The Real Impact of the Estonian Cyberattack

An anonymous reader writes "News.com offers up an interview with Arbor Networks' senior security researcher Jose Nazario. He takes stock of the denial-of-service attack against the Baltic nation of Estonia, and considers the somewhat disturbing wider implications from the event. 'You look around the globe, and there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large. In this case, it has disrupted the Estonian government's ability to work online, it has disrupted a lot of its resources and attention. In that respect, it's been effective. It hasn't brought the government to a crippling halt, but has essentially been effective as a protest tool. People will probably look at this and say, That works. I think we're going to continue to do this kind of thing. Depending on the target within the government, it could be very visible, or it could not be very visible.'"

How insightful!

[Cutie+Pi]

Depending on the target within the government, it could be very visible, or it could not be very visible.

Yep, that pretty much sums up the possible outcomes.

Re:How insightful!

[iONiUM]

hey HEY! I was thinking there could be a third option, translucently visible, or like visible only on the 3rd moon of the 18th month of the 22nd year after the year of the tortoise.. this narrowed it down a lot.

Re:How insightful!

[TapeCutter]

Come on, there are an infinite number of ways to hold your tounge and squint.

Re:How insightful!

[rs232]

Yep, that pretty much sums up the possible outcomes

Would this distributed DOS attack be possible without a vast army of compromised desktops being used as part of a botnet. Is it tecnnically possible to design against such attacks, or at least make it more difficult to compromise the desktops and route the rogue traffic. After all the Internet is supposed to be designed to be resistant to a nuclear attack. (I know Vint Cerf remembers it different)

Re:How insightful!

Come on, there are an infinite number of ways to hold your tounge and squint.

On the other hand, there are not an infinite number of ways to spell "tongue".

Re:How insightful!

[HiggsBison]

Come on, there are an infinite number of ways to hold your tounge and squint.

On the other hand, there are not an infinite number of ways to spell "tongue".

Yes, but 'e was clearly spelling "tounge", then, wasn't 'e?

Praline: The cat detector van from the Ministry of Housinge.
Man: Housinge???
Praline: Yes, it was spelt that way on the van. I'm very observant.

Re:How insightful!

[Vancorps]

It would be easier to defend against these attacks if companies would standardize on techniques. Cisco and HP are two examples I know of that offer different methods for defending DDoS attacks. Cisco has a number of methods not all of which are compatible with each-other. Perhaps more importantly, Cisco's methods almost always require Cisco products for them to work effectively. HP is a little better about standards these days but their methods are still rather solitary to their Procurve platform. Lately HP has made a huge change dropping Cisco support from at least some of their products in favor of standards that will work with the Nortels, Adtrans, and even Netgears of the world. It is a step in the right direction.

It seems simple, if ISPs can restrict traffic so that forging addresses is impossible then filtering DDoS at the ISP level before its aggregated should be easy. Even then, once it is aggregated it would be chunks of traffic which could easily be identified and blocked either temporarily or permanently allowing others to continue as normal.

Re:How insightful!

Perhaps more importantly, Cisco's methods almost always require Cisco products for them to work effectively.

Actually, if you follow the field... Cisco methods require both Cisco and Arbor Networks products to work effectively.

Even then, once it is aggregated it would be chunks of traffic which could easily be identified and blocked either temporarily or permanently allowing others to continue as normal.

Identifying the bot traffic, some of which is intentionally trying to disguise itself is hard, but not impossible. It is, however, somewhat expensive, which is why ISPs are now charging for clean pipes.

Multicast theories

[packetmon]

You know... I thought about the possibility of a Multicast worm/attack ... Just haven't had time to document it... Would work similar to the following... For those who use IM clients that have annoying streaming advertisements... If you didn't know, those are multicasted to your machine... My theory was to re-inject packets at the router level (avoiding Reverse Path Forwarding when possible) to make your machine believe my spoofed host is a valid source to get your images from... Only thing is, the image would be corrupted forcing an infection on your machine... This would in turn replicate via broadcast from the infected hosts... It was a theory of mine while studying DoS attacks for the CCIE security exam and a lot of variables would have to be met... Anyhow, the reason for this post is, I believe those committing DoS attacks are halfclued as to what a real attack could potentially do... For instance Border Router Attack Tool is another theoretical tool to break BGP neighboring. You of course have to know enough about a topology to even get it to work but under a unified stream, you could cause massive route flaps which lead to neighbors disconnecting. Its only a matter of time before someone takes it to the extreme and breaks connectivity between huge AS'

Re:Multicast theories

[zappepcs]

While I'm not sure your idea would work or not, I do know that there are many ways to compromise the nice-play Internet that we all think it is. Some of them are being used right now and we just haven't figured it out yet. DDoS is but one of those ways and might be *ONLY* a distraction while surreptitious malware or spyware is installed in government facilities. This in fact could be a test of the new Chinese cyber-warfare units in order to demonstrate what they are capable of...

Just a thought from the 'stay in your happy place group' (TM)

Re:Multicast theories

[packetmon]

Give me some DARPA funds... I'd throw together the mother of all attacks to take out that great wall of China ;)

Re:Multicast theories

[AndersOSU]

I wouldn't be surprised at all if the DOD had just such a tactic in place.

I mean think about it, one of the things a party at war always tries to do is get the civilians of the opposite side reading "subversive" material. One of the first things we did with airplanes in war was pamphleting. We still attach pamphlets with aid drops. Would it be so strange to see the US send email to every Chinese address that looked like this? How about a flood of anti-communist text messages? Doesn't seem very far fetched to me.

Optimus Prime?

Damn my Asperger's. I thought we were under attack from Cybertron...

Backbone QOS?

[dattaway]

Isn't the backbone capable of metering connections to an attacked country? I haven't noticed the providers to be politically spineless (except for AT&T) but can't they help a poor country out?

Re:Backbone QOS?

[packetmon]

What would QoS do at this level except overwhelm your processor? Unicast Reverse Path Forwarding would be the better solution nowadays. Cat 6500 info... If networks were built correctly from the ground up, these attacks wouldn't even happen as much. If three networks were connected and all had uRPF or filtering in place, no three networks would be able to spoof addresses and cause attacks. They'd be forced to attack using a valid address on their network which would make tracking easier...

Re:Backbone QOS?

Many cyber attacks against Estonia were blocked thanks to ISPs around the world. So they really do help COUNTRIES.

Re:Backbone QOS?

What would QoS do at this level except overwhelm your processor?

The Cisco Guard, Arbor TMS, and Cloudshield all have some pretty large/specialized processing power and are designed to filter DDoS attacks of just these kinds.

Re:Backbone QOS?

[phayes]

TFA isn't detailed enough to tell us all how much of the attack was spoofed from sources in Russia & how much was from botnets. In any case the use of a large enough botnet with bots distributed throughout the internet will neuter URPF. When bots use their own IP addresses (or addresses from neighboring machines on the same LAN), URPF loses it's utility.

Re:Backbone QOS?

[Vancorps]

That wouldn't be the case if the ISP at the source in question had also implemented the technique before they peer with another provider. At that level the aggregate is a lot smaller and much easier to pin down. The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.

HP and a few others have been learning this lesson trying to implement standards wherever they can. The bonus for the Cisco people is that you usually get the standards with Cisco proprietary on top so it doesn't kick them out of the play area. Move to standards and get every ISP to implement them perhaps with tax incentives and the problem becomes a lot smaller. Of course the major ISPs already receive a lot of tax dollars so maybe we just specify how that money is spent as currently it looks like there is no accountability.

Re:Backbone QOS?

[phayes]

There is precisely zero chance of it getting implemented on a wide enough scale to be of any use unless DDOS attacks come back in force & start affecting more than a minor corner of the net like Estonia. Unless DDOS attacks become such a problem that heads of states need to get involved it'll never get deployed widely enough. Even it the US used it globally, the Net has grown so far beyond it's US centric origins that that would be a mere finger in the dike.

Given that botnet "owners" earn more spamming, I don't see it happening.

Re:Backbone QOS?

[99BottlesOfBeerInMyF]

The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.

The road to ubiquitous DDoS protection is called "no monopolies." Several large ISPs have shelled out for the hardware to do this kind of DDoS filtering effectively, and almost every tier one can partially mitigate it with a combination of Arbor detection, and clever routing. The ISPs are paying for this because they can sell it and make money. Do you want a provider who does or does not offer a "cleaned pipes" option that lets you mitigate DDoS attacks directed at your network via a Web interface? Making sure that is the best way to make money by supporting net neutrality and other provisions that prevent monopoly abuse is the surest way to provide incentive to the market.

Re:Backbone QOS?

There is precisely zero chance of it getting implemented on a wide enough scale to be of any use unless DDOS attacks come back in force & start affecting more than a minor corner of the net like Estonia.

I work for a company that sells DDoS protection devices to ISPs. They can use these devices to filter out, or at least null route the vast majority of DDoS attacks. Approximately 75% of all tier 1 and tier 2 ISPs in the world have our systems deployed at least for their backbone. DDoS protection is deployed across most of the world and ISPs usually will act for very public attacks, and when a customer is paying them for the service of having DDoS removed before it hits them. Look at AT&T's "clean pipes" initiative.

[Posting anonymously and without naming my company because I'm not an official spokesperson.]

Re:Backbone QOS?

[Vancorps]

In the case of AT&T I want nothing to do with them. It does add value so it makes a lot of sense. So you've backed up my point. There is no down side to mass DDoS filtering. There is absolutely no reason why ISPs can't step up and at the very least make this much less of an issue.

Re:Backbone QOS?

[Vancorps]

There are heads of state which have experienced the effects of DDoS attacks. Think Whitehouse.gov

Furthermore, most of these mechanisms are already deployed, they just aren't enforced unless you pay extra for the protection. Even then, it's too late, by then the traffic has aggregated enough bandwidth that the problem is much harder to work with. Kill it before it becomes big and see how the problems disappear.

The U.S. isn't the only country interested in this kind of protection especially with all the news of China and it's growing online presence. Japan and Taiwan have both experienced problems in this regard as well. I'm sure South Korea isn't far behind.

Re:Backbone QOS?

[99BottlesOfBeerInMyF]

There is absolutely no reason why ISPs can't step up and at the very least make this much less of an issue.

What do you think this article was about? ISPs in several nations helped out by using their capacity to help filter the DDoS attacks against Estonia, whose major telecom apparently has no such capability. If, however, you want this to happen on a regular basis for all DDoS attacks ongoing, you have to expect the ISPs to charge their customers for that service. It costs money to deploy sensors and mitigations systems and to man and maintain those systems. At the same time, doing so reduces the amount of traffic peers and customers are consuming, thus reducing their revenue. If people want DDoS to go away all they have to do is pay the piper, which many customers with critical online resources are now starting to do.

Re:Backbone QOS?

[phayes]

Your examples prove my point, not yours! Whitehouse.gov shrugs off current DDOS attacks by having distributed servers and net access points, not by trying to mandate that every ISP around the world implement trunk level IP filters on all outgoing traffic.

Other countries would be interested but no-one feels it to be globally feasible except you. There will be no widespread deployment because, as I've repeatedly informed you, unless DDOS attacks worsen greatly, it's useless partially deployed.

Re:Backbone QOS?

[Vancorps]

Sorry, but you have an odd definition of reality. Whitehouse.gov was completely taken out by a DDoS some years ago when it was a huge issue. Now in the last year we've had massive DDoS attacks on the root DNS systems which naturally held up because these trunk level ip filters you seem to think are impossible to implement HAVE been implemented. So in short, the only one that doesn't think this can be implemented globally is you.

I'll refer you to AT&T "Clean pipes" initiative as an example of a multinational corporation implementing this on a massive scale and using it to charge their customers more while giving their customers more value for their dollar. Face it, DDoS attacks were already a huge problem, you just never noticed because you were too busy saying everything is impossible and that countries can't work together despite that being the very nature of the Internet. AT&T is by far not the only ISP implementing this all over their backbone as well. Refer to at least a couple dozen other posts in this thread and you will see that are lots of options and many of them are deployed and the same method does not need to be deployed globally to be effective. As I said, it only really needs to happen when you peer with another provider. It saves the ISPs money on back haul charges and they can charge their customers more for the same service that they already had an interest in delivering.

I also don't understand how that proves your point and not mine when it clearly illustrates that the problem is indeed widespread and has affected people with the means to create real change. It might help your point as well as mine but it certainly discredits nothing. This is why the Whitehouse.gov is where it is today. It wasn't always distributed, why do the think they spent millions to make it that way in the first place? You think they just thought it was a good idea at the time? Perhaps you don't realize that big business is not proactive nor is big government.

Re:Backbone QOS?

[phayes]

Whitehouse.gov was taken out by a DDOS before being updated to it's current configuration.
Problem: DDOS.
Solution chosen: Highly redundant servers & links. (My reality)
Solution NOT chosen: A policy statement by GWB proposing that URPF needs to be deployed globally followed up by meetings with other leaders in which this subject is discussed. (Your reality, apparently. The issue was heads of state getting involved.)

Even with URPF installed globally, a widely distributed botnet will still be able to prosecute DDOS attacks. URPF mitigates attacks where A is spoofing source addresses not on it's LAN, it does nothing when a bot is sending legitimate traffic from everyone on it's /24.
You are the one proposing to impose URPF on a global scale as a solution using taxation as an inducement. You need to show where the willpower is on a global scale to implement it.

Re:Backbone QOS?

[Vancorps]

You completely an utterly missed my point. I never once suggested using tax dollars to require this of companies. I said specifically there should be standard technologies not encumbered by copyright or patent that all companies could use so my current HP infrastructure restricts me to using HP anti-DDoS techniques, the Cisco approach is proprietary along with several other companies that offer such things. If there was a common standard many more ISPs that are smaller would then implement such technologies. I never said any specific technology should be implemented.

So you're reality seems to be reading things that were never said so I'm going to trust my reality where my firewalls don't accept traffic from the wrong location. If someone is spoofing and address inside my network they will not get out to the Internet. It's easy for me to deploy as I have the resources to do it.

I'm going to trust my reality and ignore the fact that GWB wasn't President when Whitehouse.gov was upgraded and that Clinton did indeed rally international support for these kinds of controls as well as controls I wouldn't agree with. I also never said that one technique had to be deployed globally, I said over and over that it needs to be implemented when an ISP peers with another ISP, it makes total sense and your opposition to it is astounding to say the least as it's completely irrational. A technology that can save an ISP lots and lots of money while putting an end to DDoS attacks really has no downside especially given that the vast majority of large companies out there have already invested in these technologies.

Highly redundant servers and links are just the beginning and most certainly not the only solution that was implemented. The fact that you think it is I'm finding more and more humorous considering they have since deployed some very high end anti-DDoS solutions as distributed servers alone are not enough to prevent this. If you can saturate one link you can certainly saturate three links.

Re:Backbone QOS?

[phayes]

If you're so sure that President Clinton was so worried about DDOS attacks you'll certainly be able to find a reference to him saying so, right? I won't hold my breath waiting for a response...

The problem with your position is that by pushing URPF you're attempting to win the last war when DDOS techniques have moved on. URPF et al is only useful when hosts are sending data with spoofed source addresses that can be fairly easily identified & filtered. It's an old technique. Botnets with tens or hundreds of thousands of members can DDOS without resorting to spoofing. Utility of URPF here? None.

My parting shot on how URPF & similar technologies are not a panacea against DDOS attacks is this. Utility of URPF for P2P DDOS attacks? (Hopefully you're finally getting my point) None.

Re:Backbone QOS?

[Vancorps]

You keep referring to Cisco proprietary URPF like I suggest it as the end all be all. It's amazing the things you choose to focus on. Do you really think Clinton made technology decisions for the Whitehouse? Hell no, there are people paid to perform such tasks so your asking for him to say it is just ridiculous. In much the same way the my boss's spam problems are handled by me because the problem affects him but I'm responsible for it.

There are other techniques for fighting against DDoS attacks one of which has been used for the last 5 -10 years to protect corporate machines from virus infections. When there is a massive surge of traffic in one direction you split it and multi-path the whole thing. If too much traffic is coming from one location then it starts to filter that one location dynamically and on the fly. It's just one of hundreds of protection mechanisms employed all over the world already.

The only problem is in the lack of standards, corporation A implements solution B while corporation C implements solution D which is incompatible. If there was a standard they could work together and both save a lot of money. Since there is no standard they both spend a lot of money and achieve the same result.

I've concluded you don't have a point since even in your example of URPF the solution is very effective even today, just because it is not 100% effective doesn't make it not worth deploying. You're probably one of the people that thinks if services are configured properly on all servers then you don't need a firewall. Completely short-sighted

As for a briefing from the whitehouse, here is an example from the Bush adminstration. Older articles are indeed harder to find but this is a pretty clear statement about DDoS attacks back when there were even less options.

Typos much?

[...] has essentially been effective as a protect tool.

Protect tool? Or protest?

Attacks..

[Mockylock]

For 3 years straight I've been getting hit by Viagra and Penis enlargement e-mails/ads about 30 times a day. Maybe they can use that for their own defense just to irritate the piss out of them.

Re:Attacks..

[Archangel+Michael]

Irritated Piss is a sign of a Urinary Tract infection, or kidney stones. Please consult a physician immediately. And lay off the Viagra and Penis Enlargements.

Re:Attacks..

[Weedlekin]

I get lots of them, together with several daily messages telling me about how great life would be if only I lost weight. The puzzling thing about it is how all those people know that I'm morbidly obese, and have a tiny, flaccid todger...

no reason to get overly complicated

[JeanBaptiste]

just do this

Re:no reason to get overly complicated

[packetmon]

Again, it was a theoretical based study for security labs... Its possible but highly complicated and only a matter of time before someone throws something together to do that and worse

help us!!!

It isn't cyber attack here in France that's the killer! It's something worse! Save yourselves, stay away!!!!!!

IN SOVIET RUSSIA...

In Soviet Russia, Estonia cyberattacks you!

Possible Outcomes

[Nymz]

Unless some magical solution presents itself, then cyber-warfare will most likely continue. The difference will be in how we respond. Should starting up your own cyber-attacks be an acceptable form of retaliation? or will more cyber-attacks only lead us down the path to a conventional-attack?

Re:Possible Outcomes

[cosinezero]

If impact is merely economic - how then does it differ from other games countries play to crush economic interests? I mean, where you see "Denial of Service", I see "Sanctions" and wonder, in the grand scheme of things, what's the difference?

Re:Possible Outcomes

[DerekLyons]

The key difference is that sanctions and traditional methods are (generally) open and aboveboard - you know who is doing what to who, as it is announced widely beforehand and very visible in operation. DoS attacks however, are none of these things. In addition, while Country X may impose various forms of sanctions/tariffs/etc... on Country Y - that does not effect (directly) either the internal operation of Country Y, or it's intercourse with Country Z. DoS atacks can, and do - as well as have an immediate and direct impact on individuals.

Re:Possible Outcomes

[cosinezero]

"The key difference is that sanctions and traditional methods are (generally) open and aboveboard"

-->Oh boy.

Countries (including the US) raid and detain maritime vessels - shipping, scientific, etc - for a wide variety of reasons... not all of them overt.

I see a number of parallels from a cyberattack on a country to the US detaining money from shipments of sugar from brazil to russia calling it suspect for the drug trade. We can call it "Social Engineering", if you will, but the picture remains the same - countries have a variety of ways to wage war - economic, sociopolitical, psychological, even religious - without ever pulling a trigger or killing a soul.

Sadly the Bush Administration has nearly forgotten how to continue that fine, delicate art form, but there was once a time where we waged war entirely out of the realm of above board and open - not to say that the latest endeavours have been such either, but at least everyone knows it's the Americans killing people.

Re:Possible Outcomes

[Deadplant]

The key difference is that sanctions and traditional methods are (generally) open and aboveboard

That is the funniest thing I've heard today.

Re:Possible Outcomes

[The+Zon]

The key difference is that sanctions and traditional methods are (generally) open and aboveboard - you know who is doing what to who, as it is announced widely beforehand and very visible in operation.
The only time sanctions are "open and aboveboard" is when the nation is dramatically at odds with the rest of the world - like North Korea and Sudan. But there is plenty of cloak-and-dagger economic warfare between countries, even between allies. For example, a key reason why America still has as many military bases as it does in Japan despite the lack of a legitimate threat of invasion from any country is because the ruling LDP politicians fear that if they force the US off of Japanese soil, America will force Japan to open up its domestic market to real international competition. This would force rapid, bloody economic change (see: South Korea a few years ago), which would surely cost the LDP, which has controlled the country almost every year since the end of WWII. (The only year it was defeated nationally was in 1993, when an eight-party coalition briefly took power before collapsing in on itself, as eight-party coalitions often do.) In that case, the threat of economic warfare forces Japan to acquiesce to the United States' foreign policy will, at the expense of its own people.

(Which isn't to say I'm against globalization in Japan, incidentally. I wish we could see a real fight between the US and Japan on this issue, since it has a good chance of resulting in both a globalized Japanese economy (inevitable and necessary, as they approach a point of almost zero growth) and a reduced American military presence in the Far East. That's two victories in my book.)

And let's not even get into the World Bank and International Monetary Fund, which are more ripe with espionage than Lebanon.

Re:Possible Outcomes

[CasperIV]

Oh boy. Countries (including the US) raid and detain maritime vessels - shipping, scientific, etc - for a wide variety of reasons... not all of them overt. I see a number of parallels from a cyberattack on a country to the US detaining money from shipments of sugar from brazil to russia calling it suspect for the drug trade. We can call it "Social Engineering", if you will, but the picture remains the same - countries have a variety of ways to wage war - economic, sociopolitical, psychological, even religious - without ever pulling a trigger or killing a soul. Sadly the Bush Administration has nearly forgotten how to continue that fine, delicate art form, but there was once a time where we waged war entirely out of the realm of above board and open - not to say that the latest endeavours have been such either, but at least everyone knows it's the Americans killing people.

Whoa, set the bong down for a moment and step away from the Kerry poster. Before you go off on an underhanded political tirade, you might want to dip into the facts and history of government interactions.

As stated in Sun Tzu's "The Art of War", destroying the enemies possessions and people will always be second best to subverting his plans. The concepts have been around for centuries and are in practice around the world today. The area where you start to wander in your argument, is when you try to draw parallels between political actions you dislike. Just because you may lean in a political direction, it does not mean the opposition are the ones playing the games. The current administration plays all the same games as all the previous, as do the rest of the nations of the world.

The primary difference between embargo's or sanctions, and an open DoS attack is pretty dramatic. No where in a political move do you directly destroy or cripple services. You may withhold goods/services and you may convince other nations to do the same, but you do not physically attack the target. In a DoS attack, it is an act of direct aggression as you are actively defeating systems on the opposing governments soil. It is not at all a leap to consider a physical military retaliation for such attacks. It would be no different then if a bunch of men dressed in black broke into your server rooms and beat the machines with hammers.

Just as their are times that subtly and silence are golden, there are times when open military action is required. What makes a good leader (or adviser) is knowing the difference.

Re:Possible Outcomes

[cosinezero]

"As stated in Sun Tzu's "The Art of War","

-->Hasn't this become an addendum to Godwin yet?

"No where in a political move do you directly destroy or cripple services. "

-->Interesting. There's QUITE a few dictators that have been overthrown by covert meddling that would not agree.

"The current administration plays all the same games"

-->Note that no where did I suggest they don't; simply that bush has lost the flair that his predecessors once had for the covert and the underhanded. Reagan... Clinton... Even Bush sr., were all tremendous at 'cheating' at the world game. Bush lacks a fundamental appreciation and understanding of subtlety and would rather drive a truck through the building rather than infest it with termites.

Re:Possible Outcomes

[bhiestand]

For example, a key reason why America still has as many military bases as it does in Japan despite the lack of a legitimate threat of invasion from any country is because the ruling LDP politicians fear that if they force the US off of Japanese soil, America will force Japan to open up its domestic market to real international competition. You kidding? Japan losing the billions of dollars Americans spend in their bars, strip clubs, and apartments would destroy several of their markets. No, they want Americans to slowly leave one base at a time so they can convert the bases into housing without flooding the market.

...and a reduced American military presence in the Far East. That's two victories in my book. I'll assume you're Chinese and of the mainland variety. Nobody else in the world stands to benefit. The DPRK would not behave itself if Americans weren't in Japan and ready to respond to them. Likewise, China would have already flexed its muscles. The American military is defending multiple democracies by simply sitting there and being ready to fight. I'd think that most people would prefer this over having to re-take South Korea.

Implementation Failure

[RealProgrammer]

That a whole country could be DOS'd is evidence of someone doing a bad network install. The network should never be down.

Lots of companies have a root-and-branches approach to Internet connectivity, too, thinking that each site (or the whole corporate intranet) needs only one gateway to the outside. Put all your eggs in one basket, and watch the basket. For the family baked bean recipe confidentiality that's good, but for availability that's bad.

The "right" way to do it is to have multiple redundant shared trunks with neighbors. That word "shared" is scary to network administrators (or rather, to their pencil-pushing mentors). It means they'll have to carry outside traffic on their pipes (that's a metaphor, Senator), and that has risks: it costs money, and it has the potential to allow someone to see inside the network.

However, the rewards for sharing bandwidth are enormous: multiple ISPs mean allowing TCP/IP to do its job, routing traffic to avoid disasters like DOS attacks, hurricanes, and nuclear bombs. The ISPs and other bandwidth partners know they have an interest in helping to protect your network. The technical risks can be mitigated simply by routing and tunneling.

Is the above realistic? Nope. Not in a corporate environment, anyway. I'd be really surprised if anyone outside academia or pure ISP does shared trunking anymore.

But it can also happen at the leaf nodes: you and your neighbors share cable broadband and DSL connections, routing through wifi. That violates most subscriber agreements, but it's the way the protocols were designed to work. Your network should never be down.

Never.

Re:Implementation Failure

[99BottlesOfBeerInMyF]

That a whole country could be DOS'd is evidence of someone doing a bad network install. The network should never be down.

This is a DDoS attack. The first "D" stands for "Distributed." When you have thousands of remote machines located in different places sending traffic to your network, preventing an outage relies upon being able to figure out which traffic is legitimate and which is illegitimate, and then filter the illegitimate. Having more diverse pipes does not really make a huge difference. Either legitimate and illegitimate traffic can come in over a pipe or they can't. If it can, the attack is blocking things. If it can't you just DoS'd yourself.

The real trick here is the availability of clean or protected access from ISPs with the capability of detecting illegitimate traffic and filtering it, without stopping legitimate traffic. Many ISPs have this capability to one degree or another and a few have formally brought it to market as a differentiator for their service. I'm guessing the big ISPs in Estonia might be a bit behind in that regard, and are thus working with more capable peers to try and filter the attack further away in the cloud.

Re:Implementation Failure

Did you check some facts?

Estonia: population 1,324,333 (less than 1,5 mio.) http://en.wikipedia.org/wiki/Estonia

I would like to see some municipalities in USA of the size of Estonia to withstanding such cyber-attack.

Do you realize that the number of adult inhabitants in Estonia is less than a number of employees at the biggest employer of USA? (http://www.usatoday.com/money/industries/retail/2 003-11-10-walmart_x.htm)
Estonia is like New Hampshire or Maine or Idaho population wise. And than cyber-attacks are lounched from IPs of Russia government institutions.

Russia once again showed who they are.

And by the way: those Soviet soldiers buried near "Bronze soldier" ware killed 3 days after Nazi army left Estonia during WWII. Hint needed? They were killed in fights with local Estonians who wanted reinstate independence. So no "liberators from Nazis" only occupation power.

The sad think EU depend so much on Russian gas and oil that little is done or said about all this.

Re:Implementation Failure

[asninn]

That a whole country could be DOS'd is evidence of someone doing a bad network install. The network should never be down.

Why not? Just as a reference, Estonia has 1.3 million inhabitants. How many zombie computers can you buy for a DDoS attack when you've got the FSB's budget? I'm not sure, and I'm not sure what Estonia's network infrastructure works like, but I certainly don't think that it's inconceivable that you can DDoS an entire country. It probably won't be Jimmy Random McScriptkid who does it; but then, the attacks on Estonia were orchestrated by Russia for all we know, anyway. Think about it.

Government-orchestrated and encouraged

[mi]

Decent well-connected countries would not engage in this sort of things. Russia — busily turning itself back into an Evil Empire — denies "officially" organizing the attacks...

Whether it did officialy organize them, or not is irrelevant — so many things in the country happen unofficially (including the unofficial salaries — in dollars — paid to top government bureaucrats to keep them from leaving for the private sector), that the government's claims may even be nominally truthful this time.

What is important is the government's official reaction. For example, a Russian health official is on record concerning the health hazards of the Estonian sprats. Those who follow the region would recognize the tactics already applied against Georgia's major exports. Georgia's most excellent wines are now called "alcohol-containing liquids" in Russia and their import is banned "on health grounds".

Sprats are safe for now — unlike Georgia, Estonia is an EU (and NATO) member. But Russia — in sore need of something glorious in its sorry past (we liberated Estonia, not reconquered it, you see) — is still enraged. In a decent country such rage wouldn't be enough to break law and order, but Russia is another story. There is no doubt, the cyber-attacks against Estonia used Russian governmental resources, including hardware and human ones — these will most certainly not be prosecuted.

Re:Government-orchestrated and encouraged

[Cyberax]

Georgia's wines were CRAP. 90% of it was counterfeit made from 'wine-containing liquids' (the rest 10% was really good, though). The same goes for Polish meat.

Of course, decision to 'notice' that was political.

Oh, ans as we speak about global economics - why can't Poland sell their meat to other countries. Maybe because it substandard?

Re:Government-orchestrated and encouraged

[Cyberax]

BTW, Russia's past is indeed glorious. Let's see:
1) USSR won in WWII (destroying 80% of German military manpower).
2) USSR was the first country to launch a satellite.
3) USSR was the first country to launch a man into space.
etc.

It's Estonia that is like a small dog barking at a great elephant.

Re:Government-orchestrated and encouraged

[Vo1t]

It's a bit offtopic, but next time do some research before you actually claim that something is crap. I can bet it's better than anything that's sold in the Western Countries - simply because it has less chemicals in it.

As for Russian and them finding out that Polish meat is crap, well if you'd googled, you'd found out that those accusation are total political bullshit. The meat is fine, and was tested by many independent labs. It's typical of Putin to create embargos with fake evidence and blaming it all on to others. Same with Estonia.

Re:Government-orchestrated and encouraged

[LWATCDR]

"1) USSR won in WWII (destroying 80% of German military manpower)."
After first helping train the German air force, and helping it invade Poland.
Lets not forget that the USSR received a lot of lend lease aid from the US. Thousands of aircraft and many many tons of other supplies where sent to the USSR from the US.
The USSR didn't win WWII. The allies won WWII. Of course it is nice to forget that Stalin was Hitler's friend right up till the time Hitler attacked Russia.

Estonia may be a small dog but it has big friends. NATO and the EU are not to dismissed so easily. That is why NATO was formed. So that Russia couldn't push around the smaller European countries.

Re:Government-orchestrated and encouraged

[shutdown+-p+now]

Why, exactly, is the parent modded "Informative"? There's not a single reference to back his claims, and googling mostly gives links to Russian sites - hardly unbiased.

Re:Government-orchestrated and encouraged

Talking about Stalin. Being friend to Hitler is one thing. Stalin killed more people than Hitler did. All the countries occupied by soviets suffered enormously and what about famine in Ukraine orchestrated by Soviets.

Winners are never judged, that's why so little is widely known in western world about Soviet atrocities compared to Hitler's "games".

Re:Government-orchestrated and encouraged

[shutdown+-p+now]

You forgot:

4) USSR was the first country to slaughter its own population by millions (yes, before Nazis started to implement their "Final Solution").

As for winning WWII, yeah that was quite a feat. Especially the part about replacing the Nazi totalitarian puppet regimes with Communist totalitarian puppet regimes throughout Eastern Europe. Way to establish good relations with your neighbours.

Re:Government-orchestrated and encouraged

[UncleOwl]

To continue your nice metaphor: the small dog barks after seeing the huge load of elephant dung dropped to his backyard.

Russia's past might be glorious. Pity that the present is not.

Re:Government-orchestrated and encouraged

[Moskit]

You did not bother to put facts in your post.

If you are not aware - there was an official investigation to find out the origins
of the low quality meat. Using shipping records it has been traced back: bad meat
was shipped by sea from USA to Klaipeda in Lithuania and then to Moscow in Russia.
Counterfeited certificates of Polish origin were then used at the Russian border.
The meat itself was not from Poland, it didn't even transit Poland.
After Polish investigators gave all the details to their Russian colleagues
there was no further progress that I know of.

The funny thing that allowed Russians to check that certificates were falsified
was that they were done most likely by a person using Russian as their native language.
There were silly mistakes in spelling, common to Russians using Polish.
A certificate was posted on the web when the problem started, but since then
the issue has become political and a few people remember what was the cause.

Except for the complex political factors (which I ignore here) of "me boss, you not"
the main real problem that Russia signalled was that certificates are too easy
to counterfeit.

And BTW - Poland does sell meat to other countries instead of Russia.

PS: can't comment on Georgian wine, as I didn't drink it.
I guess you've had your share ;)

Re:Government-orchestrated and encouraged

[AndersOSU]

Ok, I know nothing about this particular drama, but less chemicals? Really, is that why Georgian wines are good? Compared to what exactly? The French, who can afford fungicides so their grapes don't rust on the vine?

Personally, I'd take the ppbs of residual chemical on the grape skin than the couple of percent of mildew infested grapes that get through in a country that doesn't use chemicals.

Re:Government-orchestrated and encouraged

[antv]

Well, your big mistake is assuming this sort of thing is somehow centrally organized.
Remember an incident with US spy plane and Chinese fighter jet ?
It resulted into a hacking contest between US and China without any "official" guidance.

In case of Estonia an asshole named Anders (Estonian leader - my sincerest apologies to all other assholes for the comparison) referred to buried WWII veterans as "marauders" on public TV, before trying to move the statue. Quite obviously, people got pissed off. Some teenagers wrote graffiti on the streets in Tallin, others threw eggs onto police cars. The more nerdy ones arranged DDOS attacks. Blaming this on Russian government is is kinda like like saying that Tony Blair is responsible for soccer fans fighting each other.

The only real question here is why the hell Estonian government doesn't have a dedicated network outside of Internet.

Re:Government-orchestrated and encouraged

[LWATCDR]

I think the most telling thing was that Hitler respected Stalin. I have heard that Hitler thought it was a shame that he would have to kill Stalin when he conquered Russia. He would have loved to have Stalin run it for him.

Re:Government-orchestrated and encouraged

[Vo1t]

I admit the case of Georgia wines has not been researched by me. However, main point of my post was about Polish meat that Russia told was bad and didn't meet their standards, and even though audits did not confirm thouse rumours, Russia continues to use it as a political argument.

Re:Government-orchestrated and encouraged

Glorious indeed, too bad your probably to young to remember what communist reality actually looked like with empty store shelves and people waiting in lines for hours to buy toilet paper. Somehow the ussr was able to build rockets, airplanes and ships capable of fighting the worlds most technologically advanced nations but wasn't capable of producing washing machines or vacuum cleaners. And let us not forget to mention the soviet terror (though during my youth that was already receding).

Quite frankly I find absolutely terrifying when people only a few years younger then myself go around trying to rehabilitate the soviet regime with the help from the very top might I add and the siege mentality.

Re:Government-orchestrated and encouraged

if they are indeed crap then why not just leave it to consumers to make the choice themselves?

Re:Government-orchestrated and encouraged

[Cyberax]

Ah, typical western ignorance about WWII.

Read http://en.wikipedia.org/wiki/Munich_Agreement#Reac tions about reasons of Molotov-Ribentrop pact. In short, western democracies ceded Czechoslovakia to Gitler - Stalin was ready to send army to support Chechs, but Poland had not allowed them to pass. Stalin was a realist and he did not believe that USSR and Nazi Germany could coexist.

Also, Poland occupied parts of USSR (yes, you read correctly - in was Poland who occupied parts USSR) in 1921 and Stalin merely liberated USSR territory. Besides, Poland destroyed about 80000 of captured Red Army soldiers and officers...

Also, for 'allied victory' - USSR was the biggest 'ally' in size and manpower.

Re:Government-orchestrated and encouraged

[Cyberax]

Georgia wines were found to contain large doses pesticides. And a lot of wine was counterfeit.

WTF, even a Georgian _minister_ said that: 'One could sell even fecal masses in Russia'.

I surely googled and yandexed (Yandex.ru - a Russian search engine) - there WERE well-known problems with Polish meat. I remember a couple incidents when meat from England (during BSE scare) was rebranded in Poland and exported to Russia.

Re:Government-orchestrated and encouraged

[Cyberax]

What 'audit'? Have auditors checked all Polish farms?

Russia offered Poland to create mixed auditor teams to certify each farm in Poland. Poland refused.

And I repeat my question: why can't Poland export meat, say, to Germany or France?

Re:Government-orchestrated and encouraged

[Cyberax]

Hmm...

I thought it was United States and Britain Empire who invented modern genocide.

Re:Government-orchestrated and encouraged

[Cyberax]

Yes, I remember Soviet reality.

I don't say that communism was all roses. I'm saying that Russians do have things to be proud of.

Re:Government-orchestrated and encouraged

[Cyberax]

I can't find good references in English. Lots of links in Russian. Here are few about meat smuggling in Europe: http://www.eubusiness.com/Food/bonemeal-foodwatch. 92/ http://www.deutsche-welle.de/dw/article/0,2144,180 8099,00.html Besides, Russia is not in WTO and have all rights to ban import of some goods for whatever reasons. US does this for Russian steel (heavy tariffs), for example.

Re:Government-orchestrated and encouraged

[igny]

we liberated Estonia, not reconquered it

As most wars show (Iraq is not an exception), winners "liberate" and losers "get occupied". For almost 50 years Estonia did not mind to side with winners. They have only recently realised they had been losers.

Re:Government-orchestrated and encouraged

[Vo1t]

Of course Poland exports meat to Western Countries. It's a bit weird though, that neither German nor French authorities find Polish meat bad. It is only Russian that see something inappriopriate in Polish meat.

The reason why detailed audit was refused, is because all exporting farms have EU quality certificates. Russia accepts EU certified meat from other countries, but forbids Polish meat even though it complies to the same quality standards. Such behavior smells of politics.

Re:Government-orchestrated and encouraged

[Vo1t]

You forget that Russian papers and news agencies (indexed by yandex) are politicized and therefore not reliable as a source of information.
To all of EU countries it is clear that Putin and his horde tries to use meat issue to cause havoc in EU integrity.

Re:Government-orchestrated and encouraged

Poland occupied territory in Russia because it's borders were essentially redrawn after WWI. Prior to "The Great War" the surrounding countries annexed it off the map entirely. The USSR only "reclaimed occupied territory" if you accept the version of it's borders that don't show Poland. And those casualties were from the Polish-Soviet War.

The idea that Stalin would send troops to "defend" another state is laughable, as the communists actively sought to instigate (either firsthand or through locals by lending aid and training) revolutions to topple capitalist regimes.

More info on Poland then you probably want:
http://en.wikipedia.org/wiki/Polish_Soviet_War
http://en.wikipedia.org/wiki/Miracle_of_the_Vistul a
http://en.wikipedia.org/wiki/Soviet_invasion_of_Po land_1939
http://en.wikipedia.org/wiki/Partitions_of_Poland

Re:Government-orchestrated and encouraged

[Cyberax]

Yes, and all European agencies are paragons of reliability. Just look at Faux News as an example...

I don't recall that minister suing anybody for slander. He did say that very words (in Russian).

Re:Government-orchestrated and encouraged

[LWATCDR]

Ahh the great Stalin was just trying to buy time myth. Stalin attacked Poland, and Finland. Then when he got word that Germany was going to attack didn't believe the information and threatened the source.
And no the USSR wasn't the largest ally in population that would be China. It was one ally and did nothing in the eastern theater until the war was over except intern US pilots and steal US planes to copy, ever hear of the TU-4?
They did nothing in the Atlantic theater and had to rely on the UK and the US to get convoys through so the Russian Army didn't stave. The Red Army in WWII marched on US bread.
They where one ally in the war and share the "honor" of being Hitler's ally as well.
The men and women of the Red Army fought bravely in the Patriotic War but Stalin was an SOB of epic proportion. The only reason Hitler lost in Russia is he actually managed to treat the Russian people worse than Stalin. Stalin didn't care how many of his solders died as long as he one. If Stalin hadn't slaughtered all his competent generals and hadn't been so willing to use his solders as cannon fodder millions fewer Russians might have died in the war.
I will give you that the men and women of the Red Army where good allies. Stalin and his government where not and almost as criminally inhuman as the Nazis they first sided with and the fought after being attacked. Russia does have a lot to be proud of, just not it's government.

Re:Government-orchestrated and encouraged

[Cyberax]

Stalin did want to support Czechoslovakia which was later occupied by Gitler. Western countries choose to support Gitler (so called 'appeasement' policy). Stalin understood that he's on his own so he tried to win USSR some time with Molotov-Ribentrop pact (and it was partially successful). I don't see anything laughable in that.

Poland did not really exist prior to WWI as a separate entity. And they did not really behaved well after gaining independence: http://en.wikipedia.org/wiki/Pinsk_massacre - for example.

Re:Government-orchestrated and encouraged

[Cyberax]

Really?

Europe has its own share of problems with meat smuggling:
http://www.deutsche-welle.de/dw/article/0,2144,180 8099,00.html
http://www.eubusiness.com/Food/bonemeal-foodwatch. 92/

Also, not only Russia banned Polish meat:
http://english.people.com.cn/200611/10/eng20061110 _320195.html

Re:Government-orchestrated and encouraged

[Cyberax]

Finland war had a real objective - to move border from Leningrad (Saint-Petersburg) and secure some important territories.

Poland at that time was _occupying_ parts of USSR, so Stalin was merely liberating lands of USSR.

TU-4 story happened in 1944, the outcome of war was pretty clear at that time. BTW, do you want to talk about atomic bombings of Hiroshima and Nagasaki? Maybe about relation of crushing defeat of Kwantung army and Russians moving closer to Japan?

"The Red Army in WWII marched on US bread" - stupid. Ally help was less than 2% of USSR industrial output during WWII.

Re:Government-orchestrated and encouraged

Also, for 'allied victory' - USSR was the biggest 'ally' in size and manpower.

Sure, having millions of canon fodder troops was useful, esp. given german total superiority in about all other aspects of waging that particular war on eastern front. But even biggest russian victories of -44 were mostly thanks to germans having to transfer big chunk of their troops to western front thanks to Normandy. Hence the operation Bagrada's impressive advances. Now, if it wasn't for the fact that winner's (re)write history, it'd be more widely known the crimes of both red army, and especially its leaders: not the least against their own people, and those of countries unfortunate enough to end between the two fighting (then-)super powers.

And yes, mr. Putin is a rotten criminal well in line with earlier infamous russian leaders. I just hope he does follow Lenin's path (catches and dies of syphilis).

I also hope estonians can survive in the rough neighbourhood near the Big Bear, and that the nationalistic russian hot heads just basically fuck off (this of course excludes majority of russians who are decent and nice folks -- I don't mind sipping vodka with friendly neighbours!). I wouldn't want to keep statue(s) of bloody oppressors of yesteryear within my capital, anywhere, for any reasons. Why should they?

Re:Government-orchestrated and encouraged

[Vo1t]

Still, citing even a hundred cases of meat smuggling doesn't mean that all European meat is bad, just that somepeople commit crime. Rising such crimes to political level is a deliberate exaggeration.
Somehow neither Poland nor Europe does not declare war on Russia for all those vodka and cigarettes smugglers.
As for Ukraine - their current PM is Russia's dog (mind me - I'm pro Ukrainian revolution).That would explain why Ukraine is behaving like Russia. Furthermore, Ukraine is not using this argument in political disputes, Russia does.

Re:Government-orchestrated and encouraged

[Vo1t]

Well, I can't argue with that no place is paradise. Still, Europe at least has freedom of speech whereas in Russia journalists are murdered. It's not that Russia's conscience is clear, it's just Europe hears less objective information from Russia than Russia hears from Europe.

Re:Government-orchestrated and encouraged

[Moskit]

Thank you for posting the links! Good to get some more information about the meat problem.

Re:Government-orchestrated and encouraged

actually this whole thing only proves russias weakness, the ruling circles need some enemy but traditional candidates like the USA or even France and Germany are far to powerful to make it seem feasible. So suddenly it turns out russias greatest enemies are the Poles who showed support for the prodemocracy protests in Ukraine, Georgians who dared to capture several russian spies or Ests who removed a soviet monument. Next month it might as well turn out that the greatest threat to 'mother russia' are (and always have been) for example Tajiks.

Re:Government-orchestrated and encouraged

[Cyberax]

Well, if 90% of crime happens from to occur in Poland - why not ban Poland import altogether? After all, Russian is a sovereign country and can impose import bans at will. Don't like that and don't have strong political allies? Well, tough luck.

US pulls such tricks all the time - just remember 'steel vs. poultry' trade wars.

PS: what a coincidendce - I'm anti-Ukrainian-revolution and anti-Yanukovich at the same time.

Re:Government-orchestrated and encouraged

[Cyberax]

Do you say that ALL journalists have already been murdered in Russia?

I can't really remember the last big event in Russia which was not covered by western news agencies (which work freely in Russia, BTW). So it's not like there's no reliable information coming from Russia.

Re:Government-orchestrated and encouraged

[Vo1t]

I'm not saying there no information coming from Russia. I'm saying it's far more controlled by its gov. than in EU. Simply put you don't have freedom of press, most critical against Putin papers and tv stations were shut down by gov. under some bullshit excuses.
You don't have to kill ALL journalists to make most of them scared to write the truth.

Regarding your other post (this is my last post on this topic) It's not true that 90% smuggling come from Russia. What Putin did, was: he found a few cases of smuggling, smugglers were using forged Polish documents, but (as far as I can remember) were not Polish. They were using Belarus/Russia border. Out of this incident, Putin created a crusade against Poland and tried to use this case to make a conflict between PL and EU. When the threat to use EU veto on the WTO against accepting the Russia into WTO - Putin said that he is wiling to accept import of live cattle to Russia, so that his butchers will process the meat. This is obviously total Putin bullshit, because now he's contradicting himself - firstly the meat was bad, and now its ok (but he wants just to destroy polish butchers and their companies).

Re:Government-orchestrated and encouraged

[LWATCDR]

"Finland war had a real objective - to move border from Leningrad (Saint-Petersburg) and secure some important territories."
Ummm... Yea it was too steal land. I guess Russia was so threatened by big scary Finland they just had to protect it's self.

"Poland at that time was _occupying_ parts of USSR, so Stalin was merely liberating lands of USSR." No it wasn't Poland was restored from of the Austro-Hungarian Empire. Yea Stalin the great liberator. He was known as such the humanitarian.

"TU-4 story happened in 1944, the outcome of war was pretty clear at that time. BTW, do you want to talk about atomic bombings of Hiroshima and Nagasaki? Maybe about relation of crushing defeat of Kwantung army and Russians moving closer to Japan?"
The TU-4 was a copy of the American B-29. Some B-29s landed in eastern Russia after attacking Japan. There crews where imprisoned and they planes stolen and coppied. What great Allies the Russians where.

As too what the US gave Russia here are the hard numbers.
Aircraft 14,795
Tanks 7,056
Jeeps 51,503
Trucks 375,883
Motorcycles 35,170
Tractors 8,071
Guns 8,218
Machine guns 131,633
Explosives 345,735 tons
Building equipment valued $10,910,000
Railroad freight cars 11,155
Locomotives 1,981
Cargo ships 90
Submarine hunters 105
Torpedo boats 197
Ship engines 7,784
Food supplies 4,478,000 tons
Machines and equipment $1,078,965,000
Non-ferrous metals 802,000 tons
Petroleum products 2,670,000 tons
Chemicals 842,000 tons
Cotton 106,893,000 tons
Leather 49,860 tons
Tires 3,786,000
Army boots 15,417,001 pairs

I had heard that there where some neo Stalinists popping up. Never thought I would ever meet one.
Hate to tell you this but the simple truth is that Stalin was a mass murdering blight on humanity. The only reason that Hitler lost the Russian campaign was because he actually treated Russians worse than Stalin. Even then 5% of the German army where Russians fighting against Stalin. http://en.wikipedia.org/wiki/Russian_Liberation_Ar my
And then you have the great liberator Stalin... I wonder what the Poles in Warsaw in 1944 would say about the great liberator.
One of the great myths is that people from the US don't know history.

Re:Government-orchestrated and encouraged

Well, if 90% of crime happens from to occur in Poland - why not ban Poland import altogether? After all, Russian is a sovereign country and can impose import bans at will. Don't like that and don't have strong political allies? Well, tough luck.

US pulls such tricks all the time - just remember 'steel vs. poultry' trade wars.

PS: what a coincidendce - I'm anti-Ukrainian-revolution and anti-Yanukovich at the same time.

Same freaking tune. At first, Russia bans Polish and Georgian stuffs because they are shit, and now the Russia bans because, the fuck, because it can.

Of course, whatever the nasty business the Russia gets called on, it's ok because "the US does it, too."

Grow up, chump.

Re:Government-orchestrated and encouraged

[asninn]

without any "official" guidance.

There may not have been anything *official*, but do you honestly think that the two countries' respective intelligence agencies were not involved? Come ON.

Re:Government-orchestrated and encouraged

[Cyberax]

Yes, and all this was just a small fraction of total USSR industrial output: http://en.wikipedia.org/wiki/Eastern_Front_(World_ War_II)#Industrial_output

RLA and its Ukrainian counterpart is a different story. Their goals might have been noble, but their methods were disgusting.

Re:Government-orchestrated and encouraged

[LWATCDR]

Of course it was a fraction but not an insignificant one and not one that Russia could have lived without. But that was JUST what the US gave to Russia, not what the US gave to the UK, the free French, and the Chinese. Plus what it produced for it's own war effort. I never said Russia did nothing. It was an ally. No the best of allies to be sure. I am not dismissing the men and women of the Red Army. I am simply stating that Stalin was almost as Evil as Hitler and the Russian people have little to proud of their government for. The RLA was disgusting no doubt but to me it shows a lot about Stalin and his government that they existed at all. Not to mention that motivational tactics that the Russian army used with it's troops.

So yes Russia should take pride in the actions of it's people not of it's government in WII. As I said it was an ally it didn't defeat Hitler anymore than the US, or the UK did.

Re:Government-orchestrated and encouraged

[mi]

Amazing... You are, actually, justifying Stalin's actions by Poland's "misbehavior" — Pinsk massacre, where 35 or so suspected Commies were executed without trial.

Outrageous as it might be, to bring this up even in the same post as Stalin is most ridiculous. 35 people executed without trial is an even, over which Stalin wouldn't even have been waken up by his staff.

For example, shortly after conquering its half of Poland (in full cooperation with the Nazis), Stalin's scumbags have executed between 2000 to 22000 people in Katyn — POWs and others.

To cover up the crime, KGB dachas were built on the site to keep the "inquiring minds" off, and Soviet propaganda made much of the (rather minor) Nazi war crime perpetrated in a village with a similar-sounding name. Hitler soldiers have burned 149 villagers alive in Khatyn...

Anyway you slice it, Russia's crimes always come out bigger and greater than anyone else's — and yet her apologetics dare to condescend on other nations as "misbehaving"...

Glorious past, indeed...

Let's get real....

"... there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large..."

Come off it! The population won't give a drop of gnat's piss. They don't depend on computing for anything. So their e-mails go a bit slow - there's nothing unusual there if you use Microsoft. Given how much people put up with anyway, I can't see them noticing!

How to stop that spam

[Nymz]

For 3 years straight I've been getting hit by Viagra and Penis enlargement e-mails/ads about 30 times a day.

If you purchase those items, then they will stop targeting your email. That's what a friend told me.

Russia - cybercrime capital of the world

I'm seeing a shitload of spam and SSH scanning from Russia. There's also stuff like the excellent Nginx web server, no reason to doubt the authors motives but at what point would he cave to mafia threats and insert a back door?

The situation in Russia isn't helped by the fact that the mafia are basically the state (Putins FSB). Europe will eventually rely on these villains for natural gas, what can the west do about the situation before it's too late?

Re:Russia - cybercrime capital of the world

[99BottlesOfBeerInMyF]

Russia - cybercrime capital of the world

According to the site mentioned in the article, Russia comes in at #17 in the attacks by country breakdown at the bottom of the page. It covers scanning, fingerprinted attacks, and DDoS attacks (no spam). The number 1 country is the good 'ole USA. We're #1! We're #1!

Re:Russia - cybercrime capital of the world

[Quiet_Desperation]

what can the west do about the situation before it's too late?

Put the robber on their most productive hex, and surround them with roads?

Sorry. I was playing Catan on XBox Live, like, all weekend.

Re:Russia - cybercrime capital of the world

Few attacks originating in Russia could be traced back to Russia, some of the best crackers in the world come from St Petersburg.

Remember this? What about other high profile attacks at that time? These people haven't vanished, they just got serious and learned not to draw attention to themselves.

Re:Russia - cybercrime capital of the world

#1 the US is, but only depending upon how you look at it. The US is #1 in that it holds a fair chunk of the worlds computers and more then a few of those computers are zombies. As a result, 'attacks' generally have a large US contingent in the form of zombied US computers. I also wouldn't be surprised to learn that the US takes the lions share of the spam market.

When it comes to extortion though, I would be surprised to find that the US ranking very high. Conducting extortion in the US against US companies is a very risky thing. The uglier cyber crimes out there have ring leaders that tend to say in other nations with weaker law enforcement against things like extortion.

mod parent down

Only thing is, the image would be corrupted forcing an infection on your machine...

Sure dude... So on, say, Linux, you'd have to exploit supposedly a buffer overflow to gain local access *then* you'd need to exploit a local root exploit to gain root privileges. Multiply this by the number of Linux distros out there and the number of different IM clients and suddenly your pet theory falls flat. Or maybe you were talking about rooting Vista boxes? Cancel or Allow?

You've posted links to this lame "infiltrated" website several times... This website is full of random babbling and misinformation, all the "exploits" look exactly like: "type sudo root apt-get install trojan" or "type sudo root rpm -Uvh trojan.rpm". See the flaw?

You predicted a major Un*x worm coming in the next 9 months... As a regular Un*x user bragging about your OS of choice using "uname -a", you really should know better about how Un*x OSes are working.

Your "tripwire on steroids" is plain laughable... But you mentionning Tripwire raise an interesting question: should people run your "Proof of Concept" [sic] backdoor using "sudo root" (how else could you execute root commands on a system you plan to attack? Wait, even without needing root, how do you plan to run your "Proof of Concept" backdoor on someone's computer?), how would you defeat people unmounting the drive and scanning it from a known clean system running an integrity tool like Tripwire?

Methinks you *pretend* to know something about security but you're actually just at the very beginning of your long journey (your MD5 + SHA1 + ... checksum for your "poor man tripwire" is pathetic).

It is really completely dumb to pretend to have a "Proof of Concept" backdoor for Un*x systems that needs to be installed doing "sudo root something".

I've got here at home one Debian etch (custom-compiled kernel), one old Fedora Core 4... And one OpenBSD box. Care to explain how from here to nine months those Un*x machines will get infected by a major Un*x worm/trojan/plague whatever?

For either you explain it or you accept you, and your website, are full of sh*t.

To moderators: that guy has been modded as troll previously, he doesn't know jack, put him in your "-1" list.

that's the biggest problem with this warfare

[circletimessquare]

say you had two countries simmering over some stupid feud: land or machismo or even a soccer game. in such a situation, any cross border incursions or launched missiles can get back to a matter of accountabilty: what comes from your territory is your responsibility, and the fact that something came from your territory or not is pretty straightforward. the side where the incursions came from can even make excuses, but the other side can still say: "look, these guys came from your territory. clean it up yourself or we'll clean it up for you." that provides some straightforward safeguards right there

however, things are too nebulous on the web. no accountability. the russians that attacked estonia can not be found by russia and suppressed easily, because no one knows who they are. well, obviously there can be some intelligent detective work done (who purchased the botnets for rent, for example), but my point is, any group of teenage assholes can do this sort of thing, from any botnet in the world, and so it renders obvious lines of accountability all nebulous and unresolved

and so it is sort of like terrorism, in that there is no one easy and big to blame. no state or governmental entity. it's vague and undefined. and in the end, therefore, these sorts of wars/ crimes are really the defining characteristic of conflicts in the 21st century. for the most part, wars of nation against nation and obvious straightforward battlefields seem to be a dead era. today's conflicts are all about shadowy organizations ready to do nefarious things in the name of nebulous agendas, and finding and stopping who or what or how is simply a task without any clear goals or clear yardsticks of progress

some people would use this fact to say that therefore there is no war or conflict at all, that say, the "war on terrorism" isn't real. no, wrong. the threat is still very real. something like 9/11 is not a phantasm of a neocon's imagination

it's just that the enemy is opaque and made of fog. but because the enemy is hard to pin down, does not mean there isn't nefarious intent out there you need to protect yourself from. yes, that vagueness can be used to amp up fear and provoke overreaction. but, in a way, doing nothing is still worse than overreaction (unless overreaction consists of taking the war to targets that should not be targets)

we live in a difficult era folks. do nothing, you're damned. do something, you can be damned worse. you need to be clever and constant and precise in your efforts, and you'll still screw up and get blowback anyways, and you must still soldier on nonplussed nonetheless, against cyberenemies, against terrorism, with no real yardstick of progress, with no real verification of success or failure, with nothing but the fog for miles and for years, and then a plane in a skyscraper, or a bomb in a disco, or a flood of emails, or a DoS for seemingly no rhyme or reason... and then gone again like a fart in the wind, until the next mass murder. it's psychologically debilitating, and yet constitution and fortitude are your best character qualities needed in order to beat back these shadowy enemies

Re:that's the biggest problem with this warfare

Your comments are spot-on, but only under the assumption
that internet packets are untraceable and anonymous.

They are that way given the standard TCP/IP stack, but
they would not have to be in some future replacement
for it.

I think that internet anonymity comes with an economic cost.
As long as the cost is reasonable, people will continue with
the current state of affairs. But if the cost becomes widely
perceived to be unreasonable, then we'll see some infrastructure
progress towards a solution.

"All you can do is live with the status quo" is not the only
alternative.

Re:that's the biggest problem with this warfare

[vertinox]

what comes from your territory is your responsibility,

Seems well enough to work for the Lebanese government. Of course when you are at the brink of civil war... You really don't have control over what goes over your border.

Re:that's the biggest problem with this warfare

[alexgieg]

William Lind, a scholar on the subject of this new style of war, which he calls "4th Generation of Modern Warfare" (to distinguish it from the other 3 common types of military organization: organized battlefield; top-down order-based hierarchic army; and blitzkrieg) as a shortcut for something that is fast-paced, non-centralized, stateless, guerrilla-based, multi-polar and simultaneously global, international and local, says that the best way for one to defend himself from it is by doing two things:

a) Focus inwardly, trying to be on the smallest possible number of 4GW organization target lists. The less people hate you, the better you are;

b) Focus locally, building your defensive strategy on fast deployed forces stationed where they act and, if possible, made up of residents of the area, as well as lowering the dependency each area has on resources deployed from too much away. The more centralized and distant and your military force is, the weaker you are. The more dependent you are on goods and services coming from other cities, states and countries, the weaker you are. (Note that this isn't the same as neglecting a strong and big army. It's more of the way said army is built.)

USA fails on both aspects. It fails "a" miserably by making its presence felt all over the world, thus entering the list of almost everyone. And it fails "b" by encouraging a false sense of security on its population, when it should be making local militias and weapon usage proficiency as much widespread as possible, as well as by having an absolute, complete, all-embracing dependency on foreign natural resources, goods, services and work.

On a 4GW world, this is a recipe for disaster.

Re:that's the biggest problem with this warfare

[Vancorps]

If you have no way to measure success then you need a new approach. Treating headaches again and again with Advil sure will get rid of the pain, but eventually you're either going to have a stroke and possibly die or you'll experience kidney or liver failure.

If stress of the job is causing the headaches then you need to find a way to cope with the stress or get a new job. Continuing on course is not the correct action, the definition of insanity is doing the same thing over and over expecting a different result.

Countries certainly can control what leaves and enters, except that its not countries that do control the Internet. Instead, private entities like AT&T, MCI, Sprint, or any of the other carriers that peer with other countries should be implementing systems to prevent these kinds of attacks from spreading not just from country to country but internally as well. The technology exists to prevent DDoS attacks, they just need to implement them. Given the number of tax dollars these companies receive I don't think it's out of the question to get them to implement some basic protections while maintaining anonymity.

Even worse, in the case of a multi-national company like AT&T they peer with themselves to cross borders so they are even more to blame for allowing this type of behavior to occur. Of course I'm looking at it from a U.S. perspective. Estonia's infrastructure may be very different but I'd be willing to bet if their neighbors had similar mechanisms in place then this wouldn't be a problem. It works as great PR for a country when they can support this type of technology but perhaps more importantly if everyone is implementing it then you can't be attacked with those methods. Of course that also means you can't attack with such methods but if you're relying on DDoS then you're probably not a military.

So has anyone implicated the Russians?

I understand that the Russians are essentially harassing countries that used to be part of the Soviet Union, most notably they have been trying to interfere with the Ukraine. I wonder if they have anything to do with this DOS attack on Estonia's government network.

Re:So has anyone implicated the Russians?

[Mr.+Underbridge]

I understand that the Russians are essentially harassing countries that used to be part of the Soviet Union, most notably they have been trying to interfere with the Ukraine. I wonder if they have anything to do with this DOS attack on Estonia's government network.

Enjoy your Polonium soup, Anonymous Comrade.

Simpler solutions ...

[trolltalk.com]

1. Just slashdot them, silly!
2. Set up proxies to help employees of the government you want to bring down get past blocks to their personal MySpace pages.
3. Move ThePirateBay there and watch their internal network melt.
4. Send Celine Dion there as a good-will ambassador (ok, that's really an act of war ...)
5. Have Dick Cheney invite their leaders out for a friendly weekend get-together and hunting trip.
6. Offer international aid - through FEMA.

Re:Simpler solutions ...

[R2.0]

"Send Celine Dion there as a good-will ambassador (ok, that's really an act of war ...)"

Accompanied by Brian Adams and Alanis Morissette, it could be the crushing first strike on the way to Canadian global domination.

I think not.

[nsebban]

It could also be somewhat visible. Yes, some attacks are somewhat visible indeed.

Re:I think not.

Has no one seen the Ghost in the Shell Anime series? In particular the 2nd season (2nd Gig). They show interesting concepts of hacking hardware in real time. Targeting systems for sniper rifles, communications systems. When stuff gets small enough where it'd actually be nice to have on the battle field, it could also be considered a point of weakness.

We already have developing technologies in that direction. Blue tooth, WiFi and such are great for short range, personal networks as well as team based LANs.

Government-orchestrated? Please

[saikou]

Given how "well" Russian Government organizes things it'd be an utter failure. Please remember, there are many people and groups in the whole world that are quite capable of doing it by themselves. What, do you think the government has nothing else to do than to issue covert demands for every dial-up user to ping particular Estonian servers?
Estonia (and some mass media) simply find it useful to blame everything on Russian government now. Russian companies refuse to buy their products because customers stopped buying them? Blame Kremlin. If a giant meteor were to strike the capital right now, there'd be a couple of experts saying that "Nobody can prove it wasn't a covert Kremlin operation".

Of course you also have to think about it from the other point of view. If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place... Would Americans grin and bear it? No? Loud screams from politicians asking for sanctions? Regular people doing everything they can to protest it? Net bot herders making statement and then bragging about "squashing the embassy N servers" between themselves?
Would the US government have to encourage people to do it?

Now tell me, what's the difference?

I would think the more important thing would be Pentagon's readiness to bomb the source of cyberattacks, which means that a group of bot herders can decide which country Pentagon will be bombing next.

Re:Government-orchestrated? Please

[mi]

Given how "well" Russian Government organizes things it'd be an utter failure.

I think, you are a bit too dismissive of the Russian Government's ability to organize certain things. Ending drunkenness may not be among them, but killing or imprisoning detractors they can do. Pressuring a neighbor economically? Sure — I remind you of the "alcohol-containing liquids" again... A cyber-attack? Yes, they can — far easier than putting polonium into somebody's tea in London.

If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place... Would Americans grin and bear it? No? Loud screams from politicians asking for sanctions? Regular people doing everything they can to protest it? Net bot herders making statement and then bragging about "squashing the embassy N servers" between themselves? Would the US government have to encourage people to do it?

US government would not encourage people to do it. Russian would. That's my point.

Re:Government-orchestrated? Please

If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place...

I can't be arsed to seriously reply to your other stupid points, but here are some "minor" problems with your analogy:
The people buried near the Bronze Soldier DID NOT die there, there were no WW2 battles in Tallinn. Also the Bronze Soldier WAS NOT a mark for the graves of dead. Their graves were unmarked and there were was nothing pointing out that there were graves there. Also it was your glorious USSR that buried them right under a fucking trolley stop. BTW they were not just moved "somewhere" they were reburied at the same military cemetery where the statue was moved.

Re:Government-orchestrated? Please

[phayes]

If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place... Would Americans grin and bear it?

No, they would pay for the repatriation of the bodies so that they could be buried on US soil just as they have been doing for the past 40 years in VietNam/Cambodia/Laos. If The country where they died is willing to keep the war graves & family in the USA do not want to repatriate them, the USA pays for part of the upkeep of the cemetery as they have been doing for the last 90 years for WWI & WWII war graves in western Europe. When, as has occured in a number of instances here in France, some graves need to be deplaced (A few of the WWI war graves were small & in inconvenient spots -- the remains were moved to a larger war cemetery or once again repatriated), the US has helped pay.

Contrast that with your reaction to the deplacement of a Russian war hero statue that Russia installed in a foreign countries heart. Russia's reaction is one of revanchism where you want to reconquer the "lost" territories much like France did from 1870-1918.

Re:Government-orchestrated? Please

[mmmarcin]

You know, in Russia "Kremlin operation" is like one bad guy telling second one to attack them. And the right people will do it. And there is nobody in the whole country to pin them. And, anyway, electorate, knowing, would like it... Think of mafia. Is mafia not well organized? "Russian government" is just name.

And about estonian products: it *is* political issue, not market one.

Re:Government-orchestrated? Please

Of course you also have to think about it from the other point of view. If there was a symbol for all US soldiers that died in combat, that marked their graves in another country, and that country would then decided to just move it somewhere else, because they want to put a highway on top of that last resting place... Would Americans grin and bear it?

Perhaps Russians should ask themselves why none of their former satellites where sorry to see the Red Army leave ? Or why some countries that had been part of the Russian empire for centuries opted for independence at the first chance they got (twice, in case of the Baltic republics). That might help explain why a number of Eastern European countries are eager to be part of NATO, and why they might want to remove Red Army memorials.

The facts

Without a 2 front war you would be speaking German, make no mistake. Let's face it, the US mostly whipped the world into shape in WWII. Why we allowed Stalin to retain power, I'll never know. We should have given Patton an army of rearmed Germans to finish you off.

Yes, you launched a satellite, and yes you launched a man into space. Your efforts were greatly assisted by German rocketry (as were ours). You lost the big enchillada, the moon landing. Your empire no longer exists. Indeed you are surrounded by enemies.

Also, your economic warfare against Poland and Estonia are against WTO rules, a US invented organisation that you grovelled to join. Expect to be dropped from the G8 soon.

Your past is shit, as the Estonians so poignantly demonstrated.

Re:The facts

[Minwee]

The moon landing, of course, was only possible because the USA's German rocket scientists were almost as good as the USSR's German rocket scientists.

Re:The facts

[shutdown+-p+now]

Indeed you are surrounded by enemies.

The saddest part to this is that the enemies are only those Russia made herself. It wasn't like that in the 90's, and, with the right choices, Russia could become a proper European country... but the imperial ambitions remaining from the Soviet days were too strong, and won the day.

Re:The facts

[m50d]

Without a 2 front war you would be speaking German, make no mistake. Let's face it, the US mostly whipped the world into shape in WWII.

Utter bollocks, as any high-school student of history outside the US knows (And no, I'm not Russian, nor do I have any love for their country)

Why we allowed Stalin to retain power, I'll never know. We should have given Patton an army of rearmed Germans to finish you off.

Stalin stayed in power because had the US tried to force him out of it they would have lost. Plain and simple.

Yes, you launched a satellite, and yes you launched a man into space. Your efforts were greatly assisted by German rocketry (as were ours). You lost the big enchillada, the moon landing.

It was only the big one if you get your targets from the US. Winning the first 2 out of 3 rounds sounds like a Russian victory to me.

Your empire no longer exists. Indeed you are surrounded by enemies.

How's your empire-building going, USA? Your enemies might not border you but they are more numerous and growing by the day.

Also, your economic warfare against Poland and Estonia are against WTO rules, a US invented organisation that you grovelled to join.

Enjoying your international criminal court there? Oh wait

Re:The facts

Since The Soviet collapse the Russian empire has half its former population and a fraction of its economic strength. In the same period the US economy has doubled. Russian victory? Amusing! Have another Vodka comrade.

Maybe it's just me...

[fahrbot-bot]

...but every time I see a story about Estonia, I always think Elbonia. My apologies to both Scott Adams and the people of Elb^h^hstonia.

Re:Maybe it's just me...

Your apologies should be to the people of Estonia, actually...

Re:Maybe it's just me...

Wait, I'm confused, which one's fake?

anonymity

[circletimessquare]

has pluses and minuses. an internet where there is no anonymity is also the autocratic oppressive regime's best friend

Internet Death Sentence

[jd.schmidt]

Frankly, because of stuff like this, we need to be prepared to use a variation of the old Internet Death Sentence. Hostile nations could be removed from the routing tables (i.e. we don't route traffic to or from them). With international cooperation attacks like this *could* be stopped dead in their tracks, with the side benefit that the offending nation would have a high priority desire to clean up the attacks.

Just another tool you need to keep in your toolbelt.

Thanks, Bottles.

[RealProgrammer]

The first "D" stands for "Distributed."

Thank you for your charity in not calling me stupid.

There is a huge difference between being totally shut down by a DDoS attack and being 90% shut down. If you are shut down, there is fear; if you are limping along, you become angry. In a fight, anger is better than fear.

Having multiple points of entry helps in the effort to stay up, no matter what the cause. The reason DDoS's work is that Internet connections are leveraged: a small number, usually one, address per resource. In the case of a network gateway, there is one address for lots of resources.

Now, if the goal of the botnetter is to take down one speciific host, there's not much to be done except switching hosts, and repeating until one of you gets tired.

But if the problem is defending a whole country, then it's the gateways that must be defended. That problem is very hard if you only have one gateway, since the botnets only have to be aimed at one address. But if you have multiple addresses, while it's more work for you, it's very much more work for the attacker.

Also, having multiple gateways to defend gives more information about the sources of the attack.

In effect, having multiple gateways changes the game from a many-on-one attack to a many-on-many attack, which makes it more likely that you will succeed at least in a limited way, which is the goal.

Re:Thanks, Bottles.

[99BottlesOfBeerInMyF]

In effect, having multiple gateways changes the game from a many-on-one attack to a many-on-many attack, which makes it more likely that you will succeed at least in a limited way, which is the goal.

In the case mentioned here, it is government servers/services under attack. Regardless of how many different gateways lead to those servers and services, if the attackers use the same way of getting there as users, then either the attacks will get through or legitimate users won't. I do see where multiple gateways can be useful in two ways. One, if you have some vital service white-listed and of higher priority than anything else, you can blackhole all other traffic to keep it up and using a dedicated gateway can hide it from an attack targeting other resources. The other way I can see it helping is if a specialized attack, takes down a server not through just bandwidth from the attacker, but through manipulation. For example, if an attack was making http requests then dropping the session and doing it over again, some Web servers will DoS themselves and clog the router in the process. Using a separate gateway could prevent that from DoSing other services at the same time (more so than simply increasing overall bandwidth).

Re:Internet Death Sentence

[99BottlesOfBeerInMyF]

Frankly, because of stuff like this, we need to be prepared to use a variation of the old Internet Death Sentence. Hostile nations could be removed from the routing tables (i.e. we don't route traffic to or from them). With international cooperation attacks like this *could* be stopped dead in their tracks, with the side benefit that the offending nation would have a high priority desire to clean up the attacks.

I don't think that stopping routing from a country would make much practical difference. There are millions of vulnerable and already compromised Windows boxes scattered across the world. You can rent time on them from a Web interface. A big part of the usefulness of DDoS attacks is it is easy to make it impossible to attach them to an individual or country since the actual traffic comes from all countries. Most of the compromised machines known to be attacking as part of a botnet are within the US.

Botnet?

[Maxo-Texas]

A trivial threat compared to posting the major web addresses on Slashdot.

well yeah

[circletimessquare]

not having responsibility for what goes on inside your borders is not an acceptable state of affairs. because neighbors will begin to get angry about it because of the rats and vermin making incursions from your lands, and then they will go in and clean things up themselves, and this of course is an escalation. that's why being responsible for what goes on inside your borders is the most imperative thing for a country to have. if they don't have it, there is only war and misery to be had with everyone who lives on the borders of such countries as assholes capitalize on the anarchy to further their mayhem

Yowza...

[mpapet]

the russians that attacked estonia can not be found by russia and suppressed easily, because no one knows who they are.

Typically, if someone _needs_ to be prosecuted, "round up the usual suspects" applies. That you think otherwise is folly.

and so it is sort of like terrorism, in that there is no one easy and big to blame. no state or governmental entity. it's vague and undefined.

This is a half-truth used to create a fearful population and justify egregious limitations to your personal freedoms.

today's conflicts are all about shadowy organizations ready to do nefarious things in the name of nebulous agendas
and finding and stopping who or what or how is simply a task without any clear goals or clear yardsticks of progress

Exclusively associating this with the "terrists" is sadly inappropriate. The American intel community certainly does the same thing. The terrists didn't just appear out of the clear blue sky. As an example, please review the history of Afghanistan from, say 1970 to present.

the "war on terrorism" isn't real. no, wrong. the threat is still very real. something like 9/11 is not a phantasm of a neocon's imagination

No. It's a direct result of Western foreign policies. Except Americans don't pay attention to what their Government does, much less other super-powers that screw the regions up.

it's just that the enemy is opaque and made of fog. but because the enemy is hard to pin down

Wrong again. "the enemy" is a strategic result of a horrible event in American history that was a direct result of decades of bad foreign policy. The strategy justifies and accelerates sodomizing many of the founding principals of American Government. For example, the balance of powers.

If you didn't read 1984 by George Orwell, go to your local library and check out a copy today.

you are a genuine idiot

[circletimessquare]

how the hell in your mind does the malintent and bigotry of someone against you become your fault is utterly beyond my comprehension. sir: if i think i am superior to you because of race/ religion, that is an original sin on my part, which i am only accountable for

nothing, absolutely NOTHING i ever did or could ever do to you justifies or explains my own bigotry against you. al qaeda is not fighting the west because of che guevara, or the kyoto protocols, or walmart, or nike sweat shops in indonesia. al qaeda is fighting the west because al qaeda HAS AN AGENDA ALLL OF IT'S OWN. it believes it's version of sharia law should apply all over the middle east, and against every and all infidels who dare meddle. and by "meddle" i mean any retarded rationale they cook up to justify mass murder far beyond their borders

for example, what is the great crime that the hindus of bali perpetrated on the muslim world to justify the disco bombings there after 9/11? guess what: there is none. the target was valid because al qaeda's goal is the creation of a pan-islamic state in southeast asia. being a member of some other religion automatically justifies your qualification for mass murder. this is the way of the bigot: i am muslim, or i am white, or i am chinese, or i am baptist, whatever: just that fact alone makes me worthy of life and everyone else worthy of death

how the HELL in your mind does that original sin on the part of al qaeda members become the fault of the usa, or ANYTHING the usa EVER did in your mind? it's breathtaking your leap of logic over that one

if you apply your logic equally to the west and the middle east, then based on 9/11, the usa has every right to invade iraq. hell, based on 9/11, i as a westerner have a right to go to egypt and kill women and children. BASED ON YOUR RATIONALE it would be acceptable for me to go kill civilians in egypt because of 9/11. all of the rationale you use to say the usa deserved, or should have seen 9/11 coming applies equally to me going to egypt to commit mass murder because of 9/11. do you believe i am justified? of course you don't, and of course you would be wrong if you thought 9/11 justifies invading iraq

BUT THIS IS EXACTLY HOW YOU EXCUSE WHAT AL QAEDA DOES: the usa did (xyz) along time ago in the cold war in pursuit of goal (abc), where both (abc) and (xyz) HAVEN'T GOT ONE FUCKING THING TO DO WITH COMMITTING MASS MURDER ON CIVILIANS BY ANY LEAP OF LOGIC OR REASON

how the FUCK can you support that rationale and in ANY conceivable way consider yourself to be a proponent of peace, of having a human conscience, of having any intellectual or moral coherence? you're just a reflective partisan hater of the usa. you are intellectually and morally bankrupt. an empty signal. that's the beginning and ending of you. you're completely empty and bankrupt

i say fuck the usa. who cares about the usa, the usa does plenty of bad in the world. did you fucking hear me?

i repeat: FUCK THE USA

i do not need nationalism or ANYTHING PRO-USA to support my views of you and to shut you down. because my view is NOT PRO-USA. my view is ANTI-PREJUDICE.

listen to me closely you prejudicial ignorant fuck: if i am going to condone or excuse evil in this world FAR worse than whatever the usa has ever done in the name of hating the usa, then i have become utterly devoid of intelligence or morality or a human conscience

because the usa gave osama bin laden a stinger missile in 1982... means the usa should have seen 9/11 coming? wtf is wrong with you? seriously, your delusion is huge and almost impossible to understand

let me tell you the truth about your retarded worldview: the truth is you are ethnocentric and a racist.

you don't see people in the middle east as your equal. equality implies equal amount of human rights... and equal amount of human responsibilities

but that's now how you think of middle easterners. you think of them as children. in your eyes, when someone in the middle east does something wrong,

but there's a conflict here

[circletimessquare]

that you are not identifying: control versus freedom

all of the changes you propose are basically the wet dreams of authoritarian censoring oppressive governments everywhere

it is very much in the name of freedom to leave the internet devoid of such control... and an internet devoid of controls leads to this sort of anarchic bullying by shady forces

negatives with both approaches, pluses with both approaches

it all boils down to that familiar schism... control or freedom/ security or liberty: the ideological conflict of the 21st century

Re:but there's a conflict here

[Vancorps]

Perhaps you missed the part I wrote about maintaining anonymity? Preventing DDoS is very easy without needing to identify people. I also said that most countries don't control the Internet because corporate entities do. I was not advocating this be changed. Only that we provide guidelines to those entities that peer with other providers. If you implement some basic techniques at the peering locations then you can prevent the vast majority of DDoS attacks because it can be aggregated enough to cause problems. Then the regional personnel can handle the problem with whatever policy they see fit, whether it be through shutting off the subscribers bot infested machine or just simply ignoring the problem. As long as it doesn't go past the next peering point then the problem won't become an aggregate problem and DDoS will be gone and no government has any new way to censor beyond their current abilities.

Control and freedom are not mutually exclusive, everyone at my office can go to whatever website they like. My firewall will filter out 99% of any malware they encounter. Local access privileges restrict the last 1% from actually causing any harm so my users can do what they like without worry, plus they don't have to see myspace ads. I don't have to track them to provide a little control over them. I'm getting rid of the bad while allowing them to continue on their merry way.

In short, I fail to see how anything I said that would appeal to an authoritarian regime as it would prevent them from launching DDoS attacks on their neighbors. That's the whole point, it is nothing but a net gain so I don't understand why there would be any resistance to something like this

"Protest tool"?

One person's "protest tool" is another's "terror attack". In this case I'd say the later because transfer of information was denied. If say, web pages were added to sites promoting a view I may consider it a "protest". By making sites inaccessible is no different than blowing up a bridge or building.

well said

[circletimessquare]

i should have qualified my statements. there are plenty of security versus liberty dichotomies which are actually false and are presented by demagogues. that being said, there are also some fundamental security versus liberty choices people need to make on a daily basis. and these choices are always being revisited in times when some people abuse their freedoms in order to inflict harm on others. the idea is to limit freedoms in limited ways for limited time periods at targetted systems/ individuals, such as with DDoS attacks as you aptly demonstrate, not blankly take away everyone's freedoms on the justification of one indiscretion by one malcontent

however, oppressive regimes do exactly that for exactly those reasons. so the dichotomy between freedom and security may be false, but the excusing of taking away freedoms in the name of security is done all the time and is very real nonetheless

Re:well said

[Vancorps]

I agree that people often give up freedom for security and that it is never worth it. In this case however the only freedom being taken away is the freedom to launch DDoS attack on people. It's very limited in scope and only serves the best interests of the law abiding with zero innocents getting caught in the crossfire. It's a total win-win situation, the only thing is costs is a little time and probably a bit of money which we waste in dealing with the problems of DDoS attacks. I've had to divert time and other resources to deal with such things in the past and I tend to believe if there is something we can all do to help prevent this then we'll all benefit and there is no reason not to participate. This is a reason outgoing port 25 is completely banned on the subnets thats my workstations use. I have selective bans on other subnets which contain servers allowing only the MTAs to transfer mail out.

Basically if people become more responsible for the machines in their care the problem goes away. To aid in this end I think ISPs should assist by blocking DDoS attacks. I don't see any downside to it. If you're forging an IP address then you don't intend to receive the result of what you're sending out. I can't find any legitimate reason for this on the Internet.

Kremlin-backed Putin-Jugend has claimed credit

[Anonymous+Bullard]

A member of the Kremlin-backed "Putin-Jugend" (aka Nashi) has now claimed credit for organizing the attacks with his associates, saying it hadn't been coordinated by the ultra-jingoistic Nashi-group (thereby conveniently absolving direct responsibility from the Putin regime).

Can you imagine...

[CYDVicious]

a cyber-attack that criples South Korean internet during the launch week of StarCraft 2?

Yeah, scary.

Re:Can you imagine...

[Firefly1]

a cyber-attack that criples South Korean internet during the launch week of StarCraft 2? Yeah, scary.

And probably being planned as we speak. Whether as the 'or else' for an extortion of unprecedented scale, or Terra's biggest 'look what we can do' is a question I leave to your respective imaginations.
If nothing else, it'd be an interesting news story...

What?

[LuNa7ic]

For a moment there I thought the page title said 'The real impact of the Elbonian Cyberattack'. Glad thats cleared up!

Hackers from all over

[caller9]

I get at least 2 average 3 attempts to root my system from all over the world. One odd thing is that Romanian reverse DNS lookups are just actively refused for this zombie 217.156.110.24. http://www.dnsstuff.com/tools/ptr.ch?%26ip%3D217.1 56.110.24

I know its either a compromised box of little importance, or some script kid. Best option along with denyhosts is uncommenting "PermitRootLogin no" in sshd_config.

Anyway, what is the motivation for tag.starnets.ro to refuse reverse lookup? No need to answer american queries? Firewalled off the evil americans? Hiding something?

Could conjecture all day on that. The bot that hit me next was from California 68.183.62.151. Apparently a DSL Extreme customer running an SSH server open to the public no less. Probably rooted by that very means. They really wanted the user "test" to work apparently.

Why isn't this kind of tresspass prosecutable, at least inside the US.

Estonian government deserved DDOS

[TrueRecord]

During WW2 Estonia was German ally. German SS and police units, with Estonian auxiliaries, massacred the Jews of Estonia and others. They established concentration camps where they burned and gunned down Latvians, Belarussians, Ukrainians,Russians and Jews. _These_days_ Estonian govermnent recognize Latvian waffen SS divisions as heroes and threaten to destroy monumets made to commemorate the victory over fascism.

Re:Estonian government deserved DDOS

Estonia was occupied by Russia in June 1940 and later by Germany and then again by Russia, and Estonia could do nothing. The German ally was Russia - until Hitler attacked Russia. Wehrmacht and Sovjet army together occupied Poland, had a joint victory parade in Lviv, together devided Europa. The concentration camps in Estonia were grounded during occupation by nazis, and similar - or even more terrible camps were everywhere in Russia - the "famous" GULAG where the number of victims tens of times exceeded the number of nazi victims.

Re:Estonian government deserved DDOS

[felixdzerzhinsky]

While you are at it (using your logic) the Romans massacred people all over Europe. So let us declare war on Italy. Blaming the entire Estonian nation, most of whom were not even born at the time, is irrational. Individuals commit war crimes not countries. And individuals who commit war crimes, particularly the senior leaders, should be tried.

Re:Estonian government deserved DDOS

Estonia didn't even exist anymore when WWII was rolling over the country. It was Soviet Union and people had to choose sides, be it forcefully or not.

Re:Estonian government deserved DDOS

[TrueRecord]

Who blames the entire nation? Estonian goverment makes/helps raise monuments to SS soldiers, justifies the alliance with germans. That is the blame. Half of the Europe was under Hitler, but rare birds helped him so enthusiastically gathering regular forces. But it is of little importance now, but the position itself of the Esstonean goverment is clear enough. http://photofile.ru/users/stopnazi/2444938/

Re:Estonian government deserved DDOS

[TrueRecord]

The point is not in History here, History is painful and questionable. The point is present, the fact is that they - the gov. and their followers - are proud to be fascists' heirs.

Re:Estonian government deserved DDOS

[TrueRecord]

Here they are: http://photofile.ru/users/stopnazi/2444938/4460112 3/#breadcr

Re:Estonian government deserved DDOS

Monuments to commemorate the victory over fascism have been destroyed in Russia (Himki, Stavropol), in Tallinn the monument was moved in good conditions to a cemetry. The monument was called "deliberator". Here some figures to compare the "deliberators" of Estonia during WW2:
41000 killed or deported by soviet troops in 1940-1941,
7000 killed by nazies in 1941-1944,
72000 refugees in 1944, 7000 of them killed by soviets on the see,
26000 killed or deported during occupation in 1944-late 1980s.
The soviet "deliberators" stayed at Estonian borders guns directed inside for 50 years. The percent of russians was increased from pre-war 8% to more than 30%. What about Geneva Convention IV, Part III?

Re:Estonian government deserved DDOS

[TrueRecord]

Tallinn the monument was moved in good conditions to a cemetry.

First all media declared the monument to be withdrawn and destroyed like only barbarians could do; that's why the agony and resentment has been so acute; the Estonian government was compared to the taliban gorillas who had fought against ancient artifacts;

You'd better stop spreading lies about casualties; Naturally Nazis didn't kill Estonians since the latter were their allies; The Soviet occupation was rather mild as compared to what had been done to civilians by SS criminals. I remind you then whole villages were burned down including women and children in Belorussia. Instead of being honest in repentance I can see only the self-indulgence in their government.

But that has little to do with the DDOS attacks, better mind Esstonian modern politics.

Re:Estonian government deserved DDOS

[impsik]

During WW2 Estonian man was mobilized to German andOR Red army - our brother, fathers and grandfathers, we treat them with honer! Only Russians don't understand this. You always thing that you are some kind of liberators. You freed Europe or Even world from nazi regime! THANT YOU for that, but ....this is history. Estonia is and will be independent country. Your cowardless attacks do not scare us. I'm sorry, i really am, about "harassing" Russians in Estonia. They have a really good life in here. They get medical threatment in Russian language, they don't have to learn Estonian language. Almost everybody can speak Russian on here. Nobody want's to go to Russia - why????? We are "harassing" you - don't we? But look around in Russia. How many monuments did You destroyed? Let's say 5-10. Look at the news - i mean world news, news from independent agencys not russian news. News from FREE world. If you believe only news from Russian media then ....i'm sorry, but You dear fellow are an moron.

Re:Estonian government deserved DDOS

[TrueRecord]

Dear fellow,
since our countries are neighbors there is only one possible option. That is to have honest relationships. The war is over, we are not enemies unless of course you don't revive the shadows of past. No one doubts that you are an independent, sovereign state. But fascism is impossible to reconcile with, sorry. It is a crime against humanity and you've got to speak up as open and straightforward as possible to condemn it.

I can't live up to this, can you?
http://photofile.ru/users/stopnazi/2444938/4 4601140/#mainImageLink

Re:Estonian government deserved DDOS

[TrueRecord]

If you see some blanks or spaces in the url, delete them please

Re:Estonian government deserved DDOS

The real neonazi movment you can see in Russia - "Nashi" and "New guardian" are frighteningly similar to hitlerjugend. There is nothing similar in Estonia. The cyberattacs were like seezing of Estonian consulate in Moscow performed by teens but initiated and approved by the Russian government.

Re:Estonian government deserved DDOS

[TrueRecord]

Oh, you won't give in. Good. Who kids from "Nashi" killed or burned? No one I Know of. Wanna see the faces of murderers? http://photofile.ru/users/stopnazi/2444938/4624283 5/#mainImageLink http://photofile.ru/users/stopnazi/2444938/4624297 1/#mainImageLink http://photofile.ru/users/stopnazi/2444938/4624284 2/#mainImageLink http://photofile.ru/users/stopnazi/2444938/4624295 2/#mainImageLink Quite ordinary faces really here are their victims: klooga - concentration camp - maintained with the help of Estonians http://photofile.ru/users/stopnazi/2444938/4520854 2/#mainImageLink http://photofile.ru/users/stopnazi/2444938/4520854 3/#mainImageLink

Re:Estonian government deserved DDOS

TrueRecord, look at true record:
http://www.ww2.pl/The,1939,Campaign,22.html
http://en.wikipedia.org/wiki/Katyn_massacre
There was no Estonia at that time, unlike Russia who had his government and army. The Red Army began the invasion to Poland sending in more than 620000 soldiers, 4700 tanks and 3200 aircraft. Polish losses against the Red Army were 6000 to 7000 of casualties and MIA, 250 000 were taken prisoners. Almost all of the officers were murdered in the spring on 1940 in Katyn, Kharkiv and Tver.

Re:Estonian government deserved DDOS

[impsik]

First all media declared the monument to be withdrawn and destroyed like only barbarians could do Russian media to be exact! No one in Estonian media mentioned that this piece of crap will be destroyed. They even put the wall back as planned. Looks like, what ever Russian press writes, Russian government announces that must be true 100%. Like of you scientists, Nadezda Arbatova, sayd - Soviet Union does not exist anymore, we(Estonians) should "let it go". Only WE? I belive Russians always scream about WW2, that they are liberators etc. We really don't give a **** about what You want. Can You "let it go" or just rest of the world should forget Soviet Union but Russians will thinks of selfs like "world saviors"? First things first in OUR country...right? It's no about Russia all the time. Even our businesses don't want to do any business with you. You never know what kind on idiotic taxes they will find next. BTW, can i remind you that this article was about cyberattacks. You can talk "bull" in russian forums, nobody will argue with you there.

Re:Estonian government deserved DDOS

[TrueRecord]

You may disagree with what I say, you may hold whatever false views, you may utter your worthless words about sacred notions, but for one thing: fascism is not tolerated and never will be. Massive DDOS attacks and simple pings were just a result almost involuntary and predictable. I am sorry you're on the one side with your government. Neighbors should understand each other but it seems you don't give a damn, it's up to you, really. Adieu. Enjoy surfing ;-)

Re:Estonian government deserved DDOS

[impsik]

Oh for christ sake: fascism is not tolerated and never will be and like in the rest of the world: Estonian people are agree 100%. Furthermore, communism also is not tolerated and never will be in Estonia. Maybe rest of the world don't understand this, but those who survived somehow that most evil regime will understand this. What was our government mistake anyway? Deporting that statue to cemetery? Re-buried those soldiers to cemetery? Is that a crime? No, it's not a crime. The biggest crime is that We did something what Russia does not like. Sad, that one country can't choose neighbors or even planet.

Re:Estonian government deserved DDOS

[stokaa]

Well, it would appear that many Russians are proud to be Stalin's heirs. Unlike in Germany, there is little or no recognition of the terrible crimes that the Soviet Union inflicted on other people, which dwarf the worst excesses of the Nazis (at least 20 milion people were murdered in the Gulag, a figure which would probably make Hitler envious).

I'm sure the Estonians would have left the monument alone, if the "liberators" would have gone after 1945 back to their country and left them be. Instead, they deported or massacred 1/3 af the population, and brought in hordes of Russian settlers in an atempt to alter the structure of the population. So don't try to make this into a "Nazi-versus-the-free-world" issue. It's the USSR versus the free world. Remember that WWII was started by the joint attack of Germany and the USSR against Poland.

But the whole story has a humourous side, too. The former masters of the Gulag have been reduced to script-kiddie tactics. Way to go! Stalin must be turning in his grave :-)

Re:Estonian government deserved DDOS

The Estonian official view of what happened in Estonia 1939-1945:

http://www.historycommission.ee/temp/index.htm

Estonian losses after 1939:
http://www.just.ee/orb.aw/class=file/action=previe w/id=12709/TheWhiteBook.pdf

Just don't slashdot DDOS it.

Re:Estonian government deserved DDOS

[TrueRecord]

From 1930--1953 in Gulag according to verified data there were 6,5 million as prisoners there. Total number. The rest of your saying is not true also. As for humorous part, you'll surprised Russia has little to do with this. It was a common tragedy of all the USSR including Georgia, Ukraine, Belorissia, Armenia, and others. Stalin was Georgian and his government was quite international. They were condemned. Don't pin the blame on Russia. Have wits to tell Russia from The USSR.

Since it's irrelevant to the topic don't expect me to go on with it.

Re:Estonian government deserved DDOS

[stokaa]

FYI, Wikipedia says that "according to recent estimates on the basis of archival documents, about 18-20 million people had been prisoners in camps and colonies throughout the period of Stalinism at one point or another". And this figure does not include the POWs. I agree that this discussion does not not belong here. However, it's sad to see that so long after these tragic events, some people have learned next to nothing.