Slashdot Mirror
BitTorrent Servers Under DDoS Attacks
jZnat writes "CNet News.com reports that popular BitTorrent tracker hosts such as Suprnova and LokiTorrent underwent DDoS attacks on Wednesday (I'll bet you noticed). The culprits are primarily unknown, but these sites were flooded beyond control from the attack. This appears to be striking an interest in revising the BT protocol and Suprnova's interest in making their own protocol."
We all know it's the MPAA and RIAA.
RIAA adopting Lycos's tactics?
As if that weren't enough, now they'll most certainly feel some variant of the Slashdot effect as people try to check it out. Way to go!
Future Slashdot headline: Lycos apologizes for wrongly targeted DDoS attacks
it is more like shooting a guy because he wears a gun on the street .. no matter what
because we know most guns are used to kill peoples
self justice is wrong
think about the federal police agents burned in mexico while protecting the school from drug dealers
stop supporting microsoft with pirating their software!!!!!
I would like to know whether suprnova.com and suprnova.net were hit by the DDoS attacks. They try and maky money of the popularity of suprnova.org and there are a number of people that actually get suckered into paying those sites.
Indeed this is a striking comparison to the previous story about spam sites suffering drom a DDoS attack. I for one had quite different reactions to them. Perhaps this shows that I am a hypocrite. However there is another component. Spammers target individuals, infact the maority of individuals. Corperations however are not people, despite how they may be treated by the law, and I think that Bittorrent is by far less damaging to corperations than spam is to the productivity of people (not to mention their happyness). SO perhaps I do have some justification for my differnt reactions to these articles.
Philosophy.
So it's time to switch to a serverless network under an open-source project? You mean something like Kademlia in the eMule?
Please speak for yourself. The fact that you're living in a country with strict file copying/distribution laws doesn't mean this is the same in the rest of the world. At least here in the most countries of Europe there's nothing wrong with distributing copies of music, video and software.
Whoever was responsible, it surely isn't one of the many-many, oh yes, and many other :) people, who use bittorent regularly to fetch stuff. That is, we all have some hunch who might be the bad guy: a). those who oppose all forms of sharing (won't name them, you know those bad, bad, bad guys in associations :) needn't have been themselves personally, but you know this alright b). somebody who just has something against suprnova or the others.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Suprnova's interest in making their own protocol.
I am all up for new protocols, but there is a reason why we do not have:
http, httmyp, tthpp, hhtp, mshttp [I wouldnt doubt], SCOhttp, HPhttp
Don't fragment the issues, work on a common protocol, if we can uncouple protocol and application (which has happened in all major networks I think) then good.
Go for it supe..r..pr..nva...! but make it open.
I kinda knew bit torrents would be attacked, can't they just publish the ip's that are attacking them, and get us to click on them a bit?
teardrop attack?
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
We have one opinion about taking down spammers, but we have a seperate opinion about services that we may be using.
I think that's perfectly fine. For some reason, people want us to have a single unified opinion about a broad range of subjects that are different from one another. Each answer and opinion needs to be circumstantial and based on each instance rather than sweeping generalizations, otherwise we end up in a situation similar to:
(Note: This isn't a political statement, nor am I trying to show my opinion, it's just the example that seemed to fit the most right now)
Man: So are you for or against abortion?
Woman: AGAINST! It's wrong, it's taking life, and is the same as murder! Any instance of it is WRONG! Put it up for adoption, or take some responcibility!
Man: So you are saying that if the young woman was raped so badly, that she should have the child from the instance regardless of the future psychological damage it would have on her? And even if having the child would, if the circumstance brought it up, kill her?
Woman: Well.. um
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
I knew I shouldn't have installed that new screensaver from the MPAA.
UTF-8: There and Back Again
I've used bittorrent a fair bit for downloading and upload large files which either I own the copyright to, or the person distributing them does.
It's very good indeed when you want to distribute something from a slowish adsl line to maybe 30 or 40 people.
I was somewhat dismayed when I first found out anout these bittorrent file sharing sites because they are leading to bittorrent being considered a tool for "illegal" file sharing when it's clearly a very useful general tool too.
Of course I'm not happy thay they be DDOSed but it would be nice if they did invent their own protocol and leave bittorrent to those who don;t want to use it for possibly "illegal" activities.
This is a perfect example of why it's not quite right to take the law into your own hands against someone who you **feel** is wrong.
I have had my site targeted before, and I run a completely legit, whitehat site. Just because someone thinks they're better off financially without a competitor does not mean he's justified to try to take me down.
I would be interested in doing a DDoS attack like this...
Point 1 doesnt make sense because it would make more sense for my service to figure out a way to plug into the rival network and siphon off they're shares. It would get me more notice and wont get me noticed as a nasty SOB.
Point 2 is unlikely because though these agencies are a mean litigating bunch, they are unlikely to condone something like this. More so that *if* they were discovered, they would be in a LOT of trouble (read : law suits galore!)
Point 3 seems more likely. Some guys just can't get enough attention. Downing the SCO site has been done already and people seem to be running out of ripe juicy targets that'll get them noticed.
I ran a very small BitTorrent tracker for distributing our videos. (2 torrents, very few clients)
A few weeks ago we started receiving a massive attack, mostly from client addresses in Asia.
The attack wasn't a DDoS per se - they were just "hijacking" my tracker by using it for their own torrents. But the volume of traffic (>100 requests/sec) had the effect of a DoS attack.
I was surprised that the standard BitTorrent server does not have some way to prevent unwanted torrents from appearing on your tracker. I was also surprised that my "small-time" tracker (only named by via 1 web page) attracted such a hijacking.
I will not run a tracker without the ability to deny usage to unwanted torrents. Although I'm uncertain about running any tracker at all now, since the hijack basically killed our internet connection.
At the very least, do not run a BitTorrent tracker on a critical DNS name like your primary web site. The attacking clients in my case were all performing DNS lookups. (I could tell they were attacking a DNS name, not an IP address, by changing my DNS entries). Luckily I had used a separate DNS entry for the tracker, so I just pointed it to 127.0.0.1 to stop the attack. But if I had used my primary web server's address, I'd be in real trouble.
As of right now (0047 : 03/12/2004 GMT-8) Loki Torrent seems to be dead... Slashdot effect? or another DDos ? (or is there a difference?)
I'm not sure who is going to give sn.org/lt.com any sympathy over this, they are just glorified warez sites, after all.
Although this DoS does highlight the largest problem with BitTorrent - it still relies on a central(tracker) server to operate.
I believe it's that specific "function" of BT that got me one of those nifty letters in the mail. I can't see any kind of a workable solution to this problem, everything that has to do with file trading has an entry point somewhere along the line.
At least here in the most countries of Europe there's nothing wrong with distributing copies of music, video and software.
/. for a while.
If you are in a country with membership of the EU, you might be interested* in reading Directive 2001/29 EC on the harmonisation of certain aspects of copyright and related rights in the information society. This has most definitely had an impact on the copyright regime in the UK, although, even before this, unauthorised distribution of copyrighted files was not permitted.
And, on the topic of wondering whether there is "nothing wrong" with distibuting, perhaps some thoughts about the moral rights of authors? Not protected as much in mainland Europe as in the UK (mainland seems to prefer protection of economic rights), but important nonetheless.
*Disclaimer. You might not be interested in reading this at all, but it is of sufficient length to help prevent you posting misleading statements on
I don't know what the hell your statistics prove,or even if they're right, but I do know that, wherever he or she is, your high school mathematics teacher would be proud of you.
Have you given serious thought to a career in marketing or PR? With that kind of commitment to mumbo jumbo and ridiculous statistics you'd be a natural.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
A slight flaw in your thinking. You assume that the internet is currently running at capacity, and that there will not be an increase in that capacity.
Both assumptions are wrong. 35% of current internet traffic may be bittorrent, but that doesn't mean that 35% of the internet's capacity is.
You have a fatal flaw in your logic. You are assuming that people will read the article.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I find it interesting that the focus with regards to DDoS attacks that I have read about is not on proper security and precautions, but rather the client/server applications being attacked. Because your Apache server is DDoS'd, does that mean you distribute your website through ftp? Of course not, you take further security precautions and strengthen your protection against DDoS attacks. Why then should there be a need to "create a new protocol" to "protect" from attacks?
Protocols in and of themselves do not inherently have protection from these kinds of attacks. That is not the purpose of a protocol. The purpose of a protocol is to establish an agreed method of communications between two or more identified systems in a connection. This is where the problem persists: identification.
DDoS is not successful because it overrides the buffers or socket space for connections to a server. It is successful because these sockets are kept open longer than they should be.
What a server needs is not a "secure" protocol, because any protocol (method of communication) can be compromised so long as the attacker can make the protocol believe that an identified, valid entitiy has made a connection and intends to communicate.
Instead, system administrators need to strengthen the rules in their firewalling and subsystem (kernel) to improve the latency of the socket states so that the system will not fail when attacked. I believe GNU/Linux has many tools available as well as kernel modules already available in order to accomplish much of this already.
Rather than wasting time in creating YAP (Yet Another Protocol), the time and effort may be better utilized creating the system and firewalling tools needed to combat DDoS at its root.
This brings it even further to the point of not necessarily even having to reconfigure and install and reconfigure again the varied tools needed for server-side protection, but even look as close as the router itself and the built-in firewalls there.
I believe even Cisco has given some hardware advice for DDoS here.
We don't necessarily need to be creating so much as we should be perfecting and improving.
DDOS attacks do not target individuals regardless of how pleasant it is to think so. If you're sending a server enough traffic to be a nuisance, that traffic will be a nuisance elsewhere as well.
Saying that it's okay to DDOS spammers is especially obnoxious given that the most important argument against spam isn't that it's annoying but rather that it is a waste of bandwidth that other people are paying for.
My only political goal is to see to it that no political party achieves its goals.
Suprnova isn't a tracker :)
If you want to put something up on it you have to find your own tracker first!
www.monkeys-in-bras.com - _the_ place for the decerning monkey viewer.
The problem is that the community doesn't have the same say over the actions of DDoSers that a wild west town's citizens would have over their sheriff.
If a small group decided that slashdot was politically unsettling (and they'd have quite a lot to go on) and decided to take it down for a few days I expect that most of us would be annoyed.
DDoSing the pirates and spammers of the web is just one more way to fill the net with junk, and it's usually a small group (or single lycos) who decide to take the action without approval.
For once I prefer Microsoft's approach of taking the spammers to court. At least that might have some positive results.
moral rights preserve the "artistic integrity" of a work. You could have "moral rights" in the complete absence of copyright. Copyight controls distribution of a work.
It's a common myth that one needs copyright to defend against plagiarism - this is completely false. If I give a verbatim copy of a work and say "this was authored by $WHOEVER_DID" I haven't plagiarised.
Also, Europeans are sophisticated enough to understand that illegal and wrong aren't the same thing. Most europeans I know see nothing WRONG with copying information. They are aware it is "illegal", but that doesn't really influence european behaviour much, particularly not when you know the laws in question were ghostwritten by american corporations.
"God is dead." - Frederik Nietzsche
I don't have the first clue how to get started. Thank you for enlightening me despite my not having already found the answer via google.
Request your free CD of my piano music.
Still there is difference between considering illegality of so-called piracy and actively pursuing so-called pirates. In many larger cities of Poland and Germany, you can easily find a computer stockmarkets, usually run on weekends. An example would be my city, Wroclaw(Breslau), where Technical University - a goverment funded institution, runs such stockmarket. There you can get everything - from brand new DVD movies, cheap as 2$/piece, to cheap (3-5$) software packages like 3dsmax or Adobe CS.
I know personally such places in Warsaw, Berlin, Leipzig and Dresden.
So, announcements are one thing. Realpolitik is just another. Our countries have interest in allowing for nearly-free software/multimedia distribution, and this lies in the roots of educational policy. Simple lies told to BSA/RIAA are just - lies.
It is official; Netcraft confirms: Bittorrent is dying.
:(
One more crippling bombshell hit the already beleaguered Bittorrent community when IDC confirmed that Bittorrent market share has dropped yet again, now down to less than a fraction of 1 percent of all P2P services. Coming on the heels of a recent Netcraft survey which plainly states that Bittorrent has lost more market share, this news serves to reinforce what we've known all along. Bittorrent is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amdest.com] to predict Bittorrent's future. The hand writing is on the wall: Bittorrent faces a bleak future. In fact there won't be any future at all for Bittorrent because Bittorrent is dying. Things are looking very bad for Bittorrent. As many of us are already aware, Bittorrent continues to lose market share. Red ink flows like a river of blood.
Azureus is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time Azureus developers Bob Wentz and J.D. Stone only serve to underscore the point more clearly. There can no longer be any doubt: Azureus is dying.
Let's keep to the facts and look at the numbers.
BitTornado leader TheShad0w that there are 7000 users of BitTornado. How many users of burst! are there? Let's see. The number of BitTornado versus burst! posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 BitTornado users. Bittorrent posts on Usenet are about half of the volume of BitTornado posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dbblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
Jesus Christ this trolling shit is hard to do. I know I left the other half with BSD
STOP MENTIONING SUPRNOVA .. you're ruining it for everyone who actually knows what the hell it is... please stop!!!
The key word in my message is "distributing". I doubt that distributing an album to 300 people through bittorrent falls under non-commercial personal use copies
Mother is the best bet and don't let Satan draw you too fast.
A network with no central servers or even 'supernodes' reduces the effect of DoS-attacks, and leaves no single person or company to attack with a lawsuit. But that alone isn't enough. Other problems remain, like the privacy issue. Many P2P networks reveal IP addresses of nodes on 'the other end'. Thus, after retrieval of a file, you know from what IP address(es) the file came from. That leaves the network vulnerable for attacks or legal steps against individual users.
To prevent this, it must be impossible to find out who/where a retrieved file (or search query) actually came from (IP, geographical location or otherwise).
Besides the well known Freenet, there's another promising one called ANts. From what I can tell, it works by passing data between nodes, without passing info on the endpoints where data is coming from/going to. Each node passes data on, but doesn't know if the next node will keep it, or in turn pass it on to yet another node in a path. IP addresses are replaced with a virtual 'network ID' (regularly discarded), and combined with encryption, a single node can't tell what it's passing on, where it came from, or where it's going. IP addresses are only known for a few neighbours it contacts directly. For an analogy, think anonymous remailers. The project page also mentions something similar called MUTE. I guess you could call projects like this 3rd generation P2P networks. Looking forward to it! (and please add if you know more like these)
Almost a week ago, eMule's default IRC network (LiquidIRC) was DDoS'ed and Floodbot'ed. LiquidIRC has been taken down for an unknown amount of time due to the attacks..
Related?
While these two sites may be the biggest sites that we know of under DDoS attacks to me it seems to be more widespread. I am a moderator of a small Mazda enthusiast forum and we underwent a variety of DDoS attacks pretty much all night from varying addresses. I have no clue why someone would want to DDoS a small non-profit forum (we have our own server) but seems to me like Suprnova.org and the other BitTorrent sites are just collateral in a much larger game.
Luckily for us, we have a very good admin and he was updating the firewall rules pretty much left and right. Site never went down but at least we weren't posted on the front page of Slashdot either... then things would have been a bit different.
...there's just too many variables that are directly opposing.
Central vs decentral
Peers vs supernodes vs superservers vs tracker
Anonymity vs speed
Integrity vs fuzzy search
Search by content vs by index vs by hash vs...
Routing vs direct links
Indexing vs index poisoning
Trust vs anonymity
Leeching vs control
It is impossible to create a network that can achieve all of them at once.
Http is by comparison a trivial protocol. It involves only the connection between two hosts. Creating a virtual network of P2P clients is more like reimplementing the whole of layers 3 (IP), 4 (TCP), 5 (sessions) in the OSI model.
Kjella
Live today, because you never know what tomorrow brings
The best answer to a distributed attack is a distributed network. If no node in the network is essential to its operation, such an attack isn't possible.
suprnova.org probably doesn't want to be the world's supplier of content, even without the DDoS part. I find your reasoning completely backwards. Why should your Apache server be the only server?
If you had a dozen mirrors hosted around the world, it'd be much harder to take down. With web pages, you can do that. With trackers, you can not. Not yet. Because the protocol doesn't support it.
Kjella
Live today, because you never know what tomorrow brings
I too, was getting these about 2 months ago, a few hundred per-hour, until I decided to lock sshd down to known IPs that I regularly ssh from:
Problem solved. I'm going to be moving this to portknocking soon, so that'll open it back up a bit for my partners and clients to ssh in from, while they're on the road.
and no one spoke out.
then it was bittorrent, and no one spoke up.
then its your own connection...
Suppose server X hosts a really popular large file of, say, 100MB in size. Suppose that server only has 1MB/sec upstream bandwith. Suppose users A and B both want the file. The server needs to send the file twice, once for A and once for B. Obviously, this takes twice as long as sending the file just once. And if there's two more people, C and D, also downloading the file, it needs to be sent four times and takes four times as long as sending it only once. In other words, the more people are downloading the file, the slower each download gets.
The torrent principle tries to solve this problem. The idea is that A and B start downloading different parts of the large file. For example, A could start downloading the first half and B the second half. Once A has downloaded some of the file, he starts sending it to B, and B does the same. Suppose, for the sake of simplicity, that both A and B have the same bandwith as the server, and that everyone has the same up- and downstream bandwith.
Now, A is getting the file from server X at 1/2 MB per second. A is also downloading the file from B at 1/2 MB per second, and thus is getting a combined speed of 1 MB/sec. The same goes for B.
This is the torrent principle: use the upstream bandwith of downloaders to help ease the load on server.
Now, A and B need to learn about each other's existence in order to cooperate in this way. In BitTorrent, this is done via a tracker. You download a small torrent file, which contains the address of the tracker, the names and sizes of the files in this torrent, and checksums for each part of the file (to prevent people from sending fake parts). Someone generated this torrent file from file(s) he had on his computer, uploaded it to a torrent tracker, and then launched BitTorrent. BitTorrent checks the files against the checksums, notices that there is no pieces missing, and thus doesn't try to download any - just upload (making it a so-called "seed"). It then connects to a tracker and lets it know that "I'm here". When someone else uses this torrent file, their BitTorrent client connects to the tracker, asks for addresses of peers, and starts downloading pieces from them (and uploading pieces to them - there is a simple "tit for tat" method that ensures that you serve best the nodes which upload to you, thus ensuring that everyone will indeed participate). Once a node gets all the file pieces and has thus finished the download, it becomes a "seed" and keeps on uploading untill the user terminates it.
So, the trackers are absolutely vital for BitTorrent; without them, the clients can not learn about each other, and thus can't connect to each other and up- and download.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
The key word in my message is "distributing". I doubt that distributing an album to 300 people through bittorrent falls under non-commercial personal use copies
And I'm sure the people distributing those copies don't believe that 70 years after the death of the artists counts as the "limited time" granted in the constitution... go figure.
Of course, we all know that's never true which is the problem with other P2P software. ADSL and cable modems unfairly favor downloading (consuming) content rather than uploading (serving). This is just another example of the corporate world trying to control the dissemination of information. There's no good technical reason they couldn't run a symmetrical DSL signal over your voice line like they do ADSL, they just don't want to. It's the same reason many of these ISPs still require you to login via PPPoE and get a dynamic IP for your "always on, high speed dedicated connection". They're stuck in a 1995 mentality of dialup users consuming content rather than sharing information. Dynamic IPs on cable and DSL really bug me. You can get one plan with dynamic IP and PPPoE from SBC for $29/month, but add in a static IP and suddenly you're looking at $75/month. WTF? You need to account for that customer using an IP address whether you assign it dynamically or whether it is static... why the rape on static prices?
Last time I checked suprnova.org, I didn't see many 70-year old warez, but then again I don't know what sites you frequent...
Mother is the best bet and don't let Satan draw you too fast.
You know, I have 5 moderator points, and I just couldn't find a single good post to mod up, here. So I'll say what I think needs saying.
How do you know that the Lycos spam-DDoS screen saver *isn't* what is taking out bittorrent?
I can think of a number of possibilities, any of which might be worth investigation.
(1) - As was mentioned elsewhere, it *could* be that lycos is leasing its services out to the RIAA.
(2) - It could be that the spammers are using Bittorrent servers
(3) - It could be that the spammers have hijacked the bittorrent servers (as I understand, a lot of bittorrent hijacking has come from China. Perhaps not coincidentally, a lot of spammers use servers in China to host their activities.)
(4) - It could be that the spammers have somehow masked their servers' real identities to look like bittorrent servers.
There are a few possibilities that might be worth checking out. Anyhow, I'll hold onto my 5 points, I guess. Shoot, I might just deposit them in the bank and wait till inflation takes em out.
Slashdot just ain't what it used to be (as you can tell by looking at my low slashdot ID number).
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
The corporate world isn't trying to control the dissemination of information. They are protecting their profits. It's not necessary for them to have symetric lines for most DSL customers as their downloading habits are very much skewed towards the download bandwidth. It's also cheaper for them to provide aDSL service then it is to provide sDSL. Upload bandwidth I beleive is more expensive, bit for bit, then the download. There is also distance limitations on the speeds available. sDSL may work well at relative slow speeds, but once you get to faster speeds, the upload speeds greatly reduce. Verizon offers download speeds between 768kbit@18,000 feet and and 7.1mbit@9,000 feet. There is no way that they can provide 7.1mbit upload speeds@9,000 feet.
Dynamic IP addresses are used for several reasons. The first is that it discourages customers from running servers. It doesn't eliminate it, but it makes it more of an inconvienence.
Those that truly need static addresses typically are willing to pay a premium for it. Business customers for instance. They can't afford to have e-mail not delivered or their website unavailable during that short period when an IP address may be updated. In this case, it is about the $$$. Most ISPs will renew a lease so in effect your dynamic address is typically static, but it's not guaranteed though.
Dynamic addresses are also cheaper for the ISP. In many cases the addresses aren't actually owned by the ISP but instead "leased" to them. The ISP ends up paying for each one of them. If they give everyone static, they need to have 1 or more addresses per customer. If they hand them out on a as-needed basis, they can save money as not everyone needs one at all times. At most they would need the same number of addresses as what they would need with static. At the least, they would need 1 per active customer. As leases expire the addresses can be reused, reducing the total number of addresses needed over the long term.
PPPoE is used because it can simplify the back end support and accounting process for the ISP as they can use essentially the same system for both dialup and DSL customers. If everyone is essentially treated as a PPP customer, regardless of the actual connection method, the same authenticaion servers can be used, the same tracking/billing servers, etc. ISPs didn't have to get another set of conectivity to migrate dialup users over to DSL.
The corporate world isn't trying to control the dissemination of information. They are protecting their profits.
Same thing.
It's not necessary for them to have symetric lines for most DSL customers as their downloading habits are very much skewed towards the download bandwidth. It's also cheaper for them to provide aDSL service then it is to provide sDSL. Upload bandwidth I beleive is more expensive, bit for bit, then the download.
How about cable? There's no technical reason for asymmetric cable connections, yet they all want an arm and a leg and your first born son to get anything. Maybe upload bandwith costs them more, but I can't believe it's at all proportionate. There has to be some motivation for them so harshly discouraging uploads.
Dynamic IP addresses are used for several reasons. The first is that it discourages customers from running servers. It doesn't eliminate it, but it makes it more of an inconvienence.
So then, they are trying to control the dissemination of information. Big of you to admit it.
Those that truly need static addresses typically are willing to pay a premium for it. Business customers for instance.
See that's the thing, they only want the wealthy or incorporated to have real internet access. By keeping the proles on dialup and addicted to tv, they maintain their control over the media, and thus the minds of the populace. This is one of the reasons the internet has not had the transforming effect on society we all expected bacy in 1993.
Give me Classic Slashdot or give me death!
"because we know most guns are used to kill peoples"
In Iraq, Israel's West Bank, Congo, eta la, probably. In the U.S., Canada, and most of the Western World, not even close.
Unless something has changed in the past few months, open-holster carry is legal in several U.S. states (e.g. Arizona), and concealed carry is legal in many others.
If "most guns [were] used to kill peoples" (sic), the U.S. would differ littlke from a Third World country embroiled in civil war.
Guns are not evil, period.
Ignorance is curable, stupid is forever.
If 'the man' wanted to control dissemination of information you'd think he'd try to limit downloads, not uploads.
I think you've bought into the conspiracy that just doesn;t exist. All these ISPs don;t care what you do, they only care that you pay them and don;t cause them any (costly) support calls.
Adding a static IP is something they *can* charge you extra for and people will pay it. So they do.
In the UK, my ISP gives a free static IP if you ask for it, so I have one. I think they have different cost models than the states, ie. no-one thought to charge loads for a static IP, and now no-one can do it because customers would migrate to the other ISPs. (oh also we use PPoA in the UK for our ADSL).
And lastly, you still can act as a server, you need DDNS service to register with - try DNSPark for 1 free entry
When carrying table legs always remember: 1. NEVER pretend it's a sawn off shotgun. 2. NEVER tell somebody in a pub you are going to kill them with a shotgun. 3. When confronted by armed police, PUT YOUR TABLE LEG DOWN. This is a good time to stop pretending you have a shotgun, or Darwinism may occur.
I was conned by an old man in a cloak. It turns out those *were* the droids I was looking for.
...is longer than that. It could be an intriguing investigation...kind of like "who shot JR".
RIAA if I'm not mistaken lobbied (unsucdessfully thank goodness) to have legislation put in place to permit them to hack into suspect computers at their discretion if I recall, and MPAA is just another pea in that IP-hoarding pod.
Other suspects? There are too many to mention, but boradly speaking they might fall into one of several categories besides the above:
* Large closed source software vendors or someone connected to them (Microsoft, etc). They would be trying to shut down a big source of piracy. I doubt it is Microsoft, they are not that dumb. In any case suprnova et al are not the right target...that is shooting the messenger, not the perpetrators who make use of their resources.
* One of the above-mentioned perpetrators (copyright violators who up/download cracked software and movies). I've noticed that a sizeable minority of heavy BT users out there are immature and petty (probably teenagers sequestered in their basements). If they are knocked off suprnova or similar sites or are slagged in a community forum they get all out of joint and retaliate. The stupid turds brought it on themselves and such retaliation is not warranted.
* Some of the seedier on-line proprietors, such as those who run revenue generating sites imitating the free suprnova.org, because if the free sites go away it might steer more revenue to them. I wouldn't put it past them
* Commercial porno sites. P2P networks are full of porn (you don't even have to search on an obvious sexual keyword sometimes) and it is pretty much all ripped off of some pay site. Most (not all, but most) on-line porn businesses are run by people lacking morals and intelligence (witness the whining by one porno purveyor about Google caching thumbnail images and deep-linking into his site with regard to the latter). SO it is very likely a porn-vendor arranged the dDOS attacks.
Part of me hopes it really was RIAA or MPAA...they are cartels that are unhealthy for the industry and it would be cool if there was finally a reason to shut them down. However, I think it's one of the latter 3 groups I mentioned.
You need to account for that customer using an IP address whether you assign it dynamically or whether it is static...
No you don't. An ISP never has as many IP's in their pool at they have customers. They only have to keep as many as they will ever have connected at one time. With cable and DSL that's a higher percentage than it used to be with dial-up, but it's excess cost to keep an IP for each customer.
Think of Gmail: no way does Google have a gig of storage for each account. They know about how much each person is really using, then just keep ahead of the total usage.
I do the same thing with account quotas in my lab. If everyone used the full amount, we'd be use 7 times what we have, but we're currently at less than half capacity!
Dynamic IP addresses are used for several reasons. The first is that it discourages customers from running servers. It doesn't eliminate it, but it makes it more of an inconvienence.
My dynamic IP changes once a year. It has nothing to do with running a server (dyndns anyone?) - if they wanted to do that, they would be blocking inbound ports. If anyone remembers @home, you could actually configure your machine for static once you received your IP (which was necessary due to the stability of fetching a DHCP address from the other side of the continent).
The reason for DHCP? As the cable companies reconfigure networks (splitting/combining areas), it's sometimes necessary to change IP blocks (keep in mind, their network is heavily tied to location). Is it easier to change a DHCP server and release/renew, or notify hundreds of customers that their IP is changing? For the same reason, I often run my networks entirely on closed DHCP (using the MAC to IP mapping)
PPPOE has more to do with the fact that various companies resell or piggyback from the phone company, instead of sticking their own infrastructure in each CO. Static requires more work to setup and maintain (routing the line to a different DSLAM/network/etc)
I use Macs to up my productivity, so up yours Microsoft!
I was thinking about that, but then I'd be locked out if at a friend's place or if an IP changed. I was thinking about doing knockd, except I have a regular hardware router, I don't want to foward the closed ports to my box. But just for you, here's my compromise :)
tail -F current | bash ~/bin/sshdblocker2.sh
#!/bin/bash
#This script will go through the sshd log and DROP all the script kiddies/ wormed zombies out there attacking my precious server.
#written by JT Hundley
#This function will block the bastards. It will make sure that they are only blocked once.
dropem()
{
#Extract the offending IP address from the line:
ip=$(echo $line | cut -d " " -f 12)
#if that ip is already specified in the iptables rules, then do nothing.
if iptables -L -n | grep "$ip" &>/dev/null; then
echo Duplicate
else
#otherwise, drop it like a sack o' shit!
iptables -A INPUT -s $ip -j DROP
fi
}
#Here's the real shit:
while read line; do
#Check for bad stuff:
if echo $line | grep -i 'Illegal user test' ; then dropem
fi
done
Insightful 4??! You're so wrong on practically everything you've said I don't know where to begin. First, ADSL is "Asymmetrical" (that's the "A" part) -- they steal frequency from the upload channel to increase the download speed as that is what most consumers want. Most of the time a user has to get their speed profile dropped is because they are too tight on the upload capacity to maintain sync. As for symmetrical, SDSL speed is about 1Mbps around 8000 feet and can stretch to about 20,000 feet at 128Kbps. ADSL can do up to 8Mbps to over a mile, and 3 or 4Mbps towards 3 miles. Which do you think has more consumer interest? As for PPPoE, it's for management, it's a hell of a lot more work to cut off service at the DSLAM than it is at the central authentication servers, plus it makes accounting possible as well as sharing infrastructure giving you the choice of ISP's in several areas. As for the static IP it's not the IP you're paying for, it's a tax in terms of demand on both the system and support. DSL is priced artificially low at a price point where customers will buy, but on the assumption of personal use, not providing the rest of the world with access. Network circuits, bandwidth, equipment, support and administrative costs does not work out to less than $10/Mbps. If you want a dedicated line you can pay the same rates the ISP does, otherwise expect to share fairly and pay a fraction of the real cost.
In the following excerpt by the past head of the CIA,
line 1 is either (a) silly, (b) evil, or (c) intelligent depending on your point of view. Silly because it sounds like sticking your finger in a hole in a dike; evil because it could mean anything draconian; intelligent in case it happens to be only talking about companies running critical infrastructure, who would maybe have to take rigorous security audits or not be allowed to have those facilities online. (c) makes sense but is the lowest probability, since the talk was made intentionally very vague and without press.
Line 2 similarly is (a) silly or (b) evil if talking about anybody not running sensitive infrastructure, and (c) intelligent if talking about the critical facilities. Line 3 sounds like he wants software companies to be more careful about security. Sounds like a good thing but then again what the CIA calls security is smoke and mirrors for ulterior motives, control, and punitive damage (until recently only outside U.S. borders), whereas most other people would call building strong personal firewalls and encryption security because it keeps the individual owner safe. No stomach for multiple choice here. Perhaps he has an occupational disease which prevents him from saying anything clearly and putting himself on the line? No chance of rehabilitation for this guy. Even if he was I guess the successor of the President's father or something like that. Maybe he should take up skydiving?
My analysis is that this is a retired professional scary guy trying to be relevant but incapable of doing anything but sounding silly or scary to anyone with a brain. People without brains generally think he's smart, etc. Which is too bad because if he could learn to speak more clearly he would be more effective and might have something useful to say about dealing with cyber-security threats (though I'd rather hear from the NSA's linux team about it than from a failed spymaster). This is why businesspeople in the real world never listen to government types. They can never say anything useful about anything directly, it is always vague scariness about vapor policies with a hint of powerplay behind it. BORING 90s SHIT!