Slashdot Mirror
Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day
DroidJason1 writes Early Christmas morning, hacker group Lizard Squad took credit for taking down PlayStation Network and Xbox Live for hours. This affected those who had received new Xbox One or PS4 consoles, preventing them from playing online. So why did they do it? According to an exclusive interview with Lizard Squad, it had to do with convincing companies to improve their security — the hard way. "Taking down Microsoft and Sony networks shows the companies' inability to protect their consumers and instead shows their true vulnerability. Lizard Squad claims that their actions are simple, take down gaming networks for a short while, and forcing companies to upgrade their security as a result."
Why did they do it? They're assholes.
The same BS excuse!
If you want to prove these companies' inability to protect their customers, you hack into their systems and publish some anonymized but verifiable data. This is just petty vandalism; DDOSing game companies does not endanger customers or their privacy, it just denies them a service they paid for. It's like parking your truck across the entrance to the parking lot, in order to "prove that the mall has poor security".
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
...If only this worked. Since August Lizard Squad are taking it hard on Sony, and pretty much nothing has changed. I really don't think this makes huge companies any likely to do any changes, at least until now.
Given such lofty and noble intentions I'm sure they will be making their names known any day now so that the public can thank them for thei civil service...
This actually shows how worthless consoles are now days without an Internet connection wich has been accepted by the masses. Most of the PC games are now unplayable without a connection too (in some cases even for single player mode!!!) which I find completely unacceptable.
From a bunch of criminal thugs...
These companies were not hacked, there was no data breach or loss of customer or employee information. These were simple DoS attacks. It doesn't take much knowledge or skill. As far as I can tell, their security functioned as intended.
...it's not necessarily a bad idea on the surface, but I can't help but think it's like punching people in the face in order to encourage them to watch out for those assholes who punch people in the face just for kicks.
The argument is pathetic, a DDoS is not a security test. It proves nothing as any service can be toppled with big enough junt traffic.
Whoever this raises the issue again of the always-on-line model for current gen gaming. Some people were even locked out of their single player games just because features on the console were not available online.
I guess it is for sony/MS to upgrade to a descentralized service and fail-safe to allow functions instead of locking down things.
The "convincing companies to improve their security" is just a made-up reason. The real reason is just some general angst and anger. Using a Twitter account called "FUCKCRUCIFIX" also reflects this well. :)
Agreed. Its just narcissistic dribble. They like the press....plain and simple.
So they wouldn't mind if someone broke into their houses? Since, you know, it was just to force them to upgrade their security.
Denying people access to these services repeatedly is about being griefers not caring about the users' security.
...it'll probably get on the news, but it won't convince anyone to start wearing armour. On the contrary, people will become more fearful and go running to their governments for protection, and everyone loses freedom.
The two possibilities, then, are that Lizard Squad have the tacit approval of government (not in the sense of "omg conspiracy" but that nobody is trying too hard to stop them), or that Lizard Squad are stupid. I'm betting a little from column A, and a lot from column B.
So they ruin the day both for thousands of kids with new consoles and the tech support/security teams for the companies who now have to come in to work on Christmas. I have another theory why they do this on Christmas -- this group of hackers (at a psychological level) are just sad and lonely people who are angry with the world and want to ruin the joy/fun for others.
that gaming networks are secure. because my psn-trophys and game purchases are really private. sure, there's maybe a credit card number associated with an account, but i 1)don't care that much, i've already given my cc-number to loads of insecure-seeming businesses (online and offline) 2) i could always purchase psn/xblive offline with cash, if i was really concerned about security.
i wonder why they are not hacking more interesting targets.
dey be haxxin
Oliver "Lizard" Twist: "Please sir, I want some more network security."
Mr. "Sony" Bumble: "What?"
Oliver "Lizard" Twist: "Please sir, I want some...more?"
Mr. "Sony" Bumble: "More?!?!?"
Would copyright infringement be a valid form of protest if the incumbent music publishers start suing indie songwriters on trumped-up charges of creating a derivative work by accident? (For example, Bright Tunes Music v. Harrisongs Music)
According to TFA:
" ... Lizard Squad claims that their actions are simple, take down gaming networks for a short while, and forcing companies to upgrade their security as a result ... "
Lizard Squad's reason is as valid as pointing a loaded gun at a cop in order to improve the alertness of that cop
All a DoS does is prove one thing: That you can field more bandwidth than your target. Unless of course it's one where you exploit the weakness of a target system (e.g. by shutting down a service deliberately using an exploit). Else, a DoS proves little.
If a DoS exposes any kind of security issue, then a global one: That there are techniques that allow you to use little bandwidth on your end to cause the other end to drown in traffic. There are a few documented ways how you could pull this off, the most trivial one would be to spoof the IP address of your target system with some server that sends back a ton of info for a tiny request. E.g, DNS. Such an attack doesn't prove that the target system is vulnerable, it proves that the DNS protocol itself is beyond repair (and yes, it is, and there are secure replacements but ... you know, it's the internet... it works, changing stuff costs money, so...).
So what does the attack prove? Well, I wish I could say it proves without a doubt that MS and Sony have a security that matches the opaqueness of an erotic dancer's dress and should up their security (well, they do, and they should, but this attack doesn't prove that). It proves that we use technology that makes such an attack not only possible but actually trivial. And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Even though a DDoS is a very dumb attack, it's surprising how well they succeeded in jamming a big chunk of both Sony's and Microsoft's gaming services. I thought that all the big companies were already well prepared for events like this?
I broke into a home of and raped a member of Lizard Squad. Why? To force their members to improve their home security. Aren't I a hero too, Lizard Squad?
And that's the reason I don't engage in such activities. It usually backfires. People's reaction is not to blame the companies for shot security, they start crying for stricter laws (as if that accomplished dick). People are stupid, and I will not fix that. I had to accept that a long time ago.
Plus, companies being insecure is good for my business, so I really have no reason at all anymore to get worked up over it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They have "taken credit" pmsl. The fact is they have proved psn and Xbox security is up to scratch. All they have done is bombarded the system to overload it and ps and ms shut the system down to protect it. Good work playstation and Microsoft. As far as lizard lick tossing are concerned, you need to try harder.
"We're trying to get shopkeepers to install stronger windows", said the kid throwing bricks.
Agreed.
These kids get picked on in school and they are ill equipped to figure out how to handle it. So, they dump their teenage angst by being bullies themselves. As others have already stated, this was no "hack". It was a DDoS and it will likely never compel the affected companies to modify their "security". And their actions gain no sympathy amongst the end users. Few people are likely to take their new consoles back to the store and trade them in for (insert non-electronic somethingsomething here). And the attacked companies are not going to violate the 80/20 rule to increase capacity.
I don't own a console and currently am not playing any games that would have been affected if there are PC versions in the target list. But, this kind of attack irritates me anyway and I think I would enjoy seeing a few of these worthless turds being skull fucked by a horde of hedgehogs, or forcing them to watch something on the Lifetime channel.
Charter Member of The Committee Group For The Elimination And Eradication Of Repetitive Redundancy
...when you have large segments of society that do not have to work to survive. They have way too much free time on their hands. They do not appreciate the monies spent by others. They are asswipes.
In this case, it's not even about people being stupid.
This group overloaded servers - there was no security breach.
If I was a consumer, would I blame
A) The group of people that on purpose overloaded the servers
B) The company for not having invested in more servers that are only used because assholes are deliberately trying to overload their servers and ruin my day (and who would cover the cost of the additional - usually unneeded - servers)
...douchery. That's all.
Actually what these guys really prove is that the ability to be anonymous on the internet is truly damaging. Every time they do this, they are reminding companies, the government, and the security companies that have to fight/find these perps that things would be far easier if looking up an ip address actually lead to the perp.
As a sysadmin myself, I'm completely sick of botnets and hackers. The steps I have to take and the amount of time I have to take to fight this shit costs me money. And I'm a very very small fish. Companies like Sony/MS have the ability to persuade congress that we need to remove the ability to be anonymous on the web. And if you aren't anonymous, your traffic will be dropped.
I really do believe the day is coming where this will become truth. And you will have these "good" people to thank for it.
I for one won't give a damn. It will make my job much easier.
While I'm part of a grumpy older set of people about this, I certainly am glad that most of my games don't depend on online play. It is getting harder to avoid them though, and I'm playing less games as a direct result.
I did enjoy reading the articles about Wii U owners being smug yesterday.
The greatest part of this is the error message I got when trying to do the update for PS Home in my PS3.
The possible errors where: My ISP, my internet connection, my router.
Funny how they never admit the problem could come from their side, it reminds me exactly the process I have to go trough about every time I need to go to my lab's IT office to get something fixed... now, it obviously can't be their system's fault. The system put in place by the IT department is obviously perfect, it's us - the lousy users - that are obviously doing something wrong.
I've heard people calling this a hack and that yet did it to make sony and Microsoft up their security but the fact of the matter is that the attack was a DDoS attack who his not a hack and only serves to flood and overload their routers and switches. How does this boost security?? How is this anything other than ddos?
The lizard dicks were hired by the bicycle industry to get kids out riding their new bikes...no internet needed
This was a ddos attack. There's essentially no way to protect yourself from a ddos attack. It doesn't demonstrate a security issue with Xbox live or PSN. It just demonstrates that any cluster of servers anywhere can eventually be overloaded.
I figured it was some "greater good" message i.e. "Get off your asses and go play outside kids!"
Is anybody actively looking into a class action lawsuit against Sony and Microsoft , all the money spent on these games and we can't play?
The real reason they attacked is quite simple. They're antisocial, immature pricks. If they ever get caught you just know these losers will play the asperger's card in their defence.
... "hacker" group... hyuk.
Lizard Squad. Of all the days to do some dumb shit. You picked Christmas. You aren't heroes. You sorry pieces of shit. You ruied Christmas for millions of kids. Way to go dumbass.
Per my subject vs. many kinds of DoS/DDoS - Defensive measures that work:
Microsoft Windows NT-based OS settings vs. DDoS/DoS:
Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-u...
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
---
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
---
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0?65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100?65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80?65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
---
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0?255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0?65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80?4294967295
Description: Specifies how often TCP attempts to verify that an idle connectio
They do it for attention and to feel powerful. An explanation after the fact is bullshit to make it sound like it was for the greater good.
The morons never hacked anything at all. They simply overloaded it. Image your computer having so much data and then filling it and filling it until it is just over flows. what happens? it slows down it then it stops working. The data it has is just over stock piled. same with what they are doing they didn't hack into anything at all. They are a joke. it's not a hack to get a fee computers a few friends and over load a system so that it shuts down. The only thing thats truly being worked on by both Microsoft and Sony is they are trying to divert the idiots traffic so they can clear a path to allow people to play. It's not something thats easy to block or stop from happening. The only way to easily stop it would to allow no access at all to anyone. which that would again do nothing for us. so don't support the pathetic losers that did a basic and very ridiculous action. it's Christmas and you should be enjoying families anyway not to mention there are still plenty of games you can play that don't involve online. As well as Netflix and hulu all that still works on your systems just because of the basic Internet access you already have access to. If they were real hackers they'd do more than do a overload and announce their accomplishments. those idiots are made up of rejects that probably failed to do their jobs at those companies or that had ideas that were twisted or just hated they were under appreciated and got fired over their own stupidity. ignore the works of cold blooded individuals that obviously have no respect for the gamers and the community that supports gaming. you won't change anything but make people angry at you for doing ignorant overloads to get attention. stop throwing your fit and give it a rest. no one's sorry that you guys butt hurt because youre losers and have no family and friends so you choose to try and effect everyone else to compensate for your lack of ability to be a decent person and make friends of your own. so again everyone enjoy your holidays and ignore the lizard homos. they don't even have the balls enough to do anything at all. merry Christmas everyone
Seriously Lizard squad.....you can all F.O.A.D.!!!!!!!!
All this is is a bunch of virgins who are sad because when they were kids, their moms didn't get them the new game console. In fact, it's more likely that these are 10 year olds who can't get the new gaming systems. Lmao
How did they show with ddos that the security is lacking? they didn't hack the servers... They are just a couple of morons who only want attention, nothing more nothing less..
And propably it wasn't even that hard, because everybody could have predicted that the servers would already be at full load on christmas day, so simple ddos would topple it..
But the only thing they did, was getting people to hate them even more..
But how did they get an interview if noone knows who they are? Get the bastards and cripple them (physically)..
lizard squad , you don't have to pretend your doing some good. just come out of the closet, it's almost 2015. you don't have to pretend your getting corporations to update security, hahahaha, that's funny. you "hacker" losers (equivalent to welfare abusers) will do this forever, it's the only way you can get revenge from getting stuffed into your lockers. I would be mad to women are amazing, way better than video games. Just come out of the closets, and everything will be fine. well sort of
These losers need to find something better to do with their lives instead.
lizard squad , you don't have to pretend your doing some good. just come out of the closet, it's almost 2015. you don't have to pretend your getting corporations to update security, hahahaha, that's funny. you "hacker" losers (equivalent to welfare abusers) will do this forever, it's the only way you can get revenge from getting stuffed into your lockers. I would be mad to women are amazing, way better than video games. LIZARD SQUAD YOU SHOULD BE PROUD TO BE A MAN LOVER, I'M PROUD TO BE A WOMEN LOVER. maybe this will help, oh dang I might get hacked now... Just come out of the closets, and everything will be fine. well sort of
They simply need to cover their gaming networks the same as they do their own INTERNAL ones all noted here via varying methods vs. VARYING types of DDoS/DoS http://games.slashdot.org/comm... ... simple - especially using the measures I noted.
APK
P.S.=> Another "simple fix" would be to check the user-agent querying their gaming networks - Now, *IF* the malware tool doing the requests uses one that ISN'T the "std. one"? There's an answer also, that allows them to detect for + turn aside THIS type of DDoS attack (that, or issuing a patch to gaming consoles that changes it to one that attackers NOT using) - yes, this *IS* a "temporary work-around" only (since the attackers, odds are, *WILL* change the user-agent to match the new one, yet again, doing the same) - still:
The fixes I noted above CAN & DO work vs. DDoS of *MANY* kinds, listed here http://games.slashdot.org/comm...
(Thus - DDoS/DoS IS 1st DETECTABLE, & then thus, stoppable: Despite the common online myth/misinformation about it being "unstoppable", when it's clearly not)... apk
It actually works (studies evidence inside) -> http://games.slashdot.org/comm...
* Yes, it's a "WEE BIT" of *work* but NOT that tough to do, client & server-side vs. MANY TYPES of DDoS/DoS attacks...
APK
P.S.=> A lot of it's what YOU said though & MS + AMAZON prove that much (BIG bandwidth & money to setup their monitoring + defense system vs. DDoS) for their internal networks (pity MS didn't cover their XBox gaming network the SAME way - though you can *BET* they will, now, using the same stuff they do/use to protect their internal networks vs. DDoS shown in the link above)... apk
No one can prevent a DDoS with amplification of the type that LS were using. If you have ever worked in that sector you would know.
"When 256Gbps of rubbish arrives at your servers or firewalls ... registry settings and kernel tweaks do jack" - by DavidRawling (864446) on Friday December 26, 2014 @11:12AM (#48675603)
Wrong again: That's what monitoring setups are for vs. DDoS of large scale (MS & AMAZON use BOTH for their internal networks, shown here -> )
Guess what, bigmouth? You guessed it:
You FAIL, yet again, like here regarding your omission of the FACT I covered DNS UDP amplification attacks with the TCP option DNS *does* indeed have -> http://games.slashdot.org/comm...
APK
P.S.=> 2 QUESTIONS: #1 - How does it taste, "eating your words" twice, washed down with the "bitter taste of SELF-defeat", ramming them down your throat with YOUR FOOT IN YOUR MOUTH?
&
#2 - Can *SOMEONE* tell these "ne'er-do-well" do-nothing's to READ BEFORE THEY OPEN THEIR PIEHOLES?
I ask the latter since the "ne'er-do-well" do-nothing screwed up on BOTH accounts regarding DDoS here vs. my points he failed to read - he also attempted to "mock me" on hosts usage (which DOES protect users vs. DNS issues of MANY kinds - & I certainly do NOT see him doing a better tool for users to protect them, speed them up, & make them more reliable online either - just hot air & b.s. I can turn aside easily with FACTS + their own illiterate stupidity)... apk
Lizard squad = NSA/CIA
you've been duped again
if so, then thank you. These kinds of actions are needed to force companies to change.
At the same time, we should be suing retailers, along with the CIO and CEOs, that have lost CCs.
I prefer the "u" in honour as it seems to be missing these days.
I just wish these guys would try and learn how to hack into some panties, then maybe this crap wouldent effect the gaming community.
There's a difference between security and being able to handle a DDOS. Unless you expect every computer connected to the internet to be using your service all at the same time, there's no need to budget for that. All Lizard Squad did was make Microsoft and Sony spend resources on combating DDOS's, and not resources on looking for security holes that leak customers data.
for supporting systems that need to be activated in order to use what you paid for. I wanted to get a Roku media player, well after reading some insane thing about having to phone in to activate your hardware if you didn't want to give out your credit card to activate, it I said fuck it. Its insane that I have to activate hardware before I use it. I have no desire for the company to know my name or other personal. Its none of their business unless I want to deal with warranty issues.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
I tried to get on XBOX Live yesterday, and was having trouble connecting. I figured it was because it was the afternoon and their servers got overloaded with all the people who opened their new systems and tried to get online, and it overloaded the servers. That wouldn't be the first time the xbox servers got overloaded on Christmas. I did a test and it gave me a message right away that it was not my network or isp, it said it was an issue on microsofts side. I tried again like 10 minutes later and it was fine.
These DDOS attacks wouldn't be possible without a horde of infected slave computers. If black hat hackers can control these botnets, what prevents the white hats from controlling them too and disabling them?
This had nothing to do with security. They DDOSed it. A monkey could do that. That's traffic control, not security. Maybe they should have found everyone using hacks and cheats in console games and make their Xboxes melt. Then that would be something. Other than that, it's like saying you broke into a bank when in fact you sprayed fire hoses at it so nobody could get in and then still didn't get in or access anything inside.
DDOS attack doesn't prove shit about security. Fucking little script kiddies. This was a case of the bullied bullying someone else for a change. Grow some dicks and go stick it in something, losers.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
because most of the games that came with the consoles were digital copies. This was done because digital copies are cheaper (no disc pressing, and yes, at these volumes it's an expense worth talking about) and there's not second hand market depressing the price of the physical copies in store. Having a pack in game basically tanks the value of the game at retail because of how the used market works.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The news didn't mention that many games now need "always on" connection, even for single player, because it shows people why we who do not accept this are not "just luddites" or hysterics (or even "just trying to justify your piracy"), but many games do not work at all without an internet connection, and you're not allowed by gamers who accept this to refuse. It makes out that they DO have a choice, when they insist they don't.
And this is why so many of you are screaming "ASSHOLES!!!!".
They show how dumb it is to require any game to be multiplayer based on a single set of servers controlled by the companies selling.
So distract everyone and yell "ASSHOLES!!" and pretend you haven't been shown how buttfucked you are, and how willingly you bent for it.
God damn, dude, relax. Crack open a beer and take your lithium pills.
This is no different then countless other attacks over the years where you have some script kiddies that are doing it for the personal glamour, ignorant of the fact that their style of attacks tells anyone who knows anything that they have zero knowledge and experience. And that their posturing is entirely ego based. These are like the fails on reality performer shows -- nobody wants them, they are horrible, and at best, have some value for being so ignorant of their own ineptitude, mistaking it for excellence. In these guys case, it is, of course, much worse: everyone knows these little kids (maybe some are even "adults", with quotes) are praising each other and thinking each other real "hackers".
Can they find a single vulnerability on their own without a scanner? No. Do they know the basics of coding, or even why a vulnerability is a vulnerability? No. Would they have the credentials to be hired even as a most junior security analyst? No.
Their actions, though are particularly those of assholes. The sorts that cut in line and otherwise make things just a little more difficult for everyone else everyday. Scum of the earth. That they are posturing righteous condemnations is disgusting. They are doing this because they like the power of it. Like rapists, or anyone that does bad things to others just because they can.
Well since you are clearly a network security expert, please tell us how to secure a network against being taken out be a DDoS attack. Then post your IP, we'll see how you fair. Remember, you are the asshole and deserve Legal Penalties with Scary Caps if you can't stop it.
Here's a hint: There is no security against a DDoS attack. That's why assholes like Lizard Squad use them.
These are the kinds of assholes who would justify raping a woman because she wasn't careful or breaking into a house because the door was unlocked. They're fucking criminals.
Unlike you, people have lives. You need to check back into your special facility, get back on your medication and just stop being such a crackpot moron. If you didn't sound like a babbling hobo people might actually listen to your advice.
If their reasoning was to show how DRM has a central failing point that would cause legitimate purchased games to fail to install and play due to absence of the central DRM authority. I spent an hour trying to get my sons XBox One online until I realized the network was flooded ( I assumed due to Christmas). Later to find some dickish hacker eff-tards had done a lame DDoS attack.
Take them down to prove always online DRM sucks and peer to peer gaming should be allowed. Although I think MS and Sony removed the "Always On" DRM before release.
One of the biggest issues with net-play between friends was NAT and getting ports open to allow people in.Yes, this can be alleviated by uPNP enabled routers etc, but that same feature can also be a security risk. As IPv4 shrinks though, it's likely we'll also see residential v4 addresses shrink to carrier-level NAT. This may be alleviated by IPv6, but it's been "coming" for a loooong time now, and the security configuration for that is still going to be hell for a lot of home users.
It's obvious they're government sponsored who want to control the internet because they're constantly having to try suppress those who speak out against the government's criminal activity. Just look at how many are in prison for whistle blowing and see how many times "we need to talk about sandy hook" was taken down.
"You need to check back into your special facility, get back on your medication and just stop being such a crackpot moron. If you didn't sound like a babbling hobo people might actually listen to your advice." - by Anonymous Coward on Saturday December 27, 2014 @12:31AM (#48678741)
See subject: You need to quit projecting & to take YOUR meds to get over your "delusions of grandeur" @ being a degreed + licensed practicing psychiatric pro on your part.
* Clue/New NEWS/NewsFlash: You're not one...
APK
P.S.=> "Move along, nothing to see here folks..." (except my tearing apart another deluded wannabe in computing's technical areas once again, as per my usual, vs. these PUNY trolls, lol!)...
... apk
"that ranting combined with atrocious formatting just screams mental illness ..." - by mister2au (1707664) on Friday December 26, 2014 @09:09PM (#48678301)
See subject: Quit projecting & get over your "delusions of grandeur" @ being a degreed + licensed practicing psychiatric pro on your part.
* Clue/New NEWS/NewsFlash: You're not one...
(By the way - You also haven't disproven my points validly & they're no rant, they're fact YOU can't get the better of & you KNOW it, anyone reading here does, obviously judging by your b.s. off topic reply - period...)
APK
P.S.=> "Move along, nothing to see here folks..." (except another deluded wannabe I've trashed in computing's technical areas once again, as per my usual, vs. these PUNY trolls, lol!)...
... apk
"you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target)." - by DavidRawling (864446) on Friday December 26, 2014 @11:12AM (#48675603)
See my 'p.s.' here ESPECIALLY for DNS -> http://games.slashdot.org/comm...
(Using TCP vs. default UDP for DNS *is* an option for DNS, however, it *LITERALLY* doubles your overheads vs. UDP usage, unfortunately, but... it would/can work here!)
---
Lastly, bigmouth bigshot: As far as hosts are concerned, they work - what've YOU done better? NOTHING, Mr. "ne'er-do-well"...
( & yes, HOSTS WORKS vs. DNS poisoning/redirects, being DOWNED, or exploited by DNS DDoS... it protects users for their favorite websites (where folks spend MOST of their time online) @ the top of hosts, cached in RAM locally, which not only AIDS RELIABILITY here (vs. DNS fuckups), but also speed...)
---
Additionally:
Downmodding the last time I pointed out this BLATANT SCREWUP of yours -> http://games.slashdot.org/comm... ?
Please, lol!
(Hey - THANKS FOR PROVING MY POINT HERE by vainly & effetely *trying* to "hide" your FAIL, fool... lol!)
APK
P.S.=> Lastly - Learn to READ before shooting your piehole off, fool, since You FAIL due to that "skimming" of yours - See above: Proof's there, after all!
... apk
You f'd up twice, shown in links here http://games.slashdot.org/comm... & above ALL else?
* LEARN TO READ
(Additionally: Vainly & effetely downmodding the last time I posted this to *try* to "hide" it, here http://games.slashdot.org/comm... ? Hey - THAT ONLY PROVES MY POINT ALL THE MORE - YOU FAIL, & you KNOW it, as does anyone reading with even 1/2 a brain!)
APK
P.S.=> Is it *MY* fault I sweep the floor w/ you fools? Not @ all, whatsoever - lol, that'd be YOUR doing providing me the means to stomp all OVER y'all (when you're attempting that with ME no less, first) easily, as always... apk
So a group of coders got together and imposed a restriction on a group of companies that will in essence require the companies to hire more coders to prevent the malicious attacks. Lucky the makers of bullet-proof vests don't have a similar mentality.
"1/2 open" connections you describe ARE dropped (see the settings' descriptions http://games.slashdot.org/comm... ) after parameters for dropping them are set as described there to protect the machine during DDoS attacks that "suck up" all the available possible connections (e.g. stating they are from 192.168.x.x, 172.16.x.x & 10.x.x.x which are *NOT* public internet broadcastable, like 127.0.0.1 isn't - WHEN THESE DO NOT ALLOW "TALK", they ARE these "1/2 open" type the settings in the link speak of).
* So he's off/wrong that these settings do *NOT* help.
(Especially since he *thinks* that 256gb of 'garbage' is what hits you during DDoS/DoS attacks - that's *NOT* it @ all: It's merely connections asking for service, exceeding the available amount of connections by using IP source addresses that aren't outward broadcastable to the public internet per the example IP addy's I put out above for example - the system "goes wild" in *trying* to service them (used to floor older models of the OS until they patched the IP stack for it) but NEVER will be able to, because they are *NOT* publicly broadcastable...)
APK
P.S.=> Think about it - WHY on earth would MS put them out (you can see the source links for them to verify this) *IF* they didn't work in the 1st place? apk
"1/2 open" connections as described ARE dropped (see the settings' descriptions http://games.slashdot.org/comm... ) after parameters for dropping them are set as described there to protect the machine during DDoS attacks that "suck up" all the available possible connections!
(E.G. -> Stating they are from 192.168.x.x, 172.16.x.x & 10.x.x.x (& they're not really), which are *NOT* public internet broadcastable, like 127.0.0.1 isn't - WHEN THESE DO NOT ALLOW "TALK", they ARE these "1/2 open" type the settings in the link speak of - others that exceed the limits set will be dropped as well, as needed...).
* You ARE "off" (wrong) that these settings do *NOT* help vs. DDoS of varying kinds - period!
Especially since YOU *think* that 256gb of 'garbage' is what hits you during DDoS/DoS attacks - that's *NOT* it @ all: It's merely connections asking for service, exceeding the available amount of connections by using IP source addresses that aren't outward broadcastable to the public internet per the example IP addy's I put out above for example - the system "goes wild" in *trying* to service them (used to floor older models of the OS until they patched the IP stack for it) but NEVER will be able to, because they are *NOT* publicly broadcastable...
APK
P.S.=> Think about it - WHY on earth would MS put them out (you can see the source links for them to verify this) *IF* they didn't work in the 1st place? apk
"Further, you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target)." - by DavidRawling (864446) on Friday December 26, 2014 @11:12AM (#48675603)
How/Why? Hosts files work for your favorite sites, avoiding DNS & also resolving FASTER locally from RAM once cached (most efficiently, since both the IP stack & local diskcache are KERNELMODE subsystems).
* You Fail...
(Me, by way of comparison? I don't: I actually built a program that populates hosts vs. botnets, & maliciously coded sites for more security, and for speed, those hardcoded favorite sites work for that as well as security vs. DNS amplification attack, moron... & for reliability as well, once those sites are either downed OR redirect poisoned)
I've built a tool that does ALL that, & more, for you -> http://start64.com/index.php?o... have you? Hell, no... lol!
APK
P.S.=> I've COMPLETELY TORN YOU UP, fool, on every one of your "so-called 'points'", easily... apk