where a "coordinated DDOS" is just beginning..]
[SUIT 1] Uh, hey, uh.. this one computer here.. it's like the webserver or something?
[SUIT 2] Yeah, I think, why?
[SUIT 1] Well, none of the lights on it are on.. that's.. hm.
[SUIT 2] Oh, yeah, hey, look at that, someone seems to have tripped over the cord and unplugged it. [[Switches it back on]]
[SUIT 1] Huh.. um.. it doesn't seem to have started up all the way. It's saying something about "fsck" and asking for a password. What does that mean?
[SUIT 2] Hm, not sure.
[SUIT 1] Well.. could we get one of the linux guys to come and reboot it? Or something?
[SUIT 2] Well, we fired all of the linux guys so that we could concentrate all our resources on the lawsuit.
[SUIT 1] Uh.. shit! Well, I guess I better figure something out.. hmm
[[ Two days later, after two days of phone calls, SUIT 1 finally finds an INDEPENDENT CONTRACTOR who doesn't just laugh and hang up on him when he says he wants them to come fix a linux server. INDEPENDENT CONTRACTOR starts the linux server up all the way and charges a great deal of money. "Coordinated DDOS" thus ends. ]]
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Gzipped Postscript file
-- Grow up and use mutt.
Comment removed based on user account deletion
Anyone who is actually old enough to have used one of these would certainly know how to spell it correctly.
I call faker! You are just trying to pretend you are some 31337 old geek when you probably have never used anything slower than a DSL line.
Now get out of here before I whip ya with this here cable with BNC connectors.
My beliefs do not require that you agree with them.
Ever hear of Pearl Harbor? Or maybe the White House burning in the War of 1812?
Not to rain on the parade here, but I thought there were a number of more interesting papers from sigcomm this year. Namely:
- Peer-to-Peer Information Retrieval Using Self-Organizing Semantic Overlay Networks
- Quantum Cryptography in Practice
- Making Gnutella-like P2P Systems Scalable
Just some more food for thought....
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
Comment removed based on user account deletion
Back in my days as a satellite network controller for the Army it was common knowledge all it takes to saturate the whole frequency range for the commo payload is a nice 75Khz spike (enough carrier for a FM orderwire signal). People would argue it could not be done since we pretty much owned the 7.25->8.4 GHZ spectrum, but it worked pretty damn well. This is the equivalent of saturating a T1 with a 14.4 modem.
Pedro
----
The Insomniac Coder
I call to all arms-bearing full-bloodied americans to rush home, take their trusty shotguuns, and relentlessly hunt down spammers until the last one is gutted and stuffed and put on display in the Smithsonian!!!
well, i've got a good excuse. my native language is not english :p
In my vague understanding of TCP, I thought that the retry timers were supposed to have a random element to them. In fact, some systems talk of using cryptographic random sources so that the delays aren't predictible.
If that isn't the case in implementations, it would seem to be implementation error, not really a fault with the protocol itself.
Wrong. That's a different paper.
--
Error 500: Internal sig error
It seems to me that the solution is to have a variable RTO... Kinda like when LaForge had to continually modulate the shield frquency to keep the borg from adapting. :-)
Nothing to see here. Move along.
I can't find any reference in the article to support your statement that it only impacts multicast TCP (not saying it isn't there, just that I couldn't find it). Can you provide a reference quote/page. Thanks
In my day, we had to get at 2:00am, clean the road with our tongues, crawl to work on broken glass and when we got there, we had to work with 6 baud modems that were powered by rabid hamsters. And we were glad for them.
"baud" is named after J.M.E. Baudot who was French. more info
Like Microsoft (May Billy Gates live forever) says, "If nobody does any research on it, nobody'll know it exists, right?"
That was totally irresponsible. They should have not released theat information, and promptly committed Hari-Kiri so the information would never be uttered again on the face of the earth.
How do you spell "Baud" in your native language then?
If you had read the article, you'd know this problem is related to a TCP feature, not IP. In fact it's related to multi-casting which will most likely still be a feature once IPv6 comes around...
it's wasn't spelled differently in other countries... nice try...
:-) That is a good excuse. Oh, but wait, I don't think Baudot was a native speaker of English speaker either.....
now I got a reason to get dial up again :) forget broadband. Get a 14.4 modem with a 486 and you got a DDOS machine. Forget spreading worms to use for DDOS attacks, just run a room full of 486's on dial up :P
i love how some fucking idiot without any actual education in the field of computer science can question the results of a paper he couldn't possibly understand - very amusing. go get a degree, then we'll talk fucktard.
On the other hand, being that it was part of his last name he did have somewhat better of a chance of spelling it properly.
Haven't you ever seen any of those old cheezy horror movies where the zombies walk so slowly with arms outstretched towards their victims, but still manage to kill plenty of them?
Roman Semaphore
Indian Smoke
etc.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
It's not a dup. You should read more closely. The titles are similar. The methods are unrelated.
Be nice, or I'll strangle you with a piece of this thicknet cable.
Sideshow Bob steals the Wright Bro's first airplane in an attempt to flee, the government scrambles Harriers.
<snip> A pair of Harrier fly past them, and one pilot says, "Prepare to engage enemy." Unfortunately, they just speed right past Sideshow Bob. "Bogey's airspeed not sufficient for intercept. Suggest we get out and walk. We now see a very slow chase going on. The Wright Brothers' plane is being followed by two walking pilots, a squad car, an army jeep a tank, and the Simpsons </snip>
(I actually use cable or a T1 depending on where I am) However, were I to use a modem, I'd still be using 2400 baud.
baud is essentially the number of samples per second, and that hasn't risen since the release of the old 2400 baud modem. What makes things like 56K possible is how many distinct pieces of data can be extracted out of each sample, such as changes in frequency, amplitude, or phase shifts.
And yes, my first modem was a real 2400 baud in '93.
I had to hammer the wire out of rusty nails, break the necks off of beer bottles for insulators, string the wire, build modems out of 12AU7 and 6J6 tubes, and have it all running before dawn. And we were glad for them.
"Eve of Destruction", it's not just for old hippies anymore...
whilst pretending to ignore the rest/worst of it.
keeping your head in the ?pr? ?firm? scriptdead sillysand, whilst possibly affording won a false sense of 'security'/non-involvement, doesn't help/could cause US more harm.
nobody misses timmy, nor will they miss you/US.
you best hope to God that we're allowed to elect somebody of our choosing, if there's another 'election'.
Well, in Russian "baud" is spelled as "bod" (with cyrillic letters of course). All Latin alphabet based languages seem to have it as "baud" or a similar form (the ones I checked are German, Finnish, Swedish, Italian, French).
insert
Dialup users are waiting for Baudot joke here.
Oh yea, that's also the reason why we differentiate between 2004 'baud' and 56Kbps. One is for samples per second, other is for (thousands of) bits per second.
After a quick glance at it, the only insightful thing I can think of is that since this is just a TCP based attack, you could start doing it on any connection that is going to have ongoing TCP traffic.
For example: SMTP traffic.
To be more specific, let's take the example of somebody you don't like (We'll call them Mr. Spammer for now) initiates a TCP connection to you, on some random port (let's pick port 25) You watch the traffic, and once you determine that the traffic is coming from Mr. Spammer, you initiate the attack using the existing TCP connection.
This would be a good tarpit for not only slowing him down, but stopping that open relay or paid-for client machine.
Nathan Brazil?
You'd have to say it with an American accent. "Bod" would come out more like "bawd" so you can see where the kids would get confused. Any English dialect that can't distiguish between "Body" and "Bawdy" needs some serious looking at.
Paper Today
Proof of Concept by Monday
Script Kiddies Version by Thursday
Internet dies on Friday
All back to normal Monday
Rus
Cheap UK and US VPS
And BNC stands for? ...
By the time you click the link it will timeout and you will have just engaged in one of those low bandwidth DDOS aatacks.
Of course, none of this is real, and time is just an illusion that keeps everything from happening at once.
Heh, heh
All Ad hominem replies happily ignored as the sender shall be deemed to lack the faculties to comprehend the equation.
Liquor?! I don't even know her! Ha!
I'm retarded.
Bayonet nut coupler
Or Banana nut coupler
No sir I dont like it.
...resonance frequency.
By sending small bursts of packets at just the right frequency, the attacker can cause all TCP flows sharing a bottleneck link to simultaneously stop indefinitely.
Yeah, well in soviet russia, the alphabet spells YOU.
Essentially this says that all you do is to continually convince TCP that the 'pipe' is full of information and to take counter measures.
TCP will do this with a preset procedure that was designed to elminate deadlock situation. The problem occurs when everytime the TCP stack trys to resend the information, you can fool it by filling the 'pipe' again. As long as you know when the TCP stack will retry again, you can continue this over and over. Because it does not take a lot of information to fill the 'pipe' for the short time that TCP attempts to resend, you can have a low bandwidth attack.
Holy crap I remember when I finally got a 2400 baud modem after suffering with a 300 baud "brick" modem for a couple of years. It was like the Renaissance. All of a sudden I could actually send and receive files faster than I could type them by hand!
Mod Parent up to 5 so CLEVER NICK NAME will see it
Here you go you smartass. Good luck DOSing me you l33t wannabe. My firewall can kick your ass any day. 64.215.164.93
You'd better duck, these vampire taps can be nasty when they hit yea square in the noggin!
What if it is just turtles all the way down?
Actually, modems stopped increasing in baud at 9600 (I'm almost sure). Baud tells you how many signal changes happen in a second. With compression and other techniques, we can actually transmitt more than 1 bit/baud these days.
It sounds like something that could easily be engineered around, not a serious threat to the Internet. Eric http://www.mp2kmag.com
http://www.mp2kmag.com
In the latest Lovsan.* worm outbreak, the worm was programmed to generate a DDoS attack to www.windowsupdate.com, only the attack was not very successful because that domain was just a means of redirection to the real Windows Update site (windowsupdate.microsoft.com), so Microsoft just shut it down and avoided any harm.
But with this low-bandwidth exploit, which I believe is actually not a new idea, since IE uses a tricky method to increase speed by leaving persistent connections until they time out that could be exploited, now a worm can potentially DoS any website, even dynamically selecting the target from the users' IE favorites and performing the attack very quickly (maybe in a matter of hours) without having to rely it on being a widespread, coordinated DDoS or what the target OS/Server is.
The paper even claims that in order to protect a server from this type of attack you'd need to sacrifice a good deal of performance, which in most cases is not acceptable so many people can't really afford to implement defenses. Either a clever workaround is made for this exploit, or we have tough times ahead from worm outbreaks and script kiddies.
- Otaku no naka no otaku, otaking da!!!
I am no faker.
I had to reinstall the drivers to my acoustic modem, which were thankfully backed-up on my 8inch floppy disk.
Now I am ready for an old sk00l DOS attack.
I used to use a 300 baud modem back in the day, Man, i swore that it was so slow that a properly trained human could communicate with the damn thing.
I know you were offtopic and everything, but I would rather that someone (Bush or Gore or Nader or whomever) who was elected to our highest office would have the morality and intelligence to realize that killing McVeigh was letting him off easy and by locking him in a little box until he either killed himself or died of old age would be a much more suitable punishment than using the death penalty to preemptively end his physical existence. I can keep hoping.
Fnord.sig
BNC is used for linksys wi-fi adaptors (well reverse polarity at least) so us new 1337 wi-fi wardrivers use em too, old geazer my butt
come comment on the madness at http://slashdot.org/~phreak03/journal/
That's the wrong link the correct link is here.
At least a few people are already confused by this and think the attack is only for multicast group subscription (the paper the parent links to).
As a Californian, I take exception to that statement.
And as a pedantic ass, I state that "any sentence challenging English usage or pronunciation that ends in a preposition needs revisiting."
And as a victim of Murphy, I don't doubt that someone will find grammatical errors in this posting.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
This does not appear to be true. :j
I think you've been mislead by a previously posted bad link. Look at the correct paper here.
you wear panties?
lets play starwars! you're the princess!
"The most looniest, zaniest, spontaneous, sporadic Impulsive thinker, compulsive drinker, addict"
Either barrel nut connector
:)
or british navy connector
the dang thing is so old, that nobody knows for sure which one
But then again, this was '91 man! All the good shit had been done back in the 80's and there was nothing left to crack! BB don't work nomore! (an aside: I really & truely boxed ONCE. And I got the wrong fucking number. Never could repeat it)
ne1 got any virgin cc's?
Shutdown as much as the Internet as possible for a whole month, and THEN *claim* it's the fault of virus writers, spammers, SCO suits and other informatics evil-doers.
I know it looks like a simplistic approach, but just think of the socio/psychological impact on teh above-mentionned scapegoats.
Denial of Service via Algorithmic Complexity
dupe
Dupe!
DUPE!!!
Posted by michael on Sunday June 01, @12:56AM from the advanced-topics dept. dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."
so? Does this have real relavance?
No.
Bloody Not Coming off
Want to see every step I took to start my company? http://www.rowdylabs.com/blogs/pitchtothegods
wouldnt that be more useful as some sort of bludgeoning device?
turn up the jukebox and tell me a lie
Hell yeah, and when I started out, the only way to transfer a file to a floppy disk was with a paperclip and a magnet!
Thanks for pointing out that this has nothing to do with IP. The SCO lawyers can relax now...
"And because the attacker only needs to burst periodically, the attacker will not be distinguishable from normal hosts."
Except for the bursts of traffic from the same host at a certain frequency.
Did the other people not read the first line of the abstract ?
Group subscription is a useful mechanism for multicast congestion control: RLM, RLC, FLID-DL, and WEBRC form a promising line of multi-group protocols where receivers provide no feedback to the sender but control congestion via group membership regulation. Unfortunately, the group subscription mechanism also offers receivers an opportunity to elicit self-beneficial bandwidth allocations. In particular, a misbehaving receiver can ignore guidelines for group subscription and choose an unfairly high subscription level in a multi-group multicast session. This poses a serious threat to fairness of bandwidth allocation. In this paper, we present the first solution for the problem of inflated subscription. Our design guards access to multicast groups with dynamic keys and consists of two independent components: DELTA (Distribution of ELigibility To Access) a novel method for in-band distribution of group keys to receivers that are eligible to access the groups according to the congestion control protocol, and SIGMA (Secure Internet Group Management Architecture) a generic architecture for key-based group access at edge routers.
In Soviet America the banks rob you!
How about using "and" to begin a sentence?
You can use a modem to post a slashdot article with a link to the target computer...
Sorry, the link referred me to the wrong paper. So the grandparent IS mistaken, and I was too. Here is the abstract for the real paper.
Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP's congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a wellknown vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission time-out mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. More-over, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized time-out mechanisms to thwart such low-rate DoS attacks.
In Soviet America the banks rob you!
Since it requires accurate timing.
a) Even if the average bandwidth is low, the attacker will still need the ability to burst those peaks. Remember that in most cases, we pay for peak bandwidth and not average bandwidth. A 56k modem likely won't be able to perform one of these DoS attacks because it doesn't have the peak b/w capability.
b) The more hops you are away from your target, the more your peaks will get spread out and averaged. Keep in mind that most cable modem head-ends and the cable modems themselves have REALLY long packet queues. This is why upstream saturation is such a problem for cable modems. You can burst all you want, if you're DoSing from a cable modem it'll be averaged out and/or the timing completely FUBARed by the time the packets leave your neighborhood.
retrorocket.o not found, launch anyway?
http://englishplus.com/grammar/00000195.htm
:-)
The "never-end-in-a-preposition-rule" is essentially absurd. I've read better texts explaining the origin and absurdity better, but that's the best one I could find on short notice.
Murphy strikes again.
-Rob
-Rob Ewaschuk
Considering that you're merely an elitist bitch from the Northeast, I suggest that you stretch your ass out like goatse and... well... 'open' yourself to a new way of saying things.
Yes, because everything is now an us vs them mentality.
Jeesh lets just have a race between Linus, Steve and Bill! Which fattie would win?
Damn Zealots.
"When I read the title, I imagined a hoard of old geezers, using walkers, coming at me with sticks..."
Of course. Old Age and Treachery ALWAYS overcome Youth and Skill.
Now get out of here before I whip ya with this here cable with BNC connectors.
For 1337-speakers that may have never seen those... they were big pieces of METAL on the ends of network cables.
none of those sissy plastic phone-jack "snagless" wires in the olds days. These things were physically keyed. If you tugged on the cable hard enough, the thing you were most likely to do was pull the wire out of the connector. If that didn't happen, then you're probably dragging your computer along the floor.
While I'm being silly about network cables... where the fuck did snagless connectors come from and why are they a good thing? As my arthritis gets progressively worse, I find myself loathing those things more and more.
I am disrespectful to dirt! Can you see that I am serious?!
Sure. All you need to do is rotate the shield frequencies.
Four fifths of all our troubles in this life would disappear if we would just sit down and keep still. -C. Coolidge
Comment removed based on user account deletion
"By sending small bursts of packets at just the right frequency...."
That's not a problem. All you have to do is periodically adjust your shield harmonics to keep the attacker from adapting quickly enough to do any harm.
I hearby have renamed my "2400 baud modem" to "2400 freedom connection device"
my guess is it's a weird holdover of the days when CS was considered the domain of mathematics departments.
:D
that, or CS people deciding to add even more jargon to otherwise perfectly comprehensible sentences.
ed
Bonus Points!!
Unlimited growth == Cancer.
Yeah, your mom's. The crotchless ones make good tanktops.
Tempting to mod that down, but instead I'll reply with a correction.
This is the correct paper:
Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants)
This is the abstract you read:
Robustness to Inflated Subscription in Multicast Congestion Control
These are separate papers by different authors. The TCP DoS does not involve Multicast.
I've always wondered what that was for.
My amazing wife - Artist, Author, Philosopher - Laurie M
Comment removed based on user account deletion
No. Modems stopped increasing in baud at 2400, and then used various encoding methods (trellis, QAM, etc.) to squeeze more than 1 bit/baud. A 9600 bps modem, for instance, averages 4 bits/baud.
Well. Almost.
Better quality phone lines can support >2400 baud, but not by much. A 28800 bps connection is running at 3429 baud IIRC, and varying line conditions will reduce that baud rate, thus reducing your effective bps.
Compression is on top of all of this. It's an entirely different issue, and if you transfer straight text over a 28.8k modem you can get considerably more than 28.8kbps out of the modem.
You got the broad stuff right though, which is a lot more than most people grok.
It was great free publicity for Speakeasy.
Any company that doesn't want michael for a customer is OK with me.
When DSL comes to my area, I'm DEFINITELY going with Speakeasy.
I still have (somewhere in my parent's basement) an old DECWriter teletype, with a switchable 75 baud modem. I think you can switch it to either 115 or 150, but I can't recall which one. And the worst part: It's still in working condition. I'm holding on to it, it might be worth something someday.
But as far as modem goes, I held on to all my modems, from my Atari 130XT 300bps modem, all the way up to my first 9600baud telebit.
Sometime, it's just not worth it to scrap those.
Marriage is considered capital punishment for the theft of a goat in some third world countries...
my arcnet wooped y0 ethernet mama's arse.
Comment removed based on user account deletion
baudio in Spanish
And by letting him live, he could have drastically increased the possibility of McVeigh killing an imprisoned pedophile priest.
F******CK!!!!!! Have you never seen a TV cable???? Those connectors are JUST LIKE BNC, unless you look too close:-)
Ha! I had to wakeup at 2:00am every morning, make our own cable from a pile of rusty nails with our BARE HANDS. We didn't have PHONES so we had to SCREAM the audio training signal at the line and HOPE that the lucky bastard on the other end of the line heard it and understood it. If I was lucky, I could kill a rat in the street in front of our house and eat it before my father beat us till we went to sleep.
My money is on Theo, Daniel, and Henning. Any takers?
Well, I was being somewhat tongue-in-cheek.
Still, I'm never one to embarrass myself without an encore. So to dig myself in deeper, I'd have to argue that linguistic grammar rules are *all* essentially absurd, particularly when looked at individually. The splitting of infinitives is, or has been, frowned upon because of the structure of Latin. The reference you provide gives a similar reason for the tradition of avoiding prepositions at the end of a clause. There are many other examples of grammatical rules that are based upon other languages.
But fundamentally, language is a set of conventions. This set changes over time. Some are part of the language because they clarify the meaning -- dangling participles lead to ambiguity, for example. Others are just arbitrary rules, based upon convention, history, or accident. Look at English spelling and pronunciation, for example.
I suppose I should get to some point around now, but I think I'll just quit here.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Lindows was sued before they even released their product.
If you use Linux, please help development of Autopac
Have you never seen a TV cable????
:D
Unless you mean the cable that my internet comes on, I don't think I know what you're talking about
I am disrespectful to dirt! Can you see that I am serious?!
You make it sound like BNC connector are outdated tech. They are still used in televison (professional equip), osciliscopes and other test&measrment devices, and some RF equipment; to name a few uses...
Too bad this is a *completely different attack*! Jeez, read the friggin' paper, people. The paper you reference talks about a DoS which exploits data structures commonly used in TCP stacks. The DoS in the paper referenced for this article exploits TCP congestion control algorithms to "fool" the TCP stack into thinking the pipe is full when it really isn't by sending carefully timed packet bursts.
The paper that describes the attack in question is "Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants)". You're reading the paper BELOW that one: "Robustness to Inflated Subscription in Multicast Congestion Control"
Like they said, its a real sloooooooooooooooow attack.
The / in
OpenBSD at a guess.
Especially since most OSes tend to use a BSD TCP stack
I doubt if this kind of an attack would affect an OpenBSD system. not being a total networking nerd, I can't tell for sure, but if timing is involved, I doubt if they would be able to time it that way to get it to choke...
There would be a lot of heated discussion in the OpsnBSD mailing lists of this were so.
All coaxial connectors are very similar. I remember trying to hook up thinnet network cards with a TV cable at one point, and almost succeeding (I had terminators, but no cable:-0 It only worked as long as I held the connector in place by hand, and with high error rate at that).
Just set the evil bit, and all is well.
Slashdot.. Land of nerds, trolls, and FlameBait..
I also seem to recall that the phone system generally drops any signals higher than 4khz. So it's not just the quality of the phone line that is the issue.
WARNING -- Data from the early 1990's -- WARNING
Comment removed based on user account deletion
I thought BNC were positive keying coax cables, not "F-Type Coaxial Connector"
IIRC Cable TV cables are threaded; BNC are keyed...
I am disrespectful to dirt! Can you see that I am serious?!
They might be a lot of things but I just don't remember MS being particularly litigious.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I already discovered this about 1.5 years ago while working on a networkmonitoring application. I was keeping it quiet because of the low cost way of causing a lot of trouble with this would be to much for script kiddies to ignore.
In a test run from the local LAN to the WAN, my colleages where complaining terribly about slow connections, but when I looked I was only using about 5% of the bandwidth, so why would I be the problem.
The thing I discovered that I was sending out small packets (64 byte) at the frequency of the latency, thus causing packet fragmentation (no 1500 byte packet fitted in between my well timed transmissions). The result was packet fragmentation on the local network, and retransmits of smaller packets needed over the internet. They caused more trouble on the line, further degrading the performance. My test however didn't seem to suffer. The test data was perfect (-:
This was a 2mbit line connected to my local 100mbit line. What I am wondering is how you can get this way of attach going if you don't have enough control over the timing. If you put packets on the line on your own line (DSL, typical latency 16 to 17ms), and attack a 6ms line, your packets will arrive with way to big gap in between to do any harm (except suck up a part of the bandwidth and in that way becoming a standard DOS attack. So the only way to do this is if your line has a equal or lower latency, or use perfect timing millisecond timing over several slower lines.
The internet itself is causing some trouble too: Every hop in between means bigger bandwidth and lower latencies. A chance for the router to insert good working packets in between the packets of the attack.
Well...
Actually, linuistic grammar rules are not absurd, they compose the real rules of the system -- things like the subject agreeing with the verb, or rules that govern the relationship between words in a sentence ("The dog bites the man" has a different meaning than "The man bites the dog").
What you're talking about are best described as social grammar rules, or maybe "school grammar" is a better term.
If I remember correctly, the origin for these fake rules came from a fad around grammar books at the end of the 19th or 18th century (can't remember which). As a model, they used the latin grammar books to formulate the rules.
Now, in latin, it is impossible to split an infinitive, because it is one word. Furthermore, prepositions in latin are generally combined with definite articles and must be placed before the object of the preposition. That's not school grammar, that's just part of the linguistic grammar rules of latin. This is true of any latinate language, by the way.
If you try to ask in Italian:
Che e' questo fatto di?
You'll get a confused, blank stare.
But if you ask, in English, the same question word for word:
What is this made of?
They'll understand you perfectly, because it follows the linguistic grammar rules of English, even if breaks "school grammar" rules.
Karma: Chevy Kavalierma.
finally us underclockers will finally get some respect.
It isn't outdated, but it is old.
My wife's monitor (older 21") has both BNC ports and a VGA port on the back.
For networking, though, it is outdated.
My beliefs do not require that you agree with them.
Someone better tell the SoBig virus author to cancel his work on version G, as a large number of zombie hosts are not needed....
we have covered this in the past. it's not bayonet whatever whatever and it's not bolt nut connector, etc.
it's actually Bayonet Neill Concelman. check out http://www.marvac.com/funpages/rf_information.htm
I still have my Hayes 2400 baud external modem. How old am I? Finally a use for my Apple IIc!!!
---
Lousy rotten karmic retribution.
exactly.. I CALL FAKER, TOO!
no one with a 600,000+ uid is ALLOWED to say thicknet here!!
now beat it, kid, before **I** hit you over the head with my PK-88!
Intelligent Life on Earth
The phone system has an 8 KHz bandwidth... I think it's something like ~150 Hz - ~8000 Hz. At least that's the spec. Some very old lines aren't that good, some newer lines are far better.
:)
:) (although that's not true world wide...). Interesting stuff.
And there's a boatload of various technologies (loading coils for example) that are designed around maintaining those frequencies at the cost of all others, which causes problems with high speed modems and utterly breaks DSL.
It's ok that your data is from the 1990s... the phone system was designed in the 1930s and hasn't changed dramatically since
I had the pleasure of seeing the inside of a CO in downtown Atlanta in the early 90s. From the battery room with 45 gallon drums of baking soda in case of an acid spill, to the entryway with cables varying from the thickness of your arm (old, old, old copper) to less than a pencil (fiber), to 40 foot by 3 foot by 6 foot long switches that were being replaced by a pair of boxes the size of Coke machines. All an interesting mish mash of old and new technologies and all working together. At least they'd gotten rid of the mechanical switches
I would think that IPSEC and AH would solve this problem, among many others.
Mea navis aericumbens anguillis abundat
Phhht.. I have an even better method of DOS, without reading the article: 1. Post site link on slashdot. 2. Watch site go down. 3. Wipe hands on pants, repeat as needed.
...and GPS antennas.
Especially Garmin, which makes some nice GPS systems, but will rob you blind on accessories if you're not wise enough to spot a BNC cable or notice that the built-in antenna is detachable.
Garmin sells a remote antenna kit for $99 which is basically an 8' BNC cable and an antenna not much different than the one that comes with the GPS units (which you can buy without the BNC cable for $60.) Just an 8' cable with no antenna is $38!
These cables are trivial to find for under $5 elsewhere. Or for free if you have old network crap lying around as I do.
BNC is dead! Long live BNC!
everything in moderation
Any technology not indistinguishable from magic is insufficiently advanced. -Pratchett
While Pratchett has a sizable amount of great quotes this one isn't his. It's one of Clarkes Laws
Does this mean we have to start calling it "freedom bits per second" now?
Why are you pointing out that he's French?
Read the parent posting.
Illogically, it is actually easier to establish and maintain a 56k connection than it is a 33.6K connection, when the local phone line is the only thing in question. (with 56k, you also have to have no more than one analog->digital conversion in between you and the phone company).
A 33.6K connection requires a symbol rate of 3200, which is greater than the 2800 that the 56K uses; hence, when customers would ask "Whats the chances I can get 56k out of my line" and the tech would answer "Can you connect at the maximum 33.6K right now? If not, it wont work", they were flat out wrong.
LRC, the best-read libertarian site on the web
I've ripped many a tab off the standard connector while pulling it through patch panel cable spaghetti. In patch panels snagless connectors are practically a requirement. However, they are not the nicest things to plug into a NIC and then attempt to unplug down behind a desk. Of course, buying both types simply implies the one used will be the incorrect one for the application. You'll still curse the snagless connector under the desk while cursing the tabless connector that fell out of the patch panel.
How dare you!?!? Do you realize this is slashdot? Don't let us catch you reading the fscking article again before posting.
Interesting paper indeed.
No, the phone system runs at 8 kSamples/second, which means you have a maximum theoretical Nyquist bandwidth of 4 kHz. The actual bandwidth of the phone system is less than 3 kHz - it runs from about 300 Hz to 3 kHz.
www.eFax.com are spammers
Multicast considerations aside, this particular attack presents little threat. A key aspect is that it can only be performed per *flow*, where a TCP flow is an established connection between two TCP implementations. As such, in order to exploit the weakness, an attacker would either be facing the same difficulty as creating an insertion attack (i.e., guessing the correct sequence numbers) or would be forced to hack into a machine intermediate to the flow and corrupt its IP stack---but if you can break into an intermediate, you can break the flow completely, anyway. So although the specifics of the weakness are interesting reading, they're not exactly frightening.
BTW, the authors wrote, in a footnote, that the shrew "kills much larger animals with a venomous bite." The last time I checked, the male platypus was the only venomous mammal...
I'm not talking about the fact that cable modems have low upstream caps, I'm talking about what happens when you hit those caps.
Due to the extremely long packet queues of a cable modem, when the upstream connection saturates and the queue starts filling up, latency goes to hell. No matter what the cap is, if you saturate a cable modem's upstream connection, everything falls apart because of the fact that the latency on all packets (including ACK packets) skyrockets.
If the cable modem didn't have such a long packet queue this wouldn't happen when the connection saturated, or at least it wouldn't be so severe.
retrorocket.o not found, launch anyway?
Your wife's monitor has BNC ports? What's its IP address, I'll try to ping it.
Hmm, I'll read it next time :)
What is this with the Rice University doing so much research into low bandwidth DoS attacks?
Wrong. That's Pratchett's Corollary to Clarke's First Law. Check the word order.
"well, i've got a good excuse. my native language is not english :p "
Too bad nobody ever considers this possibility when somebody makes a grammatical error.
Off-topic, I know. Just bothers me that others who have taken the time to learn English can get shit on by people who are overly obsessed with speaking it the way some old book defines.
"Derp de derp."
"No. Modems stopped increasing in baud at 2400, and then used various encoding methods (trellis, QAM, etc.) to squeeze more than 1 bit/baud."
A few weeks ago, a coworker of mine living on the opposite side of the country had a problem with his dialup ISP. I dialed his number (on the East Coast) from here on the West Coast. To my surprise, that was THE fastest dialup connection I had ever made. Sorry, the numbers have faded from memory, but it was very quick and responsive, much more so than the 56k modem I had merely 2 years ago.
Frankly, I was stunned. I expected that considering how far the signal had to go and how many hops it had to make that it'd be degraded. Wasn't like that at all.
I must ask, why? Why was I getting such a good signal this far away?
"Derp de derp."
http://www.wolfger.com/poet.html
HAHAHAHAHA!!!!!!!!!!
You're just posting this to spam, you fucking lowlife?!?
Your karma and that site is going to burn.
I observed this problem 10 years ago from Soviet Union and can confirm it - traffic jitter on Europe-US link from European hosts produced a dramatic decrease in TCP performance on Sun Solaris (or just timeout it with enough bandwidth !) and I researched this problem that time.
However, article does not take into account the typical server behaviour - server has _essentially_ more output then input and typical bottleneck is in _output_ direction. It is more difficult to dramaticly increase RTT by overloading low-loaded input channel via bottleneck or attacker should find some equally-side loaded bottleneck like LAN-to-LAN with servers on both sides. It could be a problem for big Universities but rarely for comercial companies like Yahoo or Ebay.
O, you can overload an output channel too but you have to have an open TCP link to server inside and show your real IP address and use high-volume output requests to server!
Finally, attack is simple as long as victim's router has a LIMITED inbound traffic queue size. Unfortunately it is very offten today - it is a simplest way to increase an interactive response time. Victim should use protocol-selective bottleneck router queue to improve his response time instead of short-sized buffers in inbound routers: it can eliminate a packet loss and smooth a problem.
- Leonid Yegoshin.
mod parent up
This sounds quite a bit like the "Capture Effect" experienced by early Ethernet designers (circa 1994) and described in a number of papers. (e.g. http://citeseer.nj.nec.com/molle94new.html). Ethernet fixed it by adding a pseudo-random backoff delay for retransmissions. In fact, I'm suprised the authors didn't cite at least the Molle paper given that they suggest a randomized RTO as one of the possible solutions.
Saving random seed...
At least they'd gotten rid of the mechanical switches :)
Are you saying the switchboard ladies are gone too? =)
Please don't spread bad facts. The bandwidth of a traditional voice telephone line was (in the old analog days) 4 Khz. Then some of the bandwidth was needed to create guard bands between channels when Frequency Division Multiplexing came along, so we went down another few hundred Hertz. Today the bandwidth of a voice telephone call is 3.2 Khz, the range is 300 Hz to 3,400 Hz. Now, those "limits" are kinda soft, it's where you will get a flat (within 1 or 2 dB) frequency responce. those "56K" modems push outside those limits, feeling as they go, to make use of whatever frequency rage is available.
OK, now I feel old. I'm gonna take a nap.
There is no need for a new low bandwith DDOS when all you need to do is post a link on /. to take anything down.
a southpark rip off joke calling a sco joke unfunny
;p
i wonder if that would happen in soviet russia
this guy didn't even read the title.
it's a LOW BANDWIDTH attack, it isn't filling the pipe. there are options for filtering this out, unlike a flood.
denial of service doesn't always mean it's a flood.
*fuzzy* Can you hear me now?
(Never understood why phones didn't use ANY kind of compression. Some kind! Any kind! Just to get a little more quality through the line. Is switching equipment at the other end THAT expensive to replace? Or are there interconnects that just ASSUME a low quality signal?)
Bill? A fattie? The only thing fat about Bill is his wallet.
If all you have is a hammer, everything looks like a nail.
Ma firs modem was three hunnerd baud but dat waz affa shit got ta da point so shine on wheezy. Ah cut ma teeth on a Univac 1219 while on statin fo unca sams canoo club, jus so ya nose and eye be 1337 like a muthafuck. No crt, jus a telatype n program wid a hex keypad n load ma bad ass programz offa paper tape. Yall be popsicle punk snot nozed buffa overflos runnin down yo momas crak. Now mov yo ass caus I got No Tolerance!
...but not youth, skill & treachery...
It was called microsoft internet protocol or something like that. The standards boards rejected it.
> now beat it, kid, before **I** hit you over the head with my PK-88!
Hush, or I'll hunt you down like a wumpus and make you program
a Quake workalike in CoBOL.
Cut that out, or I will ship you to Norilsk in a box.
> any sentence challenging English usage or pronunciation that ends
> in a preposition needs revisiting
"at" in that sentence is not functioning as a preposition; it is
functioning as the complementary part of the verb. Besides, the
rule "never end a sentence with a preposition" is significantly
oversimplistic; the correct rule is that the words in a prepositional
phrase must be kept together, in this order: the preposition first,
followed by any standard attributive adjectives modifying the object,
followed by the object itself, followed by any additional modifiers
(such as modifying phrases or clauses). The occurrance of other
words, not part of any prepositional phrase, that in other
circumstances might be used as prepositions, is irrelevant.
Cut that out, or I will ship you to Norilsk in a box.
British Naval Connector
Not only did we invent the world wide web, we invented that too, and your Al Gore *still* claims to have invented the Internet!
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
I thought the same thing - 20 years ago, when I did all my Telecommunications theory and practical training...
;-)
.mp3 encoded @ 56k ;-)
.mp3 compression to those 1950's engineers, then come back and face a life of 4800bps dialup?
1) Psychological : Firstly, there's a law of diminishing returns - there's not much point (with voice) in going beyond 300Hz -> 3.4kHz (as I learnt it; I understand the US rolls off at more like 3.0 or 3.2kHz...). 90% of the intelligence in speech is contained in that band, 90% of the stuff outside is just rumble and sillibants.
Secondly, there's the learned psychology - you've become mentally adapted to the restricted bandwidth of phone calls; you're unthinkingly aware that it's not a *real* conversation. I've seen videos of demonstrations of this where a normal voice-quality link was suddenly switched to a full 20kHz quality mono link. People automatically stop scratching themselves, sit up properly, adjust their clothes, and start looking around
2) When compression techniques became available (1950's), there was huge interest in this. As well as the psychological effects, there was also the knowledge that you're really only trading one sort of distortion for another, so why bother - just stick with the distortion that's easiest to implement, is well understood, and well accepted. If you think we've come too much farther with compression techniques, I challenge you to listen to a spoken-word
And be thankful they didn't - any sort of compression adapted for voice fscks up the modulation schemes used for VF modems. Knowing this, would you go back and introduce
What part of "a well regulated militia" do you not understand?
If a link is posted on ./ and no one reads it - does it trigger a /. effect?
while (!asleep()) sheep++
I must ask, why? Why was I getting such a good signal this far away?
Because distance doesn't matter much. All that really matters is the state of the copper between your house and the CO and the copper between the remote CO and endpoint. The stuff inbetween is almost assured to be fiber nowadays, unless it's a really small CO servicing a rural community or something.
In fact, by going cross-continent you pretty well assured a fiber connection.
As far as why it was more responsive though, dunno. Most likely there have been infrastructure upgrades in your area that cleaned up the lines. That's all I can think of.
Nah, hit him with the CAT-5 o' nine tails.
This attack is not a "low bandwidth" attack as such. Yes, the bandwidth consumption *on average* is low, but this is because it comprises of intermittent high-stream data flows.
This type of attack wouldnt be suitable for anyone with a low-speed connection for people who are having ideas.
I would prefer to think of it as an optimised version of a standard DoS attack. Optimised by average bandwidth consumption, and to minimise attacker detection.
That would be the Jason Voorhees Law of Inverse Travel.
The faster you run away from the slow moving attacker the easyer it is for them to catch up with you.
I speculate that by running directly at Jason he will get exponentialy father away, but have been unable to test this in real world conditions.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.
1. Many routers have queues big enough to absorb short bursts like that; so, there won't be packet loss.
2. Routers could be taught to put acks at the front of the queue (if they don't already).
3. Routers could keep track of the max number of messages in a queue from any given IP. This would identify this DOS attack as well as any other bursty traffic.
An engineer who ran for Congress. http://herbrobinson.us