This has a rather striking resembelance to the beginning plot of 'Splinter Cell' -- an ex-Soviet republic, 10 years from no running water to a great information backbone... If we don't stop this now, soon the government of Estonia will cause the Estonian Information Crisis!;)
There's the standard reason that everyone here talks about: there are tons of public shell servers that offer accounts. Many people buy shell accounts to run irc bots and the like. If there's someone abusive, you want to be able to ban them, not the entire shell server.
Then, there's irc-enabled trojans/viruses. These things spread by means of email, newsgroups, outlook/IE exploits, open windows shares, and IRC itself. They come on IRC as a convenient spot for whoever wrote the virus to control them all and use for ddos attacks. They take up space, and they're generally not nice things to have lying around. However, the majority of these viruses were never coded with identd support, and they run on windows machines of users who never use IRC. Therefore, by banning users who do not have ident enabled, you are banning a huge amount of ddos attack drones.
I was visiting some friends in Toronto when I was read in the local paper about the "Canadian Reform Alliance Party." It appears that since then, they've changed their name to the Canadian Allicance Party... I wonder how long it took for them to catch on:>
I don't know about you, but I think there's already quite enough crap in power:)
To get OpenSSH 2.3.0p1 to compile under freebsd 3.4-RELEASE:
- first ensure openssl 0.9.6 is installed. If not, install it.
-./configure --without-pam --with-tcp-wrappers --sysconfdir=/etc/ssh --with-md5-passwords --with-libs=-lcrypt
Took a little monkeying around, but it seems to work fine for me at the moment. Good luck.
Obviously you have had no prior experience with attacks of such magnitude. I ran a server on DALnet for almost 4 years. The server was most recently pulled due to a sustained packet attack.
In many situations, the upstream ISP would much rather put in a null route for your IP and have you deal with it. Not every upstream is cooperative. I've had a non-IRC DoS attack on one of my machines (because of my client on IRC) -- and sprint flat out refused to give me any information whatsoever unless they had an order from a judge.
On top of that, most IRC servers aren't seen as a very important service (they really aren't), and since they make the ISP hosting them no money, the ISP will simply pull the plug on the IRC server after too many packet attacks, rather than pay their network administrators overtime to work on the phone with your upstream. Since the upstream will only talk to the network administrator of the ISP, and not you, the administrator of the machine, you're out of luck.
This is most certainly _not_ a hoax. This is a real problem. When people use bouncers to hide their real IP address, the script kiddies will attack (and take down for hours) the server which houses the offender they wish to remove (usually an irc operator on that server).
IRC operators run a server. In general, they don't deal with your channel.
What you speak of is channel operators. Now, if you want to take down servers to gain ops in a channel, that's a great sign you need something better to do with your life. On a network like undernet/dalnet, where most channels are freely registered with some sort of services, taking down a server won't even get you a channel.
I don't believe he's talking about any bandwidth problems, the site loads lightning quick.
error 'ASP 0115'
Unexpected error /welcome.asp
A trappable error occurred in an external object. The script cannot continue running.
Server object error 'ASP 0115 : 8000ffff'
Unexpected error /head2.inc, line 104
A trappable error occurred in an external object. The script cannot continue running.
I always love to see "Error: Unexpected error." How often do you expect errors? My personal favorite has to be "Microsoft Exchange Server could not start due to the following problem: Microsoft exchange server did not start due to the error: Success." (Granted, the website error is most likely due to bad programming on the part of heavens-above.com.:)
Do your hosts resolve reversely? (ie 1.2.3.4 -> ppp123.moo.com) gethostbyaddr() and WSA-variants will attempt a netbios machine name lookup if gethostbyaddr() fails. This is a windows internal, so it's not just IIS, but every machine running windows doing a DNS lookup on an IP which has no reply (or timely reply).
Sep 11 04:50:23 adel iplog: ping from mail.sec.rr.com
Sep 11 04:51:30 adel iplog: nntp connection attempt from mail.sec.rr.com
Oct 1 00:00:25 adel iplog: ping from mail.sec.rr.com
Oct 1 00:01:05 adel iplog: smtp connection attempt from mail.sec.rr.com
If you're an rr.com customer, that seems to be the address that checks you for things they don't want you running. You can visit http://mail.sec.rr.com for more information, but I'm sure they monitor who looks at that machine (they have a big hairy legal notice up there, too).
Al Gore was the first -- and the only, for a few years -- political leader to recognize the importance of the internet. Not the commercial importance, either.
Now, I'm not a Gore fan, (and certainly not a Bush fan), but please get your facts right.
For those that think GWB is not the brightest candidate, you can check out this opinion piece that gives a slightly different view of the second debate than the _one_ line this story refers to.
http://www.opinionjournal.com/columnists/pnoonan/? id=65000413
Title of the article:
The Man George Shultz Saw
Gov. Bush is Reaganesque. Now America knows it.
Oh joy! Just what we need, another Reagan. Let's make my money more worthless while we empower the military. Strong America! BOOGA! MIGHTY AMERICAN BEAT DOWN EVIL COMMUNIST WITH BIG BOMB! BOOGA BOOGA!
Fortunately, Bush, although being completely ignorant of most.. well, most everything, has millions of people who will twist his words to find some meaning out of them that fits their personal idealism.
To quote:
But Columbine spoke to a larger issue, and it's really a matter of culture. It's a culture that somewhere along the line, we've begun to disrespect life, where a child can walk in and can have their heart turned dark as a result of being on the Internet, and walk in and decide to take somebody else's life. So gun laws are important, no question about it. But so is loving children and, you know, character education classes, and faith-based programs being a part of after-school programs. Somebody -- some desperate child needs to have somebody put their arm around them and say, "We love you." And so there's a -- this is a society that -- of ours has got to do a better job of teaching children right from wrong.
Now read:...have their heart turned dark as a result of being on the Internet. On top of that, we need "character education classes" and "faith-based programs" after school. Great, let's teach Christianity to everyone because we know it makes them a more caring, less psycho-killer person.
Please go read the debate before you start spouting BS. Uninformed people are the most dangerous problem in politics. Please become informed so you don't screw up the rest of our futures.
Do you know how much traffic it would be to watch all private and channel conversations? On top of that, the IRC protocol does not send private or channel conversations to servers which do not have users or are not in the paths of users that are recieving the messages.
There were recently accusations of the same thing on DALnet -- nobody has the time or the energy to watch and sift through a million conversations about your Diablo II characters or your netsex with "Jenny_18."
ergh.. maybe I should drink my cup of coffee a bit first before submitting. wchar_t is 32 bit, but WCHAR is 16 bit. #ifdef u_int32_t typedef WCHAR u_int16_t; #else typedef WCHAR unsigned short; #endif
#ifdef u_int32_t typedef DWORD u_int32_t; typedef WORD u_int16_t; #else /* * these are less portable because * it assumes 'short' is 16 bit * and 'int' is 32 bit */ typedef DWORD unsigned int; typedef WORD unsigned short; #endif
The LINKS.VBS (and variants) have been manifesting themselves on IRC for the past year, if not longer. It spreads itself through user idiocy, in the form that the user has to accept the file and run it himself.
If you want an "interesting" trojan/virus, there's an IRC-spreading virus that keeps a list of words and makes a pseudo-random filename out of them: fireman-having-sex-with-horse.jpg.bat was my favorite that was generated. Variations of this virus exist in.bat,.js,.vbs -- the fun just never seems to stop.
Working for a company that has dealt with this sort of thing, there's no way you'd get an open source package that would be able to read NASDAQ level II quotes. It would definitely have to be a closed source (read: expensive, non-customizable, and proprietary) solution.
With prices nowadays, you can throw together a cluster of Athlon-650s for about $500-$600 apiece. This is about $200 cheaper than it's pentium cu-mine brother, and edeges over the cu-mine in performance just a bit. I've had this configuration up and running for over a month now, and it's a cheap, fast cluster. Forget the dual cpu celerons, they'll still cost you twice as much.
The Intel datasheets (available here) say that TCase (the temperature of the chip casing on your celeron processor) is acceptable up to 85c (185 F). I think you have a long way to go before you need to start worrying.;)
On a comparative level, I used to have both a p133 and a p150, both which burnt your finger if you dared to touch them after a cpu-intensive job, but which never had any issues.
After all, the average buyer will only care about three things:
... and that's pointless, because you forgot the point that the average buyer is a corporation, which cares about completely different things. Say, for instance, their past experience with intel has been that they've been using intel x86 chips in their servers and workstations for the past 10 years, and they've generally been reliable. Why risk it and change, when you can stay with something you know?
This kind of stuff has been around for years now, at least. It's just becoming more mainstream, as it used to only be limited to irc (ie, pick people you don't like on irc and packet their machine to death).
What about smurf, fraggle, papasmurf, etc.. where you use misconfigured broadcast addresses all over the internet, and have the backing of multiple megabits of bandwidth.. ?
This doesn't even take into account open proxy servers which are everywhere, which could be used to make some sort of distributed attack, or even irc "flood nets."
Script kiddie tools never cease to become more damaging and more widely available. blah.
Slashdot Mirror
This has a rather striking resembelance to the beginning plot of 'Splinter Cell' -- an ex-Soviet republic, 10 years from no running water to a great information backbone... If we don't stop this now, soon the government of Estonia will cause the Estonian Information Crisis! ;)
There's the standard reason that everyone here talks about: there are tons of public shell servers that offer accounts. Many people buy shell accounts to run irc bots and the like. If there's someone abusive, you want to be able to ban them, not the entire shell server.
:)
Then, there's irc-enabled trojans/viruses. These things spread by means of email, newsgroups, outlook/IE exploits, open windows shares, and IRC itself. They come on IRC as a convenient spot for whoever wrote the virus to control them all and use for ddos attacks. They take up space, and they're generally not nice things to have lying around. However, the majority of these viruses were never coded with identd support, and they run on windows machines of users who never use IRC. Therefore, by banning users who do not have ident enabled, you are banning a huge amount of ddos attack drones.
I'm actively involved in this kind of thing.
I don't know about you, but I think there's already quite enough crap in power :)
To get OpenSSH 2.3.0p1 to compile under freebsd 3.4-RELEASE:
./configure --without-pam --with-tcp-wrappers --sysconfdir=/etc/ssh --with-md5-passwords --with-libs=-lcrypt
- first ensure openssl 0.9.6 is installed. If not, install it.
-
Took a little monkeying around, but it seems to work fine for me at the moment. Good luck.
Obviously you have had no prior experience with attacks of such magnitude. I ran a server on DALnet for almost 4 years. The server was most recently pulled due to a sustained packet attack.
In many situations, the upstream ISP would much rather put in a null route for your IP and have you deal with it. Not every upstream is cooperative. I've had a non-IRC DoS attack on one of my machines (because of my client on IRC) -- and sprint flat out refused to give me any information whatsoever unless they had an order from a judge.
On top of that, most IRC servers aren't seen as a very important service (they really aren't), and since they make the ISP hosting them no money, the ISP will simply pull the plug on the IRC server after too many packet attacks, rather than pay their network administrators overtime to work on the phone with your upstream. Since the upstream will only talk to the network administrator of the ISP, and not you, the administrator of the machine, you're out of luck.
This is most certainly _not_ a hoax. This is a real problem. When people use bouncers to hide their real IP address, the script kiddies will attack (and take down for hours) the server which houses the offender they wish to remove (usually an irc operator on that server).
You have a poor definition of irc ops.
IRC operators run a server. In general, they don't deal with your channel.
What you speak of is channel operators. Now, if you want to take down servers to gain ops in a channel, that's a great sign you need something better to do with your life. On a network like undernet/dalnet, where most channels are freely registered with some sort of services, taking down a server won't even get you a channel.
Does anyone else think that it's rather odd that RSA data security seems to be sponsoring this movie?
I don't believe he's talking about any bandwidth problems, the site loads lightning quick.
I always love to see "Error: Unexpected error." How often do you expect errors? My personal favorite has to be "Microsoft Exchange Server could not start due to the following problem: Microsoft exchange server did not start due to the error: Success." (Granted, the website error is most likely due to bad programming on the part of heavens-above.com. :)
Do your hosts resolve reversely? (ie 1.2.3.4 -> ppp123.moo.com) gethostbyaddr() and WSA-variants will attempt a netbios machine name lookup if gethostbyaddr() fails. This is a windows internal, so it's not just IIS, but every machine running windows doing a DNS lookup on an IP which has no reply (or timely reply).
Sep 11 04:51:30 adel iplog: nntp connection attempt from mail.sec.rr.com
Oct 1 00:00:25 adel iplog: ping from mail.sec.rr.com
Oct 1 00:01:05 adel iplog: smtp connection attempt from mail.sec.rr.com
If you're an rr.com customer, that seems to be the address that checks you for things they don't want you running. You can visit http://mail.sec.rr.com for more information, but I'm sure they monitor who looks at that machine (they have a big hairy legal notice up there, too).
http://salon.com/tech/col/rose/2000/10/05/gore_int ernet/index.html
Al Gore was the first -- and the only, for a few years -- political leader to recognize the importance of the internet. Not the commercial importance, either. Now, I'm not a Gore fan, (and certainly not a Bush fan), but please get your facts right.
Bush/Gore 2000 -- coming to a porn store near you
Title of the article:
The Man George Shultz Saw Gov. Bush is Reaganesque. Now America knows it.
Oh joy! Just what we need, another Reagan. Let's make my money more worthless while we empower the military. Strong America! BOOGA! MIGHTY AMERICAN BEAT DOWN EVIL COMMUNIST WITH BIG BOMB! BOOGA BOOGA!
To quote:
But Columbine spoke to a larger issue, and it's really a matter of culture. It's a culture that somewhere along the line, we've begun to disrespect life, where a child can walk in and can have their heart turned dark as a result of being on the Internet, and walk in and decide to take somebody else's life. So gun laws are important, no question about it. But so is loving children and, you know, character education classes, and faith-based programs being a part of after-school programs. Somebody -- some desperate child needs to have somebody put their arm around them and say, "We love you." And so there's a -- this is a society that -- of ours has got to do a better job of teaching children right from wrong.
Now read: ...have their heart turned dark as a result of being on the Internet. On top of that, we need "character education classes" and "faith-based programs" after school. Great, let's teach Christianity to everyone because we know it makes them a more caring, less psycho-killer person.
Please go read the debate before you start spouting BS. Uninformed people are the most dangerous problem in politics. Please become informed so you don't screw up the rest of our futures.
Read the Oct. 11th debate here.
Shoot me now...
Do you know how much traffic it would be to watch all private and channel conversations? On top of that, the IRC protocol does not send private or channel conversations to servers which do not have users or are not in the paths of users that are recieving the messages.
There were recently accusations of the same thing on DALnet -- nobody has the time or the energy to watch and sift through a million conversations about your Diablo II characters or your netsex with "Jenny_18."
ergh.. maybe I should drink my cup of coffee a bit first before submitting. wchar_t is 32 bit, but WCHAR is 16 bit. #ifdef u_int32_t typedef WCHAR u_int16_t; #else typedef WCHAR unsigned short; #endif
#ifdef wchar_t
typedef WCHAR wchar_t;
#else
# ifdef u_int32_t
typedef WCHAR u_int32_t;
# else
typedef WCHAR unsigned int;
# endif
#endif
typedef CHAR char;
#ifdef UNICODE
typedef TCHAR WCHAR;
#else
typedef TCHAR char;
#endif
#ifdef u_int32_t
typedef DWORD u_int32_t;
typedef WORD u_int16_t;
#else
/*
* these are less portable because
* it assumes 'short' is 16 bit
* and 'int' is 32 bit
*/
typedef DWORD unsigned int;
typedef WORD unsigned short;
#endif
The LINKS.VBS (and variants) have been manifesting themselves on IRC for the past year, if not longer. It spreads itself through user idiocy, in the form that the user has to accept the file and run it himself.
.bat, .js, .vbs -- the fun just never seems to stop.
If you want an "interesting" trojan/virus, there's an IRC-spreading virus that keeps a list of words and makes a pseudo-random filename out of them: fireman-having-sex-with-horse.jpg.bat was my favorite that was generated. Variations of this virus exist in
Working for a company that has dealt with this sort of thing, there's no way you'd get an open source package that would be able to read NASDAQ level II quotes. It would definitely have to be a closed source (read: expensive, non-customizable, and proprietary) solution.
pico ~/.screenrc
startup_message off
^X Y
no longer.
With prices nowadays, you can throw together a cluster of Athlon-650s for about $500-$600 apiece. This is about $200 cheaper than it's pentium cu-mine brother, and edeges over the cu-mine in performance just a bit. I've had this configuration up and running for over a month now, and it's a cheap, fast cluster. Forget the dual cpu celerons, they'll still cost you twice as much.
On a comparative level, I used to have both a p133 and a p150, both which burnt your finger if you dared to touch them after a cpu-intensive job, but which never had any issues.
And the "Pentagon II" is what intel sells the government at "bargain" prices, I take it? :-)
This is the major problem AMD faces.
What about smurf, fraggle, papasmurf, etc.. where you use misconfigured broadcast addresses all over the internet, and have the backing of multiple megabits of bandwidth.. ?
This doesn't even take into account open proxy servers which are everywhere, which could be used to make some sort of distributed attack, or even irc "flood nets."
Script kiddie tools never cease to become more damaging and more widely available. blah.