Slashdot Mirror
BlueSecurity Fall-Out Reveals Larger Problem
mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites.
While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."
There have been other outages, major, which have had significant impact. It's a good question: is the internet that fragile?
In many ways it probably is. At the same time, the infrastructure seems resilient enough. The world so far hasn't laced up life-and-death critical systems to the internet such that a failure could cause loss of life. Well, that is, if you don't include:
Oh, wait, I guess people have started doing that.
What mechanisms exist for more than resiliency, i.e., instant self-healing? Could terrorists with a little knowledge and a few well-placed EMP generators disable major segments of the internet?
Unlike phones and the phone networks which were built with lots of oversight and regulation (Universal Service was a big driver for this (aside: now that everything is profit driven, don't expect phone service at that farm house at the end of that long country road anymore... noone HAS to provide it)), I'm not aware of what safeguards back up the internet. In my entire lifetime, I've not one time experienced a phone outage, not once! Power outages, etc., the phone companies have backups to backups to ensure service (though there is the occasional and hard to manage for ditch digging incident).
While large pieces of the internet are built upon the phone companies' infrastructure, other pieces aren't, and there are significant additional layers of complexity not in the phone companies' purview (switches, routers, coax cable from cable companies).
That question, "is the internet that fragile?", is probably the biggest reason I've never opted to switch my phone service to VOIP yet. I'd hate to be the one (tiny chance, I know) who needs to make that one 911 call and not be able to do so because the internet is unavailable (which happens occasionally here, which is also too often).
It seems like every week there's a new issue with DNS. Why can't DNS be secured? Is it just inertia? Is BIND really that pathetic, or are they just not using it correctly?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It is with deep hope that the federal government does not control our defense strategies over the internet.
Of course, with the open sourse strategy and all of its strengths, that might be an improvement.
Enough said...
www.effectiveelectrons.com "chips that work" Analog, RF, Mixed Signal
As much as Slashdot and other white hat leaning movements fight the good fight the motivation of the 'ememy', perceived as terrorists, spammers, greedy bastards or script kiddies test driving internet mayhem will continue to have the upper hand. The wild west metaphor often describing the lawlessness of the internet is real. As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.
I thought "cybersecurity" was a really big deal lately, right? Why isn't anything being done about this? Isn't this predicament the exact sort of thing that all these restrictive "cybersecurity" laws and enforcement groups are supposed to be dealing with?
Maybe I'm just cynical but somehow, I get the feeling that if this entire situation were a warez group punitively DOSing the MPAA offline, instead of a spam group punitively DOSing an anti-spam group offline, the federal government would have "dealt with" the problem already...
you're mixing up something here. this has nothing do to with terrorism, this is ordinary crime.
It is far easier to tear something down than it is to build something up. Regardless of the Internet, that's just the way things work.
If brevity is the soul of wit, then how does one explain Twitter?
> What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist
> clearly have the upper hand.
Yup, and I'd have loved to have seen the US gov use this as a perfect 'live fire' exercise. After all, if they can't stop a few punk spammers how can we have any confidence they could stop a determined attack by the usual terrorist suspects?
Perfect opportunity to test all the phases of response, from tracking the responsible parties all the way to eliminating them. Ok, in this case a SEAL team would probably have to be tasked to capture em instead of just dropping a few bombs on their sorry asses. Or if, as I suspect, the ringleaders are in the US or other western representive nations, just have em all arrested.
Democrat delenda est
well the internet is as strong as the weakest link, and guess what OS that link is..
None of those attacks (DOS) could have been done without the use of thousands of zombie machines.
I guess the only way of stoping the attakers is by taking their weapons (zombies) from them and thats left as an excersise for the survivors.
The best test environment is production. - Me
chrome://browser/content/browser.xul
Seems to me maybe the solution is a tiered internet where spammers pay more to use the bandwidth... oh wait, sorry wrong discussion.
Clever or not, I got nothing...
It sort of makes one hesitant to out source IT operations to a place like India. Hmmmm... maybe it's time to DDoS India and bring those jobs back to the US. If the Indian's are such technology mavens, maybe they'll find it in their best interests to resolve the DDoS / DNS Amplification issue and then we can all welcome our new, outsourced Indian overlords. =)
I think a bigger question has been raised - is the Internet really that fragile?
No, the Internet is robust and redundant. What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
It's time we started thinking up an alternative to the current DNS setup.
DNS in its current state is:
Easy to break.
Easy to use to break other systems.
Tied too tightly into SMTP. (Think about it)
Tied in to the whims of ICANN and whoever tells them what to do.
Tied in to the whims of Verisign.
DNS is the Achilies Heel of the Internet. (One of several apparently, but that's another article)
SMTP has FAILED!
Of all the common comments...
#1. Don't blame Windows. Most botnets spread through software downloaded installs. 99.999% of computer installs today are vulnurable. The exception, of course, is the LiveCD type OS run directly from a CD in a read-only format. Your choice of OS is no protection. If you run malicious software, your computer is a zombie. Period.
#2. The problem is E-mail. Don't want spam? Don't use e-mail. That seems harsh, but it's true. E-mail is an open protocol, and as such, is ripe for such abuses. It's about time to come up with a new type of server based messaging. I'm not saying let the spammers win. What I'm saying is remove their audience.
It's the direct link to more governmental control over something under the premise that it "has to be" so the "terrorists" can be stopped.
While I do agree that this definitly shows the threat spammers really pose to the internet, I fear at least as much handing government the card blanche to monitoring all and any internet traffic for the sake of "saving us from spam".
No, I'm aware that this won't help a single bit in an attempt to quench spam. But did any anti-terror activity actually work against the alleged threat?
So bring this problem to the attention of your senators, your governors, your congressmen or whoever has some power in your country. This is a very, very serious problem, the criminals are getting the upper hand in this turf, and the internet is a resource I don't want to see depending on the goodwill of the spam mafia.
But for all that we hold dear, avoid the word terrorism. Legislators have been using that word before as the excuse for every kind of restrictive laws that did JACK to solve the problem and only created more. Try to find a word that makes them actually realize the problem and realize that this problem is serious. Not only to the worthless humans using it, but also to precious commerce.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A system is as weak as the weakest of its elements. And the internet is a system with way a lot of different elements, there are many things involved and many different ways to go wrong. The internet is that fragile and even more
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
No, the Internet isn't that fragile. It's suprisingly robust, in fact. About the only thing that can really do any significant damage is sheer volume, enough traffic from enough distinct sources to overwhelm the target server or swamp it's network connections. No matter what, anything is always going to be vulnerable to that. You can only have finite bandwidth and server horsepower, and if an opponent's willing and able to throw enough resources at you he can simply overwhelm you. It's often referred to as "the Slashdot effect".
The only thing that's happened is that, because of the inherent insecurity of Windows machines and the increasing number of them with broadband connections, the bad guys now have access to orders of magnitude more bandwidth and horsepower than any single server can have. In military terms it's like facing an enemy who outnumbers you by ten thousand to one. Distributing your DNS won't help, redundant pipes won't help, distributing your servers won't help, if you can deal with 99% of his assault he's still got a hundred times what you can absorb left.
The only thing that can help is cutting off the supply of ownable machines the bad guys can take over and use in their attacks. If they're limited to their own machines they can't do much harm.
One of these days, some asshole is going to take down the entire net, just to prove that it can be done.
I keep thinking about the old saying, "what isn't prohibited, is required." Because the net doesn't prohibit these massive DDoS attacks, someone WILL do them, over and over, either because they are into extortion, or just because they're evil fucks and like creating mayhem. I almost believe that someone ought to just do it and break the net permanently so everyone will have to come to grips with this. So maybe the solution will mean that nobody with an insecure OS will be allowed back on the net. Maybe we need a catastrophic failure to force a total revamp of network protocols, and an excuse to exile all the lusers like people still using Win98. I dunno, it would probably be faster, cheaper, and ultimately more satisfying if we could just assassinate spamming assholes like PharmaMaster/Eran Reshef.
Dear Homeland Security: please look closer at Redmond.
This is terrorism. Everyone with a trojaned Microsoft box is aiding and abetting.
Thank you, Linus and Steve.
More like "hundreds of thousands".
My spam traps have been hit by over 1.5 million unique IPs this year alone,
with an additional 30,000 never before seen IPs every day.
I estimate there are currently 3-4 million compromised machines world wide.
-- Should you believe authority without question?
Microsoft is a major trasher of the Internet, by the fact that they have designed and sold operating systems THEY KNOW can easily be compromised. The DSoS attacks of late are all being done with machines using Windows.
I'm not sure if anything can be done at this point, short of trashing half a billion computers, surely an impossible thing to do.....You know, BlueSecurity was working. Had they survived, it might have shutdown the spammers. This is going to become a massive bubble issue. Someone just needs to pick up the torch BlueSecurity dropped, and be willing to fight the fight.
This signature was left intentionally blank.
I backup the internet every night at 10 pm (PST).
Recently I'd say MS have been anything but negligent towards security. People refusing to patch up, or using out of date Windows (i.e. 95/98) are a bigger problem.
A block of code, sufficiently well-written, is indistinguishable from magick.
Unfortunately this abuse of the internet by criminals will mean more laws to control the internet. And there will be more monitoring of the internet. Hopefully there will not be monster firewalls to restrict access, but I could see it happening to prevent this undesirable activity (think China). It is sad, but humans have a tendency to mess up a good thing.
From TFA "These massive assaults harness the power of thousands of hacked PCs to swamp sites with so much bogus traffic that they can no longer accommodate legitimate visitors."
The problem is the thousands of hacked PCs that are used in these attacks. The internet is working exactly the way it was designed and the bot nets take advantage of bottlenecks in the system.
What is being done to take out these bot nets? I've perused a few of these bot squads on IRC and while there are many zombied Windows machines there are also many *nix boxes which succumbed to the brute force ssh password attacks because they had user accounts with stupid passwords.
Aside from locating and neutralizing the individual boxes in the squads shouldn't we be creating and deploying self immunizing tools in our infrastructure that detects these boxes and quarantines them?
Shouldn't we also be holding people accountable for having vulnerable boxes connected to the net? Perhaps a bandwidth restriction will help for repeat offenders.
1) someone needs to list state or federal laws that were broken.
2) If there were laws broken, a spokesperson for the appropriate government agency (agencies) needs to explain why not prompt action was taken. ISP's whose clients were part of the attacks should have been warned to shut down their clients who are participating, or be shut down.
If no laws were broken, smile!
Perhaps the Federal government should have the power to permanently shut down an ISP that doesn't respond to a demand to block clients until they demonstrate their computers are clean and free of "zombie" software. This would include permanently blocking all traffic to or from an overseas ISP.
This sound awefully fishy to me that a security company would give up and go out of business over this. Sounds like someone was cooking the books and needed an excuse to fold. Just my 2 Dilber
I've always thought of /. as rather BROWN hat myself. /. could more readily agree is by adding images of corn chunks scattered here and there... all willy nilly in a fashion.
And considering the color scheme in this here section, the only way
*ahem*
Fanatics flying airplanes into buildings killing thousands : Terrorists.
Haxors commanding botnets to DDOS servers : Cyber-terrorists.
Big corporations doing aggressive take-overs : Corporate terrorists.
Mass producers dumping products below cost overseas : Market terrorists.
Politicians sketching doom scenarios during campaigns to woo scared voters over to their party : Political (party) terrorists.
C'mon cut it out will ya, soon they will brand humans multiplying without limits sucking up resources and scaring other animals away and out of existence : Biosphere terrorists?
You know, according to some theory, black holes will eventually suck up most of the available matter in the universe, leaving it a dark cold desolate place with only some Hawking radiation to warm your soul. Should we call those : Universal Terrorists then?
The Hacker's Guide To The Kernel: Don't panic()!
Minus these, I can see many systems that could fail with a little effort. One of the problems I see with our current infrastructure is the notion of machine-to-machine communication - when really, what we want to know is in effect, remove anonymity from the equation (there will be discussion this point, I realize). Machines talk to each other as machines. We ultimately want to know WHO did X, or Y, so we can find them and hurt them in some fashion (bullets to the temple, fines, whatever...). (okay, substitute we for I if it makes you feel better).
This is a really nasty point. Privacy versus safety. Or, in this case, utility. The internet does no one any good if denial of services render it unusable - and of course, a good DDoS exploits the behavior of its regular users, so that effective rebuttal becomes increasingly difficult.
I find myself disillusioned by the human race. There are no sacred cows so holy that someone won't shit all over it.
Sloth Jr
In the past, for example, spammer-friendly ISPs found themselves cut off entirely from USENET until they'd pay attention to cleaning up their part of the neighborhood.
This sort of approach is quite undesireable because it affects everybody else at the ISP, but it was also effective (usually within a week things were resolved).
Tell me that it isn't possible for ISPs to check their outbound traffic for clearly exploitative content. You know, triggering a flag after the first fifty thousand messages sent not even a day after an account was created for example, or spotting signs of security compromises on customer machines (certain IRC traffic patterns, for example).
Although if we go down this road it does open up an argument that ISPs should monitor filesharing traffic as well...
there's the Interweb you and I use.
I don't know that anyone in gov't really cares half as much about the consumer's network versus their own systems.
Ah, the perils of the "ownership society."
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I work for an unnamed backbone provider, and have currently been involved in blocking said DNS Amplification attack.. to give you a general idea of the size of the attack and the number of zombies involved.. When I left work... The attack was 14,768% of 9.8MBps... or.. over 13GBit/sec... Our infrastructure is holding up just fine, however.. Personally, I'd like to find the 'owner' of these zombies, and castrate him. I guess the guy doesn't have anything better to do with his life than trash the net...
Accorging to this the blue frog model will be open sourced as a peer-to-peer model available through sourceforge.net.
A few years back we would have laughed that someone is calling this terrorism, and just saying it's just a few scriptkiddies having fun with DDOS and whatnot. Computers are just a fun box, nothing serious about it. Relax. Nothing of value is lost, and if you don't have a backup, you deserve it. Darwinism at work.
It's also interesting how questions change. We question: Is the internet really that fragile?
What happened to the baser question: Do we really depend so much on the internet?
Of course, now that we do, maybe we should look into making the internet even more resilient than the original creators envisioned. After all, it was made to endure nuclear war, but a few scriptkiddies can still take down any site with a little DDOSing and DNS-tweaks..
Just always remember where we came from.
http://www.debunkingskeptics.com/
To all of you asking for "validiation" and such to prevent trojan infected computers entry onto the internet:
What you are asking for is a trusted/treacherous computing platform. I hardly believe that is what we want, but that is the only solution if you want to ban computers that run non-whitelist-programs.
I'm guessing that the possible abuses of such a system are a lot worse than spam mail. I hope users will become more aware of what spam is, and I can see this happening in the next 10 years; especially considering that the older people are dying and all the youngsters are growing up with computing as a daily activity.
Introduce the world to a global TC platform, and it will not go away. You say it'd go away if it would be abused too much, but guess what? The people who are at the top know how much is too much, and would not go that far.
I work for a small ISP (100 subscribers currently). We recently had a customer plug in a DCHP server to our service. The DCHP server interferred with our router and ker-bang! A nasty lesson for my bosses.
dns has always had inherrent weaknesses due to its universal standards and how the interenet relies on it as it does. scary how the internet is only the internet that you can view through whatever controls your DNS...
Walk with Music;
Why not sue each individual user? Even if the box is operating without their knowledge or consent, they are the physical owners of the machine. When your empty, parked car rolls down a hill and damages a house, aren't you still liable?
...Thousands of spam messages per day.
I imagine that it would not take many publicized lawsuits before Joe Sixpack also considered security and system vulnerability when choosing an operating system.
Might also consider suing some or all of the ISPs who allowed blatantly malicious traffic to pass through their wires after letters of concern were written from your office.
You might say "don't legislate the Internet!" But this isn't new legislation. The fact is, spammers and cyber-criminals are using intimidation tactics and destructive forces to scare off organizations trying to suppress their activities.
Want to find out how bad it is? Start writing "admin@.com" and complaining about the spam coming from their domain. Do this for a couple of your spam emails and you'll be on their "bulk spray spam" hit-list faster than you can say Denial Of Service ten times fast
It seems like the Internet is getting owned by zombie computers and their masters, and businesses are more willing to accept denial of service attacks than take punitive action.
Sadly the internet is already compromised since the bot networks are already too large for most organisations to take on.
I hope someone does something to deal with the botnet threats. Being able to suck multiple gigabits of bandwidth means 'they' can kill any small to medium sized internet operation if they want to via a range of attacks from the simple to the rather sophisticated.
Tier1 ISPs usually don't care other than possibly to try and filter all your traffic to prevent their other customers from suffering.
Some medium/larger sized companies use services like Akamai siteshield that are capable of sustaining a reasonable DDOS-ing but the botnet operators will eventually realise that the attacks are not just about knocking a site offline. Akamai will charge you for that traffic which will send the companies bankrupt anyway (and possibly quicker than going offline). In fact i was wondering how on earth bluesecurity were going to pay their bandwidth bill.
The defences we have against such attacks are pathetic. I was amused in an episode of 24 when they came under an online attack from terrorists and their new "CISCO FIREWALL" protects them, i mean seriously the firewalls are the least of your problems these days. If you come under attack from one of these serious russian dudes - you'd be looking at trying to filter the traffic well before it reaches the firewalls since your line and network would be saturated.
The internet is so not fragile it isn't even funny. Can people make it hickup and sneeze along minor portions of it? Yes. Is it fragile? Hell no! It's been running for 20 years across the globe. It has been hammered by viruses, trojans, organized DDOS attacks and world-wide calamities and their corresponding data-storms and still the internet as a whole has functioned. It may simply be that the internet is not enough of a singular entity to be susceptible to a singular vulnerability. Computers are fragile, software can be fragile, but the aggregation of those two into an organism made up of millions perhaps even billions of machines is not fragile. The DDOS attack on Blue Security, when compared to the totality of the internet is practically meaningless. The only thing that might make the entirety of the internet fragile would be a universal vulnerability which has no workaround and cripples the main traffic routes of the internet itself. Maybe this will happen, but I think even then, the internet will continue to function but perhaps just along it's backroads and private secure networks.
So cyberterrorism is running rampant huh?
Lets find some geeks with enough redneck in them to set up some cyber-vigilante gangs to go recruiting, shooting, and looting. And maybe look for these nasty russians aswell.
Seriously though, what do we need to stop spam?
I think we need some sort of grassroots effort. The antivirus/antispam companies wont 'stop' spam in the same way that pharmaceutical companies wont 'cure' diseases. It is in their best interests to make the problem bearable, and charge alot of money for the privelege of having bearable spam/disease/virus's
We need to do this ourselves.
Having said all that, vigilantism may not be the best way, we all know it doesnt work to well in the real world.
Can't we all just get along
Why would the spammers be 'hellbent' on taking down bluesecuritie's site, *after* blue posted the message saying they were going out of business. Just for fun?
hooray! it's a sex wiki
Consequently they logical way to would be to use the same means, i.e. attacking them from distributed sources as well. Not in the form of zombies like Pharmamaster did, but in the form of distributed database software. The 'other' blue frog (Azureus and its DHT) comes to mind - a similar distribute database software could be written that (instead of distributing seeding nodes and data packets) 'spams' the spammers. Now we just need someone who will do it (Bluefrog?)..
And when you gaze long enough into the code, the code will also gaze into you.
You are lucky! I've had several phone outages. I had a few outages caused by water in the cable ducts in my street after heavy rains. I had one in the old days (~25 years ago) of analog hardware that took them several days to fix. I've had an outage caused by a truck hitting a utility pole, in a neighborhood where the cables were overhead.
Although telephone stations are more robust than the internet, because they are very specialized and have lots of redundancy, the last mile is susceptibel to outages. Of course, internet connections use the same last mile, so they are also vulnerable. I agree, the phone service is more reliable than the internet, but this does not mean it cannot fail.
Seems to me like ISPs should just ban port 25 everywhere. If you are a business hosting your own email then pass abuse.net certification and then the ISP will turn it on for you. Same could go for home users. Can't really do this with DNS for obvious reasons though.
I get sick of this stuff.
completely automated, fully self-healing technology for networks and the internet
has been available for YEARS!
yes even 5-10 YEARS now! it's out there.
nobody wants it.
Yet you keep whining about not having it. well it's around.
just check out one, called "L2R". it works. try it.
What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.
You're right on the first part, wrong on the second.
It's true that if there weren't zombie machines out there to take part in botnets, that DDoSing would be much less of an issue, if one at all.
However, suggesting that Microsoft could be legally liable is right out. Just because I leave all of my car doors open and the keys in the ignition doesn't mean someone has the right to steal my car. I may be stupid, yes, but I am not legally liable for the crime, and I'd be able to make the insurance claim, too (unless there's a clause in my policy that says I need to adhere to certain standards of vigilance in order to qualify for reimbursement).
Suggesting that Microsoft is at fault for the botnets is the same as suggesting that BlueSecurity is at fault for the 'collateral damage' outages.
The people responsible for the mayhem - at least in a legal sense - are those who have perpetrated it.
(Oh yeah, IANAL, but I watch Cops on TV all the time. Cops set out 'bait' to catch thieves all the time. Expensive mountain bike unguarded and unlocked; someone walks off with it, cops swoop in and make the arrest. Same concept here.)
Web 2.0 == Giant Blogspam Circle Jerk
Some folks have decided to continue where blue security left off - apparently they recently also got the source code (and presumably best wishes) from blue
hooray! it's a sex wiki
Making multiple DNS requests is not a violent act. It's the electronic equivalent of following you around in the street repeatedly asking "What's the frequency, Kenneth?". I could be done for harassment, but not for assault.
my password really is 'stinkypants'
Start writing "admin@.com" and complaining about the spam coming from their domain. .com ? I'm not a big fan of litigation, but this would seem appropriate here. The owners of the domain are in another country, ok sue to have that domain cut off from the DNS system. Anything coming from that domain will go nowhere, they lose the priviledge of being part of the internet. That could go for domains, or certain servers or whole countries, play nice or get out.
What about suing said
We are all just people.
When your empty, parked car rolls down a hill and damages a house, aren't you still liable?
Ahh.. but this is not the same....
this is more like; you park your car on the street and leave the keys in it. Someone comes up, hops in and drives off with your car, then uses it to smash into a bank.
you are not responsible for their commiting a crime, whether they did it with your car or not.
Yes, you're an idiot for leaving your keys in it, but you are not commiting the crime. the person that stole your car is.
Ahh... the never ending stream of "computer is like a car" analogies...
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
Of course, some companies are doing this voluntarily, to the point that they are rejecting email from domains that do not meet certain requirements. But it's not a standard, so that means that someone's going to find a way around it.
Part of that is because the internet is still building itself as we speak. It's not a project that was planned and implemented, it just sort of happened, and it keeps just sort of happening. That's what makes it so wonderful, but it also makes it incredibly vulnerable.
So basically, you face a trade-off, the same kind of trade-off you face in life outside the internet. How much of your freedom are you willing to give up for the sake of security?
just some guy
From m-w.com
Violence
3 a : intense, turbulent, or furious and often destructive action or force
Well the customer clammer arose loud and IBM succumbed to the marketing opportunity and SNA is now a little known but still tough as nails network archetecture.
Now with the rise of tiered networks on the horizon, the headaches of admin and all, SNA might again be found desirable, at least for some of us old fogies.
If you did that nobody would be able to email from home unless they passed. As having a system turned into a bot could happen anytime this would have to be an ongoing process. I can't see how that would work in reality
The only reason some people get lost in thought is because it's unfamiliar territory.
http://castlecops.com/postitle156112-0-0-.html c/o digg.com
AGAIN, NOT WINDOWS MACHINES. This was DrDOS from misconfigured BIND servers running on... you guessed it, *NIX.
Who would they peddle their viagra to if there was no-one else on the Internet?
The basic requirement here is that DNS servers shouldn't be accepting queries from clients outside their local organizations. This is like the old "open relay" problem with SMTP. Obviously, such DNS servers have to be fixed. To force the issue, DNS servers queried by other DNS servers should find out if the querying server incorrectly accepts queries from the outside. If it does, that server is marked as a loser, and its queries get processed only after any other queries, and maybe with a deliberate delay. That should deal with the problem in the near term.
The stronger form of this protection is that many queries from loser servers are answered with an address that returns a page saying something like "Your DNS server at [xxx.xxx.xxx.xxx] has a problem and must be upgraded." The screaming users will get the problem fixed.
Restrict 25 to their own mail servers. Require SMTP_AUTH. And tag all outgoing email with the real email address (sender field) based on SMTP AUTH.
That way if a home user is compromised, there's no guesswork to track them down.
I think a bigger question has been raised - is the Internet really that fragile?
Yup, so by all means lets heap some HD Video on top of it.
Fixing the attack problem is going to require a combination of forensics work, investigation, and muscle. There are companies in that business, such as Kroll International and Securitas. These are the companies you call when there's a big problem. They have the resources to conduct an international investigation, from accountants to former British SAS people, and if it takes people with guns to solve the problem, they have them on the payroll. The bill might be in six or seven figures, but there are times when a company needs to spend that kind of money.
You just proved him right, actually. ha ha
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
No, the Internet is robust and redundant. In agreement: After all, the internet as a whole apparently had no problem forwarding a DDOS-sized burst of requests to BlueSecurity, it was just that they (or their ISP) were unable to handle this burst once it reached them.
I am not a number - I am a free man!
This was nothing. We've known for years that it doesn't take a whole lot more than script kiddie competence to drop a site or two, just about any site, and that's all they did. Remember what'shisname, Gibson was it? They've been able to do it for years, and nobody is willing to install and run the technology necessary to defang them. BECAUSE IT AIN'T WORTH DOING.
<gets a brainwave> Duhhhh. Talk about overkill. Next /. poll: how long would it take the NSA to find them all? Answer number 4: There's only one.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Hmm -- I don't agree with your analogy of the spammer being like a car-jacker who operates the car illegally. The spammer is NOT breaking into your computer -- the user is active participant in loading the trojan and providing the environment for the zombie to operate. At the least, he is negligent, at worst, an accomplice.
Sit, Ubuntu, sit. Good dog.
I've long held the view that the solution to attacks is to shut off any server which supplies a packet with a spoofed originating address. Only when the downstream supplier of that packet has been identified and shut off can the parent be reinstated.
For example, my PC connects to an ISP who connects to a wholesaler (is that the right term?) etc. If the wholesaler detects packets coming from the ISP which do not originate from that ISP's IP range, then the ISP should be shut off. In turn, the ISP would have the responsibility for ensuring that all packets exiting its network had valid IP return addresses, and if my PC did not comply it would be shut off.
This would give us a guaranteed trace to the originators of so many attacks, and a means of removing them from the internet.
Yes, there would be massive network outages in the short term, but it would create a great incentive to identify and remove the rogue ISPs, and finally the rogue / owned computers.
1. Provoke an attack.
2. Grab all of the IPs querying your server during the DDoS.
3. Shut off your connection before the server goes down.
4. Transmit the IPs to the approriate ISPs.
5. Have them shut down the ISP customers
Or
Route all of the compromised PC traffic to a page that requires scanning for viruses and the installation of security software
AND
If possible shutdown those customers' access to the IRC (either through software or ports, etc). No IRC, no commands for the botnet. Anyone that needs the IRC must contact the ISP to get that service restored. Most customers won't even know it is gone. Most customers don't even know what it is.
6. Repeat 1-5.
If the customers get angry the ISP can explain to them compromised PCs are unwittingly taking part in a criminal enterprise and are violating the ToS for their contracts.
It probably wouldn't kill all botnets, but you could probably start taking some chunks out of them if you get enough IPs.
You let them connect only to smtp.isp.com on port 25. smtp.isp.com has egress spam filtering. What you don't let them do is connect to any smtp servers outside of that.
smtp.isp.com has spam filtering (it doesn't have to be perfect, as a spambot is pretty noisy if you catch it at the source), and if the customer trips the spam filter, you cut off their email sending access until the problem is fixed.
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
The #%^^@$! spammer jerk has thousands of computers in his bot network and leashed them on BlueSecurity. So far so good. These zombies are mostly on broadband connections, served by a cable or DSL provider.
Isn't it in the TOS of the ISPs to require the end user to keep his/her computer safe from viruses and malware, crippling the provider's network ? If so, why the ISPs shut those zombie machines' network connectivity down ? Yeah, there will be few bystanders who may get nabbed but most of these bystanders will be the geeks who are pushing their broadband connections to the limit and they will contact the ISP and get their connections re-instated. The clueless users, whoch have been own3d by the hacker will have to find someone to clean up their pc's caoghing up some dough which will make them a little more carefull about listening to people when they were told not to open attachments to see the cute dog pictures or accept free product offers from inscrupulous websites.
If you do not hold the ignorant users' feet to the fire, this zombie issue will not come to an end. Yes, we al know that, Redmond's finest operating system is no more than a joke when it comes to security, but if one is buying this crap, they should be ready to keep it safe and secure or find some other platform, let it be mac or linux or what have you.
I for one, am sick and tired of seeing the spammers to go unnoticed while the solution, regardless how brutal it is to the end user, goes unnoticed. Enough is enough !
__________
The more I know people, the more I love animals
C'mon cut it out will ya, soon they will brand humans multiplying without limits sucking up resources and scaring other animals away and out of existence : Biosphere terrorists?
Nope. They're called Americans
(Yes, I'm from the US).
we should be talking about how to encourage the deployment
dnssec and related protocol modifications/enhancements.
yes, re-creating the internet from the ground up to be safe from all harm would be nice. i suspect that this effort will take a little while. until then, interim measures should be pursued. dnssec is one of them.
I wonder how long before the RIAA hires a botnet to attack sites that they can't get at otherwise (allofmp3 for instance?)
And then, how long before one company takes down another company using botnets?
10001001111001110110011000011101110
We desperately need to implement new internet infrastructure. I am highly in favor of:
n s.php
http://www.cs.cornell.edu/people/egs/beehive/codo
This could make the DDoS attack impractical. But for now it seems that the Cornell guys are playing their cards pretty close to their chest and not releasing source for their software so the rest of us can use it. Distributed Hash Tables are the way of the future.
This company was back by MILLIONS in VC money.
To the disappointment of users, they pulled the plug without any warning.
Of course, this probably makes me sound like some evil spammer. I am not.
(at least) two open source projects are in the process of taking over the BF source code. BlackFrog already has a name, other are being discussed at http://bluefrogfanclub.com/ (hosted by Google Groups).
The comon thinking is that a P2P system is the way to go. As best I can tell, these projects and groups are being run by good people with the best intentions.
Blue Security on the other hand...
barack to the future?
The bad news is I see no reason why this cyber-Mafia would have any hesitation to hiring out to Al'Qaeda, as long as the money is good.
On the bright side, this is a DNS attack, not affecting (so far as I can tell) the routing of IP packets themselves. You can get there, you just can't get a map. Thus, "/etc/hosts" is a fallback strategy. I'm old fashioned and deeply paranoid. Besides loopback on some of the really annoying ad sites, and the eleven machines on my personal networks worthy of names (six legitimate, five unofficially at "something.MINE" addresses), I've always had google.com and cert.org. I'll be adding resolutions for: cnn.com, bbc.co.uk, slashdot.org, mirrordot.org, and a few others. At least if DNS goes down, I'll have a chance to read about why.
Anyone have other better ideas for further preparations us IT peons can take?
//Information does not want to be free; it wants to breed.
saying that all of those people/organizations exhibit terroristic behavior. I would add than any government of laws uses a certain level of coercion on the members of it's society. Similarly, children are forced to attend school. SO it isn't just being coerced and threatened that constitutes terrorism.
/., other than to note that the administration is very into "the ends justify the means". You constantly hear Cheney, Rummy and Bushie saying things like "You've got to remember that these are very bad people we're trying to catch." whenever someone complains about how things are being handled. It doesn't matter if you're trying to catch terrorists or squirrels, unless you believe that the ends justify the means.
Terrorism is the little guy's reflection of tyranny. When they use violence and threats to get what they want, the powerful are tyrants, the humble are terrorists.
Besides coercion and the threat of violence, there has to be a certain level of actual violence. And you should also mention lawlessness. The tyrant and terrorist distinguish themselves by excluding themselves from the obligations of the rule of law, and their threats are credible because they are usually carried out. So, many fundamentalist terrorists violate the tenets of their own religion (jihadists and abortion clinic bombers for example) under the belief that the outrage they are fighting against doesn't deserve the law.
Interestingly, under this definition, we end up with Patent trolls, and MPAA/RIAA off the list. They may wield the law like it was a nuclear weapon, but they don't have guys going to people's houses to knee-cap them. Some of the others depend on how you interpret events. The NSA, FBI, and UN seem to stay within the law on the surface. And the evidence otherwise is debatable, especially when you include the requirement of an active threat of violence. On the other hand, Greenpeace, PETA, bullies and the others qualify (though I haven't heard of Greenpeace eco-terrorism in a long time). Finally, you left out drug dealers and street gangs, which are much worse than school bullies, even if you just consider witness intimidation. And George Bush is looking a lot like a tyrant.
He's certainly expressed that he considers certain laws as not restraining his own executive authority, as in the notes associated with the signing of the McCain anti-torture bill. His justice department has also expressed that "unlawful enemy combatants" are outside the pale of the Geneva convention, even though they (eventually) elected to honor it. Special extractions, Guantanamo and Abu Ghraib demonstrate that he is willing to condone violence outside the law (though he may still have his foot holding the door open).
I won't even get into all the other hot topics we always see on
So IMO, Bush stays on the list of terrorists and tyrants. If nothing else, it just disturbs me that regardless of whether his actions are legal or not, whenever he exercises his power, it always seems to be in the direction of greater secrecy, greater government control over dissent, and greater monitoring of the general public.
We are the 198 proof..
DECnet to the rescue.
.. paranoid crackpot leftover from the days of Amiga.
The backbone providers are unlikely to care that much - it impacts a little business, but most make money off their inter-corporate and inter-Governmental lines. The more the Internet degrades, the more high-priced services the major vendors can sell and the more copper/fiber the telecos can charge for. I don't see much of a motive to fix things here.
The vendors further up the chain don't need to care much, either. The companies on the Internet can't gain by switching ISP, because it's the backbone that's broken and they'll have to go through it to reach the peasents - err, home users anyway. The corporations that sell over the Internet don't lose any sales, as a person who is going to buy from an online store is likely to be doing other stuff and won't go out to the stores, so they'll be back. Home users, for the most part, are ignorant enough to think AOL and MSN are really neat ideas, have no clue what the Internet involves, what needs fixing or why, and is likely to pass it off as someone else's problem anyway. And those who ARE smart enough are Libertarian enough that they won't Unionize and DEMAND the fixes that damn well should be made.
(IT users and IT professionals should stop with the "unions are evil" crap - no organization is any more evil than the people in it - and collectively insist that the defects be fixed. No ifs, no buts, no maybes, no excuses, no delays - these kinds of attacks SHOULD be impossible and COULD - very cheaply - be made impossible. But nobody is going to even take the cheap option without a fight, if there's an even cheaper option of apathy open to them.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Exactly! Blue Security should sue Micro$oft just like the families of shooting victims sued handgun manufacturers in the past. The concept is very similar: although the gun people were able to prove that "guns dont kill people" they still lost because their manufacturing and marketing practices were making it extremely easy for innocent people to be on the wrong side of the gun at the wrong time. Windows doesnt launch DDoS attacks on its own but M$ puts crappy, half finished software on the market and its marketing tactic is to make it hard for the average Joe to buy a computer that doesnt come preinstalled with Windows ==> the innocent is standing on the wrong side of hundreds of thousands of computers attacking his livelyhood and his integrity. M$ should pay.
http://frag-legion.uk.net/wiibar/mario-5732799551
Since BlueSecurity was an Israeli company, maybe Shin Bet will take a sudden interest in "taking out" some of these Russian-mafia-spamking types. I wouldn't shed many tears.
This makes me wonder if a peer-to-peer antispam system is in order. Like anything, it occurs to me that Blue's weakness was its centralization.
Let's see spammers take down a distributed system with a distributed DoS. Somehow, I doubt it's possible.
should probably get started on designing this...
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
No problem right?
Okay now intervere with it script kiddie style. Scratch it and try to read it again.
Notice how your computer grinds to a halt as it tries to read the damaged area?
Okay now let a nuke fly. Totally obliterate the CD by removing it from your PC. Try reading it again. That didn't take long to fail did it?
Nuclear attack would have destroyed a connection. This is easy to detect and causes very little load on the machine that has been disconnected.
A DDOS however keeps the link alive just saturated so now the machine that is connected has to deal with a huge load.
The machine can't simply decide to cut the line if it goes over a certain limit so it just has to deal with it.
This makes a nuclear attack much simpler to deal with.
I can see the same effect on my linux machine. It tries to mount some network shares during boottime. Now two things can go wrong. Sometimes there is no network connection at all. This is simple. If there is no network you can't mount a network share and so the script fails almost instantly. IF however for some reason the remote machine ain't serving properly then it takes ages as the bootscript has no way of knowing if the remote machine is down or merely slow as hell.
So yes the Internet is that fragile. It was designed to deal with outside threaths, not inside.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
IIRC there is a law in the UK with regards to failing to secure a motor vehicle (but I'm supposed to be working so I haven't dug up a cite)
"Never 'clear the air'. Instead, investigate all the subtle nuances of the word 'fester'." - R. Candappa
i've had my computer compromized running a bot. i had a tcpdump showing it was reporting to a couple different IRC servers. they got in through brute force attack on my ssh server. most likely they got in through my test account, username: test, password: test. i know.. ultra secure. but it was my fault for leaving the account enabled after finishing my troubleshooting. i doubt i'm the only os x user guilty of having a weak username/password with remote shell access.
for a minute there, i lost myself...
No? Oh okay, how about russian spam is often for pedo sites. "Pedo's attack on the internet". Nah, "Red Pedo's attack Internet!"
Yeah, that will work. Good thing we got rid of the mention of terrorists. After all people might argue that one person's terrorsit is another freedom fighter but no-one will dare come to the defence of pedo's. Or pinkos.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
First of all, the TOS of an ISP is usually only invoked when *their* network is affected. A customer (zombie) machine being used to bombard some other ISP's network doesn't usually have much interest, unless it is *also* causing problems on the source network.
Second, no ISP is going to try to dictate an operating system to their customer base, no matter how much sense it might make. A variant on this would be for the ISP to provide the user some sort of 'shell' program which would only allow access to the Net according to the ISP's rules. Again, this won't fly in the real world - would you use an ISP that forced you to run some program of theirs, and maybe forced a browser on you ?
Third, spammers inconvenience end users, but also generate a lot of bandwidth usage, which in turn generates revenue for various providers in the network ecosystem. So they have mixed emotions about spam, DDOS, etc. On the one hand, they don't like it if these activities actually *cost* them money. On the other hand, they like these activities when they *generate* money (indirectly, via bandwidth usage).
The problems are absolutely resolvable (or at least reducable), at the backbone/tier-1/large-ISP level without changing any existing protocols, no matter what happens on the client side. But it won't happen. Oh well. As other folks have noted, man tends to enjoy destroying things just for the fun of it.Going back to the GGP comment, and the price for a catch-all address is that, to a remote system, ANY address is a valid address at your mail domain. Because a bounce is considered more 'important' than a randomly occurring normal message, most systems will let them through unmolested. The issue is the brain dead systems that spit back bounces no matter what.
The stock spam is part of a stock manipulation effort by people who have significant / some stock held prior to the spamming. They quickly dump the stock a set period after the spam, and cash in on the difference. There is a small, but significant, effect that the spam will actually have on the stock price, and it forms a simplistic pump and dump scheme for those people behind it. Why try and extort money / sell worthless sugar pills when you can launder money / make a killing on the stock market and make it appear completely legal?
These issues have been going on for a long time, and I have seen my company accounts used almost continuously in various Joe Jobs (and the resultant bounces), but accept that it is part of the price for going online. It shouldn't be, but it is. It is like advertising - it is an accepted annoyance that now forms part of the background noise for the Internet. There will also always be people at the other end of the connection who don't care, no matter how much you argue the point. There is not going to be a quick and easy solution, and most of those that get brought up have more potential to harm than benefit the end user (AOL's pay us and we'll guarantee your spam gets through sort of thing).
InfoSec that matters, when it counts.
Then it would be developed by a big community leaving spammers noone to attack and result would be still the same - spammers getting their vgr and c14lis back to their own servers...
If I understand correctly Blue Security is an israeli company. The zionists have power all over the world, they can demand NSA give them exact location info on the hackers based on carnivore/echelon/satellites/etc. Then they would exterminate the hackers, like Eichmann, the Munich terrorists or Sheik Ahmed Jassin. This is not happening, so something must be fishy about the story. Anyone who believes for one minute that somebody can be smarter then jews is definitely looney. Jews are the master race among humans, money and mind they are vastly superior, you can't beat them.
Not everyone has a static IP. Some (most?) of these "additional 30,000 never before seen IPs every day" could be the same PCs every time, which reduces the total.
Reduce, reuse, cycle
"A variant on this would be for the ISP to provide the user some sort of 'shell' program which would only allow access to the Net according to the ISP's rules."
This already exists: Cisco Clean Access (better explanation here). It can require current anti-virus, critical updates and the like. It only restricts computers running Windows.
It's not terrorism. Terrorism, as the name implies, is using TERROR, that is, "intense, overpowering fear" (www.dictionary.com) to achieve a goal. It used to mean that the goal was politcal, that is, to change a government's policies or force political leaders to do something.
It's a pissing contest. Nothing more, other than the cost incurred to the legitimate businesses being attacked.
J.C. in jackboots, everytime someone does something bad to someone else nowadays it's called terrorism.
Lighten up, everybody.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
Two words: contributary negligence.
If you leave your keys in the car and the door open, and some drooling kid drives off with the car and runs down toddlers on the playground, you ARE going to get sued at the least, and hopefully charged as an accesory before the fact. You are certainly enabling the crime.
There is no excuse for you to fail to follow common sense and exercise reasonable care. There's no excuse for MS either.
Lean on everyone you know to implement the "sender policy framework" (its just an entry added to the DNS entries that state what the valid mail servers are for that domain). Once enough people do this, we will be able to start just dropping emails that don't pass the sender policy check (which will be all those from bots).
They spend boatloads of money catching "the homeless hacker," a guy who isn't harming anything, just doing a little pen testing for free.
How much did they spend catching and imprisoning Mitnik?
Why haven't these spammers been arrested? Is the FBI even looking for them?
Well, so long as the spamming DoSer doesn't illegally download any copyrighted music I guess he's safe.
Two words: contributary negligence.
d =341n ceg ence.htmo ntributory_neg.html
Everything I see regarding 'contributory negligence' refers to its use in personal injury cases, not in property theft cases.
http://dictionary.law.com/definition2.asp?selecte
http://en.wikipedia.org/wiki/Contributory_neglige
http://www.lectlaw.com/def/c125.htm
http://insurance.cch.com/Rupps/contributory-negli
http://www.west.net/~smith/negligence.htm
http://www.criminal-law-lawyer-source.com/terms/c
Even in situations of contributory negligence, the injured (suing) party must have been negligent to the point that they could have been injured apart from the injuring (sued) party.
Perhaps if I had left all my car doors standing open and the car parked in the middle of the street, I would be contributorially negligent. If it's parked in front my my house with the windows open and gets stolen, I'm not negligent. Apart from the actions of the person stealing my car, I would not be "injured."
As with Microsoft - apart from the actions of those who take malicious action against computers, those computers would not be compromised.
Web 2.0 == Giant Blogspam Circle Jerk
http://prdownloads.sourceforge.net/bluefrog/
It's not helpful to call this cyber-terrorism, people do not feel terrorised by it, it sounds superlative and generally they see it as exaggeration, which turns them off and they feel they can safely ignore it.
We need to point out that internet crime, junk email, scam email, credit card fraud, ddos, ddos extortion are all
organised crime part of the broader problem of organised crime.
We need the general public to see this as a everyday threat to _them_ like mail fraud, mugging, burglary, are threats against them.
That way all these people who don't know or (infuratingly) don't care that their windows box has no firewall, virus scanner or security updates applied will be FORCED TO FUCKING UNDERSTAND AND CARE that they need to protect themselves and the rest of us from this stuff if they want to use the internet.
As irresponsible as this suggestion is on face value, if you look at the eventual outcome, what you get is lots of non-protected windows boxes blocked from accessing the internet until their owners either get advice on protecting their box, or learn how to do it themselves.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
ssh worms are a problem, but one that's several orders of magnitude smaller than the windoze threat and it's being dealt with. This is not and never will be a problem of the scale Microsoft has created.
Newbies are being protected and looked after. Newer distributions come with the ssh server turned off, so that newbies don't get burnt. The scans are easy to identify, and my university automatically cuts you off if your box starts spewing ssh scans. ISPs should do the same for ALL obvious signs of compromise. So, if you did not learn your strong password lesson by the time you set up a ssh server, you will learn it when you figure out why your networking is down. The fix is pretty simple - wipe and reload your binaries then pick a reasonable phrase based password.
Though an individual machine can and must spew a lot, there are not that many machines out here, especially compared to Windoze. This is a slow attack taking an average of one second per attempt, thanks to random time outs all distributions come with for incorrect passwords. It takes thousands of hits to find a correct user name and a typical crack of an easy password takes tens of thousands of tries. Because of this, the infected machine must scan and attach to many machines at once to have any chance of spreading. The number of ssh infected machines is a small fraction of a fraction of the world's computers. Windoze, on the other hand, has anywhere between 25% and 75% infection at any given time because of it's infamous 12 minute half life and "services" you can't turn off.
Friends don't help friends install M$ junk.
Abuse.net was just an example, you'd probably have to do all the testing on an alternate port, then when the test results passed they would be allowed to switch to port 25 and send email. This would obviously be combined with standard authentication. This would end the days of anonymous email but it would also end spam.
But, if you run a shared webserver, and want per-site emails, then you cannot do this (or replies will all go to the administrator).
People talk about compromised home users, but I see a lot of webservers installed without any security - some hosting control panels come with 'functionality' enabled by default instead of being secure by default. We should fix that, looking at the number of posts on webhosting forums from 'server admins' saying thev're been hacked and don't know what to do.
Time to call in Section 9!!!!!!
Major Motoko will sort it all out, and Batou will kick some spammer arse!!!
As stated in a comment in a related story http://it.slashdot.org/article.pl?sid=06/05/17/132 2258 , the spammers own and control the internet; the internet is no longer free (not as in beer); we must pay obesience to the owners by allowing their spam in out inboxes; and I, for one, do NOT welcome our spam-spewing overlords.
It is a bit like street gangs: So long as you allow them to graffiti "tag" your buildings/houses, sell drugs on the corner, and otherwise flaunt their "ownership" of "their turf," they allow you to co-exist more or less peacefully. If you start complaining to cops, covering up or removing their grafitti, or otherwise interfering with them, they visit retribution on you and yours without regard to "collateral damage."
The spammers must be stopped.
Ignorance is curable, stupid is forever.
IMEO, there is a way to fix or at least mitigate the problem. Make ISPs more responsible. The ISPs control the connections of every computer on the Internet. The technology is available (many of us have it on our own PCs and routers in the UNIX world) to block things such as e-mail with spoofed headers, port scans, repeated attempts by crackers to break into our systems, etc. The ISPs can head off most of the attacks virtually at the source. In the overall scheme of things, is trivial to disable the account of an offender. In the case of someone with a compromised system, the ISP can disable their account until they secure their system (I've had ISPs do this to people that have cause me problems on my networks). When people start losing their accounts due to their irresponsible attitude or naivete toward computer and network security, they will quickly become more responsible and knowledgeable.
If someone abuses the telephone service, it's not real difficult to have the phone company take action (and depending upon the abuse, have the offender arrested). ISPs must be forced to take the same responsibility.
The only way to stem the tide of cyber-terrorism (or whatever you'd like to call it), is to make ISPs take the responsibility to mitigate it.
PGA
Maybe we should run more honey pots and make the info public.
:)
Mine gets hit all the time.
The hackers attempt to connect to Irc.hackcrew.cc (An irc server that has lots of bots on it.)
I also get to look at the files they try to download. Lots of neet scripts and hacks just waiting for me to take a look at them
If more of us ran honey pots and made the information public it would be harder for the kids to hide there stuff.
Have to post this anon to not get fired.
I have experience with Prolexic and Barrett, and it may be petty, but a network outage could not have happened to a more deserving guy. This guy would make grandiose claims, but any outage or problem would be blamed on an external source (upstreams, dns hosting, internet peering jerks) until I could prove to them that they were the ones fucking up (them with misconfiged bgp or oversaturated links). It seemed like Prolexic's techs were always having to find ways around Barrett's large ego to explain problems with me. Finally I had enough and moved my traffic away from them.
I would not be suprised is this is more than UltraDNS' problem, because I've heard the exact same excuse before.
Check out the "Innocent third party" laws in your state. When my server got targeted by Sween, I sent a nasty letter to Microsoft and they took care of the bandwidth costs. They know they are liable and the law agrees, I just wonder why some lawyer has used these laws to take some of Billy Gates money away.
I use djbdns, specifically it's dnscache, for the same thing. Bind can also be set up this way.
Basically, this is exactly what your ISP's DNS server is doing, or in fact any DNS server except the root one. I don't think they usually cache them for more than a day by default, though.
Don't thank God, thank a doctor!
I do think your comment is insightful, up until the point where you call for us to contact our government representative.
This is not terrorism, and it is exactly the kind of thing we do NOT want the government involved in. I ask, what can the government do with legislation? Aren't these spammers already outside of our borders? It seems to me that a service that everyone likes alot can find a market solution to people trying to disrupt it. That has been the beauty of the internet so far, let everyone on and see what happens.
This is just my armchair philosophy, I don't really know anything, I'm just sure that asking the government to fix this problem is fruitless and most likely damaging. Especially since they will introduce the bill against "cyberterrorists"
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
employers who hire them.
Don't want spam?
Jail companies that pay the spammers. When a cibercop clicks on a URL in a spam that company/website owner that is first contacted should be jailed. Just follow the money.
Here's how I do it with djbdns:
I have TinyDNS listen on the external interface. DJB will always be bound to one interface, listed in env/IP.
I also have a local TinyDNS, because the internal address is different -- for instance, local clients connect to 10.1.1.1, external clients connect to the external address -- no sense sending local clients to the external address.
And finally, I have an internal dnscache. Aside from being only on a local address, I have to explicitly tell it which networks are allowed to access it by creating files in root/ip -- in my case I have two empty files (hardlinks of each other) called root/ip/10.1 and root/ip/127.0.0.1. I configure it to look up requests for my domain from the TinyDNS on localhost, and all other requests get cached from my ISP.
The point is, it's very hard to misconfigure DJB in the way I think people are describing, because dns caching is a different program entirely than dns serving, and the dns cache has to be explicitly configured for each network it allows beyond localhost. If you're just serving DNS, you probably aren't even running a cache. If you're just running a cache, you'd have to work to make it accessible to anyone on the Internet.
Don't thank God, thank a doctor!
End of message.
Two things I'd do:
1.) When you trap them, really trap them, as in tarpit/teergrube them.
2.) When you've got a couple of live ones caught in that trap (there's a limit to how many connections you can keep open that way), start contacting ISPs.
3.) Write to your Congressmen and tell them that you want users to be responsible for anything done with their machine, unless they can prove it was done by someone else.
The goal is to get a large settlement from each one of those IPs, so that people start to take security seriously again.
Don't thank God, thank a doctor!
I don't see 'egress' on this page, so I'll just throw the usual advice out there. ISPs should filter traffic coming out of customer computers to only allow i,p. addresses that the ISP has assigned. This is ok since if the customer computers are using other i.p. addresses, then they have no network functionality other than to do denial of service attacks.
If you need text styles to communicate then you don't have a message.
is to strike terror into a population. By doing so they aim to cause far more indirect damage than the direct damage of thier attacks.
Muggers at least normally are mugging people because they wan't money (either directly through cash, through using stolen cards, or by selling other property). Any terror struck into the population is a side effect and in fact may have a negative effect on the muggers primary objective by reducing the number of potential victims.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
*chuckle* You just keep telling yourself that. Your ridiculous "newbies are being protected" thing will be useful in a few years, so remember it well.
Heh.