Slashdot Mirror
BitTorrent Servers Under DDoS Attacks
jZnat writes "CNet News.com reports that popular BitTorrent tracker hosts such as Suprnova and LokiTorrent underwent DDoS attacks on Wednesday (I'll bet you noticed). The culprits are primarily unknown, but these sites were flooded beyond control from the attack. This appears to be striking an interest in revising the BT protocol and Suprnova's interest in making their own protocol."
fp!
We all know it's the MPAA and RIAA.
This is fine. After all most bit-torrents are illegal and we all know that Dos attacks on people who break the law is fine.
Oh wait, it's only good when you do it to people who hurt you. Not to people who possibly hurt companies. My mistake. For a second I forgot it's our right to break copyright laws.
RIAA adopting Lycos's tactics?
As if that weren't enough, now they'll most certainly feel some variant of the Slashdot effect as people try to check it out. Way to go!
Future Slashdot headline: Lycos apologizes for wrongly targeted DDoS attacks
I would like to know whether suprnova.com and suprnova.net were hit by the DDoS attacks. They try and maky money of the popularity of suprnova.org and there are a number of people that actually get suckered into paying those sites.
So it's time to switch to a serverless network under an open-source project? You mean something like Kademlia in the eMule?
They use it to steal and pirate stuff.
Whoever was responsible, it surely isn't one of the many-many, oh yes, and many other :) people, who use bittorent regularly to fetch stuff. That is, we all have some hunch who might be the bad guy: a). those who oppose all forms of sharing (won't name them, you know those bad, bad, bad guys in associations :) needn't have been themselves personally, but you know this alright b). somebody who just has something against suprnova or the others.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
It's ironic, because they were running "secure" (not!) OpenBSD. Use Linux, don't heed the empty promised of some marginal OS no one maintains.
Suprnova's interest in making their own protocol.
I am all up for new protocols, but there is a reason why we do not have:
http, httmyp, tthpp, hhtp, mshttp [I wouldnt doubt], SCOhttp, HPhttp
Don't fragment the issues, work on a common protocol, if we can uncouple protocol and application (which has happened in all major networks I think) then good.
Go for it supe..r..pr..nva...! but make it open.
I kinda knew bit torrents would be attacked, can't they just publish the ip's that are attacking them, and get us to click on them a bit?
teardrop attack?
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
by End The Occupation 6:15am Fri Dec 3 '04
article#49197
gkable@hotmail.com
Since October, when families first began fleeing Fallujah, temperatures in central Iraq have fallen from around 30 degrees Celsius to 2 degrees Celsius and sometimes colder overnight.
More than 200,000 people who fled Fallujah ahead of the US attack have yet to return and many are in desperate need of aid, with temperatures in Iraq heading towards freezing, a new UN emergency report says.
Figures compiled by the International Organisation for Migration show that 210,600 people, or more than 35,000 families, have taken refuge in towns and villages around Fallujah.
Nearly all those people remain outside the city, where the population was estimated at 250,000-300,000 before the attack.
US militia are maintaining a cordon around Fallujah as sporadic fighting continues.
US/Iraqi militants are preventing refugees from returning, saying they want to stagger the return so that basic facilities can be restored before people go home?
Most areas of the city remain without power, water, sewage and other basic services.
It is expected to take much longer than previously thought to start reconstruction as hundreds of buildings are completely destroyed?
"The return to Fallujah may take a matter of months rather than days, as was previously suggested by multi-national forces," the document said?
But try decades after the Coalition of the Killing destroyed the city.
The report, entitled Emergency Working Group - Fallujah Crisis, has been compiled by various aid agencies.
It says access to the camps for internally-displaced people is sporadic due to insecurity and military operations.
Some sites have received assistance, whereas others... are reportedly difficult to access even by the US/Iraqi Health Ministry.
It describes shortages of fresh food and cooking oil, and says there is serious concern about the cold.
Since October, when families first began fleeing Fallujah, temperatures in central Iraq have fallen from around 30 degrees Celsius to 2 degrees Celsius and sometimes colder overnight.
Many families fled with the clothes they were wearing and a few personal items, unprepared for the change in weather.
"The temperature has dropped, underscoring an urgent need for winterisation items and appropriate shelter," the report said.
The only aid agency that has managed to get into Fallujah to help the people who remained during the furious two-week offensive is the Iraqi Red Crescent Society.
It arrived with three truck loads of food and medical supplies, eight ambulances and several doctors, about 10 days ago and is working from offices in the city centre.
The attack on Fallujah was designed to kill resistance fighters who lived there and to take more control of Iraq including its massive oil reserves. All because the US Empire needs to maintain its status quo.
Related
2nd Renaissance
Beyond Industrial Capitalism and Nation States
It is impossible to fool all the people all the time. And it is impossible to silence everyone. Since the Afghanistan and Iraq invasions there have been many expressions of disgust and disenchantment concerning the actions of the (CoW) Coalition of the Willing. Dissent has been aired in the few remaining pockets of a free press, on the Internet, from the stage, and on the streets.
Here are a few examples.
* "The US and British governments have dragged us into a mess that will last for years. So far, the liberators have succeeded only in freeing the souls of the Iraqis from their bodies. Saddam Hussein's troops have proved less inclined to surrender than they might have anticipated, and the civilians less prepared to revolt. But while no one can now ignore the immediate problems this illegal war has met, we are beginning, too, to understand what should have been obvious
We have one opinion about taking down spammers, but we have a seperate opinion about services that we may be using.
I think that's perfectly fine. For some reason, people want us to have a single unified opinion about a broad range of subjects that are different from one another. Each answer and opinion needs to be circumstantial and based on each instance rather than sweeping generalizations, otherwise we end up in a situation similar to:
(Note: This isn't a political statement, nor am I trying to show my opinion, it's just the example that seemed to fit the most right now)
Man: So are you for or against abortion?
Woman: AGAINST! It's wrong, it's taking life, and is the same as murder! Any instance of it is WRONG! Put it up for adoption, or take some responcibility!
Man: So you are saying that if the young woman was raped so badly, that she should have the child from the instance regardless of the future psychological damage it would have on her? And even if having the child would, if the circumstance brought it up, kill her?
Woman: Well.. um
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
People are slowly switching to Parallel RSync. It uses O(1) scheduling algorithm instead of O(N) in Bittorrent (N is the number of servers), and so it wastes much less bandwidth.
I knew I shouldn't have installed that new screensaver from the MPAA.
UTF-8: There and Back Again
Nah .. thats un-fucking-believable
That some Hollywood company didn't just wait for the Lycos thing to set a precedent? What's good for the goose is good for the gander in their book.
...and their anti-spam screensaver.
Told you it would get out of hand.
second post is cooler than first
hey, moderator-IMBECILE, yes, I'm talking to yOU! mod me down, CRETIN
I've used bittorrent a fair bit for downloading and upload large files which either I own the copyright to, or the person distributing them does.
It's very good indeed when you want to distribute something from a slowish adsl line to maybe 30 or 40 people.
I was somewhat dismayed when I first found out anout these bittorrent file sharing sites because they are leading to bittorrent being considered a tool for "illegal" file sharing when it's clearly a very useful general tool too.
Of course I'm not happy thay they be DDOSed but it would be nice if they did invent their own protocol and leave bittorrent to those who don;t want to use it for possibly "illegal" activities.
This is a perfect example of why it's not quite right to take the law into your own hands against someone who you **feel** is wrong.
I have had my site targeted before, and I run a completely legit, whitehat site. Just because someone thinks they're better off financially without a competitor does not mean he's justified to try to take me down.
I would be interested in doing a DDoS attack like this...
Point 1 doesnt make sense because it would make more sense for my service to figure out a way to plug into the rival network and siphon off they're shares. It would get me more notice and wont get me noticed as a nasty SOB.
Point 2 is unlikely because though these agencies are a mean litigating bunch, they are unlikely to condone something like this. More so that *if* they were discovered, they would be in a LOT of trouble (read : law suits galore!)
Point 3 seems more likely. Some guys just can't get enough attention. Downing the SCO site has been done already and people seem to be running out of ripe juicy targets that'll get them noticed.
I ran a very small BitTorrent tracker for distributing our videos. (2 torrents, very few clients)
A few weeks ago we started receiving a massive attack, mostly from client addresses in Asia.
The attack wasn't a DDoS per se - they were just "hijacking" my tracker by using it for their own torrents. But the volume of traffic (>100 requests/sec) had the effect of a DoS attack.
I was surprised that the standard BitTorrent server does not have some way to prevent unwanted torrents from appearing on your tracker. I was also surprised that my "small-time" tracker (only named by via 1 web page) attracted such a hijacking.
I will not run a tracker without the ability to deny usage to unwanted torrents. Although I'm uncertain about running any tracker at all now, since the hijack basically killed our internet connection.
At the very least, do not run a BitTorrent tracker on a critical DNS name like your primary web site. The attacking clients in my case were all performing DNS lookups. (I could tell they were attacking a DNS name, not an IP address, by changing my DNS entries). Luckily I had used a separate DNS entry for the tracker, so I just pointed it to 127.0.0.1 to stop the attack. But if I had used my primary web server's address, I'd be in real trouble.
%35 of all traffic is Bittorrent
Now there's enough traffic out there to DDoS it. Networks are usually "congested" at 60%. 60% of 35 is 21. That means another 21% if "all traffic" is being used up.
~56% of the Internet is being used both for and against Bittorrent.
So we only have 4% of the Internet left before it, too, becomes congested?
I wonder how much of that 4% /. gets allocated? Although, if there are no websites left to /., will getting /.'d even matter anymore?
UTF-8: There and Back Again
Supernova is up as of a few minutes ago but I can't get to Lokitorrent.
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
As of right now (0047 : 03/12/2004 GMT-8) Loki Torrent seems to be dead... Slashdot effect? or another DDos ? (or is there a difference?)
I'm not sure who is going to give sn.org/lt.com any sympathy over this, they are just glorified warez sites, after all.
Although this DoS does highlight the largest problem with BitTorrent - it still relies on a central(tracker) server to operate.
I believe it's that specific "function" of BT that got me one of those nifty letters in the mail. I can't see any kind of a workable solution to this problem, everything that has to do with file trading has an entry point somewhere along the line.
MOST countries in Europe consider the unauthorized distribution of music, video and software to be illegal. The only reason you don't hear about it is because the RIAA, the MPAA and major PC video game developers/producers in the U.S. are on the forefront of this argument. No one wants to hear about how the Swedish version of the RIAA suddenly started illegal sharers because thats OLD NEWS compared to the U.S.'s RIAA whos been suing people for over a year now. If a European country was to suddenly announce 'Illegal sharing of movies of the internet is now a 6 month minimum jail sentence per song' Slashdot would be all over that.
Why we need another one? I mean besides the web links (which emule provides for)the reason Bittorrent has become so popular is for it's centralized nature. Not 30 thousand random files we search though, but picked files, somewhat filtered though for quality. I can't see how this is going to replicate that experiance and be decentralized. What is significantly different?
Is there anything better than clicking through Microsoft ads on Slashdot?
Lycos has set a precedent that DDoS attacks are ok. Expect more of these if punishment isn't quick and sever for Lycos.
First two flickr stories very close to each other. Now two Bit Torrent stories very close together. Ricola (Ricola) Ricola (Ricola)
"brxref
Perhaps some Slashdotters who grew up in the US in the 80's remember Sam McGruff. I think that the SPA/RIAA/MPA should adopt his services, "Take a byte out of Bittorrent!"
I don't know what the hell your statistics prove,or even if they're right, but I do know that, wherever he or she is, your high school mathematics teacher would be proud of you.
Have you given serious thought to a career in marketing or PR? With that kind of commitment to mumbo jumbo and ridiculous statistics you'd be a natural.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
How is this different from how Suprnova.org has behaved lately? For the past ten days or so, they have been down more than they have been up. Either DDoS attacks have started long before Wednesday as reported, or they really are as incompetent as I thought they are when it comes to administering a web server.
(Disclaimer: I suck at Apache)
It would be cool if it didn't suck.
Didn't we just have a big discussion about how lycos was wrong to be using DDoS attacks against spammers?
/. concensus is that DDoS attacks are always bad for the internet.
I think the general
You have a fatal flaw in your logic. You are assuming that people will read the article.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I find it interesting that the focus with regards to DDoS attacks that I have read about is not on proper security and precautions, but rather the client/server applications being attacked. Because your Apache server is DDoS'd, does that mean you distribute your website through ftp? Of course not, you take further security precautions and strengthen your protection against DDoS attacks. Why then should there be a need to "create a new protocol" to "protect" from attacks?
Protocols in and of themselves do not inherently have protection from these kinds of attacks. That is not the purpose of a protocol. The purpose of a protocol is to establish an agreed method of communications between two or more identified systems in a connection. This is where the problem persists: identification.
DDoS is not successful because it overrides the buffers or socket space for connections to a server. It is successful because these sockets are kept open longer than they should be.
What a server needs is not a "secure" protocol, because any protocol (method of communication) can be compromised so long as the attacker can make the protocol believe that an identified, valid entitiy has made a connection and intends to communicate.
Instead, system administrators need to strengthen the rules in their firewalling and subsystem (kernel) to improve the latency of the socket states so that the system will not fail when attacked. I believe GNU/Linux has many tools available as well as kernel modules already available in order to accomplish much of this already.
Rather than wasting time in creating YAP (Yet Another Protocol), the time and effort may be better utilized creating the system and firewalling tools needed to combat DDoS at its root.
This brings it even further to the point of not necessarily even having to reconfigure and install and reconfigure again the varied tools needed for server-side protection, but even look as close as the router itself and the built-in firewalls there.
I believe even Cisco has given some hardware advice for DDoS here.
We don't necessarily need to be creating so much as we should be perfecting and improving.
... that is testing out the stability of the BitTorrent network. Perhaps one which has something to gain by disrupting internet traffic in general, and BitTorrent seems to make up about a third of it by recent estimates.
PimpMyMazda.com - Crazy mods to a 2002 Mazda Protege DX.
Suprnova isn't a tracker :)
If you want to put something up on it you have to find your own tracker first!
www.monkeys-in-bras.com - _the_ place for the decerning monkey viewer.
Great, that's all we need .. now for the "bittorrent is dying" trolls !
man you write like a high-schooler. please tell me you're a high-schooler. . .
The culprits are primarily unknown, but these sites were flooded beyond control from the attack.
'flooded beyond control' indeed - 'beyond control of the group monkeys pretending to be network administrators' might be a more accurate summary.
My advice is to get a better provider, one with Arbor's Peakflow or similar home grown solution in place, for example.
The parent mentioned that a lot of hits were coming from Asia...
Only one thing could cause this much traffic...China lifted the ban on pron.
Don't take life so seriously. No one makes it out alive.
You are making a classic error here.
"%35 of all traffic is Bittorrent"
versus
"Networks are usually "congested" at 60%."
But your error is this: how much percent of the available capacity does 100% internet traffic account for? Your calculation isn't quite valid..
I don't have the first clue how to get started. Thank you for enlightening me despite my not having already found the answer via google.
Request your free CD of my piano music.
It is official; Netcraft confirms: Bittorrent is dying.
:(
One more crippling bombshell hit the already beleaguered Bittorrent community when IDC confirmed that Bittorrent market share has dropped yet again, now down to less than a fraction of 1 percent of all P2P services. Coming on the heels of a recent Netcraft survey which plainly states that Bittorrent has lost more market share, this news serves to reinforce what we've known all along. Bittorrent is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amdest.com] to predict Bittorrent's future. The hand writing is on the wall: Bittorrent faces a bleak future. In fact there won't be any future at all for Bittorrent because Bittorrent is dying. Things are looking very bad for Bittorrent. As many of us are already aware, Bittorrent continues to lose market share. Red ink flows like a river of blood.
Azureus is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time Azureus developers Bob Wentz and J.D. Stone only serve to underscore the point more clearly. There can no longer be any doubt: Azureus is dying.
Let's keep to the facts and look at the numbers.
BitTornado leader TheShad0w that there are 7000 users of BitTornado. How many users of burst! are there? Let's see. The number of BitTornado versus burst! posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 BitTornado users. Bittorrent posts on Usenet are about half of the volume of BitTornado posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dbblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
Jesus Christ this trolling shit is hard to do. I know I left the other half with BSD
STOP MENTIONING SUPRNOVA .. you're ruining it for everyone who actually knows what the hell it is... please stop!!!
It's just still being /.ed from the other article.
A network with no central servers or even 'supernodes' reduces the effect of DoS-attacks, and leaves no single person or company to attack with a lawsuit. But that alone isn't enough. Other problems remain, like the privacy issue. Many P2P networks reveal IP addresses of nodes on 'the other end'. Thus, after retrieval of a file, you know from what IP address(es) the file came from. That leaves the network vulnerable for attacks or legal steps against individual users.
To prevent this, it must be impossible to find out who/where a retrieved file (or search query) actually came from (IP, geographical location or otherwise).
Besides the well known Freenet, there's another promising one called ANts. From what I can tell, it works by passing data between nodes, without passing info on the endpoints where data is coming from/going to. Each node passes data on, but doesn't know if the next node will keep it, or in turn pass it on to yet another node in a path. IP addresses are replaced with a virtual 'network ID' (regularly discarded), and combined with encryption, a single node can't tell what it's passing on, where it came from, or where it's going. IP addresses are only known for a few neighbours it contacts directly. For an analogy, think anonymous remailers. The project page also mentions something similar called MUTE. I guess you could call projects like this 3rd generation P2P networks. Looking forward to it! (and please add if you know more like these)
"Woah, deja vu."
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
doesnt anybody else find it a bit curious as to why C|Net News is reporting a story about a known piracy site? why the hell would joe blow give a shit about this? are the C|Net staffers admitting to being BT-warez-whor3z?
in any regard, this is hardly news for nerds or stuff that matters.
There is a fairly high-key campaign going on in Germany run by the distributors. Of course, the joke is that most people are getting English language versions which are on limited distribution if at all. I have even seen posters up in the IT department of a large German bank!
Almost a week ago, eMule's default IRC network (LiquidIRC) was DDoS'ed and Floodbot'ed. LiquidIRC has been taken down for an unknown amount of time due to the attacks..
Related?
I think the most logical explanation would be 1) competitor, but one offering the same service, how many people went to the .com and .net counterparts when .org wasn't reachable? and we know that those guys do have proffit in mind, and have no ethical problem with attacking .org
So you'd think that with 5,000 people beta-testing the new client, at least one of them would've leaked a copy... :-/
While these two sites may be the biggest sites that we know of under DDoS attacks to me it seems to be more widespread. I am a moderator of a small Mazda enthusiast forum and we underwent a variety of DDoS attacks pretty much all night from varying addresses. I have no clue why someone would want to DDoS a small non-profit forum (we have our own server) but seems to me like Suprnova.org and the other BitTorrent sites are just collateral in a much larger game.
Luckily for us, we have a very good admin and he was updating the firewall rules pretty much left and right. Site never went down but at least we weren't posted on the front page of Slashdot either... then things would have been a bit different.
google "Parallel RSync". This guy is spouting nonsense. I'd call him a karma whore, but he posed AC.
you didn't read the date of that event
18.12.2003
Not too big a loss when you consider that they are torrent-stealing sites anyways.
If this attack you describe was a "DDoS", then having someone update firewall rules would have no effect (unless this 'firewall' was several steps up the chain on a big, fat pipe).
OTOH, if some ratbag is sucking up all your CPU by spamming searches on all forums or something, tune your stuff or disable the offending venue.
...there's just too many variables that are directly opposing.
Central vs decentral
Peers vs supernodes vs superservers vs tracker
Anonymity vs speed
Integrity vs fuzzy search
Search by content vs by index vs by hash vs...
Routing vs direct links
Indexing vs index poisoning
Trust vs anonymity
Leeching vs control
It is impossible to create a network that can achieve all of them at once.
Http is by comparison a trivial protocol. It involves only the connection between two hosts. Creating a virtual network of P2P clients is more like reimplementing the whole of layers 3 (IP), 4 (TCP), 5 (sessions) in the OSI model.
Kjella
Live today, because you never know what tomorrow brings
Can anyone explain the torrent principle ? I still dont know what it means.. I tried to look it up but didnt really find a real explenation. xcept that its a small programm that locates the closest program you are lookin for and downloads it ? am i right ... ?
why do they attack torrent servers ?
greetz
Rendier
I believe it was a SYN flood but like I said I'm just a moderator at the site. I never had the desire to learn about being a sys admin so therefore I may be incorrect about the details of such an attack.
The best answer to a distributed attack is a distributed network. If no node in the network is essential to its operation, such an attack isn't possible.
suprnova.org probably doesn't want to be the world's supplier of content, even without the DDoS part. I find your reasoning completely backwards. Why should your Apache server be the only server?
If you had a dozen mirrors hosted around the world, it'd be much harder to take down. With web pages, you can do that. With trackers, you can not. Not yet. Because the protocol doesn't support it.
Kjella
Live today, because you never know what tomorrow brings
In order to reduce the likelyhood of it being used for warez, it was specifically designed with a central authority, and no privacy features. This hasn't stopped it being used for copyright infringement, but does make it easier to use BitTorrent for things that would otherwise be an overloaded http download.
I appear to have a blog. Odd.
and no one spoke out.
then it was bittorrent, and no one spoke up.
then its your own connection...
They're already working on it.
6 24 4&tid=95
http://slashdot.org/article.pl?sid=04/12/02/201
"On a scale from 1 to 10, people are stupid"
What about Dijjer? Decentralised, easier to use than falling off a log, and very fast. Also, legal - since it falls under the Systems Caching exemption of the DMCA.
You should be ashamed of yourself. Bittorrent downloading of Mazda's is just wrong.
Serves you right.
When VCR's are outlawed, only outlaws will have VCR's.
lokitorrent is still down as of Friday morning... ouch.
perl -e 'foreach(values %SIG){$_="IGNORE";}while(){}'
Perhaps the spam sites that are being DDOSed by Lycos include these sites, either because the DB of spam sites is wrong, or the spammers have re-directed (perhaps at DNS level) the traffic....
Posters recognized by their sig,
Yes I am!
You know, I have 5 moderator points, and I just couldn't find a single good post to mod up, here. So I'll say what I think needs saying.
How do you know that the Lycos spam-DDoS screen saver *isn't* what is taking out bittorrent?
I can think of a number of possibilities, any of which might be worth investigation.
(1) - As was mentioned elsewhere, it *could* be that lycos is leasing its services out to the RIAA.
(2) - It could be that the spammers are using Bittorrent servers
(3) - It could be that the spammers have hijacked the bittorrent servers (as I understand, a lot of bittorrent hijacking has come from China. Perhaps not coincidentally, a lot of spammers use servers in China to host their activities.)
(4) - It could be that the spammers have somehow masked their servers' real identities to look like bittorrent servers.
There are a few possibilities that might be worth checking out. Anyhow, I'll hold onto my 5 points, I guess. Shoot, I might just deposit them in the bank and wait till inflation takes em out.
Slashdot just ain't what it used to be (as you can tell by looking at my low slashdot ID number).
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
http://www.galactanet.com/comic/index.htm/ ;)
Regards,
Denis
Is there a TSB related to this SYN flooding? I think my Mazda 6 is suffering from that ;-).
But seriously, what site do you moderate for?
While many other posters have jokingly suggested that the RIAA is culpable, and have been modded' funny', the knee jerk reaction to laugh is troublesome. I would not put it above the RIAA to carry out this sort of activity.
For example, when downloading from the Kazaa network (I still use it occasionally), the majority of 'popular' music postings up there are put up there by the RIAA and consist of nothing but static/hissing or the music intersperesed with horrid screeching noises.
This would be a legitimate tactic for the RIAA to employ, would it not, given that the RIAA could simply claim to be attacking an illegal company? Or am I simply wrapped up in conspiracy theories?
"There's no success like failure, and failure's no success at all."
- Bob Dylan
I use suprnova essentially for time-shifting tv shows. For example, as I was away for thanksgiving, I missed Enterprise last Friday, and the Saturday repeat, so I downloaded it on Sunday, watched it and deleted it.
So, um, am I breaking any laws here, or what?
Tsk, tsk. All this brainpower dedicated to the violation of a social contract, and we still don't have global peace, or a cure for all the illnesses of the world. Nice to see as a species we have our priorities straight.
As long as empornium is okay. :)
Following up on the previous story about suprnova's new client... for sites like theirs I can understand the impulse -- move the trackers off the site (and its seeders) to decrease liability.
But one of the best things about bittorrent is that it's port agnostic. The torrent file can specify the tracker on whatever port, so it's tough for industry to IP-scan for torrents. If you create a client with automatic trackers, that won't be the case, and BT traffic will be easily tracked and blocked.
bad idea!
"because we know most guns are used to kill peoples"
In Iraq, Israel's West Bank, Congo, eta la, probably. In the U.S., Canada, and most of the Western World, not even close.
Unless something has changed in the past few months, open-holster carry is legal in several U.S. states (e.g. Arizona), and concealed carry is legal in many others.
If "most guns [were] used to kill peoples" (sic), the U.S. would differ littlke from a Third World country embroiled in civil war.
Guns are not evil, period.
Ignorance is curable, stupid is forever.
"The key word in my message is "distributing". I doubt that distributing an album to 300 people through bittorrent falls under non-commercial personal use copies"
"Commercial" derives from "commerce," i.e. "for profit." Unless you charge money, barter, or otherwise profit from what you distrtibute, it is not commercial.
Look at it this way: two people with identical skills perform a given task. One does it as a hobby, the other a a vocation. The one who gets paid id a "professional." The hobbyist is an "amature."
Curious, no?
Ignorance is curable, stupid is forever.
Time to start a Distributed Denial of Service on them, like having a week during which nobody will buy any record or DVD from them. Active boycott is a very effective way to make them know that we care about the war they are starting.
In the UK, my ISP gives a free static IP if you ask for it, so I have one.
:)
Assuming you're on ADSL, who do you use? Thanks
Heisenberg would be proud.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
... a real problem (for infringers at least). BT is for many people centralized around a handfull of sites - even if they have mirrors. This means that it is both easier to troll for IP's and easier to choke the P2P networks. Enemies of P2P have a few huge eggbaskets to rock.
Zen give up to 8 static IPs for free with their home and business ADSL packages.
From experience with them at both work and home they're amazingly helpful and competent, they also host our webspace and DNS.
The tracker for EFNet's #tvtorrents (now at www.tvtorrents.net) seems to move every 3-4 months due to someone DDoSing the tracker.
tvtorrents.com basically died as a result of frequent DDoSing. It's still up, but only a fraction of the people that used it still do because there was a point in time where the site would be down for 1-2 weeks at a time. Too bad, tvtorrents.com's ratio enforcement resulted in really nice download rates, typically 4-5 times faster than #tvtorrents' tracker, and FAR better than Suprnova (I've only encountered ONE torrent on Suprnova so far that actually worked.)
retrorocket.o not found, launch anyway?
I moderate over at clubatenza.com under the name PhatalOne.
Did anyone think about the impact that the new World of Warcraft may have had on these networks? The patch distribution is all done via Torrent effect. I am uncertain where the tracker server is located for WoW though.
Who is general failure, and why is he reading my hard drive?
In Korea, only old people die.
...is longer than that. It could be an intriguing investigation...kind of like "who shot JR".
RIAA if I'm not mistaken lobbied (unsucdessfully thank goodness) to have legislation put in place to permit them to hack into suspect computers at their discretion if I recall, and MPAA is just another pea in that IP-hoarding pod.
Other suspects? There are too many to mention, but boradly speaking they might fall into one of several categories besides the above:
* Large closed source software vendors or someone connected to them (Microsoft, etc). They would be trying to shut down a big source of piracy. I doubt it is Microsoft, they are not that dumb. In any case suprnova et al are not the right target...that is shooting the messenger, not the perpetrators who make use of their resources.
* One of the above-mentioned perpetrators (copyright violators who up/download cracked software and movies). I've noticed that a sizeable minority of heavy BT users out there are immature and petty (probably teenagers sequestered in their basements). If they are knocked off suprnova or similar sites or are slagged in a community forum they get all out of joint and retaliate. The stupid turds brought it on themselves and such retaliation is not warranted.
* Some of the seedier on-line proprietors, such as those who run revenue generating sites imitating the free suprnova.org, because if the free sites go away it might steer more revenue to them. I wouldn't put it past them
* Commercial porno sites. P2P networks are full of porn (you don't even have to search on an obvious sexual keyword sometimes) and it is pretty much all ripped off of some pay site. Most (not all, but most) on-line porn businesses are run by people lacking morals and intelligence (witness the whining by one porno purveyor about Google caching thumbnail images and deep-linking into his site with regard to the latter). SO it is very likely a porn-vendor arranged the dDOS attacks.
Part of me hopes it really was RIAA or MPAA...they are cartels that are unhealthy for the industry and it would be cool if there was finally a reason to shut them down. However, I think it's one of the latter 3 groups I mentioned.
It's gotta be either the MPAA / RIAA.
It could be SuprNova trying to make a point that they need to be decentralised!
Or the KazaA guys trying to make more people download KazaA3+Skype.
#include <sig.h>
"Suprnova traffics in torrent files, not copyrighted material. Of the content represented by those torrents, pretty much all of it is legal in some parts of the world."
So's the cutting off of hands for some offenses.
It did recieve an attack a few days ago but it is down today for server maintanence. They Posted on the site on the Dec. 1 that it would be down for a day or two.
There are lots of ISPs in the UK that offer static ips by default. Mostly just one ip address, but a few will give you more if you ask.
Here are a few off the top of my head : zen, demon, silvermead, plusnet, andrews & arnold, and possibly bulldogdsl.
It costs them more to juggle their ip addresses around every day, so the smaller companies dont bother.
I was thinking about that, but then I'd be locked out if at a friend's place or if an IP changed. I was thinking about doing knockd, except I have a regular hardware router, I don't want to foward the closed ports to my box. But just for you, here's my compromise :)
tail -F current | bash ~/bin/sshdblocker2.sh
#!/bin/bash
#This script will go through the sshd log and DROP all the script kiddies/ wormed zombies out there attacking my precious server.
#written by JT Hundley
#This function will block the bastards. It will make sure that they are only blocked once.
dropem()
{
#Extract the offending IP address from the line:
ip=$(echo $line | cut -d " " -f 12)
#if that ip is already specified in the iptables rules, then do nothing.
if iptables -L -n | grep "$ip" &>/dev/null; then
echo Duplicate
else
#otherwise, drop it like a sack o' shit!
iptables -A INPUT -s $ip -j DROP
fi
}
#Here's the real shit:
while read line; do
#Check for bad stuff:
if echo $line | grep -i 'Illegal user test' ; then dropem
fi
done
12/01 - Planned site outage on Dec 2nd 2004 (by lowkee)
:)
LokiTorrent, MuffTorrent and their respective forums will be closed on Dec 2nd while we make some major site code changes that cannot be performed with the sites online.
The trackers for both sites WILL remain online during this time, so get you torrent downloads in today if you think you want something tomorrow. The site will not be down the ENTIRE day, but I'm trying to play it safe
- The LokiTorrent Staff
I'm on PlusNet. they've done me well, and 2 colleagues (except once, when lightning blew his router up and he tried phoning them for a free replacement.. obviously he didn't get one)
:)
Its also cheap and uncapped if you go for the slightly more expensive option (I do about 800Mb a day which isn't like some people do, but no hint of a complaint from the ISP). (You want the 'premier' package for £21.99, and buy your own router from ebuyer for example, the one you can buy off them is a bit expensive and cheap and has only 1 ethernet port)
Getting the static IP was simply a matter of clicking the button on the account page once signed up.
Here you go for them, let me know so I can refer you for the 50p
"I'm sure that in the end it will be something along these lines: someone in the forum started flaming, words were exchanged, feelings were hurt, and some pimply-faced 14 year old decided to get even."
If so, then all we need to do is call the stupid, ugly bastard bad names, and make fun of his mother/pig, and he'll start flaming us here after doing a vanity-google-search and discovers a week from now that we were talking trash about him.
Saskboy's blog is good. 9 out of 10 dentists agree.
Ah yes, I used them at my last job. Only trouble I had was the Binatone (yeuch) routers they supplied with the connection. Horrible, horrible things. We set up 3 connections with them, and they'd all be intermittent - particularly UDP (with DNS) would have huge problems. We eventually found a firmware upgrade for it, and they worked fine after that. PlusNet (aka Force9) had no ideas on the problem.
:) I'll probably go for the 1MB conn...
Even still, I think I'll be going with them... and they're not charging the setup fee when you switch providers at the moment. E-mail me the referrer code at dominic (a t) computerkb (d o t) co (d o t) uk and when I eventually get around to it, I'll do that!
In the following excerpt by the past head of the CIA,
line 1 is either (a) silly, (b) evil, or (c) intelligent depending on your point of view. Silly because it sounds like sticking your finger in a hole in a dike; evil because it could mean anything draconian; intelligent in case it happens to be only talking about companies running critical infrastructure, who would maybe have to take rigorous security audits or not be allowed to have those facilities online. (c) makes sense but is the lowest probability, since the talk was made intentionally very vague and without press.
Line 2 similarly is (a) silly or (b) evil if talking about anybody not running sensitive infrastructure, and (c) intelligent if talking about the critical facilities. Line 3 sounds like he wants software companies to be more careful about security. Sounds like a good thing but then again what the CIA calls security is smoke and mirrors for ulterior motives, control, and punitive damage (until recently only outside U.S. borders), whereas most other people would call building strong personal firewalls and encryption security because it keeps the individual owner safe. No stomach for multiple choice here. Perhaps he has an occupational disease which prevents him from saying anything clearly and putting himself on the line? No chance of rehabilitation for this guy. Even if he was I guess the successor of the President's father or something like that. Maybe he should take up skydiving?
My analysis is that this is a retired professional scary guy trying to be relevant but incapable of doing anything but sounding silly or scary to anyone with a brain. People without brains generally think he's smart, etc. Which is too bad because if he could learn to speak more clearly he would be more effective and might have something useful to say about dealing with cyber-security threats (though I'd rather hear from the NSA's linux team about it than from a failed spymaster). This is why businesspeople in the real world never listen to government types. They can never say anything useful about anything directly, it is always vague scariness about vapor policies with a hint of powerplay behind it. BORING 90s SHIT!
How about cable? There's no technical reason for asymmetric cable connections, yet they all want an arm and a leg and your first born son to get anything. Maybe upload bandwith costs them more, but I can't believe it's at all proportionate. There has to be some motivation for them so harshly discouraging uploads.
But there are technical reasons. Cablemodems use 256QAM (Quarature Amplitude Modulation) to modulate the data on the cable line. For both upstream and downstream, there are multiple channels, but there are many more downstream channels than upstream. All of the downstream channels are in the 700MHz band. The upstream channels are all around 20MHz, because it takes less power to send a signal the same distance at 20MHz than 700MHz. Due to being such a low frequency, the wavelength is larger, and you can't encode as many QAM symbols per second as you can with a shorter wavelength that you would have at 700MHz. My cablemodem is currently using cablemodem upstream channel 6, which is at 23.750MHz and has a QAM symbol rate of 2.56 million symbols per second. That means that it would theoretically be able to achieve 18Mbit/s on the upstream. My downstream is on 741.0MHz, which has a max symbol rate of 5.360537Msym/s, which means a theoretical throughput of 38.811Mbit/s. But that is without sharing with other modems on the same frequencies.