Furthermore, given how quickly a potential problem can be fixed in Linux, as opposed to the "wait, and wait, and wait some more" approach to the MS Service Packs
Sorry, but I wasnt really impressed by these people. I've always heard that blind people make the best phone phreakers. Thats probably true. When you deal with an entire system based on sound frequencies I can see blind people having an advantage.
But whats the point of the article? They're just 3 blind script kiddies that think they can hack the planet. I see people with vision every day committing credit card fraud. Why are these guys bragging about it on Wired? THEY EVEN GOT CAUGHT. GENIUSES!!
And what is this?!
But Ramy was too ambitious to stop there. "I taught myself to program in all the languages: C, C++, Basic, Java, HTML, PHP, CGI.
CGI isnt a language! And thats a direct quote from him. What kind of idiot says "I can program in CGI."
Sorry, but these are just three script kiddies causing the usual problems that script kiddies cause. Am I supposed to be impressed?
It hasnt made it on slashdot yet, but netcraft is reporting that future versions of IE will no longer be supporting user information in HTTP or HTTPS URLs.
For more information, please see microsoft's advisory. Thats right, type in the URL yourself, it really is at microsoft.com. From now on, any HTTP or HTTPS URL that has an @ sign in it will report "Invalid syntax error".
After months and still no patch for this bug.. they just now announced THIS as their fix, but still no patches. You'd think they'd just prevent parts of their URL bar from disappearing instead of removing features..
Workarounds for this new behavior are listed as:
* Do not include user information in HTTP or HTTPS URLs.
* Instruct users not to include their user information when they type HTTP or HTTPS URLs.
How ingenious. I also find it interesting that they link to the standards they are now breaking under "references".
well.. my point was.. when you critiqued that statement, you said:
Yes, but the SCO Press Release [linuxtoday.com] states "The attack consumed about 90 percent of the available bandwidth of SCO's service provider for the entire Lindon, Utah backbone.". That does -not- sound like a synflood to me, and it *is* something that would affect servers that are accessed via the same link.
the rest of my paragraph described how any synflood nowadays would be exactly like that.. thats why i didnt understand that critique..
and my idea that it wouldnt affect servers next to it did NOT come from my "secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub". That was just a point I wanted to make.. of course they have to share the same router SOMEWHERE.. but that router could be pretty high up and able to handle the bandwidth.. that was just a point i wanted to make
the most probable reason it wouldnt affect the servers next to it was my entire 4th paragraph.. which is why i found it strange that you just ignored it and asked why the server next to it might still be up..
and also, why does the ISP have to confirm it? my point was, these "security experts" reasoning made no sense and that they were morons
i guess it doesnt matter now.. since the ISP has confirmed it in the followup slashdot story, and the "security experts" were wrong in the exact manor that i said they were..:)
Hey, Im not trying to argue, but I really want an answer to this question. I wonder, why would we want oil? The obvious answer is money, right? Thats what its all about. Well, the last I heard, the war on Iraq was pretty damn expensive. Then Bush requested another 87 billion for the war. Then I started to hear talks of the US considering using Iraq's oil to "offset some of the costs of reconstruction" but they were hit with some major criticism of course. So my question is.. if oil is just going to maybe offset SOME of the cost of just the reconstruction.. why the hell would oil be our reason for going? If theres something Im missing, please reply, I've always wondered...
the synflood attack was so large that it brought down much of SCO's network by maxing out its network equipment. Yes, at first this would take down many machines. But SCO's first course of action would be to block all syn's to that ip at their upstream providers.
afterwards, their entire network is now back online except for that one ip. they can change the site's ip to any other ip and it should be fine
gah.. yes.. everyone knows what a synflood is and how to prevent it. what you are referring to are examples of how to prevent a simple synflood that only affects one machine.
for anyone to even CARE about a synflood nowadays, it has to be so large that network equipment fails. When sco's routers went down along with their entire network, syncookies arent going to do a damn thing
sco took the obvious and correct course of action, they blocked all syn's to www.sco.com in their upstream providers.. this keeps their entire network online, but their site www.sco.com will still be offline and theres nothing they can do
by the way.. what NO ONE here seems to understand is this:
a simple synflood by a home user to a webserver can be easily prevented by syncookies. for anyone to even CARE about a synflood nowadays, it has to be huge. In the case of SCO, it took down their entire network because their network equipment couldnt handle it.. syncookies wouldnt do a damn thing
if the network equipment the machine is connected to cant handle the packets per second or the bandwidth and drops, how the hell is any software change going to make a difference?
15,000 pps isnt shit
you are correct though, if the machine manages to stay online, syncookies are great.. but if your entire network goes offline.. good luck
why the hell does everyone keep saying "if their internal network went down, that means their internal network was exposed!"
that bandwidth has to come from somewhere.. if their network equipment goes down do you expect their internal network to stay online? of course after the attack was blocked by sco's upstream providers the internal network was surely up
whenever anyone gets a huge synflood taking down a network, do you know what a good network engineer does? They attempt to block the traffic as close to the attack as possible. For example, sco most likely blocked all syns to port 80 to www.sco.com at their backbones.. or they might have had to call up their upstream providers to block it for them if it was large enough
once this is blocked, the flood is no longer affecting their network, but their site www.sco.com is effectually down
so.. my point is.. these "security experts" are morons
any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
a normal small synflood wont hose the whole tcp/ip stack.. only the port you're synflooding to
syncookies only work again the small simple synfloods.. not synfloods that bottleneck entire networks.. if the network equipment the box is connected to goes down... how the hell are syncookies going to help? we dont even need to worry about classic synfloods or syncookies.. they dont even apply
correct, syn packets are small.. but you can also send more of them.. and network equipment has a certain amount of CPU and packets per second it can send.. synfloods are still very popular attacks.. especially to kill a webpage.. its kind of hard to sort out the bad syns from the good syns
i think its pretty obvious that the attack took down their internal network for a while... of course after the block, and whenever you see ftp.sco.com replying, that their internal network is also up
i just dont see this total obvious lying that everyone else sees
with enough resources, you can take down anything..
i think its safe to say if sco is even acknowledging a synflood, it exceeded the bandwidth of the link. no one cares about baby synfloods.
what most likely happened is, after the synflood brought down everything on sco's network, they had www.sco.com blocked upstream to keep the rest of their network online. this also explains why ftp.sco.com would still be up..
is this what you're basing your argument on? netcraft doesnt have bandwidth graphs. and what do you mean by "from a reasonable response time to completely off". do you know how long it takes for a huge attack to prevent a box from responding? do you see how shitty that graph is? an entire day is taking up about an inch on my screen
i think you're the only person so far to comment that knows what the fuck they're talking about. It seems like most of these "security professionals" just went to askjeeves and put "what is a syn flood?".
i think its important to note that if a HUGE synflood attacked www.sco.com and sco's entire network went down, its obvious what would happen. sco would get their upstream providers to block all traffic to www.sco.com to keep their network up. after that, www.sco.com will still be down, but ftp.sco.com will be up. why is everyone freaking out?
Yes.. we've all read the article by groklaw claiming it was a hoax. I never considered myself that experienced, but when reading this article and all of these posts.. their "security experts" and these posters are simply morons..
first of all, a classic synflood is something that you and me can do from our home computers to some shitty webservers.. port 80 might stop accepting connections and simply time out. the box will still be up, every other service will be fine. any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub
also, just because a server next to it is responding, doesnt mean its not an attack. what would you do if your entire network goes down and your internet connections cant handle the bandwidth being sent in? you call up your upstream providers of course! they have the resources to block a large attack early before it hits your network. how would they block it? by blocking all traffic to www.sco.com, maybe even just syn's to port 80 to be more specific. this will keep their entire network up and running. and in this scenario, www.sco.com is down, but ftp.sco.com is up. even if their entire internet connection was never maxed out.. they'd probably block all traffic to www.sco.com at their backbones to keep everything else next to it up
and by the way, just because it brought down their internal network doesnt mean their internal network was "exposed". their internal internet connection has to come from somewhere. i bet sco's network's internet connections were completely maxed out for a while.. a synflood can do that
Yes.. we've all read the article by groklaw claiming it was a hoax. I never considered myself that experienced, but when reading this article and all of these posts.. their "security experts" and these posters are simply morons..
first of all, a classic synflood is something that you and me can do from our home computers to some shitty webservers.. port 80 might stop accepting connections and simply time out. the box will still be up, every other service will be fine. any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub
finally, just because a server next to it is responding, doesnt mean its not an attack. what would you do if your entire network goes down and your internet connections cant handle the bandwidth? you call up your upstream providers of course! they have the resources to block a large attack early before it hits your network. how would they block it? by blocking all traffic to www.sco.com, maybe even just syn's to port 80 to be more specific. this will keep their entire network up and running. and in this scenario, www.sco.com is down, but ftp.sco.com is up. even if their entire internet connection wasnt maxed out.. they'd probably block all traffic to www.sco.com at their backbones to keep everything else next to it up
and by the way, just because it brought down their internal network doesnt mean their internal network was "exposed". their internal internet connection has to come from somewhere. i bet sco's network's internet connections were completely maxed out for a while.. a synflood can do that
Seriously, I read everything thats happened, why is Linus defending the GPL against attacks from SCO about how unamerican the GPL is?
I thought SCO was pissed off because they said some of their code was in Linux. Why did this turn into an argument about how the open source community is a bunch of communist hippies conflicting with America's founding fathers? What the hell is SCO blathering about?? What happened to their intellectual property argument?
I dont know.. these lines that SCO is spitting out are pretty much word-for-word what Microsoft started saying about the GPL all of a sudden about a year ago.
Because someone new to the controversy, like some small-time CEO that thinks Linux is a character in Peanuts, might read it and wet his pants over it, so we have to respond to it, and make ourselves aware so that if our companies get cold feet about Linux adoption, we can rebut each SCO argument, and reassure our CEOs.
Of course.. we have to consider the possibility that slashdot is only making this letter more popular and causing it to be linked in more places, and causing more CEOs to read it.
I mean, thats obviously SCO's tactic right now. If they were really worried about their IP rights, they'd sue the people who publicly gave out their IP. What does SCO do? They make a huge press release that linux is using their IP but wont tell anyone how. Then they start selling licenses before anything is ever proven or in court. They threaten to go after every end user of Linux with big press releases. Then they bash the GPL and the open source community and call it unamerican. Look at this open letter they sent out to the press. "WHO ARE YOU GOING TO TRUST? YOUR NATION'S FOUNDING FATHERS OR SOME UNDERGROUND GROUP OF COMMUNISTS TRYING TO KILL THE ECONOMY??!?" I cant even believe this bullshit.
Seriously.. what are they doing? They arent acting like a company worried about their IP. They're just spreading fear. Slashdot popularizing the link out to their FUD letters is probably doing more harm than good.
Slashdot Mirror
DORK!
I think nows a good place to post a link to eeye's upcoming advisories page
haha.. yeah.. I let HTML slide.. since the L stands for language. It still isnt really something to brag about..
:)
and as for Basic.. hahaha.. yeah..
Sorry, but I wasnt really impressed by these people. I've always heard that blind people make the best phone phreakers. Thats probably true. When you deal with an entire system based on sound frequencies I can see blind people having an advantage.
But whats the point of the article? They're just 3 blind script kiddies that think they can hack the planet. I see people with vision every day committing credit card fraud. Why are these guys bragging about it on Wired? THEY EVEN GOT CAUGHT. GENIUSES!!
And what is this?!
But Ramy was too ambitious to stop there. "I taught myself to program in all the languages: C, C++, Basic, Java, HTML, PHP, CGI.
CGI isnt a language! And thats a direct quote from him. What kind of idiot says "I can program in CGI."
Sorry, but these are just three script kiddies causing the usual problems that script kiddies cause. Am I supposed to be impressed?
It hasnt made it on slashdot yet, but netcraft is reporting that future versions of IE will no longer be supporting user information in HTTP or HTTPS URLs.
For more information, please see microsoft's advisory. Thats right, type in the URL yourself, it really is at microsoft.com. From now on, any HTTP or HTTPS URL that has an @ sign in it will report "Invalid syntax error".
After months and still no patch for this bug.. they just now announced THIS as their fix, but still no patches. You'd think they'd just prevent parts of their URL bar from disappearing instead of removing features..
Workarounds for this new behavior are listed as:
* Do not include user information in HTTP or HTTPS URLs.
* Instruct users not to include their user information when they type HTTP or HTTPS URLs.
How ingenious. I also find it interesting that they link to the standards they are now breaking under "references".
well.. my point was.. when you critiqued that statement, you said:
:)
Yes, but the SCO Press Release [linuxtoday.com] states "The attack consumed about 90 percent of the available bandwidth of SCO's service provider for the entire Lindon, Utah backbone.". That does -not- sound like a synflood to me, and it *is* something that would affect servers that are accessed via the same link.
the rest of my paragraph described how any synflood nowadays would be exactly like that.. thats why i didnt understand that critique..
and my idea that it wouldnt affect servers next to it did NOT come from my "secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub". That was just a point I wanted to make.. of course they have to share the same router SOMEWHERE.. but that router could be pretty high up and able to handle the bandwidth.. that was just a point i wanted to make
the most probable reason it wouldnt affect the servers next to it was my entire 4th paragraph.. which is why i found it strange that you just ignored it and asked why the server next to it might still be up..
and also, why does the ISP have to confirm it? my point was, these "security experts" reasoning made no sense and that they were morons
i guess it doesnt matter now.. since the ISP has confirmed it in the followup slashdot story, and the "security experts" were wrong in the exact manor that i said they were..
Hey, Im not trying to argue, but I really want an answer to this question. I wonder, why would we want oil? The obvious answer is money, right? Thats what its all about. Well, the last I heard, the war on Iraq was pretty damn expensive. Then Bush requested another 87 billion for the war. Then I started to hear talks of the US considering using Iraq's oil to "offset some of the costs of reconstruction" but they were hit with some major criticism of course. So my question is.. if oil is just going to maybe offset SOME of the cost of just the reconstruction.. why the hell would oil be our reason for going? If theres something Im missing, please reply, I've always wondered...
"Spelt" is not a type of wheat. Spelt is a member of the same grain family but is an entirely different species. And now you are the buffoon.
the synflood attack was so large that it brought down much of SCO's network by maxing out its network equipment. Yes, at first this would take down many machines. But SCO's first course of action would be to block all syn's to that ip at their upstream providers.
afterwards, their entire network is now back online except for that one ip. they can change the site's ip to any other ip and it should be fine
make sense?
gah.. yes.. everyone knows what a synflood is and how to prevent it. what you are referring to are examples of how to prevent a simple synflood that only affects one machine.
for anyone to even CARE about a synflood nowadays, it has to be so large that network equipment fails. When sco's routers went down along with their entire network, syncookies arent going to do a damn thing
sco took the obvious and correct course of action, they blocked all syn's to www.sco.com in their upstream providers.. this keeps their entire network online, but their site www.sco.com will still be offline and theres nothing they can do
by the way.. what NO ONE here seems to understand is this:
a simple synflood by a home user to a webserver can be easily prevented by syncookies. for anyone to even CARE about a synflood nowadays, it has to be huge. In the case of SCO, it took down their entire network because their network equipment couldnt handle it.. syncookies wouldnt do a damn thing
if the network equipment the machine is connected to cant handle the packets per second or the bandwidth and drops, how the hell is any software change going to make a difference?
15,000 pps isnt shit
you are correct though, if the machine manages to stay online, syncookies are great.. but if your entire network goes offline.. good luck
why the hell does everyone keep saying "if their internal network went down, that means their internal network was exposed!"
that bandwidth has to come from somewhere.. if their network equipment goes down do you expect their internal network to stay online? of course after the attack was blocked by sco's upstream providers the internal network was surely up
gah! read my comment ffs!.. i'll restate it:
whenever anyone gets a huge synflood taking down a network, do you know what a good network engineer does? They attempt to block the traffic as close to the attack as possible. For example, sco most likely blocked all syns to port 80 to www.sco.com at their backbones.. or they might have had to call up their upstream providers to block it for them if it was large enough
once this is blocked, the flood is no longer affecting their network, but their site www.sco.com is effectually down
so.. my point is.. these "security experts" are morons
gah.. read the rest of my comment...
any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
are you sure?
Eh? can you point me to the part of the article that says that?
bah.. i dont even care anymore.. but here you go:
a normal small synflood wont hose the whole tcp/ip stack.. only the port you're synflooding to
syncookies only work again the small simple synfloods.. not synfloods that bottleneck entire networks.. if the network equipment the box is connected to goes down... how the hell are syncookies going to help? we dont even need to worry about classic synfloods or syncookies.. they dont even apply
correct, syn packets are small.. but you can also send more of them.. and network equipment has a certain amount of CPU and packets per second it can send.. synfloods are still very popular attacks.. especially to kill a webpage.. its kind of hard to sort out the bad syns from the good syns
i think its pretty obvious that the attack took down their internal network for a while... of course after the block, and whenever you see ftp.sco.com replying, that their internal network is also up
i just dont see this total obvious lying that everyone else sees
with enough resources, you can take down anything..
i think its safe to say if sco is even acknowledging a synflood, it exceeded the bandwidth of the link. no one cares about baby synfloods.
what most likely happened is, after the synflood brought down everything on sco's network, they had www.sco.com blocked upstream to keep the rest of their network online. this also explains why ftp.sco.com would still be up..
is it really so obvious that they're lying?
http://uptime.netcraft.com/perf/graph?site=www.sco .com
is this what you're basing your argument on? netcraft doesnt have bandwidth graphs. and what do you mean by "from a reasonable response time to completely off". do you know how long it takes for a huge attack to prevent a box from responding? do you see how shitty that graph is? an entire day is taking up about an inch on my screen
i think you're the only person so far to comment that knows what the fuck they're talking about. It seems like most of these "security professionals" just went to askjeeves and put "what is a syn flood?".
i think its important to note that if a HUGE synflood attacked www.sco.com and sco's entire network went down, its obvious what would happen. sco would get their upstream providers to block all traffic to www.sco.com to keep their network up. after that, www.sco.com will still be down, but ftp.sco.com will be up. why is everyone freaking out?
Yes.. we've all read the article by groklaw claiming it was a hoax. I never considered myself that experienced, but when reading this article and all of these posts.. their "security experts" and these posters are simply morons..
first of all, a classic synflood is something that you and me can do from our home computers to some shitty webservers.. port 80 might stop accepting connections and simply time out. the box will still be up, every other service will be fine. any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub
also, just because a server next to it is responding, doesnt mean its not an attack. what would you do if your entire network goes down and your internet connections cant handle the bandwidth being sent in? you call up your upstream providers of course! they have the resources to block a large attack early before it hits your network. how would they block it? by blocking all traffic to www.sco.com, maybe even just syn's to port 80 to be more specific. this will keep their entire network up and running. and in this scenario, www.sco.com is down, but ftp.sco.com is up. even if their entire internet connection was never maxed out.. they'd probably block all traffic to www.sco.com at their backbones to keep everything else next to it up
and by the way, just because it brought down their internal network doesnt mean their internal network was "exposed". their internal internet connection has to come from somewhere. i bet sco's network's internet connections were completely maxed out for a while.. a synflood can do that
someone prove me wrong
Yes.. we've all read the article by groklaw claiming it was a hoax. I never considered myself that experienced, but when reading this article and all of these posts.. their "security experts" and these posters are simply morons..
first of all, a classic synflood is something that you and me can do from our home computers to some shitty webservers.. port 80 might stop accepting connections and simply time out. the box will still be up, every other service will be fine. any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub
finally, just because a server next to it is responding, doesnt mean its not an attack. what would you do if your entire network goes down and your internet connections cant handle the bandwidth? you call up your upstream providers of course! they have the resources to block a large attack early before it hits your network. how would they block it? by blocking all traffic to www.sco.com, maybe even just syn's to port 80 to be more specific. this will keep their entire network up and running. and in this scenario, www.sco.com is down, but ftp.sco.com is up. even if their entire internet connection wasnt maxed out.. they'd probably block all traffic to www.sco.com at their backbones to keep everything else next to it up
and by the way, just because it brought down their internal network doesnt mean their internal network was "exposed". their internal internet connection has to come from somewhere. i bet sco's network's internet connections were completely maxed out for a while.. a synflood can do that
someone prove me wrong
Seriously, I read everything thats happened, why is Linus defending the GPL against attacks from SCO about how unamerican the GPL is?
I thought SCO was pissed off because they said some of their code was in Linux. Why did this turn into an argument about how the open source community is a bunch of communist hippies conflicting with America's founding fathers? What the hell is SCO blathering about?? What happened to their intellectual property argument?
I dont know.. these lines that SCO is spitting out are pretty much word-for-word what Microsoft started saying about the GPL all of a sudden about a year ago.
Because someone new to the controversy, like some small-time CEO that thinks Linux is a character in Peanuts, might read it and wet his pants over it, so we have to respond to it, and make ourselves aware so that if our companies get cold feet about Linux adoption, we can rebut each SCO argument, and reassure our CEOs.
Of course.. we have to consider the possibility that slashdot is only making this letter more popular and causing it to be linked in more places, and causing more CEOs to read it.
I mean, thats obviously SCO's tactic right now. If they were really worried about their IP rights, they'd sue the people who publicly gave out their IP. What does SCO do? They make a huge press release that linux is using their IP but wont tell anyone how. Then they start selling licenses before anything is ever proven or in court. They threaten to go after every end user of Linux with big press releases. Then they bash the GPL and the open source community and call it unamerican. Look at this open letter they sent out to the press. "WHO ARE YOU GOING TO TRUST? YOUR NATION'S FOUNDING FATHERS OR SOME UNDERGROUND GROUP OF COMMUNISTS TRYING TO KILL THE ECONOMY??!?" I cant even believe this bullshit.
Seriously.. what are they doing? They arent acting like a company worried about their IP. They're just spreading fear. Slashdot popularizing the link out to their FUD letters is probably doing more harm than good.