Slashdot Mirror
Gambling Sites Battle DDoS Attacks
the-dark-kangaroo writes "Gambling sites are fighting back against extortion from hackers using Distributed Denial of Service (DDoS) attacks. According to the report released by the BBC many of these attacks are coming from infected home PCs which have succumbed to a worm or virus. The gambling sites are bringing in reinforcements: Pipex, Cisco and security firm Energis are creating 'intelligent' traffic monitoring systems to help stop these attacks."
But I just can't feel too sorry for them.
I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.
A moment of silence for the kneecaps of the virus writers if/when discovered.
I know these gambling sites are legitimate companies, but it seems the worms that most people get are advertising either porno shops or gambling shops.
It's difficult for me to feel sorry for gambling sites getting DDoSed.
Humorless sig goes here.
Ok, I'm not sure about those other companies that were mentioned, but Cisco is a U.S. company. And internet gambling is illegal in the United States. Now, don't get me wrong, I don't give a shit whether people gamble on the internet, and I see the anti-internet-gambling laws as having as much to do with protecting monopolies as anything else.
Now that I've said that, how is this not a legal issue for Cisco? Surely the FBI, DEA, and assorted other federal agencies would be all over Cisco if they were helping Colombian drug cartels in any way whatsoever. How do they "get away" with it? Aren't they essentially aiding and abetting what in the U.S. is considered a criminal enterprise? I mean, as an individual I can go place bets at some offshore casino and fly under the radar, but a big company like Cisco is going to have a hard time doing that, especially if their help is on the front page of Slashdot and other news sources.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
The bottleneck is probably bandwidth, not CPU. A network of drones can send traffic in the GBit/s range, and even if these packets are not replied to and the CPU and memory resources can cope, a lot of damage will still be caused.
The only way to make this work is to block traffic at a site far enough back to cope with the level of traffic(and the size of botnets will only grow, so even a reasonably large network company could be knocked out).
X-Has-Sig: yes
I wonder if the ISP's will continue selling solutions where the PC is connected directly to the internet. We've all seen the tests. It takes less than 5 minutes for a Windows PC to be taken over (or 0wned as they say). But - a simple router with NAT helps immensly. Would it help if the ISP's were forced to only sell internet access with at least a router?
Underholdning.info
Okay, I understand that we're talking about gambling websites. But these same methods can be used to take down just about any website. Society makes the final call on what is legal and illegal. Some might say the hackers are using their ethics to take down a vice. But if that was the hackers goal, why ask for money? Second, the tax revenue gambling generates often goes to schools. By taking them down, it would seem harm is being done in unexpected places. Politicans are responsible for planning funding, and if a bubble bursts, the community is in trouble.
Second, do we want one, or a small group of people, telling society what they can and can't do? What if a group of Jehova's Witnesses hackers decided to remove ALL porn off the web. People would freak out. One man's utopia is another mans hell.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
I know Linux based servers have the ability to limit the amount of damage a DOS/DDOS can do. I do it with my server: run daemons as their own user and limit the amount of resources they can use, both CPU and memory. That way, the system may get bogged down, but will never suffer a complete failure from a DOS attack. I am curious as to why some larger sites like the gambling networks aren't using such preventative measures. Are they not effective against larger attacks?
Mythos : Logos
Why are a bunch of script kiddies being called hackers again?
Can't we finally cut the problem at its roots? And the roots are a criminally insecure poor-excuse-for-an-OS.
If your car notoriously breaks causing harm to other users of the road, you won't get your car's paper prolonged. If a company keeps producing cars that damage other users of the roads, that company has to replace/fix all the cars sold. Now, tell me why exactly Microsoft can get away with selling software that's harmful for the community at large?
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
How sad.
I fear this 'online poker' guy is getting attacked, too, in which case we would miss out on all the great spam comments in our blogs. Wouldn't that be a sad, sad world?
Firstly, the legality issue is weird to me. I come from the UK were licensed gambling (be it online or in real life) is perfectly legal. I find it rather ammusing that a whole State would ban something like gambling. Anyway, people seem to think that the reason a site dies during a DDoS attack is CPU usage. It's not. It's not related to the servers at all (at least not in the case of big attacks) We were recently hit by a DDoS attack (don't ask) and we were having our 100mb uplink saturated. That's where the problem occured. Our 13 machines could cope with the requests - the pipe couldn't. Even if we went to a Gig uplink (which was considered), they'd simply saturate that. A few hundred compromised machines on DSL/Cable can easily do that. Scary stuff I must admit.
The only real way to combat DDoS through botnets is to go after the owners of the botnets... No, I'm not talking about the hackers that created or controls the botnets; taking one down only opens up a slot for someone else. No, I'm talking about the owners of the PC's that comprise the botnets. Making it a crime to participate in botnets, knowingly or not. Make people TURN OFF their PC's if they're not 200% certain they're patched and firewalled as much as possible, or face billion dollar fines and lengthy prison terms. If this forces the really lame poeple to stay off the net, so much the better.
Complain about Microsoft and others making insecure software as much as you like, but it really comes down to stupid people not living up to their obligations as netizens. I mean, you don't just buy a car and then go driving. You need a license which involves tests, you need to renew your license in time. You need to pay some fees and you need to maintain your car mechanically. And you need to follow the rules of the road or face some form of punishment.
There will never be such a thing as a secure OS, made by Microsoft or others. There will always be the possibility for problems and unless we let the manufacturer remotely go in and patch their machines (yeah, right!), it will have to be the owner that must take care of it.
As simple morals and recommendations clearly doesn't make people do what they're told, we have to to add the 'or else!' clause, in the form of punishments for those slacking off and ignoring the updates.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
From the PartyPoker Affiliate Agreement:
NAT won't help at all. Most malware comes through mail, browser vulnerabilities or users that click on everthing without thinking (while logged in as admin of course). Besides, with forced NAT, people would start complaining that their favourite P2P or online game won't work.
Part of the problem these days is most virii involve smtp spam and trojan horse bot's - both of which your average punter can live with and won't notice. What I'd like to see is more viruses of the smoke your hardrive and blow up your monitor kind. People would be damn careful about popups, AV products and firewalls if this were the case.
It should be part of your ISPs AUP that you take precautions to prevent your computer becoming infected. In fact I would suggest that it be made possible that you aren't allowed a net account unless you pay for anti-virus software as part of the signup process (if using Windows).
Everyone I know who is using Windows is getting sick of all the viruses and junk, It tires me to hear about it and I'm now at the stage where I say "put up with it or let me install Linux". At some point the pain level will grow such that they will want to try Linux.
We here at Zzz's Casino guarantee no interuption to our service due to DDoS attacks.
Now when they learn how to hack into
their cement shoes under 100 feet of water,
I'll be even more impressed!
On my website 90% of the comment spam was from online poker sites. That added up to hundreds of messages per day that I had to delete, and I know many others had similar experiences. I know I was thinking that they deserve a lesson, and maybe some folks decided to teach them one. While I don't necessarily approve of the method, I fully understand the impulse. Many online gambling sites are run by pricks; I won't shed a tear for them and their self-inflicted troubles any more than I would for the RIAA/MPAA.
Slashdot - News for Herds. Stuff that Splatters.
Since when DDoS attacks are considered as hacking?
Every idiot with internet access can make a DoS attack, and not everyone with access is a hacker.
I've gotten SO MUCH spam on my blog and via e-mail about online poker, that I HATE poker now, and I've never even played it. If the gambling sites are worried about DDoS, tell those bastards to stop pissing off the rest of the world.
You know, if you bash the queen, the next premier (this one is a friend) and the royal family enough in the media, you can even quote "the horrible things the royal family made to stay in power in the last 400? years"... hehehe. and voila, let's invade GB, they have WMDs, they have an evil secret police they use to crush the freedom fighters in Northern Ireland. Next, US invades Ireland too, for harbouring freedom fighters... errm terrorists.
You see, I myself don't feel a lot safe, because the US government/media sees our president as a drinking communist who is building nukes, too, even if it's all far from the truth.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
I don't care about addictions.
It just means the affected person must put out even more effort to overcome it.
Just because some people are sex addicts doesn't mean I shouldn't be allowed to sleep with my wife. (or yours for that matter)
I think a big probably is not only the "clueless users" as it were, but the ISPs who put them online. They advertise all the wonders of the modern internet (blazing speeds, media downloads, etc) with complete lack of reference to such problems.
,etc
Some ISPs do offer firewall/antivirus services, though most I've seen either suck or cost an additional fee.
But the thing is, it's probably not that difficult to tell if the users on your ISP are owned. And the ISP can disconnect those users until they are patched, or at the very least stick them on a limited subnet wherein they can download patches/fixed but not continue to contribute to the degredation of the internet.
The problem is that the ISPs are following the money trail and ignoring all these problems. Cutting off a "bad" customer is risking loss of capital... nevermind the cumulative money-loss effect that ISPs share in hosting spambots, cracked machines
You're thinking about this as a US couch potato that believes that what your government tells you applies to the rest of the world, or even to your part of the world. Stop that silliness.... In most of the world, gambling is a legal activity, though many governments require licenses for gambling houses. Tax revenue from gambling is simply tax revenue, like any other business tax revenue. The connection to schools is popularly used in the US when state lotteries are trying to convince the public that there's some moral difference between gambling with the state vs. gambling with your local bookie, which lets them continue the hypocrisy of banning the local bookie's operations.
If you don't like small groups of people telling society what they can and can't do, work on changing your government. The US Feds have tried to stop Internet gambling, and any interstate gambling activities, and are relatively successful at it within the US, and many states are pretty aggressive about it as well. Senator John Kyl is one of the worst offenders. Then there's this drug prohibition thing, which is designed to fund gangs and terrorism and cause government corruption around the world, and the US has bullied a lot of other countries and even the UN into treaties agreeing to let the US politicians' idea of good vs. bad drugs be enforced on everybody else. And then there was that sting a few years ago where the US Feds got some California pornographer to mail videotapes to Tennessee so they could bust them for obscenity, because "community standards" in Tennessee are different than in California.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks