broadband connections have gotten *slower* while costs have risen
Perhaps in your neck of the woods, but where I live, it's a different story.
Shaw (Edmonton) just upgraded my cable modem (at no charge), and I'm getting a consistent 6Mbps down and 1.5Mbps up.
Before the upgrade, I was getting 1.8Mbps up and 350K down. Their rates haven't changed (I'm still paying the same $40.00 per month - including modem rental.)
I got the jist that it was along the lines of: "No, no, no, don't do WiFi yourself, it just costs too much. We'll do it for you have save you $$$$ millions!"
The thing you have to ask yourself is this:
If it will *really* lose millions of dollars each year, why does the company want to do it?
Yeah, every company *I* know has millions of dollars that it has to lose each year, right? Isn't that the purpose of a company, to give away all of its' money?
you are completely wrong on every one of your points
No, he isn't; his inference that a botnet is needed is incorrect, but it's not as simple as you make it out to be.
First, you don't need to keep sending packets to continue the DOS. You can degrade connections with the MTU attack with exactly one packet per connection.
True, but only if you can sniff the traffic. The article states that you don't *have* to be MITM for this to work (which is correct), but if you're not, you won't know the TCP source port, and therefore will be required to brute-force the attack. And because you won't know the source port, you won't ever be sure that the attack succeeded, and so you'll have to keep sending packets - that will require a lot of bandwidth to sustain.
Again: you have to guess the source port, too. There are very few tcp protocols with predictable source ports nowadays. So it's not 2^32/windowsize but probably (2^16-1024)*2^32/windowsize. Have fun brute forcing that.
Not only that, but unless you *are* MITM, you'll never actually know that you've succeeded. So not only do you have to bruteforce it (which will take a ton of bandwidth) you can't know when to stop - which means that you have to run the entire gamut in order to be sure you're successful.
And if the connection restarts (I believe the timeouts listed were 10 minutes), you've gained absolutely nothing.
If you have the bandwidth to brute force this, you might as well be doing a DDoS.
This issue has to be considered, but as D. Adams said: Don't panic!
The problem (of course) is that it assumes that all the cars are travelling the same speed.
Most traffic collisions result from cars travelling different speeds. One car goes much faster (or slower) than the rest causes an accident.
Or (following the line of reasoning present in the preceeding two posts) we could make the speed limit on every road 5KPH, which would maximize the road capacity!
The funniest thing is that this guy is prejudging them as crackpots, and saying "why don't they do what crackpots do?" so that (presumably) if they are right, he can say "they're crackpots, they didn't *really* predict it, they're just *saying* they predicted it after the fact."
The difference between a crackpot and a scientist is that a scientist states his hypothesis, then tests it, and alters the hypothesis based on the results of the test.
It's hypocritical to claim they're crackpots because they say something that runs against current scientific belief, then cry foul when they actually act like scientists and want to test their hypotheses.
I'm a transportation planner, and the great grandparent is incorrect.
Just saying "I'm a transportation planner" means absolutely nothing to us unless you can tell us which city you work for, and which roadways you've planned.
If you've planned some of the roads near where I live, I'd take whatever you say with a large grain of salt.
If you don't believe NAT has any security benefits, then you must believe that stateful inspection has no security benefits either. (And if you believe that, then you don't know anything about network security.)
If you don't have filter rules to back it up then any traffic can just flow right into your network.
What?!?!?!?!?!?!
Ok, then you've proven that not only do you know nothing about network security, but you don't know anything about networks at all.
By necessity NAT implementations must include a state table; Inbound packets are destined for the *NAT DEVICE*, not for your internal network. If the packets don't correspond to entries in the state table, then they will hit the NAT device, not your network.
Most NAT systems include some sort of firewall so it's an easy mistake to make.
There's no such thing as a "NAT system." You don't go and buy a "NAT System", you buy a firewall that does NAT. (Your statement is backwards.)
A firewall filters packets without changing them
No, that's a packet filter.
A firewall is a device that sits on two networks and controls traffic between them. Most modern firewalls do this via packet filtering (so it's an easy mistake to make), but this is not the only way - google "SOCKS proxy" if you're curious about one way; but there are others.
I have watched "Young Van Helsing" which had nothing but a title including Van Helsing going for it. The plot was weak, the dialogue was weak, and the acting was... (take a wild guess)
And this differed from the Hugh Jackman movie how?:o)
It's irrelevant as to whether Novell owns the copyright - they believe they do (and proved that they have a good reason to belive so), and that's all that matters for the case at hand.
Novell didn't want to go the distance, they just wanted this to go away.
By denying their motion, Judge Kimball as put a distinct "screw you" to justice, and given the go-ahead to frivolous lawsuits everywhere.
We *KNOW* that SCO's suits are frivolous, and yet they are allowed to harrass innocent companies.
The official legal distinction between a sport and a game is whether a participant can consume alcohol during the activity.
I *KNEW* it! Baseball is not a sport!
Thanks for the confirmation. Do you have a link for that definition? (I'd like to throw it in people's faces when they insist on discussing baseball.:o)
Re:And Paramount's response?
on
P2P and TV
·
· Score: 1
Excuse me?
No, you're not excused.
If I make something...then I want to do whatever the heck I want with it!
Which conveniently ignores my post.
Yes, you can do whatever the hell you want with it, but do not expect the government to grant you copyright on it.
do you really want the government to take away anything you haven't released?
Uhh, What?!?!? Who said anything about something being taken away from someone?
And Paramount's response?
on
P2P and TV
·
· Score: 4, Insightful
Legal posturing.
This is *precisely* why Copyright law needs an overhaul. The supposed goal of copyright law is "to promote science and the useful arts".
How is allowing a company to stop this from seeing the light of day a promotion?
If you make something, and don't release it, you shouldn't be allowed to stop someone else from distributing it for no charge.
I've had only minimal issues with Shaw - I think a total of 36 hours downtime in the 7 years I've been with them. Their tech support is great too - they don't treat me like an idiot, or believe that the problem is with my equipment until (and even sometimes even if) I prove otherwise.
Telus which I have not tried.
Don't. We have a couple of dozen customers with Telus, and they *suck*. Their DHCP addresses change every couple of days, even when the client is still using it (so you lose your connection - release/renew the DHCP lease gives you a new address, they *refuse* to acknowledge that it's caused by their equipment - one customer switched from Shaw to Telus - they'd run for 3 years with zero downtime, now they lose their IP address every 2 days.)
No static IP addresses, even if you pay extra for it. Yes, they'll make you pay extra, then force you to use DHCP - although the IP address will only change once a year or so, instead of once every couple of days.
A couple of years ago, their DHCP servers for the northern half of the provice died. It took almost 10 days (yes, *DAYS*) for them to fix it, meanwhile all of their customers had no internet (even the ones with 'static' addresses.)
If you call them for support, be prepared to wait for a *LONG* time (20 minutes to several hours) before you can talk to someone, and their script assumes that it's your problem, not theirs. They will refuse to do anything outside the script, even if you tell them you've already done it all. I have a sneaking suspicion that their "support" people have no way of even looking at any technical information. My sister got Telus ADSL, and I went there to hook it up for her. It didn't work (no ADSL link), and after calling support, walking through each step in their troubleshooting guide (even though I told them I'd done each step already - and him telling me to "release and renw the IP address", yes, he knew there was no ADSL link, and yet he insisted we try it anyway), it turned out that the morons *hadn't even connected it at their end* - yup, we wasted 20 minutes with their "technician", when not only did he not have the power to fix the problem, but he didn't even have the power to see if the damn modem was online. (Contrast with Shaw; the very first thing they do is check to see if they can talk to your modem.)
Slashdot Mirror
Numerous astronauts report that the trip into space changes a man
:o)
Especially if you believe the
stories about why
.. unless you're implying that MS is creating these viruses?
Your logic states that the virus author should be held immune, and the person (people) who perpetuate it should be the ones being punished, no?
This is an absurdly recurring discussion.
:o)
Maybe he's looking for a job as an editor here.
It's
Must Consult Someone Experienced
broadband connections have gotten *slower* while costs have risen
Perhaps in your neck of the woods, but where I live, it's a different story.
Shaw (Edmonton) just upgraded my cable modem (at no charge), and I'm getting a consistent 6Mbps down and 1.5Mbps up.
Before the upgrade, I was getting 1.8Mbps up and 350K down. Their rates haven't changed (I'm still paying the same $40.00 per month - including modem rental.)
I got the jist that it was along the lines of: "No, no, no, don't do WiFi yourself, it just costs too much. We'll do it for you have save you $$$$ millions!"
The thing you have to ask yourself is this:
If it will *really* lose millions of dollars each year, why does the company want to do it?
Yeah, every company *I* know has millions of dollars that it has to lose each year, right? Isn't that the purpose of a company, to give away all of its' money?
you are completely wrong on every one of your points
No, he isn't; his inference that a botnet is needed is incorrect, but it's not as simple as you make it out to be.
First, you don't need to keep sending packets to continue the DOS. You can degrade connections with the MTU attack with exactly one packet per connection.
True, but only if you can sniff the traffic. The article states that you don't *have* to be MITM for this to work (which is correct), but if you're not, you won't know the TCP source port, and therefore will be required to brute-force the attack. And because you won't know the source port, you won't ever be sure that the attack succeeded, and so you'll have to keep sending packets - that will require a lot of bandwidth to sustain.
Again: you have to guess the source port, too. There are very few tcp protocols with predictable source ports nowadays. So it's not 2^32/windowsize but probably (2^16-1024)*2^32/windowsize. Have fun brute forcing that.
Not only that, but unless you *are* MITM, you'll never actually know that you've succeeded. So not only do you have to bruteforce it (which will take a ton of bandwidth) you can't know when to stop - which means that you have to run the entire gamut in order to be sure you're successful.
And if the connection restarts (I believe the timeouts listed were 10 minutes), you've gained absolutely nothing.
If you have the bandwidth to brute force this, you might as well be doing a DDoS.
This issue has to be considered, but as D. Adams said: Don't panic!
Very succintly put.
The problem (of course) is that it assumes that all the cars are travelling the same speed.
Most traffic collisions result from cars travelling different speeds. One car goes much faster (or slower) than the rest causes an accident.
Or (following the line of reasoning present in the preceeding two posts) we could make the speed limit on every road 5KPH, which would maximize the road capacity!
This makes no sense.
It makes perfect sense. Even Steve Ballmer agrees with it.
How does that contribute profit to MS?
Two words:
increased brainshare.
You might well have asked "Why do companies spend millions of dollars each year advertising their products - how does that contribute profit to them?"
The funniest thing is that this guy is prejudging them as crackpots, and saying "why don't they do what crackpots do?" so that (presumably) if they are right, he can say "they're crackpots, they didn't *really* predict it, they're just *saying* they predicted it after the fact."
The difference between a crackpot and a scientist is that a scientist states his hypothesis, then tests it, and alters the hypothesis based on the results of the test.
It's hypocritical to claim they're crackpots because they say something that runs against current scientific belief, then cry foul when they actually act like scientists and want to test their hypotheses.
I'm a transportation planner, and the great grandparent is incorrect.
Just saying "I'm a transportation planner" means absolutely nothing to us unless you can tell us which city you work for, and which roadways you've planned.
If you've planned some of the roads near where I live, I'd take whatever you say with a large grain of salt.
Bunnies aren't so cute
like everybody supposes,
They've got them hoppy legs
and twitchy little noses,
And what's with all the carrots?
What do they need such good eyesight for anyway?
Bunnies! Bunnies!
It must be BUNNIES!
(from memory, so it might be wrong.)
I'm surprised that there's only been one person who knows the origin of this.
NAT doesn't have a security aspect.
Bullshit.
If you don't believe NAT has any security benefits, then you must believe that stateful inspection has no security benefits either. (And if you believe that, then you don't know anything about network security.)
If you don't have filter rules to back it up then any traffic can just flow right into your network.
What?!?!?!?!?!?!
Ok, then you've proven that not only do you know nothing about network security, but you don't know anything about networks at all.
By necessity NAT implementations must include a state table; Inbound packets are destined for the *NAT DEVICE*, not for your internal network. If the packets don't correspond to entries in the state table, then they will hit the NAT device, not your network.
Most NAT systems include some sort of firewall so it's an easy mistake to make.
There's no such thing as a "NAT system." You don't go and buy a "NAT System", you buy a firewall that does NAT. (Your statement is backwards.)
A firewall filters packets without changing them
No, that's a packet filter.
A firewall is a device that sits on two networks and controls traffic between them. Most modern firewalls do this via packet filtering (so it's an easy mistake to make), but this is not the only way - google "SOCKS proxy" if you're curious about one way; but there are others.
I'd say only a man and a woman are capable of *natural sexual union*.
Define "natural"
Something that only happens in nature?
Well, homosexual acts have been documents in many species, including dolphis, bonobo, elephant seals, whales, and many others.
Gay sex is as "natural" as straight sex. If you doubt otherwise, perhaps you should find a gay person and ask them.
I have watched "Young Van Helsing" which had nothing but a title including Van Helsing going for it. The plot was weak, the dialogue was weak, and the acting was... (take a wild guess)
:o)
And this differed from the Hugh Jackman movie how?
actually... there is a little bit of gray area in the Novell SCO case as to who owns what.
Which is precisely why the case should have been dismissed.
Please re-read my post, you seem to misunderstand what I wrote.
I think this is a good thing
I disagree.
It's irrelevant as to whether Novell owns the copyright - they believe they do (and proved that they have a good reason to belive so), and that's all that matters for the case at hand.
Novell didn't want to go the distance, they just wanted this to go away.
By denying their motion, Judge Kimball as put a distinct "screw you" to justice, and given the go-ahead to frivolous lawsuits everywhere.
We *KNOW* that SCO's suits are frivolous, and yet they are allowed to harrass innocent companies.
This reeks of corruption.
please submit your goto-less version of the TCP input routine in the BSD IP stack.
//g"
:o)
"s/goto
Note that you didn't specify that the code had to work afterwards.
The official legal distinction between a sport and a game is whether a participant can consume alcohol during the activity.
:o)
I *KNEW* it! Baseball is not a sport!
Thanks for the confirmation. Do you have a link for that definition? (I'd like to throw it in people's faces when they insist on discussing baseball.
Excuse me?
No, you're not excused.
If I make something...then I want to do whatever the heck I want with it!
Which conveniently ignores my post.
Yes, you can do whatever the hell you want with it, but do not expect the government to grant you copyright on it.
do you really want the government to take away anything you haven't released?
Uhh, What?!?!? Who said anything about something being taken away from someone?
Legal posturing.
This is *precisely* why Copyright law needs an overhaul. The supposed goal of copyright law is "to promote science and the useful arts".
How is allowing a company to stop this from seeing the light of day a promotion?
If you make something, and don't release it, you shouldn't be allowed to stop someone else from distributing it for no charge.
When did Frodo take on Lord Vader and the Emperor?
:o)
Maybe he's referring to Disney?
I've had only minimal issues with Shaw - I think a total of 36 hours downtime in the 7 years I've been with them. Their tech support is great too - they don't treat me like an idiot, or believe that the problem is with my equipment until (and even sometimes even if) I prove otherwise.
Telus which I have not tried.
Don't. We have a couple of dozen customers with Telus, and they *suck*. Their DHCP addresses change every couple of days, even when the client is still using it (so you lose your connection - release/renew the DHCP lease gives you a new address, they *refuse* to acknowledge that it's caused by their equipment - one customer switched from Shaw to Telus - they'd run for 3 years with zero downtime, now they lose their IP address every 2 days.)
No static IP addresses, even if you pay extra for it. Yes, they'll make you pay extra, then force you to use DHCP - although the IP address will only change once a year or so, instead of once every couple of days.
A couple of years ago, their DHCP servers for the northern half of the provice died. It took almost 10 days (yes, *DAYS*) for them to fix it, meanwhile all of their customers had no internet (even the ones with 'static' addresses.)
If you call them for support, be prepared to wait for a *LONG* time (20 minutes to several hours) before you can talk to someone, and their script assumes that it's your problem, not theirs. They will refuse to do anything outside the script, even if you tell them you've already done it all. I have a sneaking suspicion that their "support" people have no way of even looking at any technical information. My sister got Telus ADSL, and I went there to hook it up for her. It didn't work (no ADSL link), and after calling support, walking through each step in their troubleshooting guide (even though I told them I'd done each step already - and him telling me to "release and renw the IP address", yes, he knew there was no ADSL link, and yet he insisted we try it anyway), it turned out that the morons *hadn't even connected it at their end* - yup, we wasted 20 minutes with their "technician", when not only did he not have the power to fix the problem, but he didn't even have the power to see if the damn modem was online. (Contrast with Shaw; the very first thing they do is check to see if they can talk to your modem.)
Stay as far away from Telus as you can.