I hear you on this one. My logs report 4-8 per day on average, with about 3 Nimda attaks per week. Due to the amount of time and effor I put into notifying attacking ISPs on the same A, B, and C IP blocks, this number is probably lower than some. I'm also seeing an increase in scans trying to execute "/cmd.exe?/c+dir". (I'm not sure if I should report them or not.)
Of course, while these attacks are geared toward M$, they are attacking my *BSD machine. Perhaps due to so many Linux and/or *BSD machines reporting attacks to DShild and others, all of these M$ attacks are being counted against the non-M$ community.
I had three attacks after Goobles released the Apache exploit. (Well, actually one attack and two scans of my "powered by" page since I had upgraded after the first attack.)
I used to get quite a few SSH attempts, but since blocking most CN domains at the firewall after them (and sadmind worm attempts), they've pretty much disappeared.
The second most prevelant "attack" to CodeRed is formmail.pl scans. When is AOL going to put a sting on the collector at f2@aol.com?
We named our oldest son Jovian, king of the planets. I want to see him go to the stars, since I probably won't. This seemed a good way to get him interested in it early on.
Rise in UNIX Targetted Attacks
on
Cyber-Attacks?
·
· Score: 5, Informative
Off topic, I know, but there's been a serious increase in attempts to hijack my web site since the Gobbles' proof of break-in-ability code for the Apache hole was released last week. It's probably the work of out of school script kiddies rather than that cad Al, but I'd like to know if other sys-admins have notice an increase in UNIX targetted attacks (specifically geared toward Apache) in the past week.
The usual attack pattern goes:
Enter the site on a "powered by freebsd" google search reference
Cause an error ("GET../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
If the version is a vulnerable version of Apache, an attack commenses with a different tool.
If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.
I've been fortunate in that none have been on the same B or C class subnet. Naturally, I've notified the two infected ISPs on the same A class subnet before either attacked twice.
Still, how is it that this thing has resurfaced? Don't these things ever die? Is Microsoft secretly including it in other packages?
The next logical progression from using cell phones to annonymously show where there's congestion is to use them to tell who is speeding. Data could be more easilly collected for where to best set up speed traps - and the data being fed back can keep the "hot spots" up to date.
Eventually, they'll find that billing the speeding ticket to your cell phone provider is cheaper than running all of those black helicopters to keep a physical eye on everyone. When it becomes legal to fine all of the occupants of the car for speeding (four cell phones, four tickets), then passengers will have an incentive to keep their driver legal.
You must keep in mind another aspect in making manuals more entertaining. Riding the train to and from work daily, I see many people reading software manuals. Yes, manuals. Not "Dummy Guides" or "How Tos," but the actual manuals that come with software.
It'd be kind of hard to do that in a society that commutes by car. So manuals in such societies aren't geared toward "off hours" reading.
Personal experience with Sony products show that they're only useful up until their warrantee expires. Our family Sony Trinitron's color started fading about a month after the warrantee expired. The headphone connecter to a Sony radio started failing after one year (6 month warrantee). The battery warning of my second Sony radio says the batteries are dead when it gets jolted a bit. (I didn't learn the first time.)
Now I have a Sony VAIO PCG-XR1G. It was the top of the line when I bought it. After using it for six months, I started getting BIOS errors warning me of imbeeding hard disk failure. I backed everything up when I got it to boot, then took it in. Of course, it booted fine every time I tried to explain the problem to the dealer. So after it really failed a week later, they took it and sent it in to Sony.
Sony replaced the disk controller, but not the hard disk. They did restore the pre-installed Windows against my wishes, despite detailed instructions on how to login and shutdown FreeBSD. If they'd have replaced the hard disk, as the BIOS was telling me was necessary, I wouldn't have minded, but...
So, the machine worked find for another six months. Then the same BIOS errors started coming up. Again, I backed up everything and brought it in for repair. This time the warrantee was one month expired and I had to pay for a new hard disk. But the worst part was to follow.
After another month, the "R" key on the keyboard started getting hard to press. Also, the right mouse button wasn't always working. The mouse pad quickly degraded to where I had to buy an external mouse. Other keys slowly degraded and, being a touch typist, many tasks started to become frustrating - like logging in to other servers without any "*" echos. I'm seriously considering getting a USB keyboard for my notebook computer!
It just seems to me that Sony products have some sort of self distruct mechanism built in to go off right after their warrantee expires. I need to gaman with this keyboard for another half year or so. But I'm definately not getting a Sony computer again. No matter how good they look.
I was recently in an arguement with my little brother because he got fed up with my constant snide remarks about MS. After explaining some of the reasoning behind my attacks (and why I will not accept Word documents from him), this was his reply:
If you say Microsoft is bad because they're knocking off their competition
people say, "whatever. Competition is what made this country great. Kudos to
MS for kickin butt." But, if you put up the sad, young face of a good-looking,
single parent, school marm from Boisie Indiana and say that she lost her job
and can't feed her child or dog (sex, children, and pets always sell) because the
Microsoft's Monopoly put her out of work, then you've got something!
We all know that MS is the root of all evil in the computer field. These issues with schools are getting some attention, but not nearly what MS negates with their brain washing of PHBs and techies at their conferences. (It takes weeks to deprogram some of the guys at work after attending an MS seminar!) What we need is to somehow get this message out to a broader audience.
OSDN-sama, have you considered making a television commercial? Perhaps a good looking school teacher with a child and dog who was forced to give up her job to allow for higher school IT costs from Microsoft? Go to that school district in Austrailia who did away with MS and show how productive their IT staff has become - and the sexy teacher riding on horseback that didn't have to be fired because they found a way without MS.
IAMAAdvertiser, but my little brother is. Make a commercial for the general public showing that life does go on without MS. I think his advice has merrit.
I had just gotten a note yesterday from a reader of my site asking me why there's no body to the messages I keep sending her and complaining that the attachments don't open.
I delicately explained to her that the Win32.Klez worm is most likely responsible and that the return addresses are faked. Oh, and by the way, you probably infected yourself by trying to open the attachments.
Aw, the pains of running a non-technology oriented web site.
- Downloading security patches from a certain company could break the bank for some people.
Going through my Snort logs, I find that I'm hit by CodeRed (I and II) and a number of Nimda variants at least 4 times per day. (This is extreamly better than 4 months ago!) As a good Netizen, I inform the ISPs as soon as I'm notified of an attack (often within an hour).
I've found that university administration is often on top of it before I contact them, while some large ISPs take forever. After getting attacked by one IP at US West Minneapolis several times per day for a week, I blocked their entire network at the firewall. For some reason, the NNNNNNNNNN variation of Code Red seems to be very popular this week, though.
I don't know if this is all that bad a thing. Idiots who don't patch their bone head machines "from a certain company" are going to be hurt where it counts.
Anyway, people only complain about bugs to show how cool they are, not because bugs cause any real problems.
So this Dilbertism is just promotng the bonding of people with their fellow (wo)man who experiences crash after crash of their computer as well.
<vent>Microsoft is really doing society a favor by making flawed products - they promote shared experiences so that more people can relate to one another!</vent>
[...] But if it isn't an automated process, then subjectivity can interfere with moderation.
What happens when someone simply pisses you off? Do you abuse your power and delete their post? What if the users start to withold posting out of fear of being "edited" or censored.
I fell into this trap myself. I had no moderation for two years, then all of a sudden, some jerk kid started posting things ranging from racial slurs to out and out attacks on what others wrote. My "regular" participants started writing to me off the list complaining, wondering what was going on.
I posted a request to keep it clean. That only sparked a bunch of personal attacks on my character. So, I started deleting the moron's more offensive posts. When that didn't deter him, I started deleting some of his less offensive posts to show him that I meant it. Some of those posts were pretty good, too, showing some insight in between the insults. Looking back, I regret deleting some of them, but...
I've now switched to a moderation system of approve or throw out. I've calmed down quite a bit since then and don't throw out anything slightly insulting any more - if there is a good argument behind it. If it isn't adding anything, like "You don't know what you're talking about, idiot," then it's gone.
Since I started moderating, the fool tried posting a great deal, with a lot of insults toward me, the first couple of weeks. He seems to have finally gotten the idea and tries once every week or two.
Deciding to moderate was a very hard decision. I didn't want to cencor anybody, and I still don't. But some of the other readers made a distinction between "free speach" and appropriate behavior. Free speach is vital when it comes to being able to talk about a governing body. However, the example one person gave where free speach is not an absolute law would be should somebody come into my home and verbally abuse me. To do so would be begging to be kicked out.
Nonetheless, I tried to be reasonable with him, but he obviously doesn't bow to any kind of authority whatsoever. I would have liked to have had a dialog with him off-line, but since I don't require valid e-mail addresses, and he didn't supply any, I was unable to contact him other than by writing articles "to" him.
Also, right from the start he used anonymisers and/or hacked into cable modems. That got me very interested in securing my box as best I could. I shut down FTP (only one person was using it), and pretty much everything else in/etc/inetd.conf was disabled from the start. SSH 1 was also disabled.
Other than the usual MS CodeRed and MS Nimda attacks, there doesn't appear to be anything out of the ordinary, so I could let out a sigh of relief that he's just a kid who knows how to use a limited range of tools (anonymisers to cause havoc), and not one who understands how thinks work (like a cracker). Nonetheless, my paranoia level has risen above the black helicopter level since then.
What did I learn? Don't bother trying to reason with the morons. Just moderate them away without acknowleging their existance. They seem to live to insult others and watch their reactions. If there are no reactions (other than their obnixious posts disappearing), they should eventually go away. (I'm hoping so, anyway.)
This month's FreeBSD Press has the usually 4-6 CD-ROM set of packages on DVD ROM. It looks like more and more magazines in Japan are moving toward DVD.
Finger print recognition has been a pain for me. We had it installed at work a few years ago, and it worked fine for the first couple of months. However, my hands start peeling due to dryness in the winter, and it soon came to the point that the system wouldn't let me in. This wouldn't have been a problem except that I was usually the first one to work in the morning, and was getting locked out.
We tried registering all of my fingers to no avail. In the end, I got a magnetic card to get in.
I had tried one of those systems where you sign for authentication, too. But it turns out that I can't write my own signature the same twice. I haven't had much luck in having biometric authentication figure out who I am.
Katz-san, have you considered what happens when these rights that are being stripped get handed to the highest bidding corporation? Isn't this your field?
Take the video servalence in airports. It starts out just tracking criminals. The database later gets suplemented with suspected terrorist (suspected because they go to military training in the Middle East without the CIA's permission). These all sound like great ways to limit criminal and terrorist activities.
However, after a while, corporations are going to want to use these system. You can bet that the ones in shopping malls are going to quickly become shopping habbit research tools. Choosing people randomly at first, then gradually moving on to cross referencing indentifiable people with their credit card purchases.
Before long, a system will be set up whereby one's phone rings with personalized advertisements of shops one is approaching. New cases of compulsive spending send thousands to declaring bancruptcy. Citizens can't get away from the constant corporate nagging to buy, buy, buy!
I'm all for ways to make the streets safer. My sister's step-son had just gone through an armed mugging in New York shortly before that Tuesday, so he's doubly terrified of that city now. But I want guarantees that the Corporate Republic you're always complaining about isn't going to take over.
If back doors are installed in crypto, the FBI will have it, but so will the corporation(s) that built it. Does this sit well with you?
Hey, that makes me think, maybe the Government should hire Dmitry instead of prosecute him.
It seems to me that Asimov wrote something along these lines. After researching and discovering the purpose of humor, there no longer was any. It was just an experiment.
First of all, there have been a few posts saying to use Shift_JIS. What they don't say is how to get the passed parameters into Shift_JIS. For this, Java (JSP/servlets) is a real blessing.
When Java processes character codes, it does so in Unicode. However, the client browser may be sending data in Shift_JIS (Windows clients), EUC_JP (most UNIX clients), or JIS (???). In order to process that, you have to first convert the code to some common denominator - and Java uses Unicode for that.
Because I do this so often, I have a library method that I often refer to to handle this sort of thing. See Java Utility Library Inititive's (JULI) StringUtil.decode(String string, String encoding) for details. Pass it "JISAutoDetect" and it'll figure out which encoding to use for decoding.
I'm sure that the other languages (Perl, etc.) have similar functionality. But this is a must for recieving data from a client.
Once you have your string in Unicode, you say that you're using Postgresql? I'd recommend sticking with Unicode for it, but if you want to use a native encoding, install the Japanese patch (/usr/ports/japanese/postgresql7 on FreeBSD), and you're set to use EUC_JP - NOT Shift_JIS. The last I checked, Postgresql didn't support Shift_JIS as a native encoding.
Finally, when serving pages to the Internet, iso-2022-jp (JIS) is still the standard. However, from my understanding, i-mode et. al. want Shift_JIS. I don't know if they convert internally or not. (I refuse to be on call 7/24.)
Slashdot Mirror
Of course, while these attacks are geared toward M$, they are attacking my *BSD machine. Perhaps due to so many Linux and/or *BSD machines reporting attacks to DShild and others, all of these M$ attacks are being counted against the non-M$ community.
I had three attacks after Goobles released the Apache exploit. (Well, actually one attack and two scans of my "powered by" page since I had upgraded after the first attack.)
I used to get quite a few SSH attempts, but since blocking most CN domains at the firewall after them (and sadmind worm attempts), they've pretty much disappeared.
The second most prevelant "attack" to CodeRed is formmail.pl scans. When is AOL going to put a sting on the collector at f2@aol.com?
We named our oldest son Jovian, king of the planets. I want to see him go to the stars, since I probably won't. This seemed a good way to get him interested in it early on.
The usual attack pattern goes:
- Enter the site on a "powered by freebsd" google search reference
- Cause an error ("GET
../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
- If the version is a vulnerable version of Apache, an attack commenses with a different tool.
If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.- $ grep NNNNNNNNN httpd-access.log | wc
First record: 05/May/2002:21:57:58.88 1056 41562
I've been fortunate in that none have been on the same B or C class subnet. Naturally, I've notified the two infected ISPs on the same A class subnet before either attacked twice.
Still, how is it that this thing has resurfaced? Don't these things ever die? Is Microsoft secretly including it in other packages?
The next logical progression from using cell phones to annonymously show where there's congestion is to use them to tell who is speeding. Data could be more easilly collected for where to best set up speed traps - and the data being fed back can keep the "hot spots" up to date.
Eventually, they'll find that billing the speeding ticket to your cell phone provider is cheaper than running all of those black helicopters to keep a physical eye on everyone. When it becomes legal to fine all of the occupants of the car for speeding (four cell phones, four tickets), then passengers will have an incentive to keep their driver legal.
Like the rest of the world going metric, the U.S. (and other MS supporters) will eventually find interoperability to be a problem.
You must keep in mind another aspect in making manuals more entertaining. Riding the train to and from work daily, I see many people reading software manuals. Yes, manuals. Not "Dummy Guides" or "How Tos," but the actual manuals that come with software.
It'd be kind of hard to do that in a society that commutes by car. So manuals in such societies aren't geared toward "off hours" reading.
Now I have a Sony VAIO PCG-XR1G. It was the top of the line when I bought it. After using it for six months, I started getting BIOS errors warning me of imbeeding hard disk failure. I backed everything up when I got it to boot, then took it in. Of course, it booted fine every time I tried to explain the problem to the dealer. So after it really failed a week later, they took it and sent it in to Sony.
Sony replaced the disk controller, but not the hard disk. They did restore the pre-installed Windows against my wishes, despite detailed instructions on how to login and shutdown FreeBSD. If they'd have replaced the hard disk, as the BIOS was telling me was necessary, I wouldn't have minded, but...
So, the machine worked find for another six months. Then the same BIOS errors started coming up. Again, I backed up everything and brought it in for repair. This time the warrantee was one month expired and I had to pay for a new hard disk. But the worst part was to follow.
After another month, the "R" key on the keyboard started getting hard to press. Also, the right mouse button wasn't always working. The mouse pad quickly degraded to where I had to buy an external mouse. Other keys slowly degraded and, being a touch typist, many tasks started to become frustrating - like logging in to other servers without any "*" echos. I'm seriously considering getting a USB keyboard for my notebook computer!
It just seems to me that Sony products have some sort of self distruct mechanism built in to go off right after their warrantee expires. I need to gaman with this keyboard for another half year or so. But I'm definately not getting a Sony computer again. No matter how good they look.
We all know that MS is the root of all evil in the computer field. These issues with schools are getting some attention, but not nearly what MS negates with their brain washing of PHBs and techies at their conferences. (It takes weeks to deprogram some of the guys at work after attending an MS seminar!) What we need is to somehow get this message out to a broader audience. OSDN-sama, have you considered making a television commercial? Perhaps a good looking school teacher with a child and dog who was forced to give up her job to allow for higher school IT costs from Microsoft? Go to that school district in Austrailia who did away with MS and show how productive their IT staff has become - and the sexy teacher riding on horseback that didn't have to be fired because they found a way without MS. IAMAAdvertiser, but my little brother is. Make a commercial for the general public showing that life does go on without MS. I think his advice has merrit.
I had just gotten a note yesterday from a reader of my site asking me why there's no body to the messages I keep sending her and complaining that the attachments don't open.
I delicately explained to her that the Win32.Klez worm is most likely responsible and that the return addresses are faked. Oh, and by the way, you probably infected yourself by trying to open the attachments.
Aw, the pains of running a non-technology oriented web site.
Going through my Snort logs, I find that I'm hit by CodeRed (I and II) and a number of Nimda variants at least 4 times per day. (This is extreamly better than 4 months ago!) As a good Netizen, I inform the ISPs as soon as I'm notified of an attack (often within an hour).
I've found that university administration is often on top of it before I contact them, while some large ISPs take forever. After getting attacked by one IP at US West Minneapolis several times per day for a week, I blocked their entire network at the firewall. For some reason, the NNNNNNNNNN variation of Code Red seems to be very popular this week, though. I don't know if this is all that bad a thing. Idiots who don't patch their bone head machines "from a certain company" are going to be hurt where it counts.
If that's the case, then wouldn't a large number of Taiwanese, Chinese, Thai, etc. ISP's be bidding to take over the streaming "rental" business?
So this Dilbertism is just promotng the bonding of people with their fellow (wo)man who experiences crash after crash of their computer as well.
<vent>Microsoft is really doing society a favor by making flawed products - they promote shared experiences so that more people can relate to one another!</vent>
I figure that that'll work great until some script kiddie decides to zip their mail (attachments).
I fell into this trap myself. I had no moderation for two years, then all of a sudden, some jerk kid started posting things ranging from racial slurs to out and out attacks on what others wrote. My "regular" participants started writing to me off the list complaining, wondering what was going on.
I posted a request to keep it clean. That only sparked a bunch of personal attacks on my character. So, I started deleting the moron's more offensive posts. When that didn't deter him, I started deleting some of his less offensive posts to show him that I meant it. Some of those posts were pretty good, too, showing some insight in between the insults. Looking back, I regret deleting some of them, but...
I've now switched to a moderation system of approve or throw out. I've calmed down quite a bit since then and don't throw out anything slightly insulting any more - if there is a good argument behind it. If it isn't adding anything, like "You don't know what you're talking about, idiot," then it's gone.
Since I started moderating, the fool tried posting a great deal, with a lot of insults toward me, the first couple of weeks. He seems to have finally gotten the idea and tries once every week or two.
Deciding to moderate was a very hard decision. I didn't want to cencor anybody, and I still don't. But some of the other readers made a distinction between "free speach" and appropriate behavior. Free speach is vital when it comes to being able to talk about a governing body. However, the example one person gave where free speach is not an absolute law would be should somebody come into my home and verbally abuse me. To do so would be begging to be kicked out.
Nonetheless, I tried to be reasonable with him, but he obviously doesn't bow to any kind of authority whatsoever. I would have liked to have had a dialog with him off-line, but since I don't require valid e-mail addresses, and he didn't supply any, I was unable to contact him other than by writing articles "to" him.
Also, right from the start he used anonymisers and/or hacked into cable modems. That got me very interested in securing my box as best I could. I shut down FTP (only one person was using it), and pretty much everything else in
Other than the usual MS CodeRed and MS Nimda attacks, there doesn't appear to be anything out of the ordinary, so I could let out a sigh of relief that he's just a kid who knows how to use a limited range of tools (anonymisers to cause havoc), and not one who understands how thinks work (like a cracker). Nonetheless, my paranoia level has risen above the black helicopter level since then.
What did I learn? Don't bother trying to reason with the morons. Just moderate them away without acknowleging their existance. They seem to live to insult others and watch their reactions. If there are no reactions (other than their obnixious posts disappearing), they should eventually go away. (I'm hoping so, anyway.)
This month's FreeBSD Press has the usually 4-6 CD-ROM set of packages on DVD ROM. It looks like more and more magazines in Japan are moving toward DVD.
We tried registering all of my fingers to no avail. In the end, I got a magnetic card to get in.
I had tried one of those systems where you sign for authentication, too. But it turns out that I can't write my own signature the same twice. I haven't had much luck in having biometric authentication figure out who I am.
I hope that as many of those geeks are returning the packages saying that they don't agree with the license agreement.
Take the video servalence in airports. It starts out just tracking criminals. The database later gets suplemented with suspected terrorist (suspected because they go to military training in the Middle East without the CIA's permission). These all sound like great ways to limit criminal and terrorist activities.
However, after a while, corporations are going to want to use these system. You can bet that the ones in shopping malls are going to quickly become shopping habbit research tools. Choosing people randomly at first, then gradually moving on to cross referencing indentifiable people with their credit card purchases.
Before long, a system will be set up whereby one's phone rings with personalized advertisements of shops one is approaching. New cases of compulsive spending send thousands to declaring bancruptcy. Citizens can't get away from the constant corporate nagging to buy, buy, buy!
I'm all for ways to make the streets safer. My sister's step-son had just gone through an armed mugging in New York shortly before that Tuesday, so he's doubly terrified of that city now. But I want guarantees that the Corporate Republic you're always complaining about isn't going to take over.
If back doors are installed in crypto, the FBI will have it, but so will the corporation(s) that built it. Does this sit well with you?
Hey, that makes me think, maybe the Government should hire Dmitry instead of prosecute him.
Never trust anyone selling something wrapped in a flag.
It seems to me that Asimov wrote something along these lines. After researching and discovering the purpose of humor, there no longer was any. It was just an experiment.
I found programming to be more enjoyable than playing games anyway.
http://sourceforge.net/projects/juli
I left off the "http://". Gomen.
When Java processes character codes, it does so in Unicode. However, the client browser may be sending data in Shift_JIS (Windows clients), EUC_JP (most UNIX clients), or JIS (???). In order to process that, you have to first convert the code to some common denominator - and Java uses Unicode for that.
Because I do this so often, I have a library method that I often refer to to handle this sort of thing. See Java Utility Library Inititive's (JULI) StringUtil.decode(String string, String encoding) for details. Pass it "JISAutoDetect" and it'll figure out which encoding to use for decoding.
I'm sure that the other languages (Perl, etc.) have similar functionality. But this is a must for recieving data from a client.
Once you have your string in Unicode, you say that you're using Postgresql? I'd recommend sticking with Unicode for it, but if you want to use a native encoding, install the Japanese patch (/usr/ports/japanese/postgresql7 on FreeBSD), and you're set to use EUC_JP - NOT Shift_JIS. The last I checked, Postgresql didn't support Shift_JIS as a native encoding.
Finally, when serving pages to the Internet, iso-2022-jp (JIS) is still the standard. However, from my understanding, i-mode et. al. want Shift_JIS. I don't know if they convert internally or not. (I refuse to be on call 7/24.)
I wonder if the first astronauts were given such manuals.