Slashdot Mirror
Dvorak Takes On The Crackers
rozerumn sent us linkage to another fun and exciting Dvorak column. In this weeks episode he takes on the crackers. Offers views on whats happening in the area. Flamboyant as always.
← Back to Stories (view on slashdot.org)
In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have.
I had the same feeling. It's like millions of port scanners were logging hackable ports, and then were suddenly silent.
* an online programming comp : sure schools run them, but it often takes teams of four or five and you have to travel and have a teacher in on it, etc etc. often, at a small school like mine it's hard to find 5 friends who know enough/care enough to enter with you. if you could do it online, by yourself, you could really test yourself against some challenging problems and peers. i did a fantastic uni assignment where we wrote java robots that played against each other in a constant battle ; everyone was ranked by how much money they made ...something like that maybe?
*a teengnu project, or something like that. sure, at highschool i didn't know about good programming techniques, oo theory, data structures, etc ... but i would have loved to learn. we don't know enough to start contributing to kernal code, but surely there is something we could put together?
*a online buddy system with undergraduates or something, passing on linux/programming tips to a new generation. if someone had of told me about, for example, binary trees, i'm sure i could have researched and implemented them in highschool (maybe to kick ass in the online programming comp battle thing!)
* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?
phear us?
--frank[at]unternet.org
Routers are designed to do one thing (series of things) and to do them fast and well with little overhead. As you add more and more "functionality", the device becomes more and more of a server that routes, and resource costs become more intensive.
= -=-=-=-=-=-=-=-
I disagree. First of all, I think a simple comparison of an incoming packet to a previously stored packet in a buffer somewhere is not really a significant overhead. It doesn't need to check every single packet (since odds are there will be identical ones under legitamate usage) but if some kiddie tries "ping a zillion times with 32000 bytes of data as fast as possible" surely some router should be smart enough to say "uh, no" if that is it's owners wish. Operating systems don't enforce any limits on the quality and quantity of data they send, therefore I say that it is the job of the router to make that determination. If there is a valid use for "ping a zillion times with 32000 bytes of data as fast as possible" then let it find some other route, because I don't want to lose my bandwidth because of it.
Second of all...even if there is overhead, it's only price. So you have to pay for a 100Mbit router to get 10Mbit performance...costs always go down over time and the difference is that you may only have 10Mbit worth of actual data after you are able to block out abusing users absorbing data with meaningless attacks.
I've seen water valves where there is a object set perpendicular to the flow of water in the value. Water rushing over the object decreases the pressure over it, causing the object to rise and block part of the flow. Thus, a slow, steady stream can pass through but sudden spikes of high pressure will be bouced back as the value slams shut on it. Once the pressure has reduced, the flow continues as normal. Also a good comparision, I guess, would be surge suppressors.
What's my point with those two comparisons? In both cases the control is done at a VERY low level. Similarly, since there has to be a set bit format for a valid IP packet, I fail to see why it would take serious overhead to tabulate what source is sending the most packets per second and drop packets from excessively high connections so that upstream bandwidth is shared equally and abusive connections slow to a crawl.
If I understand correctly, it's not just the target server that loses in a DoS situation...it's every router along the way. Therefore I think it would be an incentive for people to pony up the resource cost so that abusers would have to route their traffic somewhere else...no?
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Why does this thing seem like it took him 30 seconds to whip out?
I mean talk about content free, not to mention completely unresearched.
"I have the feeling theres, like, this sting or something, whoa."
"Like those kiddie porn rings, yah they stopped those, dude, all right!"
"No operating system is, like, invulnerable, like."
"OMG! Like there was this one dude, he like, tried to telnet to my machine, but fortunately it was a windows box, and thats, like, secure, because i have this firewall and stuff and doesn't let people telnet like into it."
Another GREAT article from that bastion of cluelessness that is Dvorak. God, if it wasn't for journalists like him, how WOULD we get our mass-market news?