That doesn't help with new viruses, like the one this story is about.
Newer versions of Norton AntiVirus contain heuristics to detect virus-like behavior. But I don't know if an AV would have helped Slammer, since it did not even touch the disk, there are no files to scan. Can AV programs scan RAM for potential worms?
From: "Nicholas Weaver"
Date:
Fri, 31 Jan 2003 6:09 PM
To: bugtraq@securityfocus.com
Subject: The Spread of the Sapphire/Slammer SQL Worm
We have completed our preliminary analysis of the spread of the
Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to
spread worldwide making it by far the fastest worm to date. In the
early stages the worm was doubling in size every 8.5 seconds. At its
peak, achieved approximately 3 minutes after it was released, Sapphire
scanned the net at over 55 million IP addresses per second. It
infected at least 75,000 victims and probably considerably more.
This remarkable speed, nearly two orders of magnitude faster than Code
Red, was the result of a bandwidth-limited scanner. Since Sapphire
didn't need to wait for responses, each copy could scan at the maximum
rate that the processor and network bandwidth could support.
There were also two noteworthy bugs in the pseudo-random number
generator which complicated our analysis and limited our ability to
estimate the total infection but did not slow the spread of the worm.
David Moore, CAIDA & UCSD CSE
Vern Paxson, ICIR & LBNL
Stefan Savage, UCSD CSE
Colleen Shannon, CAIDA
Stuart Staniford, Silicon Defense
Nicholas Weaver, Silicon Defense and UC Berkeley EECS
A must read for anyone who wants to know about this worm. Its impact was huge--90% infection of all vulnerable hosts in 10 minutes. Even some E911 systems were knocked out. The internet routers at large were saturated with 120ms latency. Twice the speed of Code Red. All this with a simple PRNG scanning algorithm.
You linked to FreeBSD, but SDF runs (or ran, sadly) NetBSD 1.6 on Alpha. I was a paid ARPA-level member, just about to rsync(1) my site from my personal DSL web server to their fast OC-3s for public perusal. Guess I'll have to wait...;(
I agree completely. Having ISPs filter spoofed egress packets is the way to go. Ideally one shouldn't be able to data addresses as coming from anyone but themselves; but the I know of no ISPs that currently do this. Getting the Internet at large to blocked spoofed packets will prove difficult.
You could edit the games account hardware profile to use alternate network card settings which use XP's built-in firewall to disable outgoing port 80. That way games would still work but not most web sites. Just a thought.
As an added bonus, you can install Mozilla without any flash, java, or shockwave plugins, which will give you an internet experience completely free from flashing adverts (you can disable animated images in Mozilla).
More useful than complete exclusion, is fine-grained selection. This is whats in Galeon's (Moz-based) Settings menu:
Load Images -> Always/From current server only/Never
WTF would a filename suffix affect a browser? User agents are supposed to and generally do respect the Content-Type HTTP header; not guess the content based on four arbitrary characters at the end of the pathname. (Okay, IE doesn't do what it should.) Besides, the common usage of ASP is for Active Server Pages. Any specific cases you have to report?
(For your information, newer versions of Mozilla have mouse gestures you may adapt to. In particular I'm using Galeon and its pretty cool; you can configure gestures to be enabled when depressing the middle button or the right button, while not sacrificing the right-button context menu.)
I've noticed some documentation inconsistancies with 5.0-RELEASE. That text was taken from/stand/sysinstall of 5.0 in fact. Some manpages in 5.0 are outdated, and even a few core utilities do not work in default (in particular, truss(1) requires procfs/proc to be mounted, which it is not by default). Oh well, some rough edges are to be expected in a.0.
I'm not worried about privacy, but security. Fortunately, most user-sensitive items could be filtered out by ignoring those which have a stored Cookie or Authorization header. Otherwise people might be able to view other people's private, per-user data.
I believe this is known as BER encoding (Perl's unpack uses the "w" format specifier to decode these types of integers). For each byte (or in your example, qword), the MSB is set if another unit follows, unset if not. Compresses quite well, but practically, its not worth it. Reading a fixed-size integer is an O(1) operation, BER integers are read much slower and mess up alignment.
Re:Ashamed to admit my cluelessness...
on
F'd Companies
·
· Score: 1
Wapit believes in a mobile driven future and is dedicated to lead the new generation of simple, time and place independent mobile communication.
Wapit creates advanced mobile middleware technology and applications. Our customers can use our technology to build and maintain multiple, revenue generating mobile solutions tailored to their market needs.
Founded in 1998, Wapit Ltd. headquarters are in Helsinki, Finland.
Whatever that means. Don't know about iHarvest though--and maybe never will, considering they setup a robots.txt to block archive.org.
Saving on everyday services has never been easier. With OnlineChoice, you join hundreds of thousands of others in powerful, free, no obligation consumer buying pools -- and we use this collective clout to negotiate great deals. Group buying power lowers your monthly bills.
Swapit was forced to close down because it could not obtain additional funding. As soon as it became apparent that no further funding would take place, Swapit shut down its website.
2) Is Swapit coming back?
Swapit is closed permanently. It is not coming back under another name or as another company.
3) What happens to my credits?
According to the Terms and Conditions of Use to which all Swapit Members agreed to prior to using the Swapit site, once any of the CDs and games was accepted, customers were credited with "Swapit Bucks" which are not redeemable for cash under any circumstances whatsoever. Since Swapit is now closed, credits are not able to be redeemed and are gone.
4) Can I get my CDs and games back?
According to the Terms and Conditions of Use, transfer of title of ownership occurred upon acceptance of the goods by Swapit. At that point, the goods became the property of Swapit. Swapit's lender, which has a secured interest in all of Swapit's assets, including the CDs and games, is owed much more than the value of Swapit's property. Swapit expects the secured lender to foreclose upon Swapit's property. Swapit does not know what the secured lender intends to do with the property once it completes the foreclosure.
5) Are there arrangements for settlement with customers?
Due to its circumstances, Swapit is not able to offer its customers financial compensation. Swapit is exploring whether it may be possible for its customers to receive credits with other similar sites. At this time, there are no arrangements in place. If it becomes possible for customers to receive credit with another site, you will see a notice posted at Swapit.com
Which confirms what Pud said. Bummer. Before they kicked the bucket, SwapIt was swapping used music CDs and games:
Chocolate Starfish & The Hotdog Flavored WaterChocolate Starfish & The Hotdog Flavored Water Limp Bizkit/$5.00 games browse all games
NASCAR 2001NASCAR 2001 PlayStation2/$24.00 1 Halfway Between The Gutter & The Stars (Explicit) (Fatboy Slim)/$6.75 2 Jagged Little Pill (Alanis Morissette)/$2.50 3 Tragic Kingdom (No Doubt)/$2.50Crazy Taxi (Dreamcast)/$14.00 2 Lunar Silver Star Story (PlayStation)/$28.00 3 Tony Hawk's Pro Skater (PlayStation)/$13.25
I'm installing 5.0 as I write this and here is what sysinstall says about UFS2:
To make use of UFS2, press '2' on a UFS file system to toggle the on-disk format revision. UFS2 provides native support for extended attributes, larger disk sizes, and forward compatibility with new on-disk high performance directory layout and storage extents. However, UFS2 is unsupported on versions of FreeBSD prior to 5.0 so it is not recommended for environments requiring backward compatibility. Also, UFS2 is not currently recommended as a root file system format for non-64-bit platforms due to incrased size of the boot loader; special local configuration is required to boot UFS2 as a root file system on i386 and PC98.
Looks pretty cool, I'm using UFS2 with softupdates on my/var,/tmp, and/usr filesystems.
Well...HTML is mostly 7-bit ASCII. So the high bit could be thrown away resulting in a 1/7 compression ratio, partially lossless. Of course, non-ASCII entities would have to be encoded; but HTML has provisions for exactly that.
San Diego Technical Books puts all the O'Reillys under one shelf. They have a great selection; I drove all the way from SoCal to buy an O'Reilly book and didn't regret it one bit.
Slashdot Mirror
I don't know if you were trolling, but I couldn't find any AntiVirus tools for Debian. Care to provide a more specific link?
Impressive. I'd ask what you're storing, but you probably don't know. :)))
...is for Itanium to run on FreeVMS!
You linked to FreeBSD, but SDF runs (or ran, sadly) NetBSD 1.6 on Alpha. I was a paid ARPA-level member, just about to rsync(1) my site from my personal DSL web server to their fast OC-3s for public perusal. Guess I'll have to wait... ;(
I agree completely. Having ISPs filter spoofed egress packets is the way to go. Ideally one shouldn't be able to data addresses as coming from anyone but themselves; but the I know of no ISPs that currently do this. Getting the Internet at large to blocked spoofed packets will prove difficult.
You could edit the games account hardware profile to use alternate network card settings which use XP's built-in firewall to disable outgoing port 80. That way games would still work but not most web sites. Just a thought.
More useful than complete exclusion, is fine-grained selection. This is whats in Galeon's (Moz-based) Settings menu:
Convinced? galeon.soureforge.net
Yet more MS-bashing. One word: . Another word: Third word: I'll stop now.
WTF would a filename suffix affect a browser? User agents are supposed to and generally do respect the Content-Type HTTP header; not guess the content based on four arbitrary characters at the end of the pathname. (Okay, IE doesn't do what it should.) Besides, the common usage of ASP is for Active Server Pages. Any specific cases you have to report? (For your information, newer versions of Mozilla have mouse gestures you may adapt to. In particular I'm using Galeon and its pretty cool; you can configure gestures to be enabled when depressing the middle button or the right button, while not sacrificing the right-button context menu.)
Do you actually use Freenet?
I've noticed some documentation inconsistancies with 5.0-RELEASE. That text was taken from /stand/sysinstall of 5.0 in fact. Some manpages in 5.0 are outdated, and even a few core utilities do not work in default (in particular, truss(1) requires procfs /proc to be mounted, which it is not by default). Oh well, some rough edges are to be expected in a .0.
I'm not worried about privacy, but security. Fortunately, most user-sensitive items could be filtered out by ignoring those which have a stored Cookie or Authorization header. Otherwise people might be able to view other people's private, per-user data.
I believe this is known as BER encoding (Perl's unpack uses the "w" format specifier to decode these types of integers). For each byte (or in your example, qword), the MSB is set if another unit follows, unset if not. Compresses quite well, but practically, its not worth it. Reading a fixed-size integer is an O(1) operation, BER integers are read much slower and mess up alignment.
Whatever that means. Don't know about iHarvest though--and maybe never will, considering they setup a robots.txt to block archive.org.
OnlineChoice:
SwapIt went tits up:
Which confirms what Pud said. Bummer. Before they kicked the bucket, SwapIt was swapping used music CDs and games:
I'm installing 5.0 as I write this and here is what sysinstall says about UFS2: To make use of UFS2, press '2' on a UFS file system to toggle the on-disk format revision. UFS2 provides native support for extended attributes, larger disk sizes, and forward compatibility with new on-disk high performance directory layout and storage extents. However, UFS2 is unsupported on versions of FreeBSD prior to 5.0 so it is not recommended for environments requiring backward compatibility. Also, UFS2 is not currently recommended as a root file system format for non-64-bit platforms due to incrased size of the boot loader; special local configuration is required to boot UFS2 as a root file system on i386 and PC98. Looks pretty cool, I'm using UFS2 with softupdates on my /var, /tmp, and /usr filesystems.
Since when can anything be found on Gnutella?
Well...HTML is mostly 7-bit ASCII. So the high bit could be thrown away resulting in a 1/7 compression ratio, partially lossless. Of course, non-ASCII entities would have to be encoded; but HTML has provisions for exactly that.
US Military Uses Spam, Internet Explorer. My tax dollars are paying for that?
I put the demoscene in my DVD player .
How about some Curse of Dark Magicians Guaranteed to satisfy any Slashdotter, better than LoTR:FoTR 9 out of 10 Slashdotters agree.
Okay, I'll use BSD Unix. Thanks for the suggestion!
San Diego Technical Books puts all the O'Reillys under one shelf. They have a great selection; I drove all the way from SoCal to buy an O'Reilly book and didn't regret it one bit.
Can I be your bridge under troubled waters?