Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gambling Sites Battle DDoS Attacks

Posted by michael on from the aces-over-eights dept.

the-dark-kangaroo writes "Gambling sites are fighting back against extortion from hackers using Distributed Denial of Service (DDoS) attacks. According to the report released by the BBC many of these attacks are coming from infected home PCs which have succumbed to a worm or virus. The gambling sites are bringing in reinforcements: Pipex, Cisco and security firm Energis are creating 'intelligent' traffic monitoring systems to help stop these attacks."

16 of 296 comments (clear)

  1. I try and try.. by XaXXon · · Score: 3, Interesting

    But I just can't feel too sorry for them.

    I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.

    1. Re:I try and try.. by Technician · · Score: 2, Interesting

      I look at it as a zero sum gain industry. It only re-distributes wealth. It has no wealth creation or real value growth. Many industries such as farming take labor and make a product. Other than entertainment value, gambling has no product. All gambeling money is re-distributed with no net gain. That's the thing I have against the state lottery or state video poker. The state provides no product and just takes the suckers money.

      I would rather see the state earn money by providing services such as affordable broadband such as in Washington State. The state is providing $40/month broadband with telephone and 5 Gig bandwidth. It beats video poker.

      --
      The truth shall set you free!
    2. Re:I try and try.. by pk2000 · · Score: 3, Interesting

      The most overlooked form of gambling is insurance. You place a bet that your house will catch fire. If it doesn't then you loose your bet. If it does you win!! But your winnings are actually less than the value of the damage.

  2. Legal issues? by britneys+9th+husband · · Score: 5, Interesting

    Ok, I'm not sure about those other companies that were mentioned, but Cisco is a U.S. company. And internet gambling is illegal in the United States. Now, don't get me wrong, I don't give a shit whether people gamble on the internet, and I see the anti-internet-gambling laws as having as much to do with protecting monopolies as anything else.

    Now that I've said that, how is this not a legal issue for Cisco? Surely the FBI, DEA, and assorted other federal agencies would be all over Cisco if they were helping Colombian drug cartels in any way whatsoever. How do they "get away" with it? Aren't they essentially aiding and abetting what in the U.S. is considered a criminal enterprise? I mean, as an individual I can go place bets at some offshore casino and fly under the radar, but a big company like Cisco is going to have a hard time doing that, especially if their help is on the front page of Slashdot and other news sources.

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
  3. NAT by Underholdning · · Score: 4, Interesting

    I wonder if the ISP's will continue selling solutions where the PC is connected directly to the internet. We've all seen the tests. It takes less than 5 minutes for a Windows PC to be taken over (or 0wned as they say). But - a simple router with NAT helps immensly. Would it help if the ISP's were forced to only sell internet access with at least a router?

    --
    Underholdning.info
    1. Re:NAT by Anne+Thwacks · · Score: 3, Interesting
      What would really help is Microsoft being forced to sell software that is reasonably fit for the purpose for which it is sold. I seem to recall they mention that Windows is meant for use with the internet - that surely implies that it ought not to be 0wned in 5 minutes.

      In the UK, and most probably Europe, it is a very serious offence to sell goods unfit for the purpose for which they are advertised.

      Lock them up and throw away the key. Mwa, ha, ha haaar!

      --
      Sent from my ASR33 using ASCII
    2. Re:NAT by bani · · Score: 2, Interesting

      how about fines if your pc is found to be infected and participating in ddos?

      that would sure help encourage you to keep your pc clean.

      otherwise, nobody is going to bother lifting a finger protecting their windoze boxen. which is the situation now. and look at the results.

  4. Prevention? by peasleer · · Score: 3, Interesting

    I know Linux based servers have the ability to limit the amount of damage a DOS/DDOS can do. I do it with my server: run daemons as their own user and limit the amount of resources they can use, both CPU and memory. That way, the system may get bogged down, but will never suffer a complete failure from a DOS attack. I am curious as to why some larger sites like the gambling networks aren't using such preventative measures. Are they not effective against larger attacks?

    --
    Mythos : Logos :: Slashdot : Intelligence
  5. There is no law and order on the net by Anonymous Coward · · Score: 1, Interesting

    sure there is the occasional bust when someone with influence pushes for it but there is no general law and order on the net. No equivilent of the local police force keeping the public safe.

    In a situation where there is no meaningfull policeing you have little choice but to either fight back or allow yourself to be fucked over.

    some sites that have been spammed by theese gambling sites seem to have decided to fight back.

    imagine someone had been dumping thier trash on your lawn and those of all your neighbours repeatedly and the police couldn't or wouldn't do anything about it.

    now imagine one of your neighbours decided enough was enough and burnt the guys house down.

    would you feel sorry for them?

  6. Legality and Cause by robdavy · · Score: 5, Interesting

    Firstly, the legality issue is weird to me. I come from the UK were licensed gambling (be it online or in real life) is perfectly legal. I find it rather ammusing that a whole State would ban something like gambling. Anyway, people seem to think that the reason a site dies during a DDoS attack is CPU usage. It's not. It's not related to the servers at all (at least not in the case of big attacks) We were recently hit by a DDoS attack (don't ask) and we were having our 100mb uplink saturated. That's where the problem occured. Our 13 machines could cope with the requests - the pipe couldn't. Even if we went to a Gig uplink (which was considered), they'd simply saturate that. A few hundred compromised machines on DSL/Cable can easily do that. Scary stuff I must admit.

  7. Go after the botnets... by xenobyte · · Score: 2, Interesting

    The only real way to combat DDoS through botnets is to go after the owners of the botnets... No, I'm not talking about the hackers that created or controls the botnets; taking one down only opens up a slot for someone else. No, I'm talking about the owners of the PC's that comprise the botnets. Making it a crime to participate in botnets, knowingly or not. Make people TURN OFF their PC's if they're not 200% certain they're patched and firewalled as much as possible, or face billion dollar fines and lengthy prison terms. If this forces the really lame poeple to stay off the net, so much the better.

    Complain about Microsoft and others making insecure software as much as you like, but it really comes down to stupid people not living up to their obligations as netizens. I mean, you don't just buy a car and then go driving. You need a license which involves tests, you need to renew your license in time. You need to pay some fees and you need to maintain your car mechanically. And you need to follow the rules of the road or face some form of punishment.

    There will never be such a thing as a secure OS, made by Microsoft or others. There will always be the possibility for problems and unless we let the manufacturer remotely go in and patch their machines (yeah, right!), it will have to be the owner that must take care of it.

    As simple morals and recommendations clearly doesn't make people do what they're told, we have to to add the 'or else!' clause, in the form of punishments for those slacking off and ignoring the updates.

    --
    "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
    1. Re:Go after the botnets... by ajs318 · · Score: 2, Interesting

      A car driver is liable if their brakes fail. This is why Third Party insurance is compulsory -- you can't be sued for money you haven't got.

      However, a technological solution might actually be better in this case. It's not like spam, which is meant for human beings and hard for a machine to determine accurately. DDoS attacks are just streams of packets. Threatening hanging and flogging only works against people who take notice of what you say and who you have a reasonable chance of catching. Nailing stuff down works against everyone.

      Could we build routers capable of blocking DDoS attacks? IPV4 addresses are 32 bits long so, to keep a very simple track of which ones were permitted and which weren't, you would need to address 4Gb of memory, or 512MB. That is certainly within the bounds of doability. Double it just so you can block outgoing as well as incoming traffic. Any address seen pushing suspected malicious packets gets blocked for awhile, then unblocked. Anyone getting blocked often enough gets a friendly word from their ISP.

      --
      Je fume. Tu fumes. Nous fûmes!
  8. We need some "Killer" viruses by Choroisothiazolinone · · Score: 2, Interesting

    Part of the problem these days is most virii involve smtp spam and trojan horse bot's - both of which your average punter can live with and won't notice. What I'd like to see is more viruses of the smoke your hardrive and blow up your monitor kind. People would be damn careful about popups, AV products and firewalls if this were the case.

  9. Alternative Theory by Salamander · · Score: 5, Interesting

    On my website 90% of the comment spam was from online poker sites. That added up to hundreds of messages per day that I had to delete, and I know many others had similar experiences. I know I was thinking that they deserve a lesson, and maybe some folks decided to teach them one. While I don't necessarily approve of the method, I fully understand the impulse. Many online gambling sites are run by pricks; I won't shed a tear for them and their self-inflicted troubles any more than I would for the RIAA/MPAA.

    --
    Slashdot - News for Herds. Stuff that Splatters.
  10. Addiction by nuggz · · Score: 4, Interesting

    I don't care about addictions.
    It just means the affected person must put out even more effort to overcome it.

    Just because some people are sex addicts doesn't mean I shouldn't be allowed to sleep with my wife. (or yours for that matter)

  11. How about the ISPs by phorm · · Score: 2, Interesting

    I think a big probably is not only the "clueless users" as it were, but the ISPs who put them online. They advertise all the wonders of the modern internet (blazing speeds, media downloads, etc) with complete lack of reference to such problems.

    Some ISPs do offer firewall/antivirus services, though most I've seen either suck or cost an additional fee.

    But the thing is, it's probably not that difficult to tell if the users on your ISP are owned. And the ISP can disconnect those users until they are patched, or at the very least stick them on a limited subnet wherein they can download patches/fixed but not continue to contribute to the degredation of the internet.

    The problem is that the ISPs are following the money trail and ignoring all these problems. Cutting off a "bad" customer is risking loss of capital... nevermind the cumulative money-loss effect that ISPs share in hosting spambots, cracked machines ,etc