If you are a public site you clearly pay for anonymous use. If you get alot of traffic, you may not be able to afford it. I could not afford it. However not all digital protests use massive bandwidth.
Some denial of service tools do not use excessive bandwidth however. Servers can be locked up with 1-2k a second of traffic. Read Max's paper.
Who do you think pays for it when people protest on the streets? What do you think makes any protest effective?
The concept allows for a broad type of interactions. You cannot stop 100,000 web requests from seperate ip space without *you* causing a DOS on yourself. What is the difference between real traffic and this? Nothing they are both legitimate clients. The same will go for mail. ftp. etc.
This would not be spam. I can send you an email at mad-scientist.com telling you that I do not like your site. That is legal. This simply makes it possible to make a message heard by using legal channels.
This type of demonstration is not a child throwing a tantrum anymore than people on the street with signs would be. This is an effective way to produce a result.
I just hope its the right result (the one they want).
First we are not anonymous in the public world. "Show me your papers" ruins that.
Second it isn't the slashdot effect in bandwidth. It is the webserver unable to handle requests reguardless of bandwidth availible. (ask how if you still dont get it)
I find that these types of demonstrations are going to be getting alot of people in trouble if they lack the ability to cover their tracks.
I met Max (hey Max nice job getting slashdoted!) at Defcon 10 and he has some interesting ideas (and code) to achieve this goal. Many people will attack this and call it "leftist destruction" and "a simple DOS (or ddos)." The fact remains that we lack a clear cut manner of (effective) protest in our world.
Even in America (TM) we have lost our rights to free speech. We have areas for protest inside a fence, a free speech zone even. People being shot. Protesters and their phantoms of lost liberty have become the evil of the world. In other parts of the world we have people killed for speaking out. I personally know Tibetian monks that China would like to kill for simply speaking out against the state.
We as a whole cannot let this type of totalitarian behavoir exsist unchecked. Be it corperate, government, private citizen. We as a whole (planet) are letting the world fall back into the clutches of fascism under the guise of "freedom."
This is where the internet comes in.
Countries, corperations and the common man all rely in someway or another every day on the net. With the tools that Max doesn't provide it (could) allow some of the tech savvy (but not tech savvy enough to write their own tools) to fight back.
This is a non violent means of accomplishing this goal, that really sets it apart from the rest. No police will even shoot a protester on accident. Imagine that.
However this type of protest is not recognized as a proper form of policial/economic protest.
To spoof verisign and https it would require that you have a valid cert(yes it is possible to make them).To spoof a connection that used a false cert would alert the user to that fact. The fact of the matter is that apple swupdate doesnt even use SSL! So it doesn't matter if you can spoof SSL. This is why redhat up2date uses gpg, because if it is spoofed, they cant SIGN the packages! AND YOU KNOW YOU HAVE BEEN HACKED! Because you can't prevent the hack with the way the internet works! You can detect if the programmers who made the system are semi security minded.
I have permenant nerve damage as a result of this incident.
The basic of the story was that I was in the cross walk and I was hit. The girl I was walking with lost her ability to breed.
Just because I was a victim does not mean I want stricted rules, infact quite the opposite.
A loss of liberty is not a straight across trade for safety. Most of the time you do not gain physical security, rather you think you gain mental security as a result of simple psychological tricks.
So as a victim of crime, with family and friends also victims, I feel I have the right to say this: I do not need to be a victim to have a point of view.
It depends. You can spoof tcp packets easily, however a few things to make it easier are: being on the network to be able to sniff the reply(for the sequence number), only spoof the source address and drop the connection (so that it drops as if the client was erroring) or actually cracking the box itself to generate simple (but seemly random) sequence numbers (etc)...
And if it were to use UDP it would be SUPER simple to spoof it as everyone knows that UDP lacks a tcp-like handshake.
And windows 2000 must not be a modern operating system as it is possible to guessing its tcp sequence numbers.
Re:Mess them up.
on
e-Denounce
·
· Score: 4, Interesting
That would only work if this software simply sends the data of the page and the url where it was found. What if it transmits your ip? Well then you can be filtered out. Only people that have low submissions from a single ip would be counted as where if you submit adobe.com and slashdot.org and freshmeat and they run a parse script, they can tell if you are trying to mess with them. Who knows though?
Lets just reverse engineer the protocol and write our own clients with spoofed source addresses. Shouldn't be that hard.
Disclaimer: I am not trolling, I really feel this way.
The internet has always been self policing. Why should we treat SPAM differently than the rest of email? Yes it sucks, but we can always filter it. We do not need legislation to save the inbox. We need common sense. Legislation is only going to make the internet more of a 'policed state.' I feel as if it cannot be said enough, the internet is not owned by the US and it will only lead to problems if goverments are brought in for annoying crap like spammers.
No I am not a spammer. Yes I hate spam with a passion. However, the more geeks want rules to govern the internet, the more the other laws (as well as shit like this) will be passed and upheld.
I have to agree that it is nice to see them busting actual pirates than consumers. However the MPAA and the RIAA have had a smear campaign against the consumers to the law makers of this (and others) country. This driving force is to convince people that backing up your own data is "piracy," that when they go after a consumer it is because they are pirates. So in effect you are cheering for something that at one point will be wholly indestinguishable from arresting consumers. Once they get you (and many others) in the computer literate field to agree this is good, its slippery slope to convice people you only meant mass copying.
This is just one legit bust out of how many?
How many people have been illegialy arrested?
I do not disagree with you and to add to your point:
To create a tool for use with art (say a paint brush) in itself is a craft, but to make a beautiful styled handmade 'one of a kind paint brush' with your skills certianly takes you out of the relm of just a simple craftsman. I would think that photoshop is the 'one of a kind brush' and 'paint' is norm in the craft.
You certainly are represented now, whether or not it be by the individual of your preference.
The first part of your statement canecels out the last part. A representive democracy is a crock of shit, no one is represented in a proper way. Everyone votes and a few assholes make the decsion. That isn't a true democracy, its america baby!
I think thats the point of all this. The time is here when peoples shipments have been marked as a target by those resources. The DMCA makes yet another group of citizens into felons, every citizen a criminal, all speech dissident.
I Get that all the time as well, mostly anonymous connections to my ftp server or to my webserver. What services of interest are you running in contrast with my ftp and web?
For about $69 with 5 static ips and the ability to have as many netblocks as I want attached to the dsl. My roommate owns three class C and they can be attached to the dsl for free. The dsl modem does NAT or 1to1 NAT or routed and its pretty nice dsl as long as its up.
This is with atg ( http://www.callatg.com ) but to get anything done, or to have any support you are out of luck.
Slashdot Mirror
If you are a public site you clearly pay for anonymous use. If you get alot of traffic, you may not be able to afford it. I could not afford it.
However not all digital protests use massive bandwidth.
Some denial of service tools do not use excessive bandwidth however. Servers can be locked up with 1-2k a second of traffic. Read Max's paper.
Who do you think pays for it when people protest on the streets? What do you think makes any protest effective?
That would be damaging my property, how is that non-violent? You might as well throw a brick. Or shoot my tires out.
You are the idiot that gets people killed at protests.
The concept allows for a broad type of interactions. You cannot stop 100,000 web requests from seperate ip space without *you* causing a DOS on yourself. What is the difference between real traffic and this? Nothing they are both legitimate clients. The same will go for mail. ftp. etc.
This would not be spam. I can send you an email at mad-scientist.com telling you that I do not like your site. That is legal. This simply makes it possible to make a message heard by using legal channels.
This type of demonstration is not a child throwing a tantrum anymore than people on the street with signs would be. This is an effective way to produce a result.
I just hope its the right result (the one they want).
First we are not anonymous in the public world. "Show me your papers" ruins that.
Second it isn't the slashdot effect in bandwidth.
It is the webserver unable to handle requests reguardless of bandwidth availible. (ask how if you still dont get it)
I find that these types of demonstrations are going to be getting alot of people in trouble if they lack the ability to cover their tracks.
I met Max (hey Max nice job getting slashdoted!) at Defcon 10 and he has some interesting ideas (and code) to achieve this goal. Many people will attack this and call it "leftist destruction" and "a simple DOS (or ddos)." The fact remains that we lack a clear cut manner of (effective) protest in our world.
Even in America (TM) we have lost our rights to free speech. We have areas for protest inside a fence, a free speech zone even. People being shot. Protesters and their phantoms of lost liberty have become the evil of the world. In other parts of the world we have people killed for speaking out.
I personally know Tibetian monks that China would like to kill for simply speaking out against the state.
We as a whole cannot let this type of totalitarian behavoir exsist unchecked. Be it corperate, government, private citizen. We as a whole (planet) are letting the world fall back into the clutches of fascism under the guise of "freedom."
This is where the internet comes in.
Countries, corperations and the common man all rely in someway or another every day on the net. With the tools that Max doesn't provide it (could) allow some of the tech savvy (but not tech savvy enough to write their own tools) to fight back.
This is a non violent means of accomplishing this goal, that really sets it apart from the rest. No police will even shoot a protester on accident. Imagine that.
However this type of protest is not recognized as a proper form of policial/economic protest.
I have a few questions for you:
:)
Do you have access to your server logs for your area of the server?
If so can you post some stats?
What kind of bandwidth are you using up?
Thanks for the neat questions
Actually you're mistaken.
To spoof verisign and https it would require that you have a valid cert(yes it is possible to make them).To spoof a connection that used a false cert would alert the user to that fact. The fact of the matter is that apple swupdate doesnt even use SSL! So it doesn't matter if you can spoof SSL. This is why redhat up2date uses gpg, because if it is spoofed, they cant SIGN the packages! AND YOU KNOW YOU HAVE BEEN HACKED! Because you can't prevent the hack with the way the internet works! You can detect if the programmers who made the system are semi security minded.
Apple is not that.
The good news is that when I met Boyd Rice in LA a few months ago he told me about his next project with Rose McDowell.
ABBA LEAD
So have no fear.
All the worst ABBA hits are coming back with the Boyd and Rose touch.
I cannot wait.
I was a victim of a drunk driver.
I live in California, so it is against the law.
I have permenant nerve damage as a result of this incident.
The basic of the story was that I was in the cross walk and I was hit. The girl I was walking with lost her ability to breed.
Just because I was a victim does not mean I want stricted rules, infact quite the opposite.
A loss of liberty is not a straight across trade for safety.
Most of the time you do not gain physical security, rather you think you gain mental security as a result of simple psychological tricks.
So as a victim of crime, with family and friends also victims, I feel I have the right to say this: I do not need to be a victim to have a point of view.
Got a link to that?
That is fucking bullshit.
It's a strange day that most people don't even see the meaning in "show me your papers or else."
What a sad state of afairs.
I just preregistered bombthe.us, I wonder how long it will be before the fbi threatens me.
It depends. You can spoof tcp packets easily, however a few things to make it easier are: being on the network to be able to sniff the reply(for the sequence number), only spoof the source address and drop the connection (so that it drops as if the client was erroring) or actually cracking the box itself to generate simple (but seemly random) sequence numbers (etc) ...
And if it were to use UDP it would be SUPER simple to spoof it as everyone knows that UDP lacks a tcp-like handshake.
And windows 2000 must not be a modern operating system as it is possible to guessing its tcp sequence numbers.
You forgot your stream insertion operators idiot.
That would only work if this software simply sends the data of the page and the url where it was found. What if it transmits your ip? Well then you can be filtered out. Only people that have low submissions from a single ip would be counted as where if you submit adobe.com and slashdot.org and freshmeat and they run a parse script, they can tell if you are trying to mess with them. Who knows though?
Lets just reverse engineer the protocol and write our own clients with spoofed source addresses. Shouldn't be that hard.
Disclaimer: I am not trolling, I really feel this way.
The internet has always been self policing. Why should we treat SPAM differently than the rest of email? Yes it sucks, but we can always filter it. We do not need legislation to save the inbox. We need common sense. Legislation is only going to make the internet more of a 'policed state.' I feel as if it cannot be said enough, the internet is not owned by the US and it will only lead to problems if goverments are brought in for annoying crap like spammers.
No I am not a spammer.
Yes I hate spam with a passion.
However, the more geeks want rules to govern the internet, the more the other laws (as well as shit like this) will be passed and upheld.
Stop this crap now.
I have to agree that it is nice to see them busting actual pirates than consumers. However the MPAA and the RIAA have had a smear campaign against the consumers to the law makers of this (and others) country. This driving force is to convince people that backing up your own data is "piracy," that when they go after a consumer it is because they are pirates. So in effect you are cheering for something that at one point will be wholly indestinguishable from arresting consumers. Once they get you (and many others) in the computer literate field to agree this is good, its slippery slope to convice people you only meant mass copying.
This is just one legit bust out of how many?
How many people have been illegialy arrested?
I do not disagree with you and to add to your point:
To create a tool for use with art (say a paint brush) in itself is a craft, but to make a beautiful styled handmade 'one of a kind paint brush' with your skills certianly takes you out of the relm of just a simple craftsman. I would think that photoshop is the 'one of a kind brush' and 'paint' is norm in the craft.
The problem that I have is that it is a PITA to get a cd image from the debian site.
Link me to an ISO and I will use debian today.
You certainly are represented now, whether or not it be by the individual of your preference.
The first part of your statement canecels out the last part. A representive democracy is a crock of shit, no one is represented in a proper way. Everyone votes and a few assholes make the decsion. That isn't a true democracy, its america baby!
I think thats the point of all this. The time is here when peoples shipments have been marked as a target by those resources. The DMCA makes yet another group of citizens into felons, every citizen a criminal, all speech dissident.
Wonderful, I wonder which corp that is?
Anyway, in reference to your sig, the second time I read that article it was to a group of about hundred people. Talk about horrid truth.
A couple of things:
As someone thats "so up to date on windows", you should learn a little about it before you start to talk about it.
Everything has problems microsoft just puts the problems into the hands of people that cannot fix it, the end user.
I Get that all the time as well, mostly anonymous connections to my ftp server or to my webserver. What services of interest are you running in contrast with my ftp and web?
For about $69 with 5 static ips and the ability to have as many netblocks as I want attached to the dsl. My roommate owns three class C and they can be attached to the dsl for free. The dsl modem does NAT or 1to1 NAT or routed and its pretty nice dsl as long as its up.
This is with atg ( http://www.callatg.com ) but to get anything done, or to have any support you are out of luck.
After all with the way we are destroying this planet and each other we will not have time to evolve.