Slashdot Mirror
Dvorak Takes On The Crackers
rozerumn sent us linkage to another fun and exciting Dvorak column. In this weeks episode he takes on the crackers. Offers views on whats happening in the area. Flamboyant as always.
← Back to Stories (view on slashdot.org)
In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have.
I had the same feeling. It's like millions of port scanners were logging hackable ports, and then were suddenly silent.
I thought Dvorak made one good point. Making examples of script kiddies will reduce their numbers but transform the remainder into really angry and careful hackers.
This situation isn't much different from drugs, as long as people want to do them, a way will be found. All law enforcement can do is arrest the least talented and make the rest more cautious and better armed.
I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter. If someone hacks a hospital and someone dies, that's murder, laws exist. If someone brings a financial system down, that's war or terrorism, call out the troops. We need to get across the idea that stupid hackers are those that damage, not those that can simply be caught.
* an online programming comp : sure schools run them, but it often takes teams of four or five and you have to travel and have a teacher in on it, etc etc. often, at a small school like mine it's hard to find 5 friends who know enough/care enough to enter with you. if you could do it online, by yourself, you could really test yourself against some challenging problems and peers. i did a fantastic uni assignment where we wrote java robots that played against each other in a constant battle ; everyone was ranked by how much money they made ...something like that maybe?
*a teengnu project, or something like that. sure, at highschool i didn't know about good programming techniques, oo theory, data structures, etc ... but i would have loved to learn. we don't know enough to start contributing to kernal code, but surely there is something we could put together?
*a online buddy system with undergraduates or something, passing on linux/programming tips to a new generation. if someone had of told me about, for example, binary trees, i'm sure i could have researched and implemented them in highschool (maybe to kick ass in the online programming comp battle thing!)
* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?
phear us?
--frank[at]unternet.org
Routers are designed to do one thing (series of things) and to do them fast and well with little overhead. As you add more and more "functionality", the device becomes more and more of a server that routes, and resource costs become more intensive.
= -=-=-=-=-=-=-=-
I disagree. First of all, I think a simple comparison of an incoming packet to a previously stored packet in a buffer somewhere is not really a significant overhead. It doesn't need to check every single packet (since odds are there will be identical ones under legitamate usage) but if some kiddie tries "ping a zillion times with 32000 bytes of data as fast as possible" surely some router should be smart enough to say "uh, no" if that is it's owners wish. Operating systems don't enforce any limits on the quality and quantity of data they send, therefore I say that it is the job of the router to make that determination. If there is a valid use for "ping a zillion times with 32000 bytes of data as fast as possible" then let it find some other route, because I don't want to lose my bandwidth because of it.
Second of all...even if there is overhead, it's only price. So you have to pay for a 100Mbit router to get 10Mbit performance...costs always go down over time and the difference is that you may only have 10Mbit worth of actual data after you are able to block out abusing users absorbing data with meaningless attacks.
I've seen water valves where there is a object set perpendicular to the flow of water in the value. Water rushing over the object decreases the pressure over it, causing the object to rise and block part of the flow. Thus, a slow, steady stream can pass through but sudden spikes of high pressure will be bouced back as the value slams shut on it. Once the pressure has reduced, the flow continues as normal. Also a good comparision, I guess, would be surge suppressors.
What's my point with those two comparisons? In both cases the control is done at a VERY low level. Similarly, since there has to be a set bit format for a valid IP packet, I fail to see why it would take serious overhead to tabulate what source is sending the most packets per second and drop packets from excessively high connections so that upstream bandwidth is shared equally and abusive connections slow to a crawl.
If I understand correctly, it's not just the target server that loses in a DoS situation...it's every router along the way. Therefore I think it would be an incentive for people to pony up the resource cost so that abusers would have to route their traffic somewhere else...no?
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Why does this thing seem like it took him 30 seconds to whip out?
I mean talk about content free, not to mention completely unresearched.
"I have the feeling theres, like, this sting or something, whoa."
"Like those kiddie porn rings, yah they stopped those, dude, all right!"
"No operating system is, like, invulnerable, like."
"OMG! Like there was this one dude, he like, tried to telnet to my machine, but fortunately it was a windows box, and thats, like, secure, because i have this firewall and stuff and doesn't let people telnet like into it."
Another GREAT article from that bastion of cluelessness that is Dvorak. God, if it wasn't for journalists like him, how WOULD we get our mass-market news?
Guess what, guys: dictionaries (and Jargon Files) don't define language. Usage does.
Years of the media using hackers as a synonym for "someone who cracks systems" has made it an acceptable use. Stop fighting it and deal.
Of anyone in the media, Dvorak knows this. He's started using hacker because it's the only word most of the Real World understand. This guy HAS been in the industry longer than you. Don't pull the argument that "when I was young we just had [mechanical relays | punch cards | TRS-80 | IBM XT | iMac ]."
I just wanted to post before someone else bitched about it.
-Chris
Tune into next week's episode, where the fearless Dvorak discovers the woes of Windows 95 file sharing!
Seriously, people should assume that port scans are headed their way on a regular basis - and anyone who doesn't at least have a NAT router (I know NAT isn't a real firewall, but it'll beat 99.9% or the script kiddies out there) between themselves and the Internet should go out and get _some_ kind of firewall - the cable and DSL providers should be recommending these to all their customers, or at least implementing basic firewalls within the cable/DSL modems. At this point, everyone should implement some form of packet filtering - there's just too many script kiddies out there to assume any trust at all.
Sucks, don't it?
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."