Slashdot Mirror
An Anti-DoS Tool That Returns Fire
An anonymous reader submits "Security company Symbiot is about to launch a product that can help companies fight back during a DDoS or hacker attack by launching their own counter offensive. A ZDNet UK story quotes security "experts" questioning the legality of such a product and asking how it will will avoid being fooled by hijacked PCs and spoofed IP addresses..."
Can you see the tech guy trying to explain that their company was knocked off, not by the attack, but by the counter attack?
"It's okay, sir. It was friendly fire.
===== Murphy's Law is recursive. =====
This has already been discussed on the NANOG mailing list, the general consensus is that _this_ will be the next
source of attacks against systems as people spoof attacks at it. (Much like smurf attacks)
Some day people will realize the answer is to remove the vulnerable hosts that are being used as attack sources.
Just because you disagree doesn't make it offtopic or flamebait.
"In advance of the product launch, Symbiot's president, Mike Erwin, and its chief scientist, Paco Nathan, have outlined a set of "rules of engagement for information warfare", which they say should be part of corporate security policy to help companies determine their exact response to an incoming attack."
::shudder::
Can you imagine large corporations full of MCSEs engaging in "information warfware"?
libertarianswag.com
Where is the tactical nuke for spam? I want a tool that goes on the offensive against spammers.
One has to wonder if these people are AOL users. (although in fairness, Symbiot and Idiot are similarly spelled, it's not like they don't warn you up front.)
Who does SCO attack first? :)
heh, don't link to the company's website, slashdot editors - the /. horde will make with the clicking and they might return fire to your readers. ;)
(oblig. - "Of course, that would require them to be reading the articles")
Symbiot, a Texas-based security firm
Ok, it makes sense now.
entering the word EXIT (followed by pressing the Enter key) is a surefire way to kill those ding-dang DOS session windows.
Always with the Microsoft jabs. Sigh.
Another dot-com hoping to sink their feet? Oh yeah, what's this API business? There's dozens of pages of googlecached stuff relevant to it.
Use Minidisc? Join the Minidisc.org forums.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I think the government will back me up.
What happens when someone gets smart and creates one that looks for other Symbiot boxes and basicly has them fighting each other?
Slashdot has been knocked off the web for good, seemingly due to the fact that several of the daily stories it linked too were running the new "counter-attack" DoS protection.
Yes, let's fire back at the machines attacking and DOUBLE the number of packets on the network while breaking the law! That'll solve it! As if the bandwidth from DoSnets and spam wasn't choking the internet down enough already...
How in the hell do ideas like this make it long enough to be publicly announced? It makes me sad that morons have tech jobs making crap and I couldn't even get hired changing toner if I wanted too...
CAn'T CompreHend SARcaSm?
Great. So DDoS victims, in addition to having all of their incoming bandwidth wasted, can now spend all their outgoing bandwidth to strike back at their cunning, ruthless assailants -- you know, like all those clever "Dear friends" who "use this Internet Explorer patch now!".
"More than 500.000 already infected!"
-fren
"Where are we going, and why am I in this handbasket?"
I can see someone using this system to direct an attack on someone's network. For instance. Cracker Hijacks network A to Attack B B attacks A. Then B Attacks A. Both networks go down in flames. Have we not learned anything from War Games.
Get Movie Posters
Technically its useless but Im sure plenty of ignorant CEO's and CTO's will sign up for it right away.
Yes, let's protect ourselves from attacks by attacking the offenders and wreaking even more havoc. That'll go over well. I don't even want to go into how stupid a proposal this is. Let's start with the first detail: it's probably illegal.
I imagine it'll have some sort of military function, though.
At a time of high network usage due to DDOS, what's important is that we guarantee to double (at least) the amount of "information" being transferred!
Good one, Sherlock!
Graham Titterington, principal analyst at Ovum, said "... Attacks are often launched from a site that has been hijacked, making it an unwitting and innocent -- although possibly slightly negligent -- party."
Slightly?
If you're a zombie and you know it, bite your friend!
What if the hacker spoofed some grandma's IP and used that to attack me? Then I automatically go on offense against grandma's PC.
The possibilities are endless.
Proposed idea:
1) Subject receives DOS attack from Zombie machine
2) Subject returns fire to zombie machine, perhaps with some sort of encoded you're attacking me so I'm attacking you script.
3) From here the following happens, either somebody notices the machine is being attacked, investigates and reacts, leading the original victim to shut off it's counter-attack. Or an automated script in the Zombie machine packet sniffs the retaliatory attack and shuts itself down and/or notifies admin for further action.
This seems like a good idea, while the ethics of a counter-DoS attack are not sound, this could be a way to limit attacks. However Zombie's spoofing other addresses could lead to issues as well...again tho it's well known that DoS's are a pain in the butt to stop so what could work? Dunno...
...in bed
As a result of their new active retaliation products for DDoS attacks, Symbiot Security apparently accidentally initiated a frontal assult on the popular slashdot.org website as a result of the so-called "slashdot effect" that resulted in a sudden onslaught of traffic. Interpreting this as an intended DDoS attack, Symbiot's software retaliated against Slashdot, thus proving that retaliation tactics need to be rethought.
the last paragraph of the article is interesting in which they say the government is going to start using hacker tools also _ don"t they already?
Stay tuned for new sig...
Hrmmm, they go live on March 31 and this sounds too silly to be serious. I vote April Fools Joke.
Get a life, not a lifestyle. - Hikem Bey
You may be taking out grandma's computer in Birmingham that has got a 100-year-old cookie recipe that has not been backed up.
Okay, now they're crossing the line. You mess with Granny's Lucious Cookies, and you're in for it. This means war!
Show me on the doll where his noodly appendage touched you.
Jeez, I know we are pretty prolinux, but do we have to be Anti-DOS jsut because it's a miscrosoft product? ;)
-------
Support Indy Music. Buy
They are planning to use Slashdot. The ultimate DDOS generation service.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
...when stupid people get venture captial money.
It preemptively surrenders even before it's attacked.
An attack on company A, spoofed as comming from company B who are all using this would be catastrophic! They'd just bounce attacks back and forth until it escalates enough to take everyone out.
It's like starting off with a handgun, and continually escalating up until you nuke each other.
innocent, possibly and slightly are not 3 words I use to describe people who allow their computeres to become zombies for DDoS attacks. It's in appropriate to say the 3 words I would use in public.
I do security
So then you forged a message so that it looked like it came from a second victim - and when their mailbox filled up it would bounce them back to the first victim
A fun way to take down T-1 lines back in the day when that was considered more bandwidth than any large university could ever use... Not that I have ever done anything like this
I have mod points and I am not afraid to use them
reminds me of the time when someone at a company i worked for accedently set an email to everyone in the company. a small percentage(100 or so) hit reply all and asked not to be sent this email. which created more email. once again a small percentage hit reply all,,,,,. by noon all email and network activity was gound to a halt.
they will shut down the DDOS and the rest of the internet as well.
The article linked within the original story is also on-topic for this discussion.
Governments could soon be using hacker tools for law enforcement and the pursuit of justice, according to an expert on IT and Internet law. Joel Reidenberg, professor of law at New York-based Fordham University, believes it likely that denial of service attacks (DoS) and packet-blocking technology will be employed by nation states to enforce their laws. This could even include attacks on companies based in other countries, he says.
How do ya like them apples?
If you're a zombie and you know it, bite your friend!
yes, it's an anti-DOS tool that returns fire, but how is this news?
sulli
RTFJ.
Sure, it makes a lot of sense, but who is going to explain that to thousands of Americans whose computers just stop working?
I'm pretty sure a good 90% of them do not know the attack is coming from their computer...
"Instant gratification takes too long." - Carrie Fisher
It's called 'Fists and Elbows (TM)'. You see, it behaves like a furious retard when provoked. It lashes out at whatever it can find. My software does the same thing, only over the network. The moment it detects even the slightest irregularity in the network it launches every attack in the book against any computer it can connect to.
So now we can launch a DDoS attack on SCO using forged Microsoft IP addresses, then just sit back and laugh our asses off as the "retaliations" agains each other escalate? Great! This turns an annoyance into the internet equivalent of the Middle East conflict ("We will continue escalating the retaliation against Palestine until they stop retaliating against us!") ! I can't wait!
"Freedom means freedom for everybody" -- Dick Cheney
Bruce Schneier wrote about this way back in Dec2002 cryptogram.
Counterattack
This must be an idea whose time has come, because I'm seeing it talked about everywhere. The entertainment industry floated a bill that would give it the ability to break into other people's computers if they are suspected of copyright violation. Several articles have been written on the notion of automated law enforcement, where both governments and private companies use computers to automatically find and target suspected criminals. And finally, Tim Mullen and other security researchers start talking about "strike back," where the victim of a computer assault automatically attacks back at the perpetrator.
The common theme here is vigilantism: citizens and companies taking the law into their own hands and going after their assailants. Viscerally, it's an appealing idea. But it's a horrible one, and one that society after society has eschewed.
Our society does not give us the right of revenge, and wouldn't work very well if it did. Our laws give us the right to justice, in either the criminal or civil context. Justice is all we can expect if we want to enjoy our constitutional freedoms, personal safety, and an orderly society.
Anyone accused of a crime deserves a fair trial. He deserves the right to defend himself, the right to face his accused, the right to an attorney, and the right to be held innocent until proven guilty.
Vigilantism flies in the face of these rights. It punishes people before they have been found guilty. Angry mobs lynching someone suspected of murder is wrong, even if that person is actually guilty. The MPAA disabling someone's computer because he's suspected of copying a movie is wrong, even if the movie was copied. Revenge is a basic human emotion, but revenge only becomes justice if carried out by the State.
And the State has more motivation to be fair. The RIAA sent a cease-and-desist letter to an ISP asking them to remove certain files that were the copyrighted works of George Harrison. One of the files: "Portrait of mrs. harrison Williams 1943.jpg." The RIAA simply Googled for the string "harrison" and went after everyone who turned up. Vigilantism is wrong because the vigilante could be wrong. The goal of a State legal system is justice; the goal of the RIAA was expediency.
Systems of strike back are much the same. The idea is that if a computer is attacking you -- sending you viruses, acting as a DDoS zombie, etc. -- you might be able to forcibly shut that computer down or remotely install a patch. Again, a nice idea in theory but one that's legally and morally wrong.
Imagine you're a homeowner, and your neighbor has some kind of device on the outside of his house that makes noise. A lot of noise. All day and all night. Enough noise that any reasonable person would claim it to be a public nuisance. Even so, it is not legal for you to take matters into your own hand and stop the noise.
Destroying property is not a recognized remedy for stopping a nuisance, even if it is causing you real harm. Your remedies are to: 1) call the police and ask them to turn it off, break it, or insist that the neighbor turn it off; or 2) sue the neighbor and ask the court to enjoin him from using that device unless it is repaired properly, and to award you damages for your aggravation. Vigilante justice is simply not an option, no matter how right you believe your cause to be.
This is law, not technology, so there are all sorts of shades of gray to this issue. The interests at stake in the original attack, the nature of the property, liberty or personal safety taken away by the counterattack, the risk of being wrong, and the availability and effectiveness of other measures are all factors that go into the assessment of whether something is morally or legally right. The RIAA bill is at one extreme because copyright is a limited property interest, and there is a great risk of wrongful deprivation of u
Free XBox, PS2
The next step will be to make preemptive strikes by knocking down any machine that we suspect of being operated by an inexperienced user who could possibly not update/protect is computer into turning in a "zombi DOS machine".
All options could be considered including nuclear strikes against AOL head quarters...
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
As a professional systems administrator I would refuse to make use of this product and I would NEVER recommend it to anybody. Not only could using it violate various computer laws in the US and elsewhere but it could actually provoke attacks by hackers if they knew you were using it. I can envision hackers with a grudge against a particular ISP (cable provider, DSL provider, whatever) creating a host of zombie servers on that ISP that suddenly start attacking a number of sites making use of Symbiots tools. The result would be DDoS attacks not only against those Symbiot users but in response there would be DDoS attacks launched BY the Symbiot users against the ISP. Next thing you know the ISP simply blocks all the Symbiot users at the router level in response to the attack by the Symbiot boxes. After that happens what recourse is left?
This has no way of working, it can only make a DDoS worse.
A basic denial of service attack is simply nothing more than somebody using all of their available bandwidth to send meaningless information to the victim host. If such an attack is greater than the available incoming bandwidth the victim has, then their legitimate incoming traffic gets delayed or dropped after being timed out.
However, even if the IP addresses are being spoofed, it's pretty easy to trace back through the routers where these packets are coming from, and that'll lead you to the point where the attack is coming from. That doesn't tell you who the hacker was per se, but it at least ends the attack.
A DDoS is nothing more than the result of hundreds or thousands of machines all directing a DoS at the same place. Now it's not so easy to trace back... effectively, they're coming from everywhere! The DDoS victim has nothing they can do for themselves other than order enough bandwidth to have more incoming bandwidth than the attackers have to throw at them, and that's not a cheap or fast solution. They're more or less waiting for whatever virus or worm touched off the storm to be cleaned up by the antivirus vendors.
Hacking back your attackers is only going to cause other people to start wondering why you're scanning and hacking them... isn't not going to do much towards stopping the useless data that's streaming at you. The worst case situation is where two of these hacking systems meet it each other... and therefore an automated hacking war between identical systems go on forever while never disabling a real hacker.
Seems like all this product does is appeal to over-agressive personalites who are in IT positions and hate the concept of there being an attack that there's a possible attack that there's no possible way to defend against. It doesn't have to work, it just has to seperate dumb people from their money.
How long before the script-kiddies figure out how to fool servers equipped with this into misdirecting their attacks at the target of their choice? IP spoof a few pings and let Corporate America DDoS itself?
Got mead?
One interesting thing that didn't really get picked up on was the idea of monitoring and blacklisting networks hosting a lot of zombied machines. This could be the incentive that ISPs will finally need to start adding egress filtering to their routing devices, which at the very least, will allow victims of DDoS an easier time of maintaining their defensive measures.
Firewall experts (e.g. David Bonn) discussed this idea years ago, and discarded it as being unworkable. Make just one mistake, and you're as guilty as the people attempting to DoS you... which means you are now a terrorist under the Patriot Act!
"Freedom means freedom for everybody" -- Dick Cheney
Don't forget that there are plenty of ISPs at fault too. They neglect to implement egress and ingress filtering to sanitize the traffic that flows through their network. Easy example: CPE routers should not allow traffic inbound (outbound from customer) that does not belong to the customer's range of IPs.
As a preemptive strike, they should attempt to identify and disable all Windows hosts on the internet, as obviously these are all susceptible to being hijacked and used in a DDoS attack.
"Freedom means freedom for everybody" -- Dick Cheney
This is a ridiculous idea..
They really need to think things through and come up with a smart idea.
Instead of something which fights back, why not just block any IP which hits the website say over 60 times a minute? Even if its for a small period of time. This isn't a great method of protection, but i'm sure it will be a lot healthier for the server.
We all know that certain viruses (MyDoom being the one that springs to mind) that launch DDoS attacks on websites, so not only does the website suffer, but so too does the person infected with the virus.
Then there's the fact that people use proxy servers.. These proxy servers are going to be hammered, and the DDoS attacker will get away scott free...
Buy Steampunk Clothing Online!
When we get a DDoS attack. NSA steps in and does whats called a strikeback. Infact they killed an ISP a few years ago causein a few million in lost service and broken equipment. hahah Dont mess with a .mil address
if someone shoots at you on a street, its called self defense if you shoot back. sure you'll still have to talk to the police, but if you really are defending yourself without going overboard (like shooting someone who has a butter knife), I dont see how the arguments are any different
To me, what's really scary about this isn't that the idea is counterproductive, bone-headed, and probably illegal. It's that any company would propose something like this... which leads me to think that this is the type of story that is promoted just to get a rise out of people and we've taken the bait.
The company is obviously trying to jump on the media-whore bandwagon by proposing such an idea, but look who they are and where they're from. Texans' historical idea of security hasn't been impressive.
Shame on ZDNet for creating this troll in the first place. Shame on Slashdot for referencing this troll. Shame on us for being so outraged by it and taking the bait.
We know this idea will never fly. But now we've given this loser company 15 minutes of fame. This story belongs on a Darwin Business Awards list or Fark.com, not here.
"The only winning move is not to play." -Joshua
Can you imagine if someone from one company employing this launches a DoS against another company employing it?
I've got more mod points and GMail invi
While attacking random homeusers computers from the DDOS attacks usually originate doesnt make sense, what they should do is build a proactive system that instead of alerting the the admins takes some preliminary steps itself.Examples would be shutting down some ports, ignoring packets from external sources, allowing only local data transfer etc.
This would avoid a total crash of the server(even though it would be unavailable to the external world) and in the meantime more manual measures can be taken to tighten the perimeter around the target system.
I fail to understand whom will the system attack because the underlying feature of a DDOS attack is distributed networking.It might even prove to be worse for the system where whatever bandwidth it has left it will waste on throwing packets to random places which might be mere decoys by the DDOS attacker.
Lord of the Binges.
Ghandi said:
an eye for an eye makes the whole world blind
Scr1ptK1di3X says:
0n3 DDoS 4 4n0th3r DDoS 0wnz 4ll th3 h0l3 int4rw3b!!!1
What a great idea.
- sm
I think that SCO should put George W. Bush in charge of operations. He could then put forth the following plan:
Any computer is a potential Linux user, and must be stopped due to the threat they pose. We will therefore DoS-attack each and every computer found on the Internet, eliminating the evil that lies in Linux.
Mix in some stuttering and fumbled phoenetics and you're all set.
Talk about fighting fire with fire.
No I haven't "Lost my tongue".
Now i can finally have my personal pre-emptive ddos defence.
-Watchful Babbler
While just DOSing the poor guy back is just silly I could see some usefull applications mostly with worms. Your site gets hit with tcp based worm lets call its wormE now wormE is a known worm and your running a nice honeypot type setup possibly in side the firewall or proxy. Since we know how wormE propigates you could go and fix the problem with wormE using the same hole. I'm not talking about intentialy doing damage but rather killing the worm process possibly poping up a message box on console with patch instructions and stopping the offending process.
Now since it's tcp and a 2 way connections we can be fairly confident that at the time of the connection reverse routing paths go to the attacker otherwise syn fin ack would have been problematic.
Things liek this have been discussed on NANOG etc before and a lot of people hate it obviously. I think if you could find exploits in the worms themselves and reply back with something to disable the worm inside the same request that would be acceptable as I should have the right to respond to any request from the internet with whatever I desire inside one session, though some would disagree.
No sir I dont like it.
Remember, follow the money.
Who cares who sent the email/ddos.
Who is benefiting? DDOS them!
Attack the advertisers.
Launching a counter-DOS attack is illegal in many juristictions, and is certainly unethical. Also, the owners of zombied machines aren't likely to notice that they are being counter-attacked; after all, they didn't notice that they were attacking someone. And someone being attacked by a large zombie-net is unlikely to have the resources to effectively shut down a significant part of that zombie-net unless he has his own zombie-net (also illegal).
The "automated shut-down script" idea would only require a couple packets sent to each attacker, rather than a flood, but it requires this software to be installed and running on all zombied hosts. Not bloody likely. Even if it was packaged in Windows TheNextVersion, you can bet the first thing the trojans would do would be to disable it. Also, it would be trivial to spoof valid "shut-down" messages, creating a whole new way to DOS people. With this, a single PC on dial-up could take down a whole network within minutes. You would be adding tools to the "1337 H4XX0R5"' toolkit, not taking them away.
I love when I go to a company's website and they have a big countdown script and some BS text about how they're going to totally change everything in the world forever and so on. Stuff like this always reminds me of an old boss I had an IT company (that, of course, no longer exists) who seemed to think every one of his ideas was going to totally change everything. He also kind of reminded me of the Boss from the Office, incidentally, except that he couldn't breakdance like this.
Basically, this sounds like a totally moronic idea. What better way to piss off script kiddies than to attempt to fight back through some product that will doubtless be outdated in a matter of weeks? How exactly do they expect this to deter any sort of a DOS attack, anyway? Why sould a script kiddie care if you start DOSsing a bunch of machines he just "pwmed" anyway?
-- atomly
It's obviuously a stupid idea. By definition, a DDoS is going to be launched from compromised machines...with a 99% probability the lowner of said machine has no idea what's going on.
But, most DDoS attacks do have easily verifiable signatures. (Ping floods, excessive SYNs from spoofed source addresses, among many others.)
Why not start helping ISP's to block this crap at the source? They are, essentially, what allowed these machines to be zombified in the first place. Aggregators and headends should already have the intelligence to block IP spoofs, which eliminates SYN floods. It shouldn't be too difficult to imagine blocking an excessive amount of outbound (inbound from the ISP's customer base) ICMP packets...say...10% or more packets are ICMP=no YUO. (arbitrary figure, it could be less, it could be more).
If nothing else, build some intelligence into backbone packet inspection (yes, I am aware of the vast amount of cycles this would take...but everything can be ported to ASICs at some point), such that vast amounts of packets, with duplicate signatures could be throttled back or dropped if a DDoS is detected.
In short, we know we can't educate the lusers, but if the ISP's distributed the cost of such an implementation among all users, I'd imagine most people wouldn't even notice the cost increase.
There's some other ideas floating around in my head, but they aren't fully formulated yet.
April fools!
Cheers!
Is there an echo in here? ...here? ...here? ...here? ...
Poorly configured router, evildoer spoofed his packets sender to 255.255.255.255, fire in the hole!
;-)
Hmm, Now i wonder why that sounds like a very bad idea
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Example RR not allowing their users to send packets with a return address that is not a RR IP for the area.
That won't stop DOS attacks from happening, but it will make it easier to track the zombies, and maybe even get the perp.
is:
/RELEASE
/RENEW
C:\> DEL *DUMB IDEAS*
C:\> IPCONFIG
C:\> IPCONFIG
C:\> EXIT
Mod +5 Drunk
Someone could actually spoof the ip on the packets to 127.0.0.1.
This would make things a lot easier...
This company's idea of having machines counter attacking other machines without knowledge of what the machine it's attacking is, strikes a startling resemblance of what lead to the creation of the No-thing Sophotec in John C. Wright's "Golden Age" book series...
Only Symbolic because this product will get pulled of networks as soon as it is put on.
i think better would be to preemptively strike machines on the internet that are zombies. There should be bots when scour the net and look for these machines and then direct and attack on them before some DDOSer has the ability to use it. Either that or attack the ISP of the machine. The intention would be to force ISPs to make sure that machines on their networks are not zombies (ie scan in your own network regularly). Additionally, it would force off the net machines/people who should reall not be there (unpathched win machines)
The war with islam is a war on the beast
The war on terror is a war for peace
I don't know how it is going to work... but think about a big network, "protected" by this product, "attacking" another network also "protected" by this product.
funny... sort of ping-pong...
"Insanity in individuals is something rare, but in groups, parties, nations, and epochs it is the rule." - Nietzsche
This is the most retarded idea I've ever heard of. Why would you want to generate even MORE traffic over your network by actually responding to a DDoS!? The goal of a DDoS attack is to GET your machines to respond to generate traffic!!! Simply RETARDED!
This is totally flawed... Most DOS attacks are DDOS - distributed. That is MANY users attacking one user. Now, each of these many is often using their entire bandwidth to attack the single user.
So to stop the DDOS attack, you need to take down every DOS user. And to do that you need to send enough data back to flood their bandwidth or kill their computer.
The problem is that it is hard for one user to DOS another user, but is doable. Having one user DOS many users is very hard. Doing this whilst under a DOS attack is almost impossible.
Sure, we all like revenge, and like to be doing something, but I can find better ways to fighting back than this. I like to win, and you cannot win like this
Darryl
And when you have no services to send back because you've been denied them by distributed computers?
*DrugCheese rants*
So if I have a gun and someone is shooting at me, I can't shoot back?
Yeah...legalities...fire away and aim straight! And may the bigger gun win =)
"Just Smile and Nod." --Huck
I think this is a great idea. TCP/IP is antiquated and overly susceptible to the activities of miscreants; besides, we need a new paradigm anyway...BUT nobody's gonna implement anything new as long as the current structure is still working, so....
... see you all again in a year or two....
Out with the old, in with the new! DDOS for everyone
Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb
Just as scary as the article about Symbiot.
But, funny and stuff.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
Which launch the "counter-attack" on random servers before it's even attacked, just in case.
What do you know about World Politic? Find out in this quiz
The NSA no longer does Strikebacks in fear of litigation. However if the source is foreign non friendly then they take some action. But it is a big deal. If one of use decides to press the button we automatically go to jail (no passing go/no $200). Inmates at FtLevenworth dont exactly fear a computer guy who pressed the Strikeback button.
Why in the fucking HELL is this redundant? Don't you mods pay attention? This was posted the SAME FUCKING EXACT MINUTE as the (4, Funny) post directly above it.
-The Mad Metamoderator
Interesting game.
The only winning move it not to play.
How about a nice game of chess?
The proper way to handle this is with a multi homed OpenBSD box running PF and ignore the attack entirely.
It's Christmas everyday with BitTorrent.
I've got a ZipSlack cd and a Knoppix cd which work great for wiping DOS off a hard-drive, and...oh.
You meant "DDoS." My bad.
THE GOOD HUMOR MAN CAN ONLY BE PUSHED SO FAR
Bart Simpson on chalkboard in episode 2F18
This is the sort of thing that gets brought up when there are too many metaphors floating around the place. TCP packets are not "fire". The packets that you send to your server are not "friendly fire". A DOS attack is not "enemy fire". The network is not a battleground. Hackers are not an enemy army. Your IT department is not filled with Jedi. The Board of Directors is not the Imperial Senate. Your boss is not Darth Sidious. And most importantly: sending packets to DOS someone who is trying to DOS you is not fucking "defending your territory". It's illegal, and the FBI won't care who started sending packets to whom first.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Launch spoofed DDoS claiming to be from the mark's DNS server/upstream router.
Bye-bye!
Counter-attack against a DDoS? What about those poor defenseless packets? Dying on the battlefield. Brother fighting brother. That's... TERRIBLE! While it's childish, it's still kind of funny that SCO is usually the target of a DoS every month...
Learn something new.
Or one of the following:
A) Perhaps english isn't my first language
B) Perhaps I was typing it rather fast, and did not bother to proof, seeing as this is slashdot, and not an important piece of work
C) Perhaps I simply don't care as the post was for amusement
D) Perhaps you are just an anal S.O.B, who needs to find something better to do with his or her life, such as pull your head out of your anus, and go on and do important things with your life.
A mob lynches a "witch" -- vigilantism.
A woman carries out a devastating martial arts move on someone about to rape her -- self defense.
Self defense is immediate, and it's aimed at stopping an attack in progress. Self defense doesn't excuse harming innocent third parties: if you use a hand grenade to stop a mugger, the law will rightly punish you.
There's plenty of room for argument about this, but remote patching of the machines that are DDoSing you might be self defense. Any counterattack that is based on military principles, like the product under discussion here, is vigilantism.
Notice that everything Schneier says is based on the assumption that regulated police and courts of law exist. Before those are set up on a lawless frontier, experience shows that citizens will set up a Committee of Vigilance.
I can see the name of the next worm already!
"It's a very tangled subsystem." --Windows kernel guru
It shuts down the instant you bring it online. To conserve energy.
They are in the MoPac office park in Austin, near my office. They've been around for a while, but haven't really done anything to make me remember more than their logo. But nope, not an April 1st joke. It's a real company with a really really stupid idea, that will probably make a lot of money. Just like Vignette, whose headquarters are in the next lot. :)
This is an interesting point. If spam is, at best, quasi-legal then would'nt
/google
hiring someone to spam on your behalf be conspiracy? Would'nt this be very easy
to pursue in jurisdictions where spam is already illegal?
Has anyone ever done a profile on the customers of spammers? Who are these people?
time to go
The creators of this idea should have read this opinion piece before proceeding with their DDos counterattack initiative.
The Big News Page
The company proposes an idea that's controversial enough to make the computer news pages. They drop the boneheaded idea, but now people recognise their name. No need for a superbowl ad.
It seems like there may be one legitimate use for something like this - inside the network, inside the firewall.
At our company, the most successful attack vector has been people who bring in infected laptops from home. At work we've got all sorts of protection- email scanners, antivirus, etc- but nothing keeps people from getting trojaned at home and bringing it in.
A version of this that was built to go after 192.168.1/24, or 10.10/16 might be just fine - track down an internal attacker and hose their machine. Of course, it seems like it's only execs getting infected these days...
What a strange bird is the pelican, his beak can hold more than his belly can.
This success, however, is not without the arousal of certain, er, "suspicions".
You could've hired me.
Starting March 31, major portions of the internet will slow to a crawl as Symbiot's customer installed DDOS zombie army takes out one innocent machine after another along with the zombies controlled by the "warring script kiddie gangs" we've been hearing so much about while the script kiddies spoof both random addresses, the addresses of their competitors zombies, and the addresses of a few notable corporate sites.
Shortly after this, congess will introduce legislation mandating backround checks and licenses for people who wish to write software in reaction to "the dangers of irresponsible software development" and "national security", but Symbiot will have nothing to fear from such legislation, as they will undoubtably be granted licenses for all of their employees.
This is yet another step toward making the internet (and the CS feild in general) totally suck.
Read, L
Why don't they just uninstall Dos?
Guess you'd better think twice before you burn Chrome, now. ;)
geek. lawyer.
If the Symbiot runs their software on their server, will they consider the sudden rush of visitors from /. a DDos and lauch a DDos against /. readers?
Ideally, inside your own network, you have enough insight and control to track down the source of the Bad Things(TM) and shut them down. Not to flame or anything, but if you or your IT team can't accomplish that, get a new IT Team.
Seriously, it's easy enough to back track the source of heavy data streams or malformed packets. Once you isolate the subnet, it's easy enough to track down a MAC address. As far as building a version to go after RFC 1918 addresses (Which you mentioned) that's pretty much irrelevant, since this type of thing would simply go after addresses (manually defined or automatically generated in response to the source IP of incoming attacks) of any kind...RFC1918 or not.
that DDOS attacks are asymmetric? [e.g. many to one] So what? Customers of this company will have hordes of zombie computers at their control?
I don't quite get it.
Though you can tell this is an american idea. the concept of collateral damage [e.g. people with the same ISP or host being tossed offline] isn't relatively important to them...
Why not make a tool that can find who started the DDOS and then accidentally send them to 20 years in a pound-me-in-the-ass prison? That would be worth money.
Tom
Someday, I'll have a real sig.
"In these cases, the operations center may call for a variety of efforts, including (1) escalated multilateral profiling and blacklisting of upstream providers; (2) distributed denial of service counterstrikes; (3) special operations experts applying invasive techniques; and (4) combined operations which apply financial derivatives, publicity disinformation, and other techniques of psychological operations."
Now how exactly this will help when you have a few hundred to a few thousand virused zombie machines running a DDoS against you and you have no clue who's behind it... is beyond me.
The World Wide Web is dying. Soon, we shall have only the Internet.
It just pretends it has the capability to counter-attack.
Ironically, the word ironically is often used incorrectly.
Heres my take on this, pulled from a recent post to NANOG:
Lovely. So not only do we now have to fend off attacks from script kiddies
and packet monkies, we now have to fend off attacks from idiot sysadmins who
set this tool up and allow it to go all out on supposed 'attacks' against
their systems.
I'll share my favorite goober with firewall story. When I was a
sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from
clueless users all the time. I could identify which tool they used just by
how the body of the message looked and how the 'attack' was described. Got
ones saying that my performance testing server (which sometimes did ping scans
across the dialups to see what the general response time was) was 'attacking'
the user's machine with a single ICMP echo. Or how our IRC server was trying
to attack the user on the ident port every time they tried to connect.
Of course, the best one was when a supposed 'security expert' called up and
complained how my two caching DNS servers for the T1 customers was attacking
his entire network on port 53 UDP. He had naturally filtered the 'attack'
because it was obvious that our Linux DNS servers were infected with one of
the latest Windows viruses going around, and suddenly noone on his network
could browse the web anymore.
So, let me ask the question, do we really want people like that having a tool
which autoresponds to attacks with attacks? At least when he filtered out our
DNS traffic, it only affected his network... But imagine if he had launched
an attack against my DNS servers in response? Yeah, thats a great idea.
Of course, now that the AHBL does its own proxy testing, we get all sorts of
fun reports from end users about our 'attacks' against their machines. Latest
one demanded I tell her why we had scanned her, but wouldn't tell me her IP
address or when the scan happened exactly, claiming that I had done the scan,
so I should know what IP she is. Too bad I test over 100,000 IP addresses
daily for open proxies....
Lets not even get into the legal consequences for a tool like this, especially
if it backfires and launches an attack against the NIPC, for example.
Brielle
Let me see:
We now have a product that produces more shit than ever, has no sound concept behind it other than "Let's nuke the shit out of these &&&%$s", probably costs a shitload of money and appeals to PHBs in the extreme.
I'd say: Let's buy some shares.
Which launches DDoS attacks against itself, but then runs out of money and breaks up into smaller, poorer versions of itself.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
From their white paper:
A Brief Synopsis of Available Countermeasures
The range of available countermeasures that may be invoked in the context of ROE can
be divided into two categories of response: symmetric and asymmetric. Symmetric
responses are tactical in nature, initiated directly by the customer. These may be
distinguished further between purely automated responses and those determined by
decision makers based on their level of authority.
Defensive measures provide a first level of symmetric response: existing security devices
may be coordinated through scale of force procedures to block a hostile act - or degrade
the network quality of service (QoS) for indeterminate acts - based on probable levels of
threat. A more substantive escalation of symmetric response invokes challenging
procedures, which combine management protocols and honey-pots to divert, quarantine,
and study the probable hostile acts in progress. The results of such analysis - effectively,
forward observation and interrogation - get reported from the field units back to the
operations center. Another level of escalation for symmetric response involves
reflection, a principle for "return fire", i.e. to strike against a hostile source - meeting
sufficient thresholds for eyes on target to obtain positive identification - using essentially
the same methods which they have engaged.
These symmetric methods are generally automated by executive policy, with override by
operations management. In the practical art of war, they are considered dispersive
ground. Additional levels of symmetric response apply invasive techniques, which
require the authorization of management for specific arming orders. Invasive techniques
can be categorized as: (1) non-destructive; (2) destructive but recoverable; and (3)
destructive, non-recoverable - again with respect to proportional response to the hostile
acts.
Asymmetric responses require executive findings based on multiple attributions and prior
failed attempts at resolution through the upstream providers and local jurisdictions. In
these cases, the operations center may call for a variety of efforts, including: (1) escalated
multilateral profiling and blacklisting of upstream providers; (2) distributed denial of
service counterstrikes; (3) special operations experts applying invasive techniques; and (4) combined operations which apply financial derivatives, publicity disinformation, and
other techniques of psychological operations. These operations are conducted with
appropriate consideration for restrictions on point targets and phase lines in the
battlespace.
Unfortunately it's not currently legal, but really what would be a better idea is to react to compromised machines based on their infection behavior. I know that when Code Red first came out (and still now, even) my Apache logs were full of attempts to acces CMD.EXE or other windows stuff.
The obvious solution would be to respond to the attacking machine by using the same exploit by which it was initially infected, and cause it to go to sleep or attempt to clean itself. Obvious problems arise if the machine is doing something important, but the question arises: when are you allowed to protect your own property in response to somebody who hasn't properly fixed their own?
Conceptually, the best way to do this would be to log attackers, note how they are infected based on heuristics of common infections, and then wait until they attack has been going on for a certain period of time. If the machine is still coming out strong after a day, one should be justified in taking measured to put it offline...
It's time to stop pandering to sysadmins that don't do their jobs. We have some machines that aren't $1000/minute mission critical, but if one were infected I wouldn't feel overtly upset if somebody put it to sleep for me (so long as the machine itself wasn't damaged). For those that do run $$$$/minute machines, they should be well secured so such things don't happen, or at least not for prolonged periods of time.
It's accountability time for sysadmins... you're not unjustified in shooting somebody who invades your house, so why can't you take out the computer that's attacking your network?
Every server on the web is at least THEORETICALLY CAPABLE of launching a DoS, aren't they?
In other news, GWB has signed legislation that makes IP addresses illegal forever. The bombing begins in 15 minutes.
After all, several million page hits are about to occur on their home page - and if you don't have this set up on your own infrastructure, when you make the thing - its not exactly good PR.
Boricle.
yes, seems you could end up with a virtual case of Mutual Assured Destruction.
If I was being attacked, the last thing I wanted to waste bandwidth on was attacking back.
How many of you read the headline and imagined smoke billowing out of a 1337 Hax0r's computer?
Give me my freedom, and I'll take care of my own security, thank you.
Stays away from the fight and just makes money selling the weapons.
Pretend that I'm a hacker running a DDOS attack. One, if not a few of the machines I am using to run this DDOS attack on a server has this anti-DOS software. The server under attack would have this software as well.
I'll let you think about that scenario. It's probably unlikely, but it's still fun to think about. However, remember that if some guy has hijacked grandma's PC, the ISP she uses may have such software. I'm guessing the architect of this software didn't pay attention during his Operating Systems course.
Oh, and of course I have to include the obligatory:
1. Actually devise security software to bring down the ENTIRE internet.
2. ???*
3. Profit!
*Insert Trial Lawyer here...
What do you mean my sig is repetitive? What do you mean my sig is repetitive? What do you mean....
Which denies the attacks ever existed dispite reporting them itself last year.
You need a FREE iPod Nano
Some day people will realize the answer is to remove the vulnerable hosts that are being used as attack sources.
This is the obvious solution (after all, no zombies = no DDoS-nets), but the problem is there's no practical way to achieve it.
I think I see a way:
First: A counter-probe to identify whether a suspected site actually is a zombie. This would eliminate friendly-fire counterattacks and lets-you-and-him-fight scenarios.
A good signature is the presence of a controlling port for the zombie (though this might be camoflaged during the attack, so you'd have to go after something else once the attackers catch on and redesign). What you probe for, of course, will vary with the attacking tool.
Second: An infected michine will have had one of the set of vulnerabilities known to the particular tool's infection mechanism. (That will probably still be in place, since the tool's author will want to leave it open for future use, or not try to close it due to the added complexity and risk of exposure.) It will usually also have additional backdoor(s) installed by the tool. These give you an exploit for counterattacking it.
As things stand today, there's no incentive pushing owners of compromised machines to react quickly to remove them from the net -- there's no financial cost for many home users if they don't do so, and they're shielded from liability by the "I didn't know I was infected" defense.
Seems to me that a few thousand machines scattered around the net that respond to the latest worms by breaking into the zombies, popping up a notifier that they're infected and need to fix it, shuting down the infection, and cutting them off from some of their network service until they fix it, might just give them an immediate incentive. B-)
A second problem is that for the average computer user, it can be very difficult to tell casually if your computer's been infected and is packeting someone else. The fraction of the computer population that checks their firewall to measure their traffic, or goes over the processes running in memory every once in a while, is probably fairly small. This means that infected computers tend to stay infected for a long time.
Another reason to install something on their machine that mildly harasses them until they fix it once they've been exploited and the exploit attacked YOU. Issue solved.
There's also no real, efficient way for a DDoS target to notify thousands of machines about the problem, much less expect a significant proportion of them to respond in any short amount of time.
See above.
I think all the bases you mentioned are covered.
Yes, there might be an issue with the anti-hacking laws. But I think the necessity defense would be applicable here.
"Your honor: Defendant stipulates that he did install software on his machine which did respond to an attack from the machines owned by states' witnesses 1 through 5 by breaking into their machines, disabling some of the software running there, and installing additional software, without their permission.
But at the time the software performed this operation, defendants machine, which is necessary to his livelyhood, was already under active attack by the software on witness 1 through 5s' machines, and thousands of others, due to an infection by software installed by an unknown and malicious third party. This attack, if not countered, would make it unusable for its primary purpose.
The third party's software was installed on their machines, and left running, at least partially due to their own negligence, and was causing serious harm to the defendant's own machine. The defendant's software, on the other hand, took extensive measures to insure that it only counter-attacked machines that were already attacking it, and to do make the minimum changes necessary to abort the attack and notify the owners of the attacking machines that the machines had been infected and needed to be fixed.
Defendant pleads necessity.
To apply the anti-hacking law to defendant in this case is the same as jailing a man who was being beaten by an enraged mob for violating the laws against assault in his effort to protect himself."
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I found a company that had an active IDS once... It would respond with 400Mbit/sec DoS traffic back at anyone that triggered the IDS... It took me about 3 minutes to show them how to turn it into my own personal Death Star... -- "We can't repel firepower of THAT magnitude!"
Get your pens and pencils out, because here's a great idea. Just remember me on your way to fame an fortune.
:P
You/Your company subscribe to a service that offers retalitory services when you are hit by a DDoS attack. You recieve the attack and report it to the service, who traces the attck through multiple machines to it's origin, across multiple hops if nessisary. Firesupport, with it's beowolf clusters and all, open fires on the source with it's Wave Motion Cannon of DDOS attacks, forcing the attacker into submission. All for the low price of $19.99 a month!
Legal? Well...
Accurate? Um...
But the idea is cool as hell at least
You need a FREE iPod Nano
3: if your known to be running this software blackhats will LOVE IT. you'll be a prize target becuase they will wanna see how this thing works. imagine if you had 2 companys running this thing, and you launched a DOS on company A in such a way to fool this software into thinking company B was attacking it and it automaticly attacked it, causing company B to fire back? ahah the kaos!!!
If you mod me down, I will become more powerful than you can imagine....
From now on I will send 20,000,000,000 emails to any creep that sends me crap I don't want. And I know who you are, it states 'From:....' clearly on any email I receive.
I like this!!
Tough shit if the system(s) attacking you are hijacked systems, they are attacking you and need to be stopped.
If you are walking down the street and someone yells "RAPIST" and points you out and a crowd of strangers acting only on what they have just heard, jump on you and begin beating you up, is it right for you to just lay there and let the strangers beat on you just because they are acting on misleading information?
No, you would defend yourself with physical force and all means at your disposal. Why should anyone just "lay there and take a beating" ??
It's just a shame you can't pump 440v down the line and fry the attacking systems. Shut them down and stop the attacks. What more damage can you do anyway? The attacking systems are already damaged, why not just do them in so that the owner is forced to notice and repair the problem, versus leaving it alone as it continues to wreak havoc un-noticed by it's owner.
DEATH TO THEM ALL!!
It's called, Mutually Assurred Destruction...
... side note...
It's been working quite well for nuclear arms...
So, now everyone will be afraid to launch an attack on another machine because the remote machine could possibly fire off a barage of assaults back at the offending host. Descimating both sides in the encounter. Now, script kiddies and unfriendly nations will be quite frightened when it comes to launching attacks against.
It's the new cold war and everyone is going to be in a mad dash against time to ensure their artillerly will be enough to handle such a gestalt.
In the mean time, I'm going to purchase lots of stock in companies dealing in these "new arms." Yep, anyone who sells large fat pipes of deathly destruction will be on my list of companies to buy into.
Gosh, I don't have a distributed denial of service system in place, I feel so naked and unable to defend myself in the wake of digital terrorism! I had better see if I can outsource this project quickly.
I do hope everyone understands I'm joking.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Which swears off all forms of attack, unless it involves giant robots or tentacles.
The ______ Agenda
It used to be that you had to use email worms to conscript people's PCs into your private army of DDoS zombies. By packaging the trojan and calling it a security product you can avoid all that hassle.
Even our government's "Ethics Officer" or whatever they call him/her, reports directly to the Prime Minister. So whenever someone points out some potential conflict of interest or bending of the rules etc., the PM just says, "Hang on, while I check with our Ethics Officer...", who quickly responds, "Everything seems on the up and up sir, no problems here! (Can I keep my job sir?)"
We Counter Attack with a DDoS before someone who might have "DDoS of mass destruction" attacks us. .then blame the British.
.
.
.
.
The Kruger Dunning explains most post on
So then you forged a message so that it looked like it came from a second victim - and when their mailbox filled up it would bounce them back to the first victim.
Bounces are sent with a null envelope sender, so bounces don't get bounced (outside of the local mail system).
As a wise man once said, "Never get in a mud flinging contest with a pig."
This means (effectively) that all the Majority MPs are barred from ever voting their concience or on behalf of their constituents in Pariliament, which i think is wrong, considering thats why we elected them in the first place.
At least in the States, you'll find a break in partisanship as Senators and Congressman often break from the party line to vote the way they feel.
Secondly, their is virtually no separation of the Executive (prime ministers office) and Legislative branches of the Goverment ... which wouldn't matter anyways since we have an unelected and completely ineffective Senate.
Recall the Senator that actually MOVED OUT OF CANADA TO MEXICO and went years between even bothering to show up to work. He still, unfortunately, is a senator to my knowledge
Recall again Mulroney adding 3 extra senators (!!!!) so he could pass his GST bill.
Can you imagine what the American's whould do to a president that violated the constitution to ram a fucking 7% sales tax bill.... ???
All in all though... pretty cool country.
Someone gets this idea every few years. Probably from watching too many bad hacker movies.
Just smile, nod politely, and let the lawyers take care of it.
Let the Internet shootout begin.
It comes with an official policy of non-aggression, so instead goes and uses its CPU cycles on something useful.
What would happen the first time someone spoofed one of these companies in attacking at another company with a counter strike practice in place? Counter strikes are unlikely to be tit for tat, but a little bit more. It would be likely to escalate between the two until one of them gave up. Two innocent parties duking it out.
A white list or reverse DNS lookup might prevent this. Other thoughts?
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Who's got the Ddos buster buster ??
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
But it sure would be fun to launch an asymmetric counter-strike against all those pizza-eating pimple-faced teenage nose-pickers with no social lives and too much free time! Yeehaw! Bombs away!
Sigh. Where's Dr. Strangelove when you need him, eh?
An Eye for an Eye leaves the world blind. If two I know Microsoft and SCO were using this software, I'd just start a DoS against SCO and spoof Microsoft IP Addresses.
Which starts out attacking one side, but then decides to start DOS'ing the other side.
It's "no one," not "noone." Who the hell is noone anyway?
If there are 2 of these boxes, then a spoofed attack that sets them against each would kill both. I suspect the drawing board needs revisiting.
The use of the NULL ENVELOPE SENDER in a bounce message is the fix to prevent MailBombs from working.
Before that changes was implemented Forged Address MailBombs worked like a charm.
... which launches the attack against its own servers for years and years, until the US version makes it stop. (Yeah yeah, it didn't stop to ask the UN version if it was okay)
Seems like the cold war has reached the internet. They attack, we automagically retaliate. Bye bye WWW.
'mmmmmmmmm.... forbidden donut'
and what if a site is posted on slashdot, and then slashdot gets counter-attacked? because the /. effect could look like a DDoS attack to some of these automated systems....maybe?
...which should post URLs to offending IPs to /. to "slashDoS" the site.
A "white paper" that doesn't even use a proper referencing system....
erm... Harvard ref isn't too difficult!! Lame effort at professionalism.
wouldnt this just kill both sides off?
and if a site is being attacked by drones, wouldnt this just cause unecessary internet traffic?
this would lead to more problems.
not to mention it would cause the network being attacked to go down much faster.
Firewalls with anti-virus software so dumb that they send out messages to people who's email address has been hijacked to hide the real address where the virus originated. Its just stupid we know which viri fake the sender, why cause more hassle?
It counter attacks, and has no idea when to stop.
Not a sentence!
I'll show them. I'm fighting back. I'm going to launch my own persoFEAgfe523}';fw[NO CARRIER]
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
NATed networks need to be liberated. Perhaps the invaders might sling their mighty IPv6 stacks upon the evil NATed networks and give them all a voice, a public address. Eureka! It's democracy!!
----- Question authority, but not ours. Hate the man, but we're not him.
...just make it play tic tac toe over and over again until it suddenly becomes aware that in the end, no one wins a war.
I like monkeys, too.
Thank you.
It seems like there may be one legitimate use for something like this - inside the network, inside the firewall.
Could be very effective. Inside your own network you should be able to identify which traffic is reasonable and proper and which traffic just does not belong.
If it can be set up to react quickly (and spectacularly) enough, your users will quickly learn to be much more cautious.
Click on something and after half an hour or half a day somebody figures out it was you.
Click on something and almost immediately you screen goes into fireworks and your speakers start emitting rude noises.
Ha! A guy jumps out from behind the mail box and starts laying into the mail man with a baseball bat for delivering junk mail.
Or better yet, a war dialer that imediately starts to dialing all of the executives of the tele-marketing company that interrupted you during dinner.
If you don't have something nice to sig, then don't sig anything at all.
This sounds to me like a non-lethal Doomsday Device
Some of their exciting "Strikeback" tools referenced on the page: traceroute, finger, and dig.
mailbomb someone until their mailbox filled up so the mail server would bounce the message back
BR
IIRC, you didn't need to fill up an account. Simply sending a message from invalidAddy@server1.net to invalidAddy@server2.net usually did the trick. Server2 would bounce the invalid message back to Server1 rinse and repeat. Not that I have any first hand expirience.
But on a serious note, what is? What are ways of defending against DOS and DDOS attacks that end users up to ISP can utilise to fend of against these bandwidth hogs? Attacking back is obviously just a waste of resources (not to mentional illegal). What can the average joe-user do then to alleviate the damage of these things?
Ahhh the good old days when ip stacks used to reply to subnet pings ... bada boom bada bing!
An eye for an eye will do nothing for your network stability but will make everyone blind.
http://www.cctec.com/maillists/nanog/historical/01 08/msg00649.html
"Alright Kif, lets show these freaks what a bloated, runaway military budget can do!"
Basically, you try to fill up spamming companies's inboxes with false responses using randomly generated yet realistic looking information. Theoretically, you get enough people doing this sort of thing, you could remove some of the profitability from spamming. At some point, the company's gotta spend a least a little effort trying to verify information. Too much time wasted investigating false responses, maybe the company's going to change its approach.
'Course, it's just some guy's pet project right now, but these sorts of approachs are kind of interesting.
I have Snort set to identify any DDoS attack. Once that happens, I have a perl script grab the offending IP address, find a story that ran on Slashdot last week, replace the links in the story with the offending IP address, then resubmit the story. Poof, target is gone. Works every time...
Arghhh! You took Redmond from me with two ISP's from Santa Clara! I'll get you back with my Japanese investment bank triple threat!
Geez, it'd be fun to watch that go on - who needs zombie hordes? 7 crafted packets and you can kill two Fortune 500 companies...
The British version declares that it will never surrender, and then pauses in midafternoon for tea and crumpets before resuming the DDoS.
i am a soviet space shuttle
...it feels just like the cold war: they attack us, we attack them. What's left in the end ? An assured nothing!
It sure helped then, so I think we can apply it again.
I propose an even more stringent system that will simply shut down every root DNS server and every major backbone. That way, the attacker shall have to think twice before DDOS'ing a server he wishes to be unreachable, 't could easily be accomplished with a computer.
(..puts on cowboy hat and eats some tabacco..)Yeehaah !
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
I think all these companies proposing offensive attacks are half a loaf of stupid.
According to this PDF, the best defense is a good offense.
That is akin to fighting the battle of the bulge with the battlefield as a 6 foot wide hallway. Pretty soon, it's going to pile up with bodies. then you're just going to have a plugged up hole. Sure, the Battle is over, but you've both lost the ground.
They're using their grammar skills there.
I am an expert. Not in inverted commas "expert" but a real expert with hard won experience in the last few weeks.
I have helped a customer who was suffering several DDoS attacks from sub humans from Eastern Europe. The attacks took out an entire Australian state for days at a time and in one 30 minute period, all of Australia at 4.30 in the morning, not just one ISP or one customer. We're not talking small attack fleets here.
Now... where to start?
This product is the stupidist, most lame, and idiotic idea I can think of. I don't know what the hell they were thinking, but all I can think of is that they've never ever had a DDoS attack aimed at them.
In Australia (where I live), this type of counterattack *IS* illegal, and I have real lawyer advice from IAL (I am a lawyer) types at a big firm. If you want to prosecute, you sure as hell should not have retaliated... or you'll end up facing prosecution too, and unlike the scuzz buckets in eastern Molvania, you will go to jail and be Bubba's Vegemite Valley Viking buddy for some time.
You want to know how to prevent spoofed attacks? Force * by law * Cisco and the two or three other manufacturers of telco equipment (DSLAMs, cable head ends, and digital modems) to not pass packets with spoofed IP addresses. Make it illegal to acquire equipment without these controls. Make it illegal to modify the equipment to allow such usage. Followed up with the "Good" ISPs null routing "Bad" ISPs who pass packets from "customers" (sources) who spoof. ISPs *know* the BGP AS's they route at their edge. They are the best placed not to allow spoofed packets to originate from them. This solution is SO simple, I'm surprised no one has done anything about forcing Cisco et al's hand yet.
You want to know how to prevent DDoS attacks being used for extortion? Clueful law enforcement. Too many times, the victims of these attacks have to establish an uncontaminated body of evidence, keep a chain of custody for all evidence they collect, and show exactly how they've filtered the raw evidence to demonstrate the links between the few unspoofed packets and the badly written e-mails with the attacks. This is like a mugging victim collecting evidence swabs from themselves, taking the photos, doing a few PCR DNA tests (or three hundred), ensuring all statements are taken, keeping the evidence safe from contamination and doing the leg work of the investigation. ENOUGH! It's time for the police to get a fscking clue and employ real investigators in their "high tech" forces.
Until then, companies like this one will be allowed to peddle their wares to customers who just want a large piece of 4x2 and to whack someone... anyone. I know because I soooo wanted that 4x2 so many times during January and February.
Andrew van der Stock
...which works well enough, provided you keep an eye on the oil level.
Isn't this the same idea behind SKYNET's humble origins?
Hussain, A., Heidemann, J., and Papadopoulos, C. (2003). A Framework for Classifying Denial of Service Attakcs. In Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (p. 99-110) ACM Press.
Here is an interview that Andy Oram did with Symbiot (collectively, apparently). It includes much more information regarding their product. Worth a read.
-NEO: You can't scare me with this DDoS crap. I know my shit. I'll use my Anti-DoS tool.
-AGENT SMITH: Tell me, Mr. Anderson, what good is an Anti-DoS tool if you are unable to transmit?
On the day that their system is announced or goes live let's repost this article and see if their slashdotted site starts attacking all of us :)
Dr. Rick
- "It's such a fine line between clever and stupid" (Nigel Tufnel)
- Zort! (Pinky)
OK, I haven't read the article so flame me if you must...
This concept doesn't make sense. Most DoS's are DDoS's right? So if a million zombie machines attack one central machine, how can it fight back given the Many vs. One (attackee) scenario? Won't the central machine simply be consuming its own (already saturated) bandwidth?
Or does the central machine maintain its own army of zombies with which to fight back? Even if you conducted this (likely illegal) scenario, whom would you attack with your zombie army? Which one or few of the zombie foes would you try to attack?
I first read this as "anti-DOS", and wondered:
What, we're done bashing Windows, so we're moving backwards and going after Micro$oft's original Disk Operating System?