Slashdot Mirror
DNS Root Servers Attacked
liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.
Oh, you're not stuck, you're just unable to let go of the onion rings.
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
Oh!!! So that's what that button does.
Stupid little freaks.
RS
Shoes for Industry. Shoes for the Dead.
Um, so how many times a day do the root servers get attacked? No, wait, an hour, a minute... Like a ba-gillion? These things happen everyday, so what's new? It's not like they haven't figured out the whole failover/fault tolerance thing. You'd have to nuke 'em to get them to stop running.
It's fine they are just slashdotted, give it an hour or two and they will be running just fine again.
Perhaps it is unfair of me to say so, but I get the distinct impression that large governmental organizations do not do very well in terms of security until the attack vector is pointed out to them. After that, sometimes they do very well (often using overkill methods), sometimes they do less well - but something usually has to kick the learning curve process into gear.
Is it just me or is going after servers that people expect up to 3 business days to update not the best way to go? You would have to sustain the attack for a long time for the average joe to notice.
Not that I am complaining, one less bot net to worry about.
Good thing that they apparently never heard of routers though.
Proactive really isn't in the government's vocabulary.
The same usually applies to IT in general.
i can still visit slashdot. i think my dell pc has a back up of the internet.
graphs here
I hope I didn't brain my damage.
Some new botnet flexing its muscle perhaps.
That was a test system for installing Windows Vista that someone forgot to unplug from the wall.
... for resolving caches.
Look at the graphs and the article I don't see anything indicating that E was attacked. Did you just add whatever letter you needed to make your theory work?
In that case, it's GMILF. That's right, DNS is operated by a ring of hot grandmothers.
Don't make the assumption that all DNS servers were attacked equally though.
oogle.com searches are coming up empty and lashdot.org (the news blog for nerdy optometrists) remains unreachable.
F, I, M, G, and L?
Hmm...
LIG FM.
Clearly this attack was started by a terrorist radio station. Heck of a marketing ploy, that one! Quick! Where is LIG FM?! I believe i've seen things like this before.
More likely, someone posted something interesting on a root server and they got slashdotted :)
Why can't we let people believe whatever they like? It's not like a little religion has ever hurt anyone.
Very good point. ut is Defense was in fact targeted and attacked more heavily, then that has potentially ominous undertones beyond the basic fact of a partially successful attack.
the root servers are setup in such a way that *2/3* of them can fail, and noone would notice.
[RFC2870]
2.3 At any time, each server MUST be able to handle a load of
requests for root data which is three times the measured peak of
such requests on the most loaded server in then current normal
conditions. This is usually expressed in requests per second.
This is intended to ensure continued operation of root services
should two thirds of the servers be taken out of operation,
whether by intent, accident, or malice.
oh, wait.
Nothing is inexplicable; only unexplained -Tom Baker, Doctor Who
mod parent up as insightful you fucking troll mods
... for resolving caches that never fnord give any sort of bogus or out of date new coke results!
This flies in the face of science.
No big deal folks. Who doesn't remember the IPs for all the websites they visit anyway. I don't know about you guys but I surf the web by IP and provide the hostname myself!
Hey.. thats not a bad idea.
---- Booth was a patriot ----
Mr. Bill recently said this:
9 854
"We made it way harder for guys to do exploits," said Mr. Gates. "The number [of exploits] will be way less because we've done some dramatic things [to improve security] in the code base. Apple hasn't done any of those things."
In another portion of the interview, he added, "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."
See article: http://www.toptechnews.com/story.xhtml?story_id=4
Microsoft needs a public shaming for the sorry state of Windows security that allows millions of these zombie machines to exist. I don't blame Joe User, sorry. No holy wars about security; statements that user should do x, y, z and be as smart as me, etc.
Windows: Defective By Design
Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.
Somehow that doesn't surprise me. This is the same country that uses insane amounts of ActiveX, and has the effect of conditioning people to click "Yes" whenever any site tries to install something, right? Wouldn't be any surprise if South Korea was one big botnet.
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
You suggest that the Department of Defense's nameserver is badly managed, making an argument by analogy concerning "large governmental organizations". Since you haven't provided a technical argument, your accusation has no merit. Your "distinct impression" is pure speculation.
But congratulations on getting everyone riled up.
A few years ago the root server operators (on their own initiative and without asking for, or obtaining, permission from ICANN) took the wise step of deploying replica servers using a routing technique called "anycast". Thus under the name of, for example, f.root-servers.net there are many distinct servers geographically dispersed.
Consequently today we have more than 130 root servers scattered around the world.
That's good. It tends to localize the damage caused by attacks.
What is not good is that these root server operators, although they today operate to the highest of standards and with the highest degree of integrity, are not required to do so in the future.
For example, several root servers are operated by the US military establishment or by other branches of the US government and are thus subject to being "adjusted" according to military, political, or Atty General Alberto Gonzolez's latest desire to do data mining.
Nor are the root servers required to play fair and respond to all queries with equal dispatch or equal accuracy no matter the source or the name being queried for.
Nor are the root servers off limits for sale to companies like Microsoft or Google who could use them for commercial data mining.
Many people believe that ICANN serves as a kind of fire marshall, overseeing that the root servers are operated responsibly and that the root server operators have access to the resources they might need to recover from a natural or human disaster.
But that is not the case. ICANN has abrogated that role and has engaged itself as a protector of trademarks and US cultural values.
Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
Some years ago, the South Koreans standardized their on-line experience on ActiveX. Everything, from online banking, to school websites has some kind of a friggin ActiveX applet. Because of that, most south Koreans are used to allow activex controls to be installed on IE. This explains why so much of the attacks, according to TFA, came from there. So, nothing more fair than sending the bill to Microsoft (no pum intended). Seriously, if the attack has succeeded, it would have changed life as we know it.
Your ad could be here!
Someone did a query
53 security.microsoft.com ptr
The record that cannot be resolved.
---- Teach Peace. It's Cheaper Than War.
I just installed a caching-only nameserver on my home machine last night. Nice speed boost. Not that has anything to do with this other than being DNS. I'm just sayin'. I hope my install didn't mess up the root servers. :)
It's the only way to be sure...
Silly question. Why aren't there more root servers put into operation? (Honest question! I seriously don't know. Is it a technical limitation?)
>they could have been testing how well their attack would work
Good insight, but why attack the root servers in the first place?
The days when people tried to burn down the Internet just to watch the flames dancing ended a few years ago. It's about profit now. If a crook launches a DDoS on a gambling site the day before the Super Bowl, that crook can extort money. Crooks can also make crooked money from click fraud or spam runs.
Where's the money in taking down the root DNS servers? Why would a crook throw away the black market value of a botnet to do something that wouldn't bring in loot?
[`h4x0r15`] K R U REDDIE !?!?
[MinGaw14f] LOLZ YEE.. DOIT!!!
[`h4x0r15`] OKIES HERE I GO!!
* `h4x0r15` takes down internet
** Disconnected: []
`h4x0r15` IRL: "shit.. why the hell did i do that again?? there goes my night of watching videos on youtube and talking with my IRC buddies.."
*plays the Apogee theme song music*
... gets slashdotted, what an irony.
// MD_Update(&m,buf,j);
...Botnet disabled, job done!
My little Linux and tech blog
I wonder if it's worthwhile to auto generate a hosts file that covers the larger ISPs, corporations and government agencies? Would it be useful in the event of an extended root nameserver outage? It's use would be limited I guess as I don't know of a way to include, for example, the equivalent of MX records in a hosts file. Host to host email would certainly work.
Perhaps auto generating DNS zone files for certain networks. Pop it into your local DNS server and you are up and running (with limitations of course). Perhaps extract the data in the DNS cache and create incomplete zone files. Should an extended outage occur, wouldn't it be useful to easily use certain communication services such as IRC? email?
The root servers are the authoritative DNS servers for the top level domains (TLDs) - i.e. .com, .net, .edu, etc.... This has nothing to do with the "3 business day" thing you're talking about. Even the TLD servers aren't responsible for that delay. You're referring to the time it takes for non-authoritative DNS servers to clear their caches. Big difference....certainly not "insightful". /x
OR maybe the DoD doesn't really need such a large server as the entire rest of the internet combined, and really *anyone* shuts down under a large enough DDoS attack?
> In another portion of the interview, he added, "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."
Yeah, the Month of Apple Bugs--it's not like Microsoft hasn't ever had something like that. Hell, I wouldn't think it was that much of a challenge. True, Apple could use some improvements, but the exploits presented were dangerous, but not that bad if you want to compare them to the worst, i.e. Windows. There may have been quite a few exploits, but what was the exposure window like?
I mean, when you have all the XP machines running IE 6 0wnable for 9 months of 2006, is it any surprise that Windows is the botnet drone of choice? Bill is not one who should be talking here. Hopefully they *are* improving, but they have a LONG way to go...
As in: I've fallen and ICAAN'T get up.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
VOIP exploit responsible mayhaps?
Stronger than silent 'E'
Able to leap capital 'T' in a single bound!
It's a word, it's a plan...it's Letterman! (majestic three-note fanfare)
Yeah, some idiot posting on /. thinks the guys who invented the internet don't know their stuff. That's entirely fair. Stupid and moronic, but fair.
I guess stating the obvious is trolling these days.
THE SKY IS BLUE. THIS IS A TROLL.
Bear in mind that there are a few billion zombies out there and most are on corporate and home machines, not military installations. The SuperBowl's website was hardly a Government facility, and the numerous tales of credit card number downloads from e-commerce sites were hardly the fault of the Executive Branch. They were the fault of much smaller organizations who suffered from significant blindness on security.
(The only thing I can blame the Government for, for the bulk of attacks over the Internet, is that it is still legal to have sensitive personal information on an unsecured machine. If it were outlawed to place credit card numbers on vulnerable systems, the number of reasons for such attacks would plummet and the number of attacks that cause actual - as opposed to accountant's fictional - harm would drop to near-zero.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It seems the example.com mailserver is down
I fear the Y2038 bug
DOH!
E-mail would have a better chance of survival than the WWW.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I've been here too long. When I saw GMILF I instantly thought Google MILF and lots of bad images came to mind.
It's not like they haven't figured out the whole failover/fault tolerance thing.
That's kind of the point here, actually. Several of the root servers do not have any redundancy. You can see the list at http://www.root-servers.org/. In particular, the A, B, D, E, G, H, and L servers have only a single location a piece.
F, I, J, K, and M, on the other hand, are heavily redundant and have multiple geographic locations, routed via Anycast, so a single client only "sees" the server nearest to them. This makes them difficult to DDoS, because a zombie in S. Korea pinging the J server would be sending packets to the server in Seoul, while one in California would get the one in Mountain View.
What's odd, looking at the list, is that anyone operating something as critical to the internet infrastructure, wouldn't develop some geographic and systems redundancy; unfortunately, I suspect that the government agencies in particular tasked with these responsibilities probably don't keep it at the very top of their priority lists when allocating resources and funding.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
A. (more likely) The botnet wasn't large enough to attack all 13, and would have managed to cause a slight, but manageable spike for all 13 servers. In focusing the attack on a few, you get a more public result, namely ZOMG DoD got pwned. There are actually 2 DoD DNS servers, #6 and 7 on the chart from TFA. #6 got blasted, #7 was fine. B. (much less likely) The attacker realized there would be serious political repercussions to taking down all the DNS servers and essentially crashing the internet. Namely, this would result in a big and public push for new security measures (like port blocking etc) from ISPs, which would be bad for botnet owners.
This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
Cisco and their ike need to throttle / drop stuff like this. The (unlucky) 13 root servers are single IP addresses, although they already multi-homed and special cases for the backbone switch routers.
The backbone can simply throttle back DNS UDP traffic and drop packets coming too often from any given source IP address. Look it's 2007, not Vint Cerf noodling in 1985!
You can see the list of sites for F here:
http://www.isc.org/index.pl?/ops/f-root/sites.php
That's about 40 locations. Now, each of which has a couple of servers, a management box, and a couple of routers, so yeah something like 200 machines total.
That's the cutest "I Hate George Bush" troll I've seen in a while. Congratulations; you're entirely wrong but that's really irrelevant, right?
. . . even if it is quite old: http://www.caida.org/publications/presentations/ie tf0112/dns.damage.html.
...the future crusty old bastards are already drinking the Kool-Aid.
It's more than just an IDE. I'd hazard a guess that it's for the debugger, so you can do things like trace calls up to kernel functions, access another application's memory area, and use hardware watchpoints. Come to think of it, I wouldn't even know how you'd write a program to access the registers or memory of a process, even a child process. Did read an article on how debug.com worked, but that was a long time ago...
You like splinters in your crotch? -Jon Caldara
The AP story mentions that UltraDNS may have been targeted. Last May DDoS attackers targeted UltraDNS as part of the attack against Blue Security that ultimately drove BS out of business. That attack managed to knock some UltraDNS customers offline. There was a previous attack on the root servers in 2002.
RichM
Data Center Knowledge
Exactly, and I also get sick of "experts" ridiculing and blaming the victims of vandalisim and crime for messing up "their" playground. Nobody blames a homeowner when a thief kicks down their flimsy door and robs them, or a vandal rips up their mail and knocks down the letterbox.
As I have been doing for nearly two decades, I set up a friends PC just before christmas, and told him "just say no" to unknown applications. He had no troubles until about a week ago, he got a message from the virus scanner about a trojan and didn't understand the options so he just pulled the plug from the wall, called his bank and waited until next time he saw me.
The first thing I said to him was..."you said 'yes', didn't you?"...he complained bitterly..."No porn videos, No screensavers" I asked in a mocking accusation...."is a screen saver an application" he replied with a puzzled look. I booted it up and showed him how the scanner gets rid of the trojan and admired his new screen saver. The VS options were something like "vault" and "delete", there wasn't a "no" or "cancel" button so he panicked and enacted the "emergency procedure" I had advised previously.
The guy is not an idiot, he is middle aged but has had virtually nill exposure to PC's, until he went out and bought one. He restores antique furniture for a living, he is over the moon about ebay and other stuff to do with furniture but has ignored FPS games. Not that he doesn't like them he has a PS3 and loves it because "it doesn't do things that are not in the manual". For him the curve is still too steep (and life is too short) to learn how to install and register games with confidence.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Even nukes can't stop it! Or at least they shouldn't, since the internet was originally designed to run as a communications network in the event of a nuclear attack.
And the primary design feature that enabled that was removed during the rise of the ISPs.
The early internet was a NET. Redundant links everywhere. Routers all potentially knew the whole topology and could find a connection if it existed.
As the net went commercial that caused a table explosion in the routers. So BGP replaced RIP and things became less robust. Usable routes became a subset of all possible routes. Within the backbone there was still a lot of redundancy - but it wasn't quite up to the former "find a path if it exists" level.
Meanwhile, the typical host went from being something ad-hock connected to sever neighbors to being something connected solely to a single ISP - typically by a single link. The big guys might have redundant paths into their ISP's Network Operations Center. But if something took out the NOC (and often there was only one - or only one of some critical component) you were hosed. Ditto if something corrupted their databases. Even with redundant links there would only be a few, perhaps going through several single-points-of-failure - and if fully redundant still allowing a double-failure to take you down. The little guys would typically have one line (say DSL) to one box. Cut the line or crash the box - or the typically two links from it to the NOC - and you're hosed.
(Perhaps you have a dialup-backup for your DSL. Did YOU configure it to come up automagically if your main link goes down? Is it on the same phone line with the DSL? If not, does it take a different path to the central office? Or is it right up the same cable bundle on the same poles next to the same road full of the same drunk drivers or in the same underground cable running past the same backhoe...)
So the internet evolved from a nuclear-strike-survivable net to a less-robust net rooting a bunch of trees. Oops!
(And that's just for routing the packets once you've GOT the IP number. Translating names to IP numbers is a whole separate can of worms: It's what the root servers are about - which is why there are so many of them, most of them are clusters, and some are clusters that are geographically diverse. You only need to hit ONE operational root server to get started on your translation - if your answer isn't cached somewhere between you and the root, and the list is small enough to keep handy on every machine that wants to do its own nameservice.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Several of the root servers do not have any redundancy.
Having multiple root servers IS the redundancy - originally, and to some extent even now. Big-time redundancy within each one is just (really strong) suspenders to supplement the belt.
A non-redundant root server is still useful - even if perhaps not always up and/or not capable of drinking as large a firehose of requests as some giant, geographically-diverse, multiple-cluster. All it takes is one response from one server to get your nameserver's search started.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Some new botnet flexing its muscle perhaps?
Nah, someone just sent some spam. All those lookups, since everyone is on the list about a hundred times.
Sounds to me like some malware author was trying to write a 'bot that would skip the ISPs' nameservers and do his name lookups starting with the root servers - with no cacheing. So once it got cloned-out into a net and got started, every name lookup for every piece of mail (or whatever) started fresh with a request to one of the subset of root servers the bots knew about.
Result: Hammering on a small number of the root servers.
Reason for stopping it: Operator found out that he had a problem that the net operators couldn't ignore and would lead to a bigger possie of white-hats after him than was assembled to deal with the Morris worm. So he shut the botnet down before they hunted him down.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
>the internet was originally designed to run as a communications network in the event of a nuclear attack.
g y.html
That idea was floating around but it wasn't what drove the MIT/DARPA work that turned into today's Internet:
http://www.ziplink.net/~lroberts/InternetChronolo
... drops any box engaged in suspicious activity... or they did back when ISPs were not run by big national corporations staffed by mindless shills and good people subjugated by red tape
If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
Of course, if he and his followers truly wanted to have a secure and resilient dns system, they would advocate using a distributed root system. Simply have a signed root zone (its very small - 50K for the ORSC root zone http://orsc.net/ ), distribute it via BT or similar and have people who run a dns cache, also run a local root. The data in the root zone has a fairly low churn rate so the the zone could be update once per day or even less frequently without causing major problems; certainly fewer problems than the bogging down of the root servers. Anyone who can run a dns cache, can run a local root. I run them everwhere I run a dns cache. One way to do it: http://cr.yp.to/dnsroot.html
Suddenly, all this ZOMG! they are attacking the root becomes a non-issue and the dns system as a whole becomes extremely hard to attack in any effective way. And as freebie side effects dns lookup become faster, diagnosing dns problems is easier, people who are DOSing the root servers due to misconfiguration would instead be DOSing only themselves and their local servers (see the http://www.caida.org/ and other studies), traffic on the net drops and the sun shines brighter.
But that is not the objective and thus we are where we are - the objective is central control and an annoying type of elitism.
Karl, what about this stuff instead of the need for a strong centralized institution?
http://www.computerworld.com/securitytopics/secur
That was the latest spam virus using G and L as their default name servers instead of the ones on the computers they infected, so as to make sure rate-limiting and weak ISP DNS servers wouldn't slow them down.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Sudo is a solution? sudo gets around any perceived security inconvenience. No muss. No fuss. Seriously, 2 levels of security (user and God) aren't enough.
That would solve 90% percent of the zombie problem, leaving Windoze servers at companies left to mop up.
But until 'joe beer-can' starts buying appropriate technology that they can UNDERSTAND HOW TO USE SAFELY nothing will improve.
I have a mother and a mother in law. My mother asked me about safe computers, since she remembers paying part of my college tuition for a computer science education. I helped her select a Mac, which she runs Little Snitch and Firefox/noscript on. She visits a limited set of web sites and mail servers.
My mother-in-law took another approach, purchasing the lowest-priced system she could find at Best Buy, running Windows, with her other son-in-law (he's a typical PC consumer and a civil engineer). Anyway, since neither of them chose not to follow my advice, she gets no technical support from me. My brother-in-law pays $200/year in Microsoft Taxes for two PCs, while I take the same $600 saved over 3 years and upgrade my systems.
She also pays $150/year in Microsoft taxes (virus-scan, anti-spyware, internet security, other update/license fees), and can be completely subverted by her other children or grandchildren installing a new game (Yes, she shared her administrator password with one of them already. Yes, I e-mailed her the 'security rules' telling her not to, and the advice to keep the 'game PC' separate from 'work PC' but she ignored them.)
Being geeks, I think its hard for us in Computer land. My XP machine runs so well, no problems, no crash's, I couldn't fault my machine in anyway, OK I do have to run AV, Firewall, Anti-spywhere and I run hitman (check that bad boy out if you dont know it www.hitmanpro.nl) once a week, but thats fine, doesn't interrupt or ruin my computing life in anyway, I have no reasons to switch to linux, it happily runs as my dev machine, or a mac. I feel most people here, feel the same. Then vista, sticks all this extra crap in there, other OS's use it aswell, the whole admin password thing, ubuntu springs to mind I do belive, and all us lot are like, oh come on...WTF, I can use a damn computer. But, alas outside our small geek world, I've met a lot of non geeks, actually all of my Ex Gf's where total non-geeks who used it for word, myspace and msn and thats about it, and the amount of pure SHIT that was on there PC's, out of date AV's, firewalls turned off, and just genral bad practice that they had, made me realise, that actually (no offense here, most of my friends are the same) most users are completly shit with computers. I would hate to get into a linux Vs windows argument here, but if we are honest with our selves, if everyone over night switched to linux, they would still be compleltly useless with computers (include all virus writers etc also switching to linux) and wouldn't we be in a simular (although abit less worse situation due to the amount of linux distros etc) situaton? Maybe I am wrong, I dont know maybe someone can counter my argument.
Visit My Blog at http://spaces.msn.com/members/chrisharries
The focus has shifted years ago. It's no longer just doing damage, causing havoc and spreading fear. Writing malware is a business. Simple as that. It's money. Not showing off that you can do it, not creating the new, best virus, not being the first to use a 0day, it's money. Current trojans are as boring as they can become, written by half-witted 9-5 coders who use templates and proof-of-concepts to hack together something that can extract passwords or turn a box into a spambot.
The days of the elegant code are gone. What matters today is money.
Now, you also need quite dumb people to click your "please pay this bill.pdf.exe" mail. I'm not saying that Windows Users are dumb. I would not want to call myself dumb without due reason, I too still have a few boxes running on 2k. It's the other way around, dumb people tend to gravitate towards Windows. Because they don't know anything else, because they can't/don't want to afford a Mac, whatever the reason, you can almost bet your head that if you have a really stupid person on the other end of the line, he or she invariably uses Windows.
Windows also has the vast dominance on the market. Over 90% of the desktop boxes out there run Windows, in some incarnation or another.
So what system would you create your virus for if your goal is to infect as many boxes as possible and if you more or less have to rely on people clicking your installer?
Linux would definitly see more trojans written for it if a sizable portion of dumb people used it. But as long as they don't, it is fairly safe.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ban all DUMB users from the Internet. Not all Windows users are dumb, but it seems to me that all dumb users use Windows.
At least install some kind of responsibility for your actions on the 'net. You click every kind of BS you see, you open every file that's sent to you, no matter how shady the source, why should you not be responsible for the damage you do? If you act responsibly and still get infected, it's a different matter, nobody "normal" (read: Person who uses a computer as a convenient tool or recreation device, not as the center of his life) can avoid a well planned 0day attack. But irresponsible behaviour should be punishable.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
God is dead-Nietzsche
Nietzsche is dead-God
Nietzsche is God-logic
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
> Monarchies, Feudalism, the Inquisition-era Catholic church, and Soviet Russia were all the
> biggest, most far-reaching institutions of their day.
Monarchies, the Catholic Church, and Soviet Russia were all leaded by a single all-powerful person, and how bad they sucked depended on how bad that person sucked.
Feudalism is not an institution, but a system.
> Thomas Jefferson and his cronies decided there was a better way.
Yes. They created institutions (in particular, the division of power) that meant that the US as a whole florished despite the long string of incompetent politicians (no, incompetent and crooked politicians is not a new invention) that lead it.
> I agree with him,
No, you misrepresenting him grossly, and arguing for the exact opposite of everything Thomas Jefferson and the founding fathers build.
> so I'll take a handful of determined, skilled, like-minded individuals over an "institution" a any day.
That is Platon, not Jefferson, and the same idea in a modern context is called Fascism.
Don't make the assumption that all DNS servers were attacked equally though.
You're right. It reminds me of the time when LordNikon, Zero Cool, Master of Disaster (Joey) and Acid burn launched all their best viruses on the gibson.
I don't know what's most scary. The white bunny virus that was countered by a flu shot, or that I'm talking about this like it actually happened..
Defining Statistics and Social Research
In Korea, only Old People know about responsibility..... oh wait.
May the Maths Be with you!
No it's not as they aren't all mirrors of each other, the TLDs are split between them.
Botnets are created by sorry pimply-faced lusers such as myself that cannot get laid.
so... let me get this correct - a bunch of hackers tried to "get root", failed and this is a story?!
Yes, actually if you read my comment, I even mention Anycasting. However, the page I was pointing to, lists the geographic locations for the various root servers. Some of them have multiple locations, behind a single IP address, routed via Anycast. The others have only single locations (which may or may not imply multiple physical servers), making them somewhat easier to DDoS, since a world-wide zombie net would be concentrating it's traffic towards one server. On the geographically-distributed "servers" (with Anycast), each zombie would only hit the machine closest to it, so it's harder to take down.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Er, the root servers are the authoritative servers for the root, ie '.'.
Not the same thing as the authoritative servers for an assortment of TLDs at all.
Historically there was a certain degree of overlap, at least between US-based roots and gTLD servers, but not really any more. Have a look at the servers returned from 'dig . ns' and compare them to 'dig com. ns' or 'dig net. ns'.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
(getting a bit off-topic here)
I noticed that when UAM alerts were turned off, the Guest account suddenly also had all the rights in the world - very unnerving. This was in RTM.
So basically, if I am cocky enough to turn of UAM, I can't trust that the user policies will be enforced. FTW!