You're Being DDOSed — What Do You Do? Name and Shame?

badger.foo writes "When you're hit with a DDOS, what do you do? In his most recent column, Peter Hansteen narrates a recent incident that involved a DNS based DDOS against his infrastructure and that of some old friends of his. He ends up asking: should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)? How about scans that may or may not be preparations for DDOSes to come?"

Why name and shame?

DDoS the DDoSers, that'll show em!

Re:Why name and shame?

and I suppose this response makes you bravely asinine?

Re:Why name and shame?

Whoosh, very much whoosh. But hey, you told him, that unfunny and confused AC, oh, and with a joke of your own, well done, sir.

Re:Why name and shame?

[MysteriousPreacher]

I think someone needs a hug and his meds.

Re:Why name and shame?

[Synerg1y]

he's technically correct... poor presentation though. You can't DDOS a DDOS attack.

Re:Why name and shame?

but you can use 1 computer to initiate that DDoS

Re:Why name and shame?

[DarwinSurvivor]

Unless you have a bigger swarm.

not sure "shame" will have much effect

[Trepidity]

The vast majority of DDoS participants are infected computers in botnets, and their owners are typically unaware. Will they even notice your naming sufficiently to be ashamed? Maybe if it's a corporation it'd have some effect: publishing that you were hit by a DDoS that included X computers from BigCorp might make BigCorp look bad. But not so much if the botnet is a bunch of random home PCs.

Re:not sure "shame" will have much effect

[rtb61]

Do your governments legwork for them. Gather evidence and file a complaint with 'ALL' the appropriate regulatory authorities. Sure some will lead overseas to 'somewhat dead ends' but enough complaints with evidence would result in powerful diplomatic pressure to pursue criminal investigation and prosecution. Unless appropriate authorities get a proper measure of the activity they can not respond appropriately. Appropriately here means neither going bat shit insane with sting operations and massive stupid publicity campaigns when targeting particular selective groups or doing nothing at all ie the typical balance, using the motoring analogy of, traffic control.

So upon complaint, collation of evidence, notification of sources of attacks, from the service provider to the end user, with a please explain (you found the problem and fixed it) or allow us direct exploratory investigation (we will check for a problem, set a trap and fix it) or a fine (you were the problem). Of course if individuals were doing more than DDOS protesting playing games et al and involved for example in credit card fraud then real prosecution and criminal penalties should apply.

Re:not sure "shame" will have much effect

[TheEffigy]

How about the service provider connecting those home computers to the net?

Re:not sure "shame" will have much effect

[tnk1]

Not sure we want to encourage providers to start nosing around in their customers' traffic more than they already do.... Just saying.

Re:not sure "shame" will have much effect

[Threni]

Reminds me of a mate who runs a few sites - every few days he gets amusing emails from irate idiots who've received spam from spammer's who've randomly selected his site's email addresses as `reply-to` addresses, threatening to report him to the `internet police` or name and shame him etc. He used to reply to them, but now he's got a bunch of rules to just delete them, amusing as they are.

So yeah, `naming and shaming` the ISP responsible for temporarily allocating a dynamic IP address to some granny who's used some Microsoft browser to access the wrong site and has ended up running a zombie server for an eastern european crime syndicate is as amusing as it is futile.

Re:not sure "shame" will have much effect

[Immerman]

I'm not sure about that - seems like they already comb through for any information that might help their bottom line, noting at least trivially abnormal behavior such as DDOS participation or email spamming while they're at it and at least notifying the account holder that their system(s) may be compromised would seem to be basic responsible citizenship. Instead it seems to be treated as just more traffic to bring you closer to your data cap and those sweet, sweet overage charges.

Re:not sure "shame" will have much effect

[MBCook]

I understand we don't want them watching what we're buying on Amazon, but isn't part of their responsibility as a network operator to ensure that their network isn't actively harming others?

Re:not sure "shame" will have much effect

[Immerman]

Is it? We're not talking about site operators being spoofed, we're talking about the service providers that are actually connecting the zombified PCs to the 'net. The ISP knows exactly which account is using which IP address at any given moment, and could at least notify Granny that her computer/network may be compromised and she should run whatever the good free scanning suite du-jour is. Similarly if they note that some private account is suddenly acting as a server sending hundreds or thousands of emails a day. Many/most of these companies are already doing deep packet inspection to throttle economically undesirable traffic, keeping an eye out for the most blatant symptoms of infected user PCs and notifying the account holders should be a trivial addition, it just doesn't put any money in their pocket to do so.

Re:not sure "shame" will have much effect

[girlintraining]

enough complaints with evidence would result in powerful diplomatic pressure to pursue criminal investigation and prosecution.

Diplomatic pressure? Uhh, no. My aunt recently had her car totally destroyed by a vandal; over $10,000 worth of damages. The police didn't even want to come out and wouldn't take a report unless it was over the phone. And this was with some pretty compelling evidence of who'd done it as well. What exactly makes you think it's somehow different when you spam the same information to a large number of people? Law enforcement is not available to people like you; you haven't paid your dues.

Appropriately here means neither going bat shit insane with sting operations and massive stupid publicity campaigns when targeting particular selective groups or doing nothing at all ie the typical balance, using the motoring analogy of, traffic control.

Pirating Britney Spears can net you a larger fine and longer jail term than hacking a bank. Please tell me more about this "typical balance" you speak of.

Of course if individuals were doing more than DDOS protesting playing games et al and involved for example in credit card fraud then real prosecution and criminal penalties should apply.

"real prosecution and criminal penalties" are levied against the politically active far more often and severely than those levied against people who were just trying to make a profit. You may recall the entire Occupy protest movement over the failure of the government to prosecute such individuals, who perpetuated a lot more than just "credit card fraud" against the American public. You might also recall now who's on all the government terror watch lists, in jail, or otherwise convicted of various crimes. I'll give you a hint: Not the multi-billion dollar thieves, but the victims.

Re:not sure "shame" will have much effect

Like "actively harming" media companies by filesharing?

Re:not sure "shame" will have much effect

[davydagger]

"The vast majority of DDoS participants are infected computers in botnets, and their owners are typically unaware."

This.

Also, you might never really know who's behind it.

Re:not sure "shame" will have much effect

My network has become infested in the past and my isp has noticed. Not through packet inspection, but because someone else outside their network noticed the amount of spam / malicious packets coming from their ip and blocked them. That caused them to investigate, which got us blocked and a stern phonecall saying "We will not reconnect you until you find what is wrong". I see that being perfectly fine. DDOSing is the same. Somebody notices your ip causing it, goes to your ISP and they handle it from there. We lost a bit of service but in the end, everybody won.

Re:not sure "shame" will have much effect

[Aighearach]

Are you sure there isn't anything else you can be wrong about while you're at it?
So many details, all of them absurd and wrong. Get back to your training and stay off the lawn.

Re:not sure "shame" will have much effect

[sgt+scrub]

The vast majority of participants in a DNS based DDoS are "administrators" that have not disabled recursive lookups. A friendly, fix your DNS settings shit head, should do IMHO. That being said, "administrators" that do not set up DNS properly deserve a little shame.

Re:not sure "shame" will have much effect

[rtb61]

Your and your neighbours inactivity in local government has resulted in incompetent, inefficient and ineffective local police force, face it, your fault.

Re:not sure "shame" will have much effect

So your local police suck, pretty bad by first world standards. The last two places I lived, both large city and small town, the local police didn't suck. Maybe you should be busy trying to put pressure on the crappy local police and government instead of telling other people they should lower their expectations.

Re:not sure "shame" will have much effect

He must live in Detroit.

Re:not sure "shame" will have much effect

yes but first every individual shalt ensure its pc is not a bot

Re:not sure "shame" will have much effect

[rvw14]

Pirating Britney Spears can net you a larger fine and longer jail term than hacking a bank.

Of course the real punishment is having to listen to your pirated Britney Spears album.

Re:not sure "shame" will have much effect

Your car analogy is bad.

If 100 people all reported $10000 damage each by the same vandal, they're significantly more likely to look into it. Not least because it proves they're a repeat offender who will do it again.

Re:not sure "shame" will have much effect

[ChrisMaple]

You may recall the entire Occupy protest movement over the failure of the government to prosecute such individuals,...

If that's what you think the "Occupy" thing was about you are deeply ignorant of the mechanisms through which the left operates. There were paid organizers, dupes, dopes, trouble makers, newsmen and hangers-on, and not much else. The conjecture that a significant number of people there understood what was going on is laughable.

Re:not sure "shame" will have much effect

[Synerg1y]

The thing with ddos is it often spawns from a botnet, aka "I'm sorry officer, I didn't know my computer was attacking sony's website, how can I get rid of this malware on here again?"

The anon attacks were an exception and as a result led to the arrests of some individuals that weren't at the head of the attack.

Re:not sure "shame" will have much effect

Not if you want "net neutrality" faggot.

Re:not sure "shame" will have much effect

Outside agitators? Spiro, is that you?

Re:not sure "shame" will have much effect

[stooo]

>> everybody won
except the DDOSers

Re:not sure "shame" will have much effect

[rtb61]

Of course repeat excuses would certainly wear a bit thin and likely leave you wearing a fine. Keep in mind the fine would no different to so a traffic offence for speeding, so a bit of a reminder to keep your computer secure. So 'erm' mass protests would still slide by, single offence per annum but repeat offenders would still get a call.

Re:not sure "shame" will have much effect

[Onymous+Coward]

What happens if you run a legitimate DNS server and a botnet spoofs source IPs in DNS requests to launder and amplify their attack by reflection off you (and countless other DNS servers)?

I've been seeing this come through my system and I don't yet have the sophistication to filter out the attacks. Not that I'm asking to be blacklisted, but ... I should be blacklisted.

Re:not sure "shame" will have much effect

That is what ignorant elitists like you tell themselves (because Fox or Rush told you) because it's easier to ignore societies deep socio-economic stratification. The people following those two sources believe that Republicans "run it right" when almost every red state is poorer, less educated, and a net taker from the federal government, while in general, blue states are generally generating that money. Texas is an exception, and a net contributor.

Re:not sure "shame" will have much effect

[Synerg1y]

Historically, the feds have gone after the operates of the bot net to stop it's operation. In the case of anon, the DDOS was tied to a website movement, which was tracked by feds linking the attack to the users, even then some have argued they didn't intentionally install the ddos tool on their computers and wouldn't have knowing what it was for. When somebody starts going through the list of IPs and starts looking for similarities, they can usually tell if it's a botnet or not by the randomness of the IP to user correlation involved, or by what the motive of the DDOS was.

Re:not sure "shame" will have much effect

[HornWumpus]

Not really.

Long ago I knew a moron who had figured out that BMW's have nice radios that you can sell, stolen for $50 bucks each (this was 1980ish). He stole individuals radios for about a year, including basically every nice cars radio at one high rise apartment complex, he was not smart but he and his buddy stole 10-15 radios a week and were rich by kid standards.

The cops never even looked for them, until he realized there were a bunch of BMWs and Porsches in the dealer back lot. He was in jail/prison 3 weeks later. His friend not much later. They put 2 detectives on them after the dealership. They saw the pattern, which led to his neighborhood, though the dealership was miles away. They had been buying pot from a snitch, sometimes with stolen radios. The cops didn't know because they had never before bothered asking their rat.

He was the second stupidest kid I knew. The stupidest derailed a freight train, just to see what would happen, then bragged.

Re:not sure "shame" will have much effect

[thejynxed]

Put it this way...

Comcast has the most compromised user systems on their network in the USA every year since the late 1990's.

I would appreciate it if they actually WOULD do something about it.

Is this a serious question

He ends up asking: should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)?

Next up, someone broke into my house; is some stern criticism in order?

Hey, how about you give the evidence to the police?

Re:Is this a serious question

[damn_registrars]

Hey, how about you give the evidence to the police?

And you expect the police to do what with that, exactly? Even if you live in a city with technically competent (or even just non-Barney Fife) officers, the odds that they will have the time to care is practically nil. Most likely the majority of the systems involved in a DDoS are not from the country you live in, meaning the cops would need to contact INTERPOL to get anything moving - and they don't usually do that for much of anything short of capital murder.

In other words, sure, you can bring it to the police. But count on them doing anything about it while you're still alive.

Re:Is this a serious question

[shentino]

We have this concept known as an attractive nuisance.

Sure, grand theft auto is still illegal, but lately governments are beginning to crack down on people leaving their cars unattended and running.

Yes

Publish. Shame. Maim. Cripple. What ever it takes to get some measure of satisfaction.

We had this type of DDoS attack. 1 - 2 million requests per hour against a small VPS. Bind wasn't running but it didn't matter; the requests kept coming for weeks. We cloned the VPS so we'd get another IP, switched things over and abandoned the first VPS.

Backups people. Have backups of your code, configs and databases.

No

The only reason you can possibly have for publishing the IP addresses is to provoke vigilante justice type of actions, likely counter ddos or something.
What you should do is report him to the abuse department of his ISP. Note the responses of the ISP's and name and shame the ISP's that do not take action.
IP addresses from bad ISP's should end up on a "botnet-friendly ip list" so we can start blocking the traffic from these isp's.

Re:No

[VortexCortex]

Note the responses of the ISP's and name and shame the ISP's that do not take action. IP addresses from bad ISP's should end up on a "botnet-friendly ip list" so we can start blocking the traffic from these isp's.

On a DoS or DDoS (special case of DoS) that's fine. On a reflective DDoS (RDDoS, a special case of both DDoS and DoS) you have a different situation. A denial of service (DoS) is any interruption of service, e.g., by flooding the server with SYN packets. A distributed denial of service (DDoS) is when the attack comes from multiple different places at once, e.g., a single connection may not be enough to take down a server with high bandwidth; However if you coordinate the attack across many different connections then the overall traffic can eclipse even a high bandwidth server. With a DDoS the machines coordinating the attack may or may not belong to the attackers, but it's a good idea to contact the ISPs so that the IP holders can be notified that their systems may be infected with a bot-net -- Although, this may not be the case, as I'll explain later. In a reflective distributed denial of service (RDDoS), the apparent IP addresses may belong to machines that were under the control of any malicious software. Reporting these IPs would be pointless.

When a server receives the first SYN (synchronize) packet of a TCP connection handshake, it replies with a SYN-ACK (acknowledgement & synchronization) to the source IP of the originating packet. Then a ACK is sent to the server to acknowledge the server's synchronization. This verifies both endpoints aren't spoofed. A RDDoS takes advantage of the fact that:
0. The source IP address of the initial SYN packet can be spoofed (the "From" field can be bogus).
1. The server sends a SYN-ACK before the connection endpoints have been verified.
2. The TCP protocol allows several (five) retries of the SYN-ACK packet.

In a RDDoS, a single malicious computer can spoof the "From" IP of a TCP connection, and spray it around to servers on the net. The bogus return IP address is that of the victim system. Thus, legitimate servers will flood the victim's connection with five SYN-ACK packets for each single packet the attacker sends. Thus the victim never has the attacker's IP address. To combat this servers may pro-actively detect an IP that sends too many incomplete TCP connection requests, and block it. However, the attacker can have many IP addresses at their control (see: botnet) limited to just a few packets per hour sent to an entire Internet of servers. None of these infected machines will be revealing their IP addresses when they perform the reflective attack by spoofing the source IPs of their packets. What we need is for ISPs to block packets originating from their network that that don't have correct return IP addresses... Not all ISPs do this.

Now what if the attacker only has a single machine at their control and they perform an RDDoS? Why, the traffic pattern is identical to a DDoS -- Ah, I can hear your gears turning already: Can't the return IP addresses can be checked to see if they're residential IPs, and thus victims of a botnet infection? Yes, but how do you differentiate the non-residential IPs between infected servers and non infected servers? Just assume that the non-residential IPs aren't intentionally malicious? Yes, indeed, which is why RDDoS is a popular form of network DoS.

I reiterate: What we need is for ISPs to block packets originating from their network that that don't have correct return IP addresses; Thus, spoofed packets are dropped at the source. You'd think with deep packet inspection now available this shallow packet inspection would be broadly adopted -- Ah, but this is electrons spent that don't directly benefit profits. IPsec was once a requirement of IPv6 adoption, and would defeat endpoint spoofing, however IPSec has been made optional for IPv6, so we can expect the RDDoS attacks to continue for quite some time.

Re:No

That would help, but in the mean time you can set up your firewall software to stutter responses to packets that use too much bandwidth or processing time. I know that PF has such a feature that can conserve your resources and use a disproportionate amount of theirs.

But, really, it depends a great deal on the type of attack and some are harder to deal with than others are.

Re:No

[philip.paradis]

The type of DDoS discussed in TFS/TFA isn't TCP-based. It's UDP-based, is referred to a DNS amplification attack, and abuses DNS servers that permit public recursion to accomplish its goals. There is no handshake involved, as UDP is a connectionless protocol.

Re:No

[a-puredot]

I have worked in an ISP for quite a time. Simple response you get after lodging a complaint against DDoS is that "we have warned the user". These are not your enemies, they are enemies of the INTERNET. For a quick resolution RTBH (Remotely triggered Black Holing) works pretty good. Regards, /DM

Re:No

[Zilog]

I reiterate: What we need is for ISPs to block packets originating from their network that that don't have correct return IP addresses;

Imho, in the case of an UDP RDDoS, it seems unfeasable to me. In a nowaday common ISP, networks are very very intricated and the cost to decide for each datagram if we've a valid OIP is far too heavy, and that's maybe impossible if not dangerous with a living network.

Re:No

He wasn't referring to the story he was speaking in general, faggot.

Re:No

[Bengie]

You'd think with deep packet inspection now available this shallow packet inspection would be broadly adopted

This could actually be done by the end-points. Cable/DSL/Fiber "modems", could make sure that the source IP is of a valid IP list and/or subnet, since the end-point already needs to register with the ISP to hand out IP addresses.

Fight back, it's easy.

Easy, you post the name of the attacker on Slashdot in an article about a new supercool anything and have him slashdotted.

Re:Fight back, it's easy.

[Soluzar]

Do sites still get slashdotted? I thought these days this place doesn't drive enough traffic for that. Could be mistaken.

Re:Fight back, it's easy.

[egcagrac0]

We should find out. What's your website's address?

Re:Fight back, it's easy.

http://www.googlehammer.com/ == I doubt it'll work though.

Re:Fight back, it's easy.

My IP is 127.0.0.1 plz be gentle. Also I'm running Windows XP so don't hack me plz.

Re:Fight back, it's easy.

[jones_supa]

Do sites still get slashdotted? I thought these days this place doesn't drive enough traffic for that. Could be mistaken.

These days sites seem to get slashdotted very rarely. However I mostly figure it's just due to servers and their bandwidth getting strong enough to alleviate that. Slashdot itself seems to have a solid user base and traffic, at least looking at the amount of comments that stories get.

Re:Fight back, it's easy.

[hAckz0r]

My IP is 127.0.0.1 plz be gentle. Also I'm running Windows XP so don't hack me plz.

You can't fool me. Your address is really 0:0:0:0:0:0:0:1, cuz I get a response back from THAT address every time I ping you!!! Your not even running WinXP either, I have root, so shame on you. Just for lying to me I'm going to reformat your boot drive right now....
#@%%&***
.....
</lost carrier signal>

Re:Fight back, it's easy.

[jemtallon]

By Slashdot, OP meant Reddit.

One more notch down to hell

[Jetra]

Seems that 2013 is going to be the Year of Shame. Since politicians can't pass the bills they want, they're instead using data against us. *Clapping* Great job, now we can't fight back because all our base belongs to them.

Re:One more notch down to hell

Not true! They don't have all our health care data yet!

That's next year.

do something useful instead

[swschrad]

contact the ISPs involved, tell them they yank the bad boys' service or you will blackhole them.

Re:do something useful instead

read the fucking article, he did that. I need to stop reading comments on here, gone the way of Reddit. Insightful as my arsehole.

Re:do something useful instead

[gVibe]

NOT INSIGHTFUL!! Geez, who is modding these posts? Really? Tell the ISP to yank literally 1000's of connections. And just how do you intend on black holing an ISP? Your minute little single internet connection isn't going to make a ripple on an ISP with a strongly connected backbone.

Re:do something useful instead

[Gumbercules!!]

We got DDOS'd a while ago in our data centre. It turns out an ex employee we let go (performance related) paid (yes, actually paid) some people in German (we're in Australia) to fire off a DDOS against our servers from where ever their bots were.. Our upstream net provider blocked it for us. Yes: 1000's of IPs - because they used ICMP flooding - so they blocked ICMP traffic to us, upstream. Something we couldn't do ourselves but the ISP could do for us.

So it's not such a stupid suggestion at all. Of course, had they all launched port 80 TCP connections against us, yes, we would have been in serious trouble but I suppose we could have asked them to block non-Australian traffic for the day or until it stopped - overseas traffic is really not a big deal for us.

And for the record, the guy who kicked the whole thing off, we didn't bother to press charges, even though he bragged about it on Facebook (without first unfriending me, the idiot) because, thanks to the ISP, his efforts largely failed and we got some revenge when he tried to use us as a reference (and we were his only employers, so far).

Re:do something useful instead

Ya when you call up the abuse contact info for the IP and it's bogus or they are a bunch of dickheads you just drop their ASN from routing until the attackers move or quit. But you're going to need some pretty solid evidence and proof in order for them to do that, generally the ISP is only going to go that far if it's their own stuff being targeted. But if you're a business using a dedicated circuit there's a good chance they can add a special routing policy just for your address space and blackhole all that inbound traffic for you.

Urrrr, you sure those addresses are right?

Spoofing is more than trivial, and anyone but the dumbest do this to cover their tracks and keep law enforcement back-tracking from a botnet node back to the perp.

Better to track the traffic back over the 'net (using CEF-forwarding tables or ACL etc.) with the help of the relevant ISPs.

If the end ISP isn't helpful, shame them and their upstream peers.

Dom

Re:Urrrr, you sure those addresses are right?

Not everything can be spoofed easily.

Two problems with that

[stevegee58]

1) It's DISTRIBUTED. You'd have to name and shame thousands.
2) Many of the DDOS nodes don't know they're being hijacked for a DDOS. Name and shame an innocent person?

Re:Two problems with that

[tnk1]

Not to mention pointless.

Me: Mom, your name is on a list of DDOS spammers?

Mom: Is that bad?

Re:Two problems with that

[Desler]

3) Spoofing an address is extremely easy.

Re:Two problems with that

Name and shame an innocent person?

Then they are not innocent. If you want to run a node on the internet, a worldwide shared resource, you are responsibile for not abusing that resource. If you are unable or unwilling to do that, then your ISP should disconnect you until that time when you are able and willing.

Home computers are what, nearly 40 years old, plus or minus? The MITS Altair came out in 1975. The Internet is even older. It's time to learn how to use a computer. We don't permit people unwilling to learn to drive to use the roads, because it ruins the shared resource for the rest. Why should we allow millions who are unwilling to learn how to use a computer sufficiently to avoid ending up in a botnet to use the internet?

Re:Two problems with that

[gVibe]

Not interesting --- INSIGHTFUL!!! When someone speaks the truth, the moderator needs to put the proper mod for them. +5 for stevegee58

Re:Two problems with that

Bots = Internet Assault Rifle. Bad?
Security = Responsible Netizen. Good!
A tiny bit of knowledge to fight ignorance: Priceless.

Re:Two problems with that

[Cheviot]

If they're not protecting their computers they are far from innocent.

Re:Two problems with that

[mcgrew]

We don't permit people unwilling to learn to drive to use the roads,

Nobody ever died from someone using a computer who didn't know how, but many people die because someone else who didn't know how to use a car used one.

Re:Two problems with that

[pclminion]

Then they are not innocent. If you want to run a node on the internet, a worldwide shared resource, you are responsibile for not abusing that resource. If you are unable or unwilling to do that, then your ISP should disconnect you until that time when you are able and willing.

There is no reason to expect every human being to be an information security expert. The failure is entirely on the shoulders of those who make the tech. A digital device absolutely can and should be safe for anyone to purchase, plug in (or not), and use while connected to the Internet. Your attitude is egotistical and quaint -- the idea that a 50 year old who buys a Windows tablet at Walmart is "running a node" in the sense that you mean is clearly ridiculous. Average people should not need to understand or think about this stuff. Self-righteous attitudes such as yours are depressingly prevalent and contribute to our ongoing lack of secure technologies. By blaming the user you avoid expending the intellectual effort to provide a system that isn't full of holes.

That's not to say the user isn't ultimately responsible. I agree that malware-infested home networks should be cut off, and services provides to remedy the problem (for-a-fee malware removal services, etc). But to think of the user as an idiot or a criminal is to misunderstand the situation. It is we who create the tech who have failed the user, not the other way around.

Re:Two problems with that

[mgcarley]

...there's no reason it couldn't happen though.

No citation, but if you feel like looking up one of the animated episodes of Dilbert, there is a scene in 1x09 "The Knack" where he gives Loud Howard instructions to subnet an IP address and it explodes. Then he fixes a microwave and it zaps another cow-irker to death.

Oh how I wish that could happen IRL (sometimes).

Re:Two problems with that

[mcgrew]

In an episode of the 1960s "The Prisoner" a computer explodes because #6 asks it "why?" But of course, both are fiction and both are completely impossible, unless your computer is set up like Die Hard IV.

Yes name and shame will work!

You're being 'ddosed' from thousands of different IPs - list them all!

Who cares if they're compromised computers - naming them will surely shame the botnet owners into submission!

Was this question asked by an idiot?

 

Re:Yes name and shame will work!

[ElusiveJoe]

Who cares if they're compromised computers

I don't. Why should I?

Re:Yes name and shame will work!

Was this question asked by an idiot?

It's probably the guy who was asking about what applications are suitable for a six month old child.

So, yes.

Re:Yes name and shame will work!

[ohnocitizen]

Why is this marked insightful? If the botnet owners had broken into people's homes and physically stolen the computers they then used for the ddos, instead of merely hijacking them, should the victims of those thefts be reported as criminals?

Re:Yes name and shame will work!

[Xugumad]

Erm, I'm fairly certain they were being sarcastic...

Re:Yes name and shame will work!

Your filewall, and a bit of doc processing could easily list all the offending IPs,
and resolve their names.

No one cares if they are compromised, just as no one cares who
made the ammo.

This question was asked by an idiot.
( my firewall says 60% .cn 20% .nl 15% .rc 5% .us etc...)

Re:Yes name and shame will work!

I would like to know whether a computer on my network is participating in a DDOS attack. So I have no problems with this.

Wouldn't you want to know whether a computer on your network is attacking people?

Let's see if this works

[erroneus]

There is a person who frequents here, famous for using hosts files as a security something or other some-such. I had gone for quite some time without having to see or hear from him but apparently has come back.

Apparently, he has been published and is therefore a celebrity or something like that. Anyway, he has a bizarre set of problems which include replying to his own posts pretending to be someone else, assertions that he had "blown away," "burned," "destroyed" or any other such juveline taunt. He apparently believes I and others are "Jorge Bastida" whoever that may be. His mental deficiencies are his reality and therefore he projects his notion of what normal healthy behavior is upon everyone else. He therefore believes multiple people are all one and has little to do than sit here and and attempt to belittle and berate them with commentary.

Of course his problems with reality extend into the realm of believing things which aren't "quite right." I attempted to point out that this sort of behavior is archived for, so far, "ever" on slashdot and that any searches for anything he might have written could be found by anyone including and especially [potential] employers. With all the stories about how government and employers use social networking (which slashdot nearly qualifies as being) I would think this would be obvious but pointing out the obvious is apparently blackmail. (please grow up... please... prove it by not responding to this!)

So with this, I lay shame and I believe I don't need to name. Will it work?

Re:Let's see if this works

Jorge, you can name me all you want, but there is no shame is using a hosts file to block DDoS Packets. I have a foolproof list that blows away your arguments.

P.S.=> There's other methods also, via native to OS tools for network-wide propogation of fresh clean updated hosts files that program yields IF you only installed it on a "central server" for clean hosts for all nodes/workstations/servers:

I.E.-> Centrally managed hosts files? Easy as pie via logons scripts, or parse of autoexec in Windows @ bootup via GPEdit & group policies company-wide!

OR

Using taskscheduler on each workstation/server node periodically

P.P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):

http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.apkgoatsestylepersonalpics.com/hostsfiles.htm
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)

Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!

... apk

P.P.P.P.S.=> There you go... it all works, GUI easily from my app, all the way out to any endpoint PC/Server on a LAN/WAN even... often as you like & CLEAN/FRESH too!

P.P.P.P.P.S=> It's good "layered-security"/"defense-in-depth" & does things AdBlock, DNS, & even firewalls can't (like speed up access to fav. sites + make them reliable in the event of DNS poisoning redirects or being "downed" even...) & gets P.P.P.P.P.P.S.=> back SPEED/BANDWIDTH users pay for out of pocket along with their POWER BILL too...

P.P.P.P.P.P.P.S.=> I skipped P.P.P.S=>

Re:Let's see if this works

[Black+Parrot]

There is a person who frequents here, famous for using hosts files as a security something or other some-such. I had gone for quite some time without having to see or hear from him but apparently has come back.

Apparently, he has been published and is therefore a celebrity or something like that. Anyway, he has a bizarre set of problems which include replying to his own posts pretending to be someone else, assertions that he had "blown away," "burned," "destroyed" or any other such juveline taunt. He apparently believes I and others are "Jorge Bastida" whoever that may be. His mental deficiencies are his reality and therefore he projects his notion of what normal healthy behavior is upon everyone else. He therefore believes multiple people are all one and has little to do than sit here and and attempt to belittle and berate them with commentary.

Of course his problems with reality extend into the realm of believing things which aren't "quite right." I attempted to point out that this sort of behavior is archived for, so far, "ever" on slashdot and that any searches for anything he might have written could be found by anyone including and especially [potential] employers. With all the stories about how government and employers use social networking (which slashdot nearly qualifies as being) I would think this would be obvious but pointing out the obvious is apparently blackmail. (please grow up... please... prove it by not responding to this!)

So with this, I lay shame and I believe I don't need to name. Will it work?

Let us know how it turns out, Jorge.

Re:Let's see if this works

[Sardaukar86]

Wow, you like, totally blew him away! You shot his arse right out of the sky! Wow, like, like, like, totally down in flames! Mad props to you!

Another sad victim of the awesome literary skills and technical might of the one-solutions-fits-all APK troll!

Re:Let's see if this works

You got shot down badly yourself by apk Sardaukar86 http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603

Re:Let's see if this works

APK, I've tried contacting you before about cats, but you seemed to have missed it. We seem to have similar interest in cats.

Re:Let's see if this works

Blackmail you attempted show up on you erroneus http://slashdot.org/comments.pl?sid=2261720&cid=36545928 and libel before that also.

Re:Let's see if this works

Well, it looks like it was effective. APK didn't reply to it.

Re:Let's see if this works

not well. erroneus is a fatass. His words show that http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 it's just truth. Seems he likes to blackmail others too http://slashdot.org/comments.pl?sid=2261720&cid=36545928 again with his own words in a post of his.

Re:Let's see if this works

Erroneus's = fatass + blackmailer, So does it matter? http://slashdot.org/comments.pl?sid=3339513&cid=42391987 and that post looks like apk to me just pointing out facts.

Re:Let's see if this works

So you are saying APK got bested by a fatass then? I thought you had a higher opinion of him than that.

Re:Let's see if this works

erroneus, posting as ac only shows you for your fatass troll self who tries blackmailing people here with threats like this one http://slashdot.org/comments.pl?sid=2261720&cid=36545928 anyone doing that obviously lost badly to apk. I think by now after this, bloatboy erroneus is eating jelly donuts crying in his barrell of milk (lol).

Re:Let's see if this works

You may act like you are attacking erroneus, but you are doing such a bad job at it, everyone knows you are just a troll trying to make APK look bad by imitating him. You are probably erroneus yourself, as APK already caught him stooping to such lows.

Re:Let's see if this works

Stupid troll: erroneus attacked apk first here http://slashdot.org/comments.pl?sid=3339513&cid=42390715 and erroneus attacked himself by being a fatass blimp bloatboy http://slashdot.org/comments.pl?sid=3339513&cid=42392385 by his own words and donut eating fatboy so called life. Won't be that long though when you're a disgusting fatbody pig though. erroneus' sole supporter in Sardaukar86 also seems to have taken a beating at apk's hands many times as well http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603 and for attacking apk first here also, even impersonating apk http://slashdot.org/comments.pl?sid=3339513&cid=42391957 which apk did respond to fairly in defense of himself against the done nothing loser trolls in fatboy erroneus and that many time swearing his ass off loser Sardaukar86. apk's on topic here, are they? No. apk's post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 on the topic is there and then there's the 2 trolls who can't handle that apk shamed them for attacking him before is all. That is obvious. I suspect that by now erroneus has drowned his sorrows with a barrell full of milk, hahaha, and 5 dozen jelly donuts out of shame, hahahahaha. Fatboys do that.

Re:Let's see if this works

If you are going to put so much effort into trolling APK, you could at least do a better job of it. If you got any worse at trolling him, you would look like you were supporting him.

Re:Let's see if this works

[erroneus]

Yeah... didn't work. Should have known better. But for some reason this all makes me smile. Seems he spun himself into a fury of crazy that fed on itself..

It's pretty awesome if you think about it. The effort of just one post and then it gets followed with ALL THAT. The words "self control" have no meaning at all.

I never post AC. Never. It's annoying and difficult to find replies.

I was thinking of a way to save links to my AC posts in a hosts file though.

Re:Let's see if this works

If we give you pizza lardbelly will you face a challenge http://slashdot.org/comments.pl?sid=3339513&cid=42393023 ?

Re:Let's see if this works

I'll need that expressed in terms of a custom hosts file, faggot.

APK

PS: if you want to troll APK then impersonate him. It will piss him off.

Re:Let's see if this works

[Onymous+Coward]

Speak of the devil.

And he comes and shames himself.

This is not exactly what the OP had in mind.

Re:Let's see if this works

[erroneus]

No. That's the thing I forgot about shame. For shame to work, you have to have something that psychopaths and sociopaths lack. This guy is all over the place. With every new story posted here, he is now a first-poster making comments about me. It's funny actually. I was recently contacted by a news resource on just this guy. So stay tuned -- this might hit the news. Hopefully it won't end with any mass shootings or other such thing. I really do think he is that level of insane.

Re:Let's see if this works

Interesting, but considering you're down modded troll erroneous http://slashdot.org/comments.pl?sid=3339513&cid=42390715 where you started this mess? Give us a minute, and go eat your damn pizza already fatass. Smell the mushrooms, basil, sausage, pepperoni, deep dish crust, onions, mozarella? We know what happens then, don't we http://it.slashdot.org/comments.pl?sid=3341329&cid=42396495 Hahaha, sure we do. It's all right there.

Re:Let's see if this works

[Sardaukar86]

Thanks, APK, for that giggle!

Re:Let's see if this works

[Onymous+Coward]

Point taken about shame.

He seems unwell to me, too. But he must be sufficiently well functioning to continue to afford a computer and a net connection. I'm curious as to how the story pans out.

Re:Let's see if this works

Everyone's laughing at your screwups there so you're right.

A violation of federal law

[Eravnrekaree]

DDOS is a violation of federal law and should not be tolerated. If it is a botnet, whoever is running such a botnet is in violation of federal law.

Re:A violation of federal law

Ruskromanistanis aren't subject to US law. One of the best things about the Internet is that everything is connected to everything else. It's also one of the worst things about the Internet.

Re:A violation of federal law

in violation of federal law.

Which means *nothing* beyond the border.
Obviously some international laws will be involved most of the time.

Now considering how many nations are connected to the net, the internet being rather new-fangled stuff (it takes time for laws/lawyers to catch up to new technologies) and how hard it is to get people to agree to something that complicated... ... you're pretty much guaranteed not to see a legal solution to your satisfaction within your life time.

Re:A violation of federal law

[gVibe]

I thought there was an age limit requirement for posting to Slashdot....yeah like that could be enforced. But its clear that some of the replies on this story alone are being done by children who have no fucking clue what they are talking about.

Re:A violation of federal law

Yes, but there isn't any requirement that ones IQ be larger than their shoe size. Even in US shoe sizes.

Re:A violation of federal law

Judging by your previous comments, you seem to have no problem getting past the age filter yourself. For a topic so simple, even children shouldn't be getting things wrong, but it takes a child to get so throw a tantrum over it, even for posts that are obviously humor ones as some of the others you replied to.

It's a first step

[bill_mcgonigle]

Eventually we should have a reputation-based distributed admin function for the Internet. If a dozen high-rated NetOps guys all sign messages that say that a given IP is spewing DDoS traffic, the infrastructure should permit a block without the owning admin having to deal with it proactively.

If a network doesn't participate, that could play into trust levels. If an admin screws up, he loses reputation. If an admin tends to advertise YouTube routes into Pakistan, he never gets a good reputation in the first place.

As usual, it's all trade-offs and we don't yet have an extensible crypto-reputation system, so one thing at a time.

To the original question - it's probably not going to do much good, but it's good to cultivate such expectations.

Re:It's a first step

[symbolset]

Censoring the Internet is never the right answer.

Re:It's a first step

ISPs and countries don't like technology that messes with their network sovereignty and avoid them. Governments would look at private efforts as a cabal or anti-trust. Internet superheroes have houses and families like most others, and the liability against them could be too great to put too much control in a central authority.

Re:It's a first step

[pepsikid]

We don't need a full-blown "reputation" system, as flawed as that will undoubtedly be. It literally takes nothing to get on an email blacklist, and these systems are rampant with abuse. All that is important is to have a trusted third party to receive DDOS reports and independently verify them, and a cooperative admin (or automated system) at the ISP of the attacker who will promptly block his own network's outgoing traffic *to* the victim for a reasonable time. This will throttle down the DDOS attack, making such attacks ineffective. This will expose and map out botnets the moment they go live. There will be no collateral damage or customers helplessly complaining about being blocked, because the *victim* is requesting to be blocked.

Re:It's a first step

Damn, I spent all of my mod points.

Re:It's a first step

[LordLucless]

It's not censoring the internet, any more than email blacklists are censoring the internet. If I own a router, I have the right to drop any packets I like. If I choose to drop packets based on reputation score from a robust cryptographic reptuation system, and my network becomes more robust and stable and attracts more customers and money, then everyone wins. If I drop packets based on a crappy system, my network becomes unreliable, everyone leaves and I go out of business. Everyone wins again.

Re:It's a first step

[Onymous+Coward]

That's simplistic.

Autonomous systems should have the ability to publish opinion and the ability to filter.

"Censoring is never right" as a response to reasonable filtering is like saying, "Every user should receive and read through all their spam."

If you're running Windows (or not)? Do this

Investing in one of THESE is a big help:

http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22DDos+Appliance%22&btnG=Search&gbv=1&sei=KYw7UI-4FsXs6wH3uIDoDw

Because DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note). IF you're running Windows, per my subject-line above? Do these registry hacks/settings:

---

Protect Against SYN Attacks

FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx

A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.

To protect the network against SYN attacks, follow these generalized steps, explained later in this document:

Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection

The named value to enable SYN attack protection is located beneath the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.

Value name: SynAttackProtect

Recommended value: 2

Valid values: 0, 1, 2

Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds

The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

These keys and values are:

Value name: TcpMaxPortsExhausted

Recommended value: 5

Valid values: 0?65535

Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.

Value name: TcpMaxHalfOpen

Recommended value data: 500

Valid values: 100?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.

Value name: TcpMaxHalfOpenRetried

Recommended value data: 400

Valid values: 80?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.

Set Additional Protections

All the keys and values in this section are located under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:

Value name: TcpMaxConnectResponseRetransmissions

Recommended value data: 2

Valid values: 0?255

Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.

Value name: TcpMaxDataRetransmissions

Recommended value data: 2

Valid values: 0?65535

Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.

Value name: EnablePMTUDiscovery

Recommended value data: 0

Valid values: 0, 1

Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmissio

Re:If you're running Windows (or not)? Do this

[CBravo]

And what do you do when all your 10GB fibers are saturated? Nothing an apparatus will solve.

Re:If you're running Windows (or not)? Do this

Ha! The jokes on you. My GB fibers go up to 11!

Re:If you're running Windows (or not)? Do this

P.P.P.P. Hat=> They totally do.

Re:If you're running Windows (or not)? Do this

[Black+Parrot]

And what do you do when all your 10GB fibers are saturated?

If his post didn't saturate his link, he's probably safe against DDOS.

Re:If you're running Windows (or not)? Do this

Read the entire post you replied to. Amazon/MS do it http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907

Re:If you're running Windows (or not)? Do this

[Sardaukar86]

Thank God you so kindly reproduced your fantastic advice here or I might never have seen it!

Re:If you're running Windows (or not)? Do this

Maybe if APK actually made a short simple point, he wouldn't have the problem with people skimming over most of his posts. Odd he doesn't notice how he gets more upmods on short and helpful posts versus downmods on posts that are 90+% redundant, off-topic, or filler that could be summarized in a couple, useful lines.

Re:If you're running Windows (or not)? Do this

If you are so good at dealing with DoS attacks... how come you get DoS'ed by a few lines from trolls?

Re:If you're running Windows (or not)? Do this

Don't like it? Don't read it! You don't like cuz you can't disprove it.

Not innocent

[ElusiveJoe]

Many of the DDOS nodes don't know they're being hijacked for a DDOS. Name and shame an innocent person?

They are NOT innocent. They let their computers be used in stealing, censorship, blackmailing, spam and other evil stuff. It doesn't matter if it is stupidity, ignorance or malicious intent.

If your car keeps hitting other cars you should hand over your license.

Re:Not innocent

[Phyrexia]

Someone remotely hijacks your driverless automobile. They drive it into a coffeeshop. Are you to blame?

Re:Not innocent

Many of the DDOS nodes don't know they're being hijacked for a DDOS. Name and shame an innocent person?

They are NOT innocent. They let their computers be used in stealing, censorship, blackmailing, spam and other evil stuff. It doesn't matter if it is stupidity, ignorance or malicious intent.

If your car keeps hitting other cars you should hand over your license.

Nice analogy, If someone steals my car and then runes into someone I should totally lose my license.

Re:Not innocent

Someone remotely hijacks your driverless automobile. They drive it into a coffeeshop. Are you to blame?

No, you're not to blame, but you're certainly responsible for correcting the deficiencies in your automobile's access/security systems or taking it out of service.

Re:Not innocent

[duk242]

Someone steals your car every night and drives it around, you're not aware of the problem, however someone sees people driving your car and throwing shit at people and lets the police know. The police then pass on the information to you saying "Why is your car out there throwing shit at people at night?"

It is up to you to make sure that your car is properly locked and secured at night, so people can't steal it and take it for joyrides.

Is that a better analogy?

Re:Not innocent

[number17]

You are being ridiculous. This is like somebody smashing your window, hot wiring the car, and then hitting other cars with it. The standard locking mechanisms are good enough to keep the ordinary criminal at bay. Sure you can put immobilizes or wheel locks on the car but those aren't yet standard. If its something that happens repeatedly to you then start looking into more secure prevention methods.

Re:Not innocent

Yes, because you left it in drive and the parking brake off.

Seriously? I hope you were taught in driving school to at least put on your parking brake. Even driverless vehicles have these safety features.

Re:Not innocent

[Black+Parrot]

Someone steals your car every night and drives it around, you're not aware of the problem, however someone sees people driving your car and throwing shit at people and lets the police know. The police then pass on the information to you saying "Why is your car out there throwing shit at people at night?"

It is up to you to make sure that your car is properly locked and secured at night, so people can't steal it and take it for joyrides.

Is that a better analogy?

Could you explain that with a car analogy?

Re:Not innocent

If someone runes it into something you have a viking problem, not a car problem.

Re:Not innocent

[nnet]

Excellent. Internet usage should be a licensed privilege.

Re:Not innocent

[Lisias]

Someone remotely hijacks your driverless automobile. They drive it into a coffeeshop. Are you to blame?

YES.

You are responsible for keeping your car under legal and technical correct operation.

Oh, you car has a manufacturing defect? Sue the manufacturer for damages in order do compensate you for the money you lost due this defect.

Re:Not innocent

[Immerman]

Correction - the ordinary locking mechanisms are good enough to keep basically honest folk from temptation and make opportunistic crimes a little more difficult. Anyone with even the most basic lockpicking skill can open 90% of mechanical locks in less than a minute, and picking the lock is usually one of the most difficult ways to gain entry, you only do it if you don't want your entry to be obvious.

Re:Not innocent

So we can all sue Microsoft for a defective (porous) OS? Yay, sign me up!

Re:Not innocent

[arisvega]

If someone runes it into something you have a viking problem, not a car problem.

If someone runes it, then the problem is dwarfed.

Re:Not innocent

[VortexCortex]

Many of the DDOS nodes don't know they're being hijacked for a DDOS. Name and shame an innocent person?

They are NOT innocent. They let their computers be used in stealing, censorship, blackmailing, spam and other evil stuff. It doesn't matter if it is stupidity, ignorance or malicious intent.

If your car keeps hitting other cars you should hand over your license.

Say I send a bunch of packets all over the Internet. They look like TCP requests created by YOU! Ah, so thousands of legitimate servers reply to the spoofed requests and flood your connection with traffic trying to complete the TCP handshake with you. You collect a list of IP addresses, and report all the IPs. Your report will include everyone from Apple.com to Zombo.com.

Meanwhile, MY IP address is not included in your list at all. Even if I used a network of infected machines to perform this RDDoS none of the IPs of malicious machines will be in your list. So, care to explain why Servers should stop serving legitimate TCP requests? Care to explain why Google.com is evil for repeatedly replying to spoofed packets?

I re-assert the GP's assertion: Many of the DDoS nodes don't know they're being used in the DDoS. Name and shame all the innocent people and corporations? Ever hear of Slander? Of course not, you're an armchair expert.

Re:Not innocent

[egcagrac0]

Excellent. Internet usage should be a licensed privilege.

I think you may be on to something...

Re:Not innocent

If you failed to keep the car patched it is your fault and you should face criminal prosecution. If the automobile manufacturer failed to offer a timely, easy-to-apply patch than they should face the music.

This raises some interesting further concerns: if an automated vehicle outlives its manufacturer, how does society ensure it remains properly secured? Along the same lines, how do we separate essential security updates (a la Microsoft) from poison pills that revoke desired functionality or increase consumer costs against said consumers' will (a la Apple)?

Either way, if our country hopes to remain solvent, shrugged shoulders from individuals who lack an eighth grade command of computer technology can no longer be an acceptable response as the fallout costs from cyber incidents continues to rise and will soon include real humn suffering and loss of life.

Re:Not innocent

[Renraku]

In order for this to be a more fitting analogy, someone has paid someone else to contract 10,000 car thieves to steal 10,000 cars and all come by and fling shit at your house all night. You ask the police for help and they say they can't really do anything because there's goddamn 10,000 cars and they'd have to build a prison in order to house all the car thieves.

But, your home owner's association decides to enact a temporary 'show proof of residence in this area to get through' rule and the shit-flinging is stopped. Some people are mad because now they can't get to your house and buy those yummy pies that you sell, though.

Re:Not innocent

It's a DRDoS attack using open resolvers. They are innocent, because they're providing a service for FREE to the Internet and being abused because of it.

Re:Not innocent

That was a car analogy already.

Re:Not innocent

[shentino]

Just like we can sue the phone companies for spying on us...

Wait...

Re:Not innocent

[ti-85]

Ralph Wiggum, at your service.

Re:Not innocent

[mgcarley]

Or sometimes you'll place your trust in someone else to handle your car appropriately, and then this happens: http://www.mumbaimirror.com/index.aspx?page=article&sectid=2&contentid=201211242012112403425622670b26bda&utm_source=twitterfeed&utm_medium=twitter

Plausible deniability

I keep an old pc in my dmz that is running unpatched windows xp just because of botnets...

Give all the IP's to the RIAA

[toygeek]

Make up some story about how you tracked down a huge network of movie pirates.

Turn off servers and go to the pub

Turn back on when the attack has ceased. Simples!

Simple....

You switch to your backup Internet connection and disconnect the first one. let them DDOS the dead IP address while I continue to laugh at them on 4chan. "Haha you losers are not DDOSing me but some poor sap. What n00bs all of you are"

Works great, they all go way overboard at the foaming of the mouth when they realize they are all anklebiter n00b wannabes.

Re:Simple....

[Firehed]

And how are your website's users supposed to reach you in the meantime? As soon as you switch your DNS to point to the new servers, the DDOS follows. Try again.

If anyone's found a solution better (or more cost-effective) than Prolexic or a similar DDOS-prevention service, do let me know. That's some crazy-stupid protection money we're paying out, but it has proven effective.

Re:Simple....

He already said he goes to 4chan, he doesn't do anything useful with his computer. His backup internet connection is just so he can get to the porn if 1 ISP is down.

A more detailed proposal ...

[Frater+219]

Sites under DoS attack should publish (through a channel not congested by the attack) a list of the IP addresses attacking them, through some trustworthy third party. Then, other sites should subscribe to that list and refuse service to those addresses until they clean up and stop attacking.

For instance, consider your uncle who uses AOL. His computer is infected with botnet garbage and is participating in a DoS attack against (say) Slashdot. Slashdot sends a list of attacking IPs, including your uncle's, to Team Cymru (the third party). Cymru aggregates these and publishes a list, updated every three hours. AOL subscribes to that list. When your uncle goes to check his AOL email, he gets an error: "We regret to inform you, your computer has been hacked, and is being used by criminals to break the Internet. You can't get to your AOL email until you kick the criminals off by installing an antivirus program and running a full scan. Click here to install Kaspersky Antivirus for free. Thank you for helping keep criminals from breaking everyone's Internet. Sincerely, Tim Armstrong, CEO, AOL."

Then your uncle gets mad and calls up AOL and complains. They try walking him through using the antivirus program, but he just curses them out and says he'll go to Hotmail instead. He tries ... but Hotmail also subscribes to the same list and tells him the same thing: "Your computer is infected with malware and is being used to attack other sites on the Internet. You cannot obtain a Hotmail account until your computer is clean. Click here to install Microsoft Antivirus." He gives up and calls AOL back, and they help him get his computer cleaned up. Within half an hour, it's off the botnet; and within three hours, it's off the list of attacking hosts, and your uncle can get his AOL email again.

Re:A more detailed proposal ...

Wouldnt it be more effective to also standardize the process for ddos victims contacting ISPs and getting them to filter the offending packets ?

I.e. an automated way of requesting that packets sent from certain customers to their subnet get dropped for a period of time ?
Just dropping 75% of the offending packets for 20 minutes would make it a lot more expensive to perform an attack.

Maybe such a system could be used to push DNSSEC, by using the same infrastructure to verify block requests.
Would there be any obviously exploitable flaw in such a scheme, if such requests were tied to signed DNS records ?

Re:A more detailed proposal ...

[pepsikid]

Wow, I'm glad you liked my idea I posted above, earlier. However, you shouldn't be blocking anyone's IP address *except* for the victim, as blocking the alleged offender simply begs to be abused in the same way as email blacklists. The system should provide the victim with a means to request temporary protection.

The "We regret to inform you... click here..." won't work though, since it would become what the next round of trojan installers look like.

Re:A more detailed proposal ...

[Zedrick]

There should be a list of ISP's/hosts that doesn't do anything about it. We (my hosting company) usually get DDoSed by turkish IP's from Turk Telecom a couple of times a month, because of random Kurdish websites their customers don't like. I report them all to to the turktelecom abuse address, but it doesn't seem to help much. (the blocked IP's keep trying)

Last couple of weeks some of our customers (using outdated Joomla-installations with security holes) were used for a DDoS against Bank of America. I shut them down as soon as I got the abusemails. And I don't think we should be punished since we can't be held responsible for customers who thinks it's a good idea to use Joomla-installations with wide-open security holes if we do something about it as soon as we get the abuse reports.

I *think* AOL are one of the good guys in this case, I can't remember seeing any DDoS or spamcampaign from their network going on for a long period of time.

Re:A more detailed proposal ...

[Onymous+Coward]

Excellent idea.

You have described the XBL.

The Spamhaus XBL, or "Exploits Block List", is a DNSBL (DNS-served blacklist) that lists IP addresses of systems known to be infected or otherwise being used by malicious parties. ("The XBL is an automatic system whose detectors need to receive email (spam, worms, etc.) directly from the IP address so the connection data can be analysed to determine if it's a proxy or virus-spewer.") The blacklist is developed in a way primarily to be useful in reporting systems exploited to send spam, but the idea is exactly what you're referring to.

Re:A more detailed proposal ...

[Frater+219]

Sure, I know and like DNSBLs including Spamhaus's, but this is a distinct application from XBL. Specifically, removal needs to be rapid in order for it to be useful for rejecting customer Web traffic. That's an engineering requirement that email anti-spam systems don't have, since SMTP is designed to retry for days if necessary to get a message through. Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests; and even though email admins are frequently dense, unresponsive, or victim-blaming, they're still a level above typical users in knowing what the fuck is going on with their computer.

One approach would be to have each DDoS victim continually (e.g. every hour) assert which addresses were attacking it, and only list those addresses which are currently attacking. This way, as soon as a host stops attacking, it will drop off the list. This has weaknesses — for instance, an attacker can use your host all night while you're not using it, without you noticing — but it's still an improvement over what we have today. And it still depends on each subscribing site having a good enough backchannel to the listing service to stay open during the DDoS. Back in the day we'd do it with a dedicated modem line — the bandwidth requirements are really quite minimal — but nobody knows what that is any more.

Re:A more detailed proposal ...

And I'm glad you like the idea behind every anti-spam black list in existence.

Re:A more detailed proposal ...

[pepsikid]

Because I don't like how classic anti-spam black lists work, my idea describes doing essentially the opposite of your spam black list, as blacklisting is rife with abuse.

If any, let alone every, anti-spam black list works the way my anti-DDOS proposal works, please point them out to me. And we're looking for something a smidge more specific than "something that responds to avoid something else".

Re:A more detailed proposal ...

[CBravo]

There are a couple of things that you, as an AS, might want another AS do (for traffic to your AS only):
-use a blocklist of IPs, as proposed above
-use a whitelist of IPs for known good ones (e.g. logged in users)
-use a throttle for the rest (conn/s, bandwidth, etc). Allows for blackholing entirely.

That way you can let another AS do your throttling for you (so the tubes are no longer overflowing). You determine the amount of traffic that you can filter and categorize on your side. You keep adding IPs to the blacklist until the DDoS is no longer effective. One question that remains is how to keep the system (at the remote ASses) limited in size. All this should be temporarily in nature.

So notice that this is very different from a BL. I think it should be executed by the AS maintainer.

Re:A more detailed proposal ...

[Onymous+Coward]

Fast removal may be a requirement that email anti-spam systems don't have, but that doesn't invalidate DNS as a delivery mechanism. You can update your listing at whatever frequency you see fit and you can set low TTLs on the DNS entries. As it turns out, XBL sets a 35 minute TTL. SpamCop's SBL sets 15 minutes.

Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests...

I think you're making a case against using a DNSBL, but I'm not sure how this point supports that.

I'm imagining something like how the XBL is run. Spamhaus is the aggregating, trusted third party. CBL and its multiple hosts, and NJABL and its multiple hosts, and possibly other providers collectively submit attack reports. Spamhaus publishes the result.

In any case, the exact delivery mechanism isn't as much the point as your more general idea is the point. The idea of facilitating individual systems in reporting DDoS attackers, aggregating the results, and publishing the aggregation is a good idea. I saw it as a mirror in essence of XBL etc.

The aggregated list should be data you can analyze and include as you see fit, not a judgement by the publisher, as if the publisher were the authority on whether reports are accurate. The list should state n systems have reported i address as attacking them within t time frame. The list subscribers should be able to score addresses by their own criteria.

Malicious reports by individual systems would be easy to ignore when compared to the many reports of systems actually being attacked. However, the list aggregator would do well to have some kind of trust relationship with the reporters, that is, having some additional verification of the reporters' trusthworthiness. I imagine a scenario where open reporting is subverted by a botnet directed to falsely report attacks.

"Backchannel" availability does seem like it would be a concern, but I don't know enough to speak to it.

Central Clearinghouse for DDOS origin IPs

[pepsikid]

The idea of voluntary email blackhole lists could be adapted here. Victims of DDOS could submit lists of IP addresses that are attacking, to a central clearinghouse, which will analyze the attack pattern in order to determine the most efficient response. The clearinghouse would verify and document which groups of IPs are part of a particular attack in progress, and notify the relevant ISPs in real time. These ISPs would respond by blocking outgoing access to the victim from their network for a time. Whenever possible, they could later contact the offending customer to help them eliminate the bot infection. Botnets could be mapped out instantly, and in great detail. DDOS attacks could be significantly throttled down after just a few minutes. If enough ISPs participated, DDOSers would be left with just the crummy little ISPs to use that don't give a toot. Regrettably, this system could also be used to illuminate any legitimate activity that governments and ISPs frown upon, and the central clearinghouse itself needs to be somehow immune to DDOS attacks.

contributing to dns ddos

Learn more about how open recursive nameservers help enable DNS amplification attacks. A good analogy for open recursive nameservers are the open mail relays of the late 1990's. Someone puts a resource on the internet without locking them down nor caring who (ab)uses them. UDP was fun when the internet was more trustworthy. Now it is the bane of network abuse. It's not just DNS. SNMP is also a frequent attack amplifier that anonymizes the true attack source. The only ones worth naming and shaming are cost-shifting ISPs that don't yet implement SAC004 (aka BCP 38). The lack of source address filtering is what enables anonymous forged UDP attacks to be successful.

If your ISP or Colo provider operates an open recursive nameserver, ask them why. It's no longer acceptable to be ignorant of the detrimental effects they have on the Internet as a whole versus the minor benefit that could easily be served responsibly by OpenDNS or Google DNS.

Re:contributing to dns ddos

[Onymous+Coward]

Edge filtering sounds like an important thing to implement.

What about general egress filtering? How feasible is that?

ooh! I can call the sheriff!

[swschrad]

who will say, "uh, what? if you got a dose from somebody, you want public health."

well...

now im not a hacker, but i work with a security specialist
we run network traffic view and see what kind of ddos it is, and if its traceble. usually not, especially if its a UDP flood. sometimes we can look at a specific ip thats attacking (of the many) and port scan it and see if its a botnet or a shell or something hidden by VPN. sometimes there are tcp attacks that show the ip and that makes that possible. you can even DDOS some of the attackers, see if you cant break down some of them. if your not getting a super large ddos, you might even be able to lock down the whole ddos with a counter ddos, if you have a hacker on your side. this can get really nasty and legally grey as well

but to be terribly honest, social engineering might be more effectual as many hackers are someone who has been a customer or user before, or a competitor, and they often have some kinda agenda. police might be of help, but you need to know their true IP and get their address, and call the cops in that area. with a DDOS, usually anyone worth their hacking skills will use UDP which is hard to trace.

if all else above is not applicable (and its probably not) you can wait it out, or even change your DNS or IP and somehow get traffic to it, without the hackers being alterted.

a really sad aspect of the internet is Low Orbit Ion Cannon (dirt simple ddos for noobs) and many "security tester sites" (pay for ddos)
with this you can even have scum that are Sub-Script-Kiddie hacking you.

Re:well...

Hack with UDP and IP spoofing? Tell me, how does one "hack" when you don't get any responses and can't receive data from the target? Isn't that like a person with no sense of sight, sound, or touch, trying to break into someone's house?

Have the ISP handle the attack for you

[frambris]

We were once DDoSed and we first called our colocation guys (that also manages our firewalls) if they could do it, the technician could do nothing. They called their ISP and they quickly found that the majority of the traffic came from countries we don't do business in so they simply blocked (or routed away) traffic from those countries going to our net and the site became instantly accessible again. The ISP has an anti-DDoS service that does this automatically based on some threshold magic. This is a service we are going to get.

Re:Have the ISP handle the attack for you

They shoud get a medal for ACTING like an ISP. with brains thank you!

Not useful most times

[damn_registrars]

Most of the systems involved in distributed attacks are not intentionally willing participants. They are generally part of a botnet, belonging to unknowing owners and controlled by uncaring masters. Shame them all you want but that won't make them go away.

Yup... "blackhole/null route" them... apk

I covered it here -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

* Plus, a LOT MORE a Windows setup can do...

APK

P.S.=> Only 'problem' with using the route command is, it's a commandline driven one. Personally, I'm surprised nobody's built a GUI commandline model to 'automate' it (or a script). It's probably been done script-wise though, since IF I can think of it? Someone else has (there is very little "original thought").

Hardest part? Acquiring the list of attackers - since in a DDoS they come by the 1,000's @ once.

(However, & again: That's also what scripts are good for too, in parsing out & extracting pertinent information from program outputs)...

Once you get that?

You put it into a list construct & then feed it to the automating program via a loop for the route command itself... & you've blackholed them, enmasse!

... apk

Re:Yup... "blackhole/null route" them... apk

You have to blackhole them upstream of your link or it wont do anything genius.

Annoying but not serious

[Animats]

I've had sizable amounts of junk come in from China Telecom DSL class C blocks in Shenzhen. It's obviously a botnet. Amusingly, by changing what the attackers get back, it's possible to slowly influence their behavior. The zombies just send blindly, trying SMTP and PHP attacks, and they continue to send even if they get no useful response. But after a few days, some control node notices that the botnet isn't accomplishing anything and stops. Except that a few zombies don't get the word and continue to send the same junk.

The resource-consuming API requests on our system go through a fair queuing system, so that many requests from the same IP address queue up behind each other and don't consume much in the way of resources. At one point, some grad student was trying to use the API, and they were doing it ineptly, sending hundreds of thousands of initial requests without ever making the followup call to get the results. This built up a huge work queue, but the fair queuing meant their requests had lowered priority and weren't impacting real users. After a few days of this, I blocked the IP address for 24 hours. After unblocking, the requests reappeared. So not only was the requester inept, they weren't paying attention to their own program. So I wrote to the department chair at the user's university, and after a few more days, the API calls stopped.

Re:Read the rest of it (especially my 'p.s.')... a

[Sardaukar86]

If you actually had a clue about this stuff you wouldn't need to re-post your drivel time and again.

Thank-You (I *think*)... apk

All I know is, it works & is entirely 'doable'. Amazon & MS do it -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

* You know, though you & I have "had our differences" here in the past? I was PRETTY SURE you had this level of 'know-how' down...

(In that case - you're probably just being 'facetious', & that's ok too... it's Christmas!)

APK

P.S.=> Nice part is - It gave me an idea to automate the route command's functionality too actually (first in a shell/spawn to test, & then to actually reproduce it via the Win32/64 API directly), into a loop-thru-list of attackers, to null route them.

(E.G./I.E.-> 1st acquire the attacking IP addresses, even if by the 1,000's from say, router logs, of course - so you can 'blackhole route/nullroute' them, enmasse)...

That wouldn't be "tremendously hard to do", not really... & since it isn't?

I am of the opinion that others probably HAVE DONE SO, via scripting languages like Python, for example, since there truly is VERY LITTLE "original thought" & this is PRETTY OBVIOUS actually, as to automating it vs. DoS/DDoS attacks!

(I can see admins using scripts for it, architected PRETTY MUCH like I just laid out, & Python makes things very easy for network admins & isn't as difficult as doing GUI work in languages like C/C++/Delphi etc.-et al, even if done in RAD environs)

... apk

Re:Thank-You (I *think*)... apk

Python makes things very easy for network admins & isn't as difficult as doing GUI work in languages like C/C++/Delphi etc

WTF?

null route the ip being attacked?

[detain]

null route the ip being attacked?

I'll have to be more explicit, see this link...

Thought I covered that much here -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

(When I noted you need multiple addresses etc. since putting up a perimeter system could do that, BEFORE production servers)

* Guess I'll have to be more "explicit" when I post it again in the future... that's all!

APK

P.S.=> Sometimes, I assume too much on the part of readership, knowing that & other facts FIRST, as well as I & don't express myself as well as I should is all... Especially after that amount of typing or edits!

... apk

Re:I'll have to be more explicit, see this link...

You covered a bunch of techniques on a windows machine that would increase the damage done by a ddos and nothing to do on the routers. go die in a fire

DNS DDoS is new school

[sgt+scrub]

Most packet based DDoS attacks (SYN|FYN|ACK|ICMP) floods do not require a return packet. The source address is always bogus. Reporting it is a joke. New fun and exciting targeted DDoS attacks use improperly set up services/daemons. In this case, recursive lookups on DNS servers are the cause. IMHO, If someone has a fast connection and doesn't disable recursive DNS lookups they should get a warning. After tha,t publishing their whois information on a web site would be a great way to motivate them.

Reduced to "impersonating me" now, Mr. Bastida?

Give me a break! I post what to do in detail vs DDoS here http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

* I guess Jorge Bastida, alias erroneus, isn't happy with my exposing him attempting to BLACKMAIL others here -> http://slashdot.org/comments.pl?sid=2261720&cid=36545928

APK

P.S.=> It only shows me how LOW you really are, on all fronts, fatass -> http://slashdot.org/comments.pl?sid=3335159&cid=42371769 ...

... apk

Re:Reduced to "impersonating me" now, Mr. Bastida?

"fatass"? The real APK has never been so crude. It is obvious you are impersonating APK, despite trying to act like your the one being impersonated, because everything else you tried gets you bested by APK.

"Geek angst" got the BEST of you, fatboy?

Impersonating me too here -> http://slashdot.org/comments.pl?sid=3339513&cid=42390817

Clue: I post what to do in detail vs DDoS here http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 & in this very thread, long before YOU ever posted!

* I guess Jorge Bastida, alias erroneus, isn't happy with my exposing him attempting to BLACKMAIL others here -> http://slashdot.org/comments.pl?sid=2261720&cid=36545928

When he gets defeated for his lack of computer skills, big mouth, and trolling... along with the above.

(Reprehensible little fatboy trolls, like you? All the same... you make me laugh!)

APK

P.S.=> It only shows myself or anyone else reading here just how LOW you really are, on all fronts, fatass -> http://slashdot.org/comments.pl?sid=3335159&cid=42371769 ...

... apk

Re:"Geek angst" got the BEST of you, fatboy?

You've been called out as the real impersonator above. How ironic you speak of geek anst, when it is all you show when failing to impersonate APK.

Computer Fraud and Abuse Act

[tepples]

Would "I have evidence that a computer system that I operate is being abused in violation of the Computer Fraud and Abuse Act" be any clearer?

Re:Computer Fraud and Abuse Act

[WGFCrafty]

Would "I have evidence that a computer system that I operate is being abused in violation of the Computer Fraud and Abuse Act" be any clearer?

And then they send you to the FBIs computer crimes division, since the evidence you have is that it is being carried out by computers all over the country and probably world? What happens next? What are the general steps one uses to report an attack? get it stopped? mitigate risk?

Provisioning for the worst case

[tepples]

Amazon &/or Microsoft pretty much can, & actually DO, vs. such things (amazon's setup for that, but not directly - it was MORE for being "proof" to "holiday shopping 'rushes'" but it works out the same for them, vs. DoS/DDoS too - "bonus!")

If you actually had a clue about this stuff you wouldn't need to re-post your drivel time and again.

I think APK's point here is that Amazon and Microsoft provision their networks for the worst case of traffic that they can imagine, and then they sell the excess capacity back to the public as virtual servers.

CloudFlare

[tepples]

As soon as you switch your DNS to point to the new servers, the DDOS follows.

Then switch your DNS to point to a huge caching proxy such as CloudFlare. See previous Slashdot stories mentioning CloudFlare (1) (2).

Google open DNS vs. non-Google open DNS

[tepples]

How does Google DNS not have a detrimental effect while other services comparable to Google DNS do?

Re:Google open DNS vs. non-Google open DNS

How does Google DNS not have a detrimental effect while other services comparable to Google DNS do?

The big organizations put in the effort to add heuristics to mitigate common attack patterns.

A frequent recipient of attacks is CloudFlare. Partly out of frustration with continual
attacks and mostly to inform people about the problem of open recursors, Matthew
Princ at CludFlare wrote a blog article:
      http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack

He answers your exact question with an anecdote:
    we see virtually no attack traffic from large, public resolvers like OpenDNS
    and GoogleDNS. While these recursive DNS providers do accept requests
    from any IP, they have intelligent rate limiting setup in order to prevent abuse.

Re:If YOU actually HAD a "clue" @ all?

(Vs. Sardaukar86's comments of "if anyone cared" about what I write here? Well - 100's of upward mods made you "eat your words"... you couldn't ARGUE WITH THE NUMBERS, that outnumbered your 'opinion' by MANY orders of magnitude... lol!)

So, if the numbers only matter, what about the 100s of posts with downward mods, do those outnumber the opinions of your supporters by orders of magnitudes. And if you think you are downmoded by trolls, how do we know you aren't also upmodded by trolls too?

Not my point (but, possible)

My point was to merely show there ARE working solutions is all... it's Christmas, & I feel for anyone going through it (if they didn't instigate it that is).

APK

P.S.=> Could & DO they sell off excess capacity? Afaik, AMAZON pretty much does with their 'cloud' services & what-not!

(Feel free to correct me here, I am not an expert on them, nor do I utilize their services in any capacity personally in that way, other than buying from them on occasion)...

... apk

Re:Not my point (but, possible)

[CBravo]

And my point is that you need a s*** load of bandwidth, in excess of 100GB, to even start having a usefull model (i.e. filter bad traffic). That is expensive.

Remember that a DDoS is either started by vigilantes such as Anonymous or by botnet operators. In the first case you probably know you could be targetted and probably have the resources to prepare. In the second case, this is what happens: You have a medium size business that is doing well. You get an email saying that you should pay 50.000 dollars in an hour. You don't. Website goes down. At first they find some weak link such as SYN which you fix. After a while, to keep the DDoS effective, the botnet operator changes method and always ends up filling your tubes. It is the botnet operators job to ensure his DDoS works and he has done it more often than you.

The only thing left is asking other network operators to filter traffic for you. Maybe our networking technology should advance to be able to counter this kind of abuse.

Re:Not my point (but, possible)

Hey fatass, being fat is supposed to make it hard to type, not make it hard to read what APK already wrote. Maybe you need to wipe the pizza grease off of the screen before replying to APK next time.

Re:Not my point (but, possible)

Not to worry. They can't say apk's points here aren't right http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

WRONG - 2 links I posted do you in again... apk

"You covered a bunch of techniques on a windows machine that would increase the damage done by a ddos" - by Anonymous Coward on Tuesday December 25, @11:14PM (#42392105)

No, wrong again - those are KNOWN DDoS mitigating IP stack parameter settings that help vs. DDoS/DoS.

See the Microsoft link I posted in my initial post again, troll -> http://msdn.microsoft.com/en-us/library/ff648853.aspx

FAIL #1 of 2 here, & I see you're posting as AC... figures - you know you failed, & are just 'trolling' (some people have no lives, no class (even on Christmas))...

---

"and nothing to do on the routers. go die in a fire" - by Anonymous Coward on Tuesday December 25, @11:14PM (#42392105)

WRONG AGAIN: See my subject-line, & this link I posted in my init. post:

http://en.wikipedia.org/wiki/Null_route

PERTINENT QUOTE/EXCERPT:

---

"Null routing has an advantage over classical firewalls since it is available on every potential network router (including all modern operating systems), and adds virtually no performance impact. Due to the nature of high-bandwidth routers, null routing can often sustain higher throughput than conventional firewalls. For this reason, null routes are often used on high-performance core routers to mitigate large-scale denial-of-service attacks before the packets reach a bottleneck, thus avoiding collateral damage from DDoS attacks â" although the target of the attack will be inaccessible to anyone. Blackhole filtering can also be abused by malicious attackers on compromised routers to filter out traffic destined to a certain address."

---

FAIL # 2 here: "2 for the price of 1", troll... lol, you're "on a ROLL, troll"!

---

Also - Have you ever used netconfig in Linux on a MULTI-HOMED server with a subordinate subnet it routes packets to?

It can act as a router or firewall via a multi-homed system.

I.E.-> You set it "front-facing" to your subnetted network and it works as a firewall of sorts to a subnet from a multihomed Linux system (you allow/disallow what comes in etc. easily using it).

In fact - It is MUCH like the technique I am describing in fact, by dropping packets via a programmatically automated routing command.

I'd test it via a spawn/shell first - then, go at the necessary IP code via Win32/64 directly (instead of spawning a route commandline primitively as a front-end to it only).

* It wouldn't be TOUGH to make such a program either... & you wouldn't NEED a router - just a computer you have lying around pretty much (vs. DoS/DDoS).

E.G./I.E.-> Once you obtain the attacking IP addresses from a router log or even a netstat command you parse out the needed info. from (attacking IP addresses), you put them into a list, iterate thru it with a loop, automating the route command directly (ala spawn/shell, primitive but would work as a front-end + backend system between the 2 programs).

Just an idea...

APK

P.S.=> I may write this up as my next freeware to release... who knows! Wouldn't take me long @ all...

... apk

Your opinion = Unfounded & unsubstantiated

"Maybe if APK actually made a short simple point, he wouldn't have the problem with people skimming over most of his posts." - by Anonymous Coward on Tuesday December 25, @11:30PM (#42392167)

There IS no "short & sweet" with what I posted - it demanded detail on an important subject, which you are NOT on topic on by the way.

I.E.-> My post was just trying to HELP here is all. It's Christmas too, why not!

---

"Odd he doesn't notice how he gets more upmods on short and helpful posts versus downmods on posts that are 90+% redundant, off-topic, or filler that could be summarized in a couple, useful lines." - by Anonymous Coward on Tuesday December 25, @11:30PM (#42392167)

Ahem: Do you have PROOF via a list of links of such downmods of mine you say I get?

For all anyone knows? YOU applied them if you did... anyone can do that... See Mr. Bruce Perens on THAT note, here:

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30 2010, @03:55PM (#33089192) Homepage Journal

FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192

(It's the SAME as HBGary got caught doing, or the Chinese Water Army)

Additionally?

Yes, I have caught trolls in the act doing that very thing on /. here (one completely LEFT here in fact afterwards), in TomHudson = Barbara, not Barbie - everyone knew it, the idiot used the SAME email on both accounts for a long time).

So please:

DO Produce your list of proof (be FAIRLY warned I am setting you up like a BOWLING PIN though, trust me): Let's see how off-topic these posts of mine you speak of were...

In return response?

I will post 100's of upmodded posts I've gotten here (hard for us AC posters since we start @ ZERO, not 1- whatever registered 'lusers' do)... it's exactly what I do vs. statements like yours, everytime... & it works. Unlike you? I produce fact, not fictions.

We'll compare & "do the math"!

I will also produced posts from trolls like yourself threatening to do it via TOR (webmistressrachel) in downmodding ALL OF MY POSTS when they can!

( & yes, to collect them up on her part (she was "in" with tomhudson/barbara, not barbie & tons of proof of that exists via their 'trolltalk.com' domain & here too)).

Again, per my subject-line above: Without said proof from you, YOUR 'opinion'? Unfounded, & unsubstantiated.

Lastly, per our topic here?

I offered every & ANY way I know of to mitigate it. Did you do so? No! Thus, you prove yourself an OFF TOPIC TROLL, & "pot calling the kettle black"... fool.

APK

P.S.=> IF the "best you've got" is replies like that? Go have a drink since it's a holiday... it'd be more productive on YOUR part, instead of offering your helpful suggestions"

Re:Your opinion = Unfounded & unsubstantiated

No need to compile a list of downmodded, off-topic BS, looking at this thread is enough. This isn't changed by you having to dig through months or years of topics to cherry pick a few lucky ones (or ones you modded up yourself, since apparently people use TOR to mod and post the same thread... can't trust mods after all).

blackmailing + being a fatass = no way to live

erroneus is a fatass. His words show that http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 it's just truth. Seems he likes to blackmail others too http://slashdot.org/comments.pl?sid=2261720&cid=36545928 again with his own words in a post of his.

Re:blackmailing + being a fatass = no way to live

Doesn't matter, your impersonation and trolling of APK is far lower than having an eating problem. Considering how horrible your typing is, maybe you have fat fingers and are just projecting.

Re:blackmailing + being a fatass = no way to live

Go eat some donuts erroneus ya fatass blackmailer. Hahahaha.

Re:blackmailing + being a fatass = no way to live

Your pathetic attempt at insults makes it that much more obvious that you are just erroneus posting AC trying to make the other side look bad. APK already caught you impersonating people once, don't make him do it again.

Re:blackmailing + being a fatass = no way to live

Your pathetic attempt at not being a bloatboy fatass blackmailer are funny http://slashdot.org/comments.pl?sid=3339513&cid=42392385 but there is no escaping lousy genetics, is there, fatass? Hahahaha, no escape.

Re:blackmailing + being a fatass = no way to live

Taking up imitating other posts now erroneus, can't think of anything new to say without APK replying?

You've been called out as a fatass blackmailer

erroneus you're embarassing yourself posting ac now. Isn't being a fatass enough? And, you are, a fatass. Your words show that http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 it's just truth, not libel like you also have done here. It appears you also like to attempt blackmail others too http://slashdot.org/comments.pl?sid=2261720&cid=36545928 and I am sure libel before that too. Once more, that's just your own words in a post of yours as proof of it.

Re:You've been called out as a fatass blackmailer

No wonder APK always beats you in arguments, you can only resort to name-calling.

Re:You've been called out as a fatass blackmailer

erroneus, try slimfast for your fatass. blackmail though? You're low.

Re:You've been called out as a fatass blackmailer

You get called for doing nothing but name-calling, and then respond with name calling? How do your own feet taste when you stick them in your mouth every time you try to speak?

Re:You've been called out as a fatass blackmailer

Slimfast fatass bloatboy erroneus. You need it. Hahahahahaha

Re:You've been called out as a fatass blackmailer

Strike two erroneus, are you going to swing again?

Re:Yo opinion = Unfounded & unsubstantiated

Re: Cats in a thread on magnetism

Re:1 post? What's your point?? apk

You think admitting it is off-topic means no one would have modded it off-topic before now?

Re:1 post? What's your point?? apk

Someone looks like a sore loser.

Re:1 post? What's your point?? apk

You're the only sore loser, as anyone else can see, APK wins every time you open your mouth.

It's truth, that's all... apk

Pretty much true: Python is written in C++ iirc.

It is also FAR easier than doing C, C++, or even Delphi for SIMPLE scripting - less declarations work up front (top of code basically in them vs. Python (& to me? Python's no more or better than a simple scripting tool vs. a FULL BLOWN programming language that has FAR more ability & power, such as those I noted)

---

Yes- especially since it was designed thus, to be easier, vs. C or C++ "difficulty" in many folks eyes...

Personally?

I don't see it, when folks "knock" C or C++ for "complexity"... I really don't! Well, unless you took them BOTH & in the order I did (C first, C++ after).

C++ *might* be tough when you start doing "more advanced" stuff (i.e. - stuff I haven't done @ least in C++, because I never did it all, & certainly NOT what's in the new C++11 standard, but I would like to try it in the new RAD studio by Embarcadero which does both Delphi & C++ Builder...) OR if you took C before C++ (which I did in academia).

C & C++ were what I started on too, way, Way, WAY back... decades ago. I am fairly USED to them for pretty large projects & yes, smaller scale apps too.

---

However also - I think Delphi's better in a LOT of ways, save for having a single inheritance model (vs. multiple inheritance based like C++, which I think is mere esoterica actually - what REALLY uses it, and does everything? Hell no)

Plus, I can produce have tests that show it in fact in performance where Delphi ROCKS Microsoft Visual C++ from long ago!

(Ask if you want to see or verify this - I will produce it from a trade journal for computing from the past for Win32 coding).

---

However - Python? It is JUST not as capable (as the other 3 languages I noted...).

Case-in-point: Can you create a driver in Python? Not afaik!

* HOWEVER - You CAN in the other languages, & I've programmed all 3... and MANY others (nearly a dozen iirc) since 1982.

(Python usage for me? LOL, well - It was only to try what you noobs are using lately though - one MUST "put his hands onto something" first, before one can fairly comment on it, after all!)

APK

P.S.=> Here's an example, lol, JUST FOR YOU (which can be reduced to a single line, ala -> print "troll bs here"[::-1]) (minus error handling, & I don't write code without it in ANY language - speed tradeoffs aren't worth programmatic stability)):

An application of... "ReVeRsE-PsYcHoLoGy" - 4 off-topic trolls like you:

"?FTW" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Sunday July 10, @06:32AM (#36710070)

"???"

Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?

---

* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!

Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!

("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):

---

#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)

def reverse(s):
    try:
        trollstring = ""
        for apksays in s:
            trollstring = apksays + trollstring
    except:
        print("error/abend in reverse function")
    return trollstring

s = ""
print reverse(s)

try:
  s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
  s = reverse(s)
  print(s)
except Exception as e:
  print(e)

---

... apkb

Re:It's truth, that's all... apk

The "WTF?" was in reference to GUI work in those languages being difficult. If you find it any more difficult to do GUI work than scripting in Python, you are doing things wrong. But you seem more interested in talking about trolling that actual computer topics.

Re:1 post? What's your point?? apk

At least I don't cry about it for 10 pages of links and crap no one cares about.

Fail2ban

[kefler]

Why not install fail2ban instead of this verbose description of script hacking??

Re:Fail2ban

fail2ban won't help a saturated connection.

Re:Fail2ban

[kefler]

Wat? FTA:

"The fact that the noisemakers kept coming anyway lead me to a rather obvious conclusion: Any IP address that generates a 'denied' response from our name server is up to no good, and can legitimately be blackhole routed at the Internet-facing interface. Implementing the solution was (no surprise) a matter of cooking up some scriptery, including one that tails the relevant logs closely, greps out the relevant information and one that issues a simple route add -host $offendingip 127.0.0.1 -blackhole for each offending IP address. My users reported vastly improved network conditions almost immediately"

Sounds like reinventing fail2ban to me.. and writing an article about it. He even says what really worked was 1) removing the domains from his named config and 2) refusing to talk to the IP's that were obviously DDOSing.. #2 is what fail2ban does automatically and dynamically..

Re:1 post? What's your point?? apk

That is more like 10 pages of getting your butt kicked, ten pages of win. Maybe you should look more closely at the post instead of just going "tl;dr."

Re:1 post? What's your point?? apk

Oh my, I actually looked at the links this time around, and I am so sorry to have wasted your Christmas evening. I just finally noticed how much up-modded posts APK has, as I thought he was just kidding. Apparently his posts are exactly what people here need, and are not off-topic or too long, and I was wrong to argue otherwise.

Do the math: 235 1... apk

You fail troll, see subject-line above per this challenge http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311 I put to you... can't you read? Apparently, you are ILLITERATE as well as weak in math!

I also produced what I said I would in a partial list of my favorite upward moderations here on this site, & you by comparison?

LMAO - 1 post where I admit I was off topic (but so was the person I replied to, it was fun banter about cats).

That post? Please - Again:

You probably JUST applied a downmod to since that thread is STILL LIVE... lol, do you *think* you're "fooling" anyone, troll?

Please... lmao!

* Your flurry of posts now additionally only show you fail, or YOU cannot do math (see above)... because 235++ upmods or so for me, vs. that single post "doth not equate to a 'win' for you off-topic trolls"... & you ARE off topic.

APK

P.S.=> So far? You FAIL... badly!

... apk

Appology accepted

I accept your apology and am happy that you see where you went wrong. YOUR opinion was unfounded, and was easily shown wrong by numbers.

APK

P.S.=> You can consider this a Christmas gift, I kept the post "short and simple" instead of pointing out how foolish you've been and how easy it is to show you are wrong.

"Impersonating me" (learn to spell too please)

You're a fool troll... too bad you failed to meet my challenge -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311 IN THAT YOU ARE CLEARLY UNABLE TO PRODUCE 236 OR MORE DOWNMODS OF MY POSTS, vs. my list of upmods.

* Now, you just KNOW I've just GOTTA say it. as-is-per-my-own "inimitable style":

THIS? This was just "too, Too, TOO EASY - just '2ez'" & it always is vs. trolls that are reduced to such puny easily seen thru machinations... like impersonating me or trying to!

(Talk about "giving away" you're "on the ropes" & blown away, troll... lol!)

APK

P.S.=> You're not even ORIGINAL in your trolling, for Pete's sake, lol...

E.G.-> Do you know how many of these "attempts at impersonating me" I have archived in my bookmarks?

I've actually got to see (wait)... 155!

So please - At least have some creativity... I do realize you're a limited trolling dolt, but please - be original @ least in doing so! Lmao...

... apk

Re:"Impersonating me" (learn to spell too please)

We know who the real APK is an obviously you are not it, as he has talked many times about how he does not call people out for spelling and you can use that as a way to tell who is trying to impersonate him. The fact you impersonate him complaining about being impersonated all the time just makes it all the more sad.

Re:"Impersonating me" (learn to spell too please)

We do know the real apk. apk's on topic http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 You are not troll.

Re:1 post? What's your point?? apk

apk's not crying, he's laughing at you troll. You fail his challenge here http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311 and you can't produce proof of your words, showing more downmods of his posts than his upmods here for an ac that is a lot of them since it is tougher for them to get by a long shot versus registered lusers http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 ? You fail again, troll. His post is on topic here too http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 you are not as usual. Once more you double fail.

Re:1 post? What's your point?? apk

I saw it too where apk posted his favorite upmods list http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 and the off topic trolls can't meet his challenge and back up their words saying he has more downmods than up mods where he made a fair challenge to the trolls to back up their words and they failed it here http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311 and the trolls can't handle it.

Re:1 post? What's your point?? apk

True. Apk provides proof of his upmods http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 versus the troll saying he's downmodded for long posts he does that seem to do well here on this site http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311 and trolls failed a simple challenge. So much for slashdot trolls that can't backup their words.

I'd have to write more lines of Delphi

To do the ReverseString work, for starters... or in C/C++, strrev, for the reasons I noted (and, I'd have to layout the GUI too ontop of it). More code needs to get laid out, as well as the gui.

I don't find ANY of them difficult though, not for the most part... see my 1st post, I did state that much. Especially about C or C++ which many 'bitch about' being 'too hard' etc./et al.

Plus - In languages capable of producing drivers and entire operating systems like C/C++ & Delphi can do drivers via the DDDK?

They ARE more capable... point-blank, bottom-line, fact!

QUESTION: Can Python do drivers &/or Operating Systems?

Not afaik. It is LIMITED, but made easier to work with, than what it was created in, in C++ iirc.

* For simple scripts, I've found that experimenting with Python to see how "today's noobs work" is pretty ok, but it is LIMITED as hell!

Could I do commandline/tty/DOS Window/console mode apps in Delphi or C/C++?? Sure...

However - Again, it'd be more lines of code (partially generated by the IDE in some cases, others not, but still more lines, but FAR more powerful languages overall, by far, vs. Python).

(Especially vs. C/C++ &/or Delphi, which are my favorites over time).

---

"But you seem more interested in talking about trolling that actual computer topics." - by Anonymous Coward on Wednesday December 26, @01:36AM (#42392623)

Oh, really? See this post, it IS about THIS TOPIC of this article's thread replies -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

Now, are ANY of YOUR REPLIES on topic here? Answer that...

Ah... lmao - You fail, you know it, now... go away, "shooo" little troll (before I spank you even more, lol).

Especially since 1 of my favs (since I was only coding python for MAYBE 1 week @ the time shown below) was about & ON HELPING PYTHON PEOPLE code properly (many there couldn't get what I showed them right there)... shows that NOOBS use Python, imo!

APK

P.S.=>

"The "WTF?" was in reference to GUI work in those languages being difficult. If you find it any more difficult to do GUI work than scripting in Python, you are doing things wrong." - by Anonymous Coward on Wednesday December 26, @01:36AM (#42392623)

Hmmm... For a guy in myself "doing it wrong"? I've done pretty ok in this art & science over the years from a partial list of only SOME of my 'favorites' on that note, shown below next...

See below (have you done more or better, & earlier also):

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC

Re:I'd have to write more lines of Delphi

So... basically you agreed with the other AC that doing GUI work in those languages takes more effort, then went one to complain about how Python can't be used for drivers, etc. which has nothing to do with that?

Re:I'd have to write more lines of Delphi

I'd like to know why you avoid apk's questions here http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392783

Re:235++:1? Oh, I think so... lol! apk

There is a quote you should see from a Bruce Perens:

It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed.

How can we trust modding in this day and age of sock-puppetry? All of those mods could just be done by some sock-puppet accounts, or one of the many trolls that mod your posts up so other trolls can see them better.

Re:235++:1? Oh, I think so... lol! apk

You would think if he were modding up his own posts, he would get more than 2 +5 posts a year. It is easy to get two +5 posts in response to a single story even if you know nothing about it and are completely wrong. Getting dozens of -1 posts in a single thread though, that takes special skill.

Re:235++:1? Oh, I think so... lol! apk

It is obvious you are just some troll arguing with yourself because you can't argue with any of APK's points. Once he has beaten you by arguing with simple numbers, you give up and try to make it look like there are multiple ACs supporting your position.

Re:Your words vs. 100's of upmods for me?

.. while guys like me banged your woman and made you WATCH, lol...

Well, you kind of blew it there didn't you troll. You think people would think the same person who posts Bible quotes and talks about having good time with neighbors would resort to being that low? You would have to do a lot more than imitate APK's intimidating style to make people think you are actually APK.

Eat another jelly donut fatass

You're off topic and a digusting no dick fatass http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 whereas the person you are insulting in apk is on topic and with a useful post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741 you failed blimp. Your whole life's a fail when you let yourself turn into a bloatbody pig.

Erroneus: Do something with your life troll

Instead of being a fatass (you said it) and "ne'er do well": When you can show you've done MORE, BETTER, & EARLIER than I have in the art & science of computing (per this TINY only partial list of some of my favorites over timeshown below)?

Then, you *might* have a point... after all: Consider it a challenge... even possibly exercise & YOU NEED IT (lol):

LMAO - Plus, despite your off topic trolling & comments on me?

Well... What I've done & accomplished?

It's better than letting yourself turn into a walrus LIKE YOU, after all... lol, fact!

OR

A blackmailer like you've shown us all you are -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 as well!

---

(Is THAT all you have when 'the chips are down' fatboy? See subject-line above).

---

* Man... lol, I woke up VERY early today to see just where this all devolved to from that off-topic troll erroneus the BLOATED "ne'er-do-well" attempting his usual "last resort of trolls", the ad hominem attack (parent to this post)..

Well, you brought it on yourself erroneus...

Especially the 2 challenges to you I issue here now to you (show you've done more/better/earlier in computing than I have, + disprove my points on hosts files)

Since you're also trying to put me down on grounds in the art & science of computing?

Especially on HOSTS files??

How come you couldn't disprove my points on them???

I'll also gladly put them up, with work I have done that I can SHOW in programs for it below (whereas you cannot do the same)...

YOU get past the challenge of showing us you've done better than I in computing? Just to burn you more, I'll put up points on custom hosts files usage that help users on MANY levels. You are FREE to disprove them.

You do THAT?? Well... lol, I'll even BUY YOU some slimfast as others suggested you eat vs. donuts... lol!

However - YOU? The trolling blackmail attempting fatboy likes of you??

No way. YOU can't do it, & I know it, YOU KNOW IT, anyone reading knows it.

What I've managed? Hey - It's better than being a fatboy who can't handle I smoke him constantly... & who resorts to blackmail when "hurt" (you bring on yourself fool).

APK

P.S.=> Since I am what you say I am erroneus?

Well, tell you what then, again:

You show us you've done MORE, BETTER, & EARLIER than I have & as on as many levels in the computer sciences than I have (per an only small partial list of my favorites below, that I suspect I accomplished in computing WHILE the 'trolling likes of you' were STILL IN DIAPERS - lmao: DOUBTLESS "extra huge size" for a DISGUSTING BLIMP like yourself):

---

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE

Re:Erroneus: Do something with your life troll

That quote is from 1 Corinthians 15:10. Maybe you have a few more steps to go before comparing yourself to an apostle.

Re:Erroneus: Do something with your life troll

http://slashdot.org/comments.pl?sid=3339513&cid=42393023 I'd like to see erroneus meet that challenge apk put to him there after erroneus' starting up trouble with apk.

Re:Erroneus: Do something with your life troll

I would like to see someone who is really OCD and meticulous about quoting people get it right when quoting the most quoted book.

Re:Erroneus: Do something with your life troll

No, APK already called out your geek angst issues. Now you are just showing have one of the worst sources of geek angst ever created: studying the Bible and thinking it is actually relevant. Don't take it out on others, like APK, when your book doesn't live up to its promises.

Re:Erroneus: Do something with your life troll

Holy shit.. you needs therapy so badly it hurts me to read this.

LMAO - WoW: I just woke up to see this

I said all that needs saying or doing here http://slashdot.org/comments.pl?sid=3339513&cid=42393023

* :)

(Especially vs. a trolling off topic lardbody blackmailer like erroneus proved himself to be -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 , in his own words & links he posted no less... I get to prove he's also a "ne'er-do-well" as well as an off topic illogical failing ad hominem attack attempting fatboy too! BONUS... lol!)

APK

P.S.=> Let's see erroneus "take a swing" @ that & the two challenges I put to he there for his off-topic trolling + failed attempt @ ad hominem attacks on myself (as well as attempts @ impersonating me here that I caught last night -> http://slashdot.org/comments.pl?sid=3339513&cid=42391957 )

THIS? Well, since he brought it on himself as per his trolling usual, you just KNOW I've just GOTTA say it, as-is-per-my-usual "imitable style"?? This was just "too, Too, TOO EASY - just '2ez'"...

... apk

Woke up early today (lmao @ this, but...)

Once more - I said all that needs saying or doing here http://slashdot.org/comments.pl?sid=3339513&cid=42393023

* :)

(Especially vs. a trolling off topic lardbody blackmailer like erroneus proved himself to be -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 , in his own words & links he posted no less... I also NOW get to prove erroneus's also a "ne'er-do-well" as well as an off topic illogical failing ad hominem attack attempting fatboy too! BONUS... lol!)

APK

P.S.=> Let's see erroneus "take a swing" @ that & the two challenges I put to he there for his off-topic trolling + failed attempt @ ad hominem attacks on myself (as well as attempts @ impersonating me here that I caught last night -> http://slashdot.org/comments.pl?sid=3339513&cid=42391957 )

THIS? Well, since he brought it on himself as per his trolling usual, you just KNOW I've just GOTTA say it, as-is-per-my-usual "imitable style"?? This was just "too, Too, TOO EASY - just '2ez'"...

... apk

Woke up early to see this (lmao)

No effort @ all - I said all that needs saying or doing here http://slashdot.org/comments.pl?sid=3339513&cid=42393023

* :)

(Especially vs. a trolling off topic lardbody blackmailer like erroneus proved himself to be -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 , in his own words & links he posted no less... I also NOW get to prove erroneus's also a "ne'er-do-well" as well as an off topic illogical failing ad hominem attack attempting fatboy too! BONUS... lol!)

APK

P.S.=> Let's see erroneus "take a swing" @ that & the two challenges I put to he there for his off-topic trolling + failed attempt @ ad hominem attacks on myself (as well as attempts @ impersonating me here that I caught last night -> http://slashdot.org/comments.pl?sid=3339513&cid=42391957 )

THIS?

Well, since he brought it on himself as per his trolling usual, you just KNOW I've just GOTTA say it, as-is-per-my-usual "imitable style"??

This was just "too, Too, TOO EASY - just '2ez'"...

... apk

Troll? I was the one who posted it here

http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392311

* The topic and answer(s) I gave are on topic, like my post is today here on THIS topic -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

Are you? Answer that... You're just a troll, nothing more.

APK

P.S.=> So can downmods...and funniest of all? I challenged trolls who said my posts are more downmodded than upmodded vs. a partial list of my favorites only here & they failed that too, just like you failing now -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 lmao

... apk

Has everything to do with it being LIMITED

You can do FAR MORE in C/C++/Delphi than a "toy language" like Python... no questions asked/fact.

* See my subject-line - it's no small wonder that the 'script kiddies' around here 'favor' toy languages over ones that can do GUI apps, console mode apps, OPERATING SYSTEMS, and DEVICE DRIVERS... since MOST of what I noted here that have the audacity to call themselves "programmers" are usually what I call "Web Chumps", nothing more.

(Heck - ask Linus Torvalds if he wastes time doing that simpleton shit... I have to unfortunately @ times, but I use ASP.NET via Visual Studio... a VERY powerful near ubiquitous tool, not 'toy languages' I dabble in to see what noobs use nowadays vs. C/C++/Delphi!)

Can Python do ALL of those things I noted? Hell no! It's a 'toy', or at best, a scripting tool vs. them. Period/fact.

APK

P.S.=> I've programmed them all after all & FAR more, in the languages I noted & far more other languages since 1982, extensively so relatively speaking & did pretty well on more than just a few levels professionally too (that I can demonstrate easily, unlike the 'noobs' I've met around here that troll me).

Are there GREAT ones here? Yes, Mr. John Carmack - he doesn't 'troll me' though. Are there close to that in other areas?? Yes, ANIMATS (he's contributed the IP stack).

You & those LIKE you troll??? Not even CLOSE... & not even close to my accomplishments. Your 'kind', using tools like PHP, Python, Ruby, etc.???? Dime-a-Dozen.

Thus? Well, face facts - I can comment freely & with facts as I have to you, & I don't see you disproving my points on them either... noob!

... apk

Re:Has everything to do with it being LIMITED

Looks like someone touched a nerve. They complained about GUI work being not difficult in other languages, and you keep going off about Python. Way to avoid the what was be discussed and go off on some tangent so you can ramble about Python zealots. You might as well start presenting facts like "the sky is blue" and 1+1=2, because those have about as much to do with the original point.

GOOD POINT, want another one?

I can show you where various trolls like webmistressrachel threatened to DOWNMOD my posts whenever possible via TOR usage!

(THATs is the 'last resort' of these technical nincompoop trolls, & there's your reason why MANY of my posts go from 4 or 5 down to 1, 2, 3 levels, if not -1).

* Not that I really care - I do pretty well, as is, but

(I.E.-> Nerds whose whole LIVES have been lived beaten down because they're weasels & whimps, show how they act more like WOMEN, than men... lol!)

APK

P.S.=> Like I have said here before - I can & WILL provide direct quotes from various trolls in that regard upon request as I was told by law enforcement people to do so...

I could put out a LOT more like threats vs. my life, & other reprehensible behaviors on trolls' parts here directed my way over time as well!

(Much like you're seeing here, this is mild compared to SOME things that've happened here, like posting my personal information & the like etc./et al)...

List goes on, I am not even SCRATCHING THE SURFACE OF IT here!

... apk

Did I state it DIDN'T?

No... in fact, I stated it COSTS, big http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907 AND, I pointed out the companies (huge money makers) doing it successfully!

There's probably others, those are my 2 "prime examples thereof" is all... AND?

NOTE - I also posted OTHER METHODS too (for Windows users though)...

Methods that do NOT require 'huge bandwidth' & OC12 pipes to do it (ala the registry hack settings mitigations recommend by Microsoft for TCP/IP stack hardening).

Your point??

I appreciate your information, but - I find your tone to be one that's attempting to "condescend" to me, while you overlook ALL/EACH of my points!

Ok, but... I am WELL aware of how it works - since I have been fighting vs. crooks online for more than a decade now, actively (unlike MOST others, mere "armchair QB's" & critics galore but not much on being 'chefs') - see below.

So, yes - I KNOW HOW IT ALL WORKS & how the pricks that abuse people, companies, & nations work...

Plus - I am out there DOING SOMETHING ABOUT IT - actively now, & for YEARS before it, just like my parent post here was intended to be, because the methods work... see below too, I don't like stating things without some proof of my words (unlike the trolls I have smoked here today).

APK

P.S.=> Buddy, listen: As far as protecting vs. malware & other threats online? I am RIGHT IN THE MIDDLE OF IT with security firms:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

and doing the FIRST security guide for Windows users, EVER 1997 onwards to 2008:

---

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered secu

Why're you avoiding this fatboy?

http://slashdot.org/comments.pl?sid=3339513&cid=42393023

After all - YOU STARTED IT, http://slashdot.org/comments.pl?sid=3339513&cid=42390715

So - now I'll just finish it, and you, with it (not that a spineless prideless done nothing WORM like you even cares... lol, your "kind"? Doesn't merit pride!)

* :)

* Come on FATBOY... reply to that - face a challenge!

Yes - can't wait to utterly FURTHER humiliate your off-topic illogical ad hominem attack utilizing troll fat blackmail attempting ass -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 (your own posts do you in, lol), again...

How many times is it now? You just DO NOT LEARN do you fatboy??

This is yet another time... it will be a PLEASURE watching you "squirm" & perform 'evasive troll maneuvers', which you already are avoiding that link above - LOL, while your blubber body self proves my point even more.

APK

P.S.=> No fury... just laughter here - waiting to see you "RUN, Forrest: RUN!!!" like the fatboy blackmailer cowardly little wuss you showed yourself to be here in your own words -> http://slashdot.org/comments.pl?sid=3339513&cid=42392385 & posts!

(In addition to your ILLOGICAL off-topic invalid ad hominem attack above directed MY way , totally off topic http://slashdot.org/comments.pl?sid=3339513&cid=42390715 that failed)...

Me? I was on topic, helping others vs. DDoS attack & not with hosts files douchebag fatboy. See here -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

Were you? Hell no - you tried "trolling me"... you are a PUNK.

Are you a MAN or a WOMAN? I am curious, because you BEHAVE like a bitch...

... apk

Re:Why're you avoiding this fatboy?

There's the APK we love. You faggots trying to run him off will never succeed. He is a fixture of slashdot.

Spoofed IPs and TOR

Most DDoS attacks used spoofed IP addresses that aren't real. So that idea would never work. The author apparently doesn't understand how some of the attacks work. Plus, many of the attacks come through the anonymous TOR network.

root cause

The root cause is that people can not SEE what traffic their PC does,
no matter if it's malware traffic or from regular software with user intended purpose.
A simple browser API to the OS kernel could solve this. Like a realtime local firewall monitor.
In the simplest case the browser requests http://127.0.0.1:8888 and the kernel sends back the host names
it is doing traffic with, allowing the user to block or allow each host.
And very importantly showing which local program is causing the traffic, in order to locate malware.

I find it utmost stupid how many lengthy discussions there are on slashdot against government interference and for net
neutrality and the first thing some people do is to cry out for government and police to fix this fundamental flaw.

Most users accepted to cripple their systems with all intercepting virus scanners - why not take responsibility for the network traffic
it does instead?

Re:root cause

[Wolfrider]

--What, you never heard of ' iptraf ' for Linux?

--What, you don't *run* Linux? Whassamatta you, get educated son!! ;-)

Pick up the phone, ICMP 'markers' to poke back?

[TheRealHocusLocus]

Well back in the Flintstone days of the net [1994-2001] I'd do an ARIN lookup and call the listed telephone and be speaking to a real knowledgeable person in under a minute who knows their IP addresses by heart. I know those days are over. Never mind.

There is one net protocol for which no one has any expectation of privacy -- and if providers do deep packet inspection there is no controversy, ICMP.

My idea is to fire back a couple of small ICMP messages with an RFC described format back towards each attacking address every so often, with small payloads (we don't want to add to the traffic problem).

The payload of a 'notify' message that includes a unique random identifier, the time DDOS condition started, cumulative packet count from that address if available. Maybe some flags with attack type and name/address targeted to help forensics.

The second type of message used for 'source verification', also throttled, contains a list of recent notify identifiers and a https URL address, and is digitally signed with the same cert used by the SSL server. The url serves a page with a name and contact phone number.

The idea is that responsibly staffed providers (or those upstream of them) would routinely inspect these packets and parse them out to populate a threat board. End providers could match to customer accounts, those upstream of them could at least compile statistics in aggregate.

Of course it always becomes a cat and mouse game with the attackers constructing their own bogus notify networks. You'd see flood attacks consisting of bogus attack notification messages. But here the advantage begins, for it is impractical for botnet operators to address every unique ISP their slaves occupy individually.

Those who already have dark fiber piggyback slurp terabit packet inspection on the backbone (and You Know Who You Are) would have the best picture of all, with these poke messages they could assemble a picture of a botnet in minutes. Do something noble for a change.

Or we could just all run into the closet and pile blankets over our heads. Works for me.

Hey fatass what's this about PIZZA?

http://slashdot.org/comments.pl?sid=3339513&cid=42393487

Hey Fatass want some PIZZA? LMAO

http://slashdot.org/comments.pl?sid=3339513&cid=42393487

Fatass you attempted blackmail here?

http://slashdot.org/comments.pl?sid=2261720&cid=36545928

Waste of time

[drinkypoo]

Contact the authorities. If they don't care, contact the newspaper and tell them the authorities don't care. Lather, rinse, repeat.

In the meantime, contact your ISP and beg them not to disconnect you.

I've been DDoS'd for insulting people on irc. As a home user you have no option but to wait for it to end, especially if you have a static IP which I did at the time. It's small satisfaction knowing that the person flooding you is never going to amount to anything and will probably end up in PMITA prison one day.

Form letter

[flyingfsck]

I think that idea needs one of those old form letter responses: Your idea will never work because...

At least on-topic

While it is at least somewhat on topic to induce a DoS attack attempt in a discussion of DDoS attacks, it would have been much more insightful if you showed a way to prevent or stop it. Or at least more useful if you showed how to harness such a crap-storm inducing power on other, arbitrary sites.

Re:I blew nothing (you ran from a challenge)

As much power and effort you attribute to the person(s) you think are stalking you, no one wants to take the time or is OCD enough to compile and keep a list of all of your posts. But if you look at a single thread, like say this one, it is clear you have far more downmods than upmods (in that case, zero upmods).

Re:I blew nothing (you ran from a challenge)

You are replying to the wrong AC. You can tell from misogamy and crude insults that it is just an imposter trying to make APK look bad. The troll is showing he has no limits to how low he will go, first making trying to make it look like APK was obsessed with keep track of posts and now going on to sexist insults.

Re:I blew nothing (you ran from a challenge)

Well, maybe he should register then, so he wouldn't have to manually keep track of posts and his karma would conclusively show he gets more upward mods than downward mods. You know, use technology to do the hard work instead of trying to manually argue with idiots. Also, I can't dedicate the whole of Boxing day to working out which post is made by whom.

The ISP doesn't care unless they can monetize

Only the ISP doesn't care as he is a paying customer.

The only way this works is if the (and all) ISPs charge for the service. Think of it as virus-removal-on-demand. Now $5.99.

just post the ip addresses on slashdot

The slashdot crowd is pretty good at bringing servers to their knees when a link is posted on here!

what to do .....

Probably a notification (via their ISP since email addresses are hard(too costly) to get) to the people being used thattheir systems are mbeing manipulated and probably impaired. A clearing house for tools and instructions for removal and prevention could then be used.

Tracing back to the real perps and major jailtime for various criminal counts would be good (you would think by now they would have better tools to find and zap these criminals and identify the sources for government action)

Re:I blew nothing (you ran from a challenge)

I don't think that's possible. Far as I can tell, you're all dipshits.

You're off topic idiot

The original point is DDoS you illiterate moron. Get your facts straight.

Re:I blew nothing (you ran from a challenge)

You don't have more than 235 he asked you to show. You failed.

Re:I blew nothing (you ran from a challenge)

Why? Apk proved he has more upmods than trolls can show downmods of his posts.

Name the OS the botnet runs on ..

[dgharmon]

"The vast majority of DDoS participants are infected computers in botnets" .. that run on Microsoft Windows ...

Re:Name the OS the botnet runs on ..

[Bengie]

Don't worry, Steam is coming to Linux. Soon Linux will start to become a "regular user" OS, so it can join the ranks of Windows as a zombie in a bot-net.

Some major ISPs do have a solution!

I've seen an infected computer in which the dip (art time Warner) stopped all connections except http,, redirected all http traffic to a page informing them why their network was blocked, and how to clean all of the computers on the network and request an unblock. If that failed, they demands a note from that person that they had some one clean all thsir computers, any pc business. That actually was my computer with a bug a wipe didn't fix because it spread through the LAN!

No, except for voluntary botnet members

I wouldn't recommand to do this "blindly" for 2 reasons :

1) in some countries, an IP address is considered a private data
2) some computer are part from botnets and shouldn't be "shown" since they are already compromised, this could ease a "take over" of those computers by another group

On the other hand, if you detect that the patern used is a signature from a voluntary botnet tool like LOIC, then you could show them I would say, since those people are volunteering and thus expose themselves directly. Their computers are not zombies but voluntarly associated to the attack, then it would be a "fair" counter attack.

Why should I be a "registered 'luser'"?

To be an easily tracked for trolling sheep that lives for "karma points"?

LOL, no... don't *think* so...

Besides - I've got my 'private personal fanclub' of trolls that stalks me around here that have threatened to down moderate my posts, ala "webmistressrachel", & this choice quote from her:

---

"Screw you, apk, and the horse you rode in on. If I ever see you post here again, I'll bomb you as AC from Tor, meaning I'll NEVER run out of posts because I can change endpoint..." - by webmistressrachel (903577) on Sunday July 03 2011, @02:03PM (#36647614)

FROM -> http://slashdot.org/comments.pl?sid=2292298&cid=36647614

Using TOR to "anonymize" herself to do it... what a piece of TRASH, plain & simple!

---

(So, again - no thanks: Just not that stupid here... No reason to make it easy on the scumbags around here is all!)

APK

P.S.=> As far as 'using technology to do it'? I do - a simple text file & also my bookmarks/favorites in my webbrowsers... so, what's your 'point'??

... apk

Sardaukar86 - tryin to "hide" ur FAILS vs me?

Another computing technically unjustifiable downmod of my post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42393295 that I just replied to &, days later of course and this one above it also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392369
and this one above that also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603

ALL TO SARDAUKAR86 "oddly", eh? LMAO - NOT!

Downmodded unjustifiably: Just like my original post BEFORE THOSE was downmodded -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907 again - vs. Sardaukar86 the constantly FAILING troll vs. myself!

Every single time, lol!

Well - At least Sardaukar86 had the SENSE to leave my parent post alone ( which DOES OFFER GREAT DEFENSES vs. DDoS/DoS, our subject here ) -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

(No... it's Sardaukar86 attempting to "defend" his 'honor' I suppose... lol, what LITTLE He has left after this UTTER THRASHING I gave him, yet again, lol! This much IS obvious!)

So - Why do they do it, these trolls?

Well, I use FACTS & undeniable technical evidences to back me up... & my work as well!

(After all - I don't see ANY counterpoints that disprove points I wrote in my original parent post here, or the one I replied to now or the others I listed he "downmodded in 'effete retaliation'", merely proving my points)

Thanks trolls - For proving what I wrote is TRULY, unassailable (via VALID counter facts/points... lol!)

* :)

Yes - Predictable, hence why I watched this post for it, & like clockwork? "Same old, same old" troll-tricks, nothing more - See above...

APK

P.S.=> LMAO - Yes, folks: It's ALL THE TROLLS KNOW HOW TO DO, to *try* to "hide truths &/or facts" that they cannot disprove, every single time...

... apk

Sardaukar86 - just for you, again... apk

Another computing technically unjustifiable downmod of my post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42393295 that I just replied to &, days later of course and this one above it also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392369
and this one above that also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603

ALL TO SARDAUKAR86 "oddly", eh? LMAO - NOT!

Downmodded unjustifiably: Just like my original post BEFORE THOSE was downmodded -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907 again - vs. Sardaukar86 the constantly FAILING troll vs. myself!

Every single time, lol!

Well - At least Sardaukar86 had the SENSE to leave my parent post alone ( which DOES OFFER GREAT DEFENSES vs. DDoS/DoS, our subject here ) -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

(No... it's Sardaukar86 attempting to "defend" his 'honor' I suppose... lol, what LITTLE He has left after this UTTER THRASHING I gave him, yet again, lol! This much IS obvious!)

So - Why do they do it, these trolls?

Well, I use FACTS & undeniable technical evidences to back me up... & my work as well!

(After all - I don't see ANY counterpoints that disprove points I wrote in my original parent post here, or the one I replied to now or the others I listed he "downmodded in 'effete retaliation'", merely proving my points)

Thanks trolls - For proving what I wrote is TRULY, unassailable (via VALID counter facts/points... lol!)

* :)

Yes - Predictable, hence why I watched this post for it, & like clockwork? "Same old, same old" troll-tricks, nothing more - See above...

APK

P.S.=> LMAO - Yes, folks: It's ALL THE TROLLS KNOW HOW TO DO, to *try* to "hide truths &/or facts" that they cannot disprove, every single time...

... apk

Sardaukar86 - "read 'em & weep", yet again...

Another computing technically unjustifiable downmod of my post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42393295 that I just replied to &, days later of course and this one above it also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392369
and this one above that also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603

ALL TO SARDAUKAR86 "oddly", eh? LMAO - NOT!

Downmodded unjustifiably: Just like my original post BEFORE THOSE was downmodded -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907 again - vs. Sardaukar86 the constantly FAILING troll vs. myself!

Every single time, lol!

Well - At least Sardaukar86 had the SENSE to leave my parent post alone ( which DOES OFFER GREAT DEFENSES vs. DDoS/DoS, our subject here ) -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

(No... it's Sardaukar86 attempting to "defend" his 'honor' I suppose... lol, what LITTLE He has left after this UTTER THRASHING I gave him, yet again, lol! This much IS obvious!)

So - Why do they do it, these trolls?

Well, I use FACTS & undeniable technical evidences to back me up... & my work as well!

(After all - I don't see ANY counterpoints that disprove points I wrote in my original parent post here, or the one I replied to now or the others I listed he "downmodded in 'effete retaliation'", merely proving my points)

Thanks trolls - For proving what I wrote is TRULY, unassailable (via VALID counter facts/points... lol!)

* :)

Yes - Predictable, hence why I watched this post for it, & like clockwork? "Same old, same old" troll-tricks, nothing more - See above...

APK

P.S.=> LMAO - Yes, folks: It's ALL THE TROLLS KNOW HOW TO DO, to *try* to "hide truths &/or facts" that they cannot disprove, every single time...

... apk

Sardaukar86 - 4 unjustifiable downmods? LMAO

Another computing technically unjustifiable downmod of my post http://tech.slashdot.org/comments.pl?sid=3339513&cid=42393295 that I just replied to &, days later of course and this one above it also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392369
and this one above that also http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603

ALL TO SARDAUKAR86 "oddly", eh? LMAO - NOT!

Downmodded unjustifiably: Just like my original post BEFORE THOSE was downmodded -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390907 again - vs. Sardaukar86 the constantly FAILING troll vs. myself!

Every single time, lol!

Well - At least Sardaukar86 had the SENSE to leave my parent post alone ( which DOES OFFER GREAT DEFENSES vs. DDoS/DoS, our subject here ) -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42390741

(No... it's Sardaukar86 attempting to "defend" his 'honor' I suppose... lol, what LITTLE He has left after this UTTER THRASHING I gave him, yet again, lol! This much IS obvious!)

So - Why do they do it, these trolls?

Well, I use FACTS & undeniable technical evidences to back me up... & my work as well!

(After all - I don't see ANY counterpoints that disprove points I wrote in my original parent post here, or the one I replied to now or the others I listed he "downmodded in 'effete retaliation'", merely proving my points)

Thanks trolls - For proving what I wrote is TRULY, unassailable (via VALID counter facts/points... lol!)

* :)

Yes - Predictable, hence why I watched this post for it, & like clockwork? "Same old, same old" troll-tricks, nothing more - See above...

APK

P.S.=> LMAO - Yes, folks: It's ALL THE TROLLS KNOW HOW TO DO, to *try* to "hide truths &/or facts" that they cannot disprove, every single time...

... apk

Have you ever written a GUI app?

A well-written one should have checks on GUI controls (such as making SURE they re-enable after crashes, checking they enable/disable as you use them - so you don't "touch the same data twice", especially with multiple thread usage).

CONSOLE MODE/TTY TERM/DOS WINDOW apps don't DEMAND THAT, as they have no buttons etc./et al!

E.G.-> What I do, & why per the above...

I usually do these types of constructs because of that (using Borland Delphi Object Pascal here, except = same as "catch" with Try):

Try
Try
Except
End;
Finally
End;

* That way, I can handle ANY exceptions ANY way I like (both in an errlog with structured exception classes dumps, OR, with my own err/abend messages (usually these are for users)) & yet, still be accurate/stable as possible for 'safer' code!

I sometimes even "override" the default error handling to dump to a log, as to actual "structured exception handlers" (error handling classes), & let the user have a 'friendlier' one (IF I do so @ all), & give the user a "less fearful" feedback IF errors/abends hit!

ALA:

{STD ERR OVERRIDE SECTION}
procedure AppException(Sender: TObject; E: Exception);

procedure TForm1.AppException(Sender: TObject; E: Exception); register;
var // CUSTOM EXCEPTION HANDLER/MASK & LOG - "STD. ERR" override... apk
ErrorLog: System.Text;
begin inherited;
AssignFile(ErrorLog, ExePath + 'APKErrLog.txt');
try
System.Append(ErrorLog);
except
on EInOutError do
Rewrite(ErrorLog);
else // BLANK ELSE STOPS ALL ERRMSG SHOWING... apk // Use commented off code below IF you want to show it... apk
end;
Writeln(ErrorLog,
format('%s %s %s [%s]',
[TimeToStr(Now),
DateToStr(Date),
'APK', E.Message]));
Application.ProcessMessages;
System.Flush(ErrorLog); // Added later on 'rice', good catch! apk
System.Close(ErrorLog);
Application.ProcessMessages; // Show the error? NO! Just pipe to a log... apk
{
MessageDlg(E.Message + '. Occurred at: ' + Addr, mtError, [mbOK],0);
Form1.StatusBar1.Panels[0].Text:= E.Message;
MessageBeep(MB_ICONEXCLAMATION);
Application.ShowException(E);
ShowMessage(E.Message);
}
end;

Then, in the actual functions &/or procedures I do either of these 2 options, as needed:

E.G.:

A PLAIN EXCEPTION BLOCK:

try
try
except
ShowMessage('Contact your SysAdmin - err in function/procedure whateverthenameofitishere');
end;
finally

JUST FOR YOU (since I know it was you)

http://tech.slashdot.org/comments.pl?sid=3339513&cid=42408867

APK

P.S.=> Have you EVER written a GUI app? In a REAL language (not a 'toy' scripting tool @ best like Python)?? Obviously not - or, you'd KNOW the amount of extra work it takes to do a GUI app, RIGHT vs. doing commandline/DOS Window/tty term/console mode apps... & yes - That's listed in good part in that reply - read it, grow & learn by it!

... apk

Better "giggle" (It isn't war, it's PEST CONTROL)

http://slashdot.org/comments.pl?sid=3339709&cid=42393389

* :)

(Since you like DALEKS & obviously Dr. Who -> http://slashdot.org/comments.pl?sid=3339709&cid=42393097 well, it applies... lol, since you are a trolling PEST I have "controlled" before, rather easily!)

Some humor - I can afford it vs. "the trolling likes you YOU"... lol!

APK

P.S.=> Especially vs. TROLLS/PESTS, like you (that I demonstrated blowing you away easily before too -> http://tech.slashdot.org/comments.pl?sid=3339513&cid=42391603 as well, easily)... apk

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida. He was downmodded as troll in the parent post too idiot.

Read this to understand, you amateur

http://tech.slashdot.org/comments.pl?sid=3339513&cid=42408867

Erroneus after all that why'd you evade this?

Your big mouth write checks your fatass can't cash? http://slashdot.org/comments.pl?sid=3339513&cid=42393023

Shame you ran from a fair challenge erroneus

Are you shamed since you "Run, Forrest: RUN" here http://slashdot.org/comments.pl?sid=3339513&cid=42393023 where your fatboy mouth wrote checks your fatass can't cash? Absolutely. Talk about shameful. You talk a big game but when it mattered, you ran and got yourself down modded as a troll.

You failed though

He did produce his list. You can't do the same for downmods http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 All you trolls have is a lot of lies and no substance to back you. He surely did. You fail.

He made a point: You're full of shit

Apk put up 235 upmods of his. Where's your list of more downmods he challenged you to put out against this http://tech.slashdot.org/comments.pl?sid=3339513&cid=42392649 ? It isn't. You fail. You trolls lie and downmod but fail when the chips are on the table.

erroneus (253617)/johnbwilcox = shamefully obese

Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

john b wilcox/erroneus (253617) - does this?

Erroneus/john b wilcox: When you eat is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

erroneus (253617) / john b wilcox's diet didn't

Erroneus/john b wilcox: When you eat is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog!

Force ISP to reject spoofed trafic

[nbs-system]

It's a shame that ISPs are routing spoofed udp packets, like in DRDOS attacks and are not made liable for this. When a fake UDP packet, spoofed with the source IP being replaced by yours, is sent to an amplifying system, like quake/cs/hl/codt server or a dns, then you get the answers... A lot. Why the hell those guys route trafic issued from an IP that is not in their range ? It's a line of config in routers. (Not exactly rocket science like a friend of mine says) Well simply because they make money out of upload trafic... Shame. Ok it would only solve the DDOS based on UDP spoofed packets, but it's not few. Btw I like the ideas expressed here lf a license to use a computer. Something giving the basics at least. I also like the idea of a reputation system (we have one in our high security cloud) to ban the IPs doing carp tepeatidly, by blackholing them, after a neutral group of netadmins decides it.