Slashdot Mirror
BitTorrent Servers Under DDoS Attacks
jZnat writes "CNet News.com reports that popular BitTorrent tracker hosts such as Suprnova and LokiTorrent underwent DDoS attacks on Wednesday (I'll bet you noticed). The culprits are primarily unknown, but these sites were flooded beyond control from the attack. This appears to be striking an interest in revising the BT protocol and Suprnova's interest in making their own protocol."
This is a perfect example of why it's not quite right to take the law into your own hands against someone who you **feel** is wrong.
I have had my site targeted before, and I run a completely legit, whitehat site. Just because someone thinks they're better off financially without a competitor does not mean he's justified to try to take me down.
I find it interesting that the focus with regards to DDoS attacks that I have read about is not on proper security and precautions, but rather the client/server applications being attacked. Because your Apache server is DDoS'd, does that mean you distribute your website through ftp? Of course not, you take further security precautions and strengthen your protection against DDoS attacks. Why then should there be a need to "create a new protocol" to "protect" from attacks?
Protocols in and of themselves do not inherently have protection from these kinds of attacks. That is not the purpose of a protocol. The purpose of a protocol is to establish an agreed method of communications between two or more identified systems in a connection. This is where the problem persists: identification.
DDoS is not successful because it overrides the buffers or socket space for connections to a server. It is successful because these sockets are kept open longer than they should be.
What a server needs is not a "secure" protocol, because any protocol (method of communication) can be compromised so long as the attacker can make the protocol believe that an identified, valid entitiy has made a connection and intends to communicate.
Instead, system administrators need to strengthen the rules in their firewalling and subsystem (kernel) to improve the latency of the socket states so that the system will not fail when attacked. I believe GNU/Linux has many tools available as well as kernel modules already available in order to accomplish much of this already.
Rather than wasting time in creating YAP (Yet Another Protocol), the time and effort may be better utilized creating the system and firewalling tools needed to combat DDoS at its root.
This brings it even further to the point of not necessarily even having to reconfigure and install and reconfigure again the varied tools needed for server-side protection, but even look as close as the router itself and the built-in firewalls there.
I believe even Cisco has given some hardware advice for DDoS here.
We don't necessarily need to be creating so much as we should be perfecting and improving.
The problem is that the community doesn't have the same say over the actions of DDoSers that a wild west town's citizens would have over their sheriff.
If a small group decided that slashdot was politically unsettling (and they'd have quite a lot to go on) and decided to take it down for a few days I expect that most of us would be annoyed.
DDoSing the pirates and spammers of the web is just one more way to fill the net with junk, and it's usually a small group (or single lycos) who decide to take the action without approval.
For once I prefer Microsoft's approach of taking the spammers to court. At least that might have some positive results.
STOP MENTIONING SUPRNOVA .. you're ruining it for everyone who actually knows what the hell it is... please stop!!!
The key word in my message is "distributing". I doubt that distributing an album to 300 people through bittorrent falls under non-commercial personal use copies
Mother is the best bet and don't let Satan draw you too fast.
The best answer to a distributed attack is a distributed network. If no node in the network is essential to its operation, such an attack isn't possible.
suprnova.org probably doesn't want to be the world's supplier of content, even without the DDoS part. I find your reasoning completely backwards. Why should your Apache server be the only server?
If you had a dozen mirrors hosted around the world, it'd be much harder to take down. With web pages, you can do that. With trackers, you can not. Not yet. Because the protocol doesn't support it.
Kjella
Live today, because you never know what tomorrow brings
The key word in my message is "distributing". I doubt that distributing an album to 300 people through bittorrent falls under non-commercial personal use copies
And I'm sure the people distributing those copies don't believe that 70 years after the death of the artists counts as the "limited time" granted in the constitution... go figure.
Of course, we all know that's never true which is the problem with other P2P software. ADSL and cable modems unfairly favor downloading (consuming) content rather than uploading (serving). This is just another example of the corporate world trying to control the dissemination of information. There's no good technical reason they couldn't run a symmetrical DSL signal over your voice line like they do ADSL, they just don't want to. It's the same reason many of these ISPs still require you to login via PPPoE and get a dynamic IP for your "always on, high speed dedicated connection". They're stuck in a 1995 mentality of dialup users consuming content rather than sharing information. Dynamic IPs on cable and DSL really bug me. You can get one plan with dynamic IP and PPPoE from SBC for $29/month, but add in a static IP and suddenly you're looking at $75/month. WTF? You need to account for that customer using an IP address whether you assign it dynamically or whether it is static... why the rape on static prices?
Suprnova traffics in torrent files, not copyrighted material. Of the content represented by those torrents, pretty much all of it is legal in some parts of the world.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
The sad thing is that it probably wasn't the MPAA or the RIAA. I've seen this over and over on several IRC networks (dalnet especially). Some idiot gets banned from their favorite channel, and instead of taking it like a man or going home and crying themselves to sleep, they get pissed off and start DDoSing the entire network. Since they got kicked, they have to ruin the fun for everyone.
I'm sure that in the end it will be something along these lines: someone in the forum started flaming, words were exchanged, feelings were hurt, and some pimply-faced 14 year old decided to get even.
If I have been able to see further than others, it is because I bought a pair of binoculars.
You know, I have 5 moderator points, and I just couldn't find a single good post to mod up, here. So I'll say what I think needs saying.
How do you know that the Lycos spam-DDoS screen saver *isn't* what is taking out bittorrent?
I can think of a number of possibilities, any of which might be worth investigation.
(1) - As was mentioned elsewhere, it *could* be that lycos is leasing its services out to the RIAA.
(2) - It could be that the spammers are using Bittorrent servers
(3) - It could be that the spammers have hijacked the bittorrent servers (as I understand, a lot of bittorrent hijacking has come from China. Perhaps not coincidentally, a lot of spammers use servers in China to host their activities.)
(4) - It could be that the spammers have somehow masked their servers' real identities to look like bittorrent servers.
There are a few possibilities that might be worth checking out. Anyhow, I'll hold onto my 5 points, I guess. Shoot, I might just deposit them in the bank and wait till inflation takes em out.
Slashdot just ain't what it used to be (as you can tell by looking at my low slashdot ID number).
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
...is longer than that. It could be an intriguing investigation...kind of like "who shot JR".
RIAA if I'm not mistaken lobbied (unsucdessfully thank goodness) to have legislation put in place to permit them to hack into suspect computers at their discretion if I recall, and MPAA is just another pea in that IP-hoarding pod.
Other suspects? There are too many to mention, but boradly speaking they might fall into one of several categories besides the above:
* Large closed source software vendors or someone connected to them (Microsoft, etc). They would be trying to shut down a big source of piracy. I doubt it is Microsoft, they are not that dumb. In any case suprnova et al are not the right target...that is shooting the messenger, not the perpetrators who make use of their resources.
* One of the above-mentioned perpetrators (copyright violators who up/download cracked software and movies). I've noticed that a sizeable minority of heavy BT users out there are immature and petty (probably teenagers sequestered in their basements). If they are knocked off suprnova or similar sites or are slagged in a community forum they get all out of joint and retaliate. The stupid turds brought it on themselves and such retaliation is not warranted.
* Some of the seedier on-line proprietors, such as those who run revenue generating sites imitating the free suprnova.org, because if the free sites go away it might steer more revenue to them. I wouldn't put it past them
* Commercial porno sites. P2P networks are full of porn (you don't even have to search on an obvious sexual keyword sometimes) and it is pretty much all ripped off of some pay site. Most (not all, but most) on-line porn businesses are run by people lacking morals and intelligence (witness the whining by one porno purveyor about Google caching thumbnail images and deep-linking into his site with regard to the latter). SO it is very likely a porn-vendor arranged the dDOS attacks.
Part of me hopes it really was RIAA or MPAA...they are cartels that are unhealthy for the industry and it would be cool if there was finally a reason to shut them down. However, I think it's one of the latter 3 groups I mentioned.