Maybe they should outsource their hosting..to, oh, say...the admins at Lindows.com?
I do find it amusing (and quite possibly ironic), though, that you host an IRC server, and yet don't mention the fact that IRC is the main channel for zombie attacks.
You mention the router as the 'suffer'ing entity. Well, the router is designed to route packets. That's what it does, and it does it well.
It's layer 8 that causes the problems...and those problems are augmented by layer 8 making calls into layer 7.
Fair enough...but the term you used (and which I objected to) was 'managing and redirecting', setting up simple filters is simply setting up filters. I'm not trying to be pedantic, I'm serious about learning here.
Could/Would you have him come on over and show what he did to help prevent this? Even in generic terms, it would likely end this silly debate about 'did/din't' that is going on.
IANACCIE, but IAACCNP
You stipulate that someone inside SCO would be at risk if they faked an attack. They wouldn't really have to...they could pay someone a few hundred bucks to launch an application, or, better, write a simple MS infection script that launches a a DDoS from all the mom and pop homes that have unsecured MS boxen.
Not only that, but they (if they had someone internally attack their own company) would be hiring someone who, intrinsically, would be close enough to the heart of the matter to not be held as a scapegoat, and would be the one person smart enough to both cover his tracks, and leave a trail should they still try to scapegoat him.
In summary, there are plenty of reasonable assumptions to make about this whole thing...the first of which is that it is very possible a DDoS never actually happened. (see the 20Mb/s vs DS3 debate) The second of which is that it would be trivial for them to engineer even THAT rate of SYN flood against themselves, whilst maintaining enough outbound channel to call the "911" of the internet (press sites).
You look for clear and unassailable proof that they are guilty, which is admirable, but your assertions don't quite stand up to inspection.
So, your friend was "managing and redirecting" traffic from the DDoS attack? Could you expound on that a bit?
Unless your friend was acting as a proxy, and thwarting syn floods, I don't see how he could 'manage and redirect' an attack.
I have been (and will continue to be) proven wrong, but I really would like to know what you mean by this...
For the record, yes I agree with all the statements about 'blah blah, stateful inspection would have obviated this, blah blah, who gets busted by syn floods anymore, blah blah, SCO must suck big ol' rocks, blah blah'.
Yes he did. I used to work there, and got to see some of his originals. Mysteriously, all of the AA originals on display at Polaroid disappeared shortly before they filed bankruptcy.
How long will it be before folks who use the service realize they can imbed links to free versions of the music in the metadata?
For that matter, how limited is the metadata? How about an mp3 converted to a long ascii string inserted into the metadata, which can then be reconverted back into a binary mp3/
For me, I wouldn't mind paying per song to download quality material...I do believe that artists should be compensated for their work. What I don't understand is why so many of them DON'T jump off their label contracts and embrace the largest global market, with next to no production costs. Create music. Record music. Post music to website with shopping cart. Wait for money to roll in.
Sure, the fabulously wealthy 'stars' probably wouldn't make as much money this way...but what about the folks that don't have a contract/label? Why not go straight to publishing? Hell, there are tens of millions of 'writers' out there in blogland publishing their own written works...
I have XP Pro running ie 6.0.2800.x.x, and it properly displays the site name, even though the redirect works. In other words, the malicious site in the link does come up, but it comes up with the actual URL in the address bar...not the fake.
I do have KPF 4.0.7 installed...wonder if that has something to do with it...
While WEP is fairly trivial for someone who knows what they're doing to get past, it does have a benefit.
If someone is war driving your neighborhood, they most likely won't take the time to capture hundreds of thousands of packets so they can decipher your WEP key, they'll just drive another 1/4 mile down the road and hijack Johhny Luser's completely unprotected WAP.
You need authentication security. Far too many people don't implement even basic security (WEP...and yes I know it's fairly trivial to break, but it deters people looking for a quick pipe hijack).
If you don't secure your WAP from unauthorized users, they could cause all manner of mischief...downloading kiddie pr0n through your link, hacking outbound through your IP (guess who the feds are coming after when the audit trail points to your house?)
Other than that, lots of people answered well about 'standards are great, just look how many we have!'
Anyone want a perfect copy of the first LOTR, which was widely available prior to the DVD release? (and, in fact, came out about the same time as the theatre release?)
Yeah, I'd like that too.
Hey man...I don't know who you have been talking to, but I absolutely do NOT have illegal copies of 'White vs. Wong', 'American Dick-Tater', 'Paving Private Ryan (an ode to FemDom)', 'Lord of the Cock Rings', or any other illicitly acquired art.
How dare you even suggest it.
Hey, hippie. Go back to economics class and STAY AWAKE FOR A CHANGE!
Unless and until you have something of value to add, (wait...that may be an economic term you are unfamiliar with)...just let us adults talk, okay?
Damn...now I'm going to get a bad mod.
Okay...in very simple terms...just because someone does something (creates/performs a work of art) in front of people, doesn't mean that the people who witnessed it have a right to use it at their discretion.
FANTABULOUS!
EXQUISITE!
Stop the bastages from having the kind of basages who would illegally film films and distribute them to bastages like us!
Yes! Brilliant!
"This set is secure. There will be no recording media of any kind allowed on set while actors are performing."
Next year's Academy Award goes to: THAT GUY WHO DID THE AUDIO TAPE OF SHAKESPEARE'S SONNETS! (wait..where are you taking me? help! HELP!)
As simple as your statement is, it really lies at the crux of the debate.
If I watch (look at) a work of art, who has gained and who has lost?
An idealist would say "neither."
In my mind, a true artist would say the viewer had gained.
In my mind, a fan of art would say that the artist has, since the viewer had to transfer a good or service (in this case, money) to the artist (or their agent) in order to see/hear/experience the art.
If I, as a performance artist, do a single show, I expect to get paid x$.
If I, as a manufacturer of goods, create a product, I expect to sell it for x$
If I, as a member of the RIAA, create a legal entity, shrouded in the context of protecting the rights of "artists", and which will take 40% of all court imposed costs (including punitive, compensatory, and administrative), regardless of outcome, then I expect I can and will sue everyone and everything who may present the slightest danger to my revenue generation scheme.
Why isn't this clear?
Man, I fear the day that we geeks band together like the lawyers already have...on that day, we'll find out who TRULY runs this world.
Not to be pedantic, but do you think everyting you see in a controlled venue is actual legal dogma?
Of COURSE the folks who you just paid want to make sure you don't do Bad Things(TM) that may Cost Them Money(TM).
This doesn't mean it's LAW, deary.
That'd be like your local grocery store telling you that you couldn't buy Baking Soda and Vick's Inhalers simultaneously....oh...crap...they did stop that...didn't they...
Not true. If you pay to see something, you are signing a contract (essentially a license) which allows you to see it for that instance. It does not transfer that allowance to anyone else, and, in most cases, the license you buy to see it prohibits you from recording it in any fashion, and specifically prohibits you from selling/reselling that 'something' to others.
I am not a lawyer. But I beat the fuck out of one on TV.
Sorry man...bad click on my part. It's this crazy time filter from/. messing with my head. Really. It was 'sposed to be in response to that troll guy a couple of threads down.
Slashdot Mirror
Maybe they should outsource their hosting..to, oh, say...the admins at Lindows.com?
I do find it amusing (and quite possibly ironic), though, that you host an IRC server, and yet don't mention the fact that IRC is the main channel for zombie attacks.
You mention the router as the 'suffer'ing entity. Well, the router is designed to route packets. That's what it does, and it does it well.
It's layer 8 that causes the problems...and those problems are augmented by layer 8 making calls into layer 7.
Fair enough...but the term you used (and which I objected to) was 'managing and redirecting', setting up simple filters is simply setting up filters. I'm not trying to be pedantic, I'm serious about learning here. Could/Would you have him come on over and show what he did to help prevent this? Even in generic terms, it would likely end this silly debate about 'did/din't' that is going on. IANACCIE, but IAACCNP
Your logic, to me, seems slightly flawed.
Yes, there are blackhats with big agendas.
Would SCO fake such an attack? Maybe.
Your logic breaks down at this point.
You stipulate that someone inside SCO would be at risk if they faked an attack. They wouldn't really have to...they could pay someone a few hundred bucks to launch an application, or, better, write a simple MS infection script that launches a a DDoS from all the mom and pop homes that have unsecured MS boxen.
Not only that, but they (if they had someone internally attack their own company) would be hiring someone who, intrinsically, would be close enough to the heart of the matter to not be held as a scapegoat, and would be the one person smart enough to both cover his tracks, and leave a trail should they still try to scapegoat him.
In summary, there are plenty of reasonable assumptions to make about this whole thing...the first of which is that it is very possible a DDoS never actually happened. (see the 20Mb/s vs DS3 debate) The second of which is that it would be trivial for them to engineer even THAT rate of SYN flood against themselves, whilst maintaining enough outbound channel to call the "911" of the internet (press sites). You look for clear and unassailable proof that they are guilty, which is admirable, but your assertions don't quite stand up to inspection.
Well then, according to that, we now have the culprit of the DOS. It's their ISP. :)
no...you're not. But that is just the asymetrical nature of knowledge. 20Mbit full duplex doth not a T3 make.
So, your friend was "managing and redirecting" traffic from the DDoS attack? Could you expound on that a bit?
Unless your friend was acting as a proxy, and thwarting syn floods, I don't see how he could 'manage and redirect' an attack.
I have been (and will continue to be) proven wrong, but I really would like to know what you mean by this...
For the record, yes I agree with all the statements about 'blah blah, stateful inspection would have obviated this, blah blah, who gets busted by syn floods anymore, blah blah, SCO must suck big ol' rocks, blah blah'.
Yes he did. I used to work there, and got to see some of his originals. Mysteriously, all of the AA originals on display at Polaroid disappeared shortly before they filed bankruptcy.
How long will it be before folks who use the service realize they can imbed links to free versions of the music in the metadata? For that matter, how limited is the metadata? How about an mp3 converted to a long ascii string inserted into the metadata, which can then be reconverted back into a binary mp3/ For me, I wouldn't mind paying per song to download quality material...I do believe that artists should be compensated for their work. What I don't understand is why so many of them DON'T jump off their label contracts and embrace the largest global market, with next to no production costs. Create music. Record music. Post music to website with shopping cart. Wait for money to roll in. Sure, the fabulously wealthy 'stars' probably wouldn't make as much money this way...but what about the folks that don't have a contract/label? Why not go straight to publishing? Hell, there are tens of millions of 'writers' out there in blogland publishing their own written works...
Well...I didn't get to test that prior to coming in to work (NT 4.0sp6 w IE5.5.4807.x) The vuln works here. I'll test it when I get back home.
I have XP Pro running ie 6.0.2800.x.x, and it properly displays the site name, even though the redirect works. In other words, the malicious site in the link does come up, but it comes up with the actual URL in the address bar...not the fake.
I do have KPF 4.0.7 installed...wonder if that has something to do with it...
While WEP is fairly trivial for someone who knows what they're doing to get past, it does have a benefit.
If someone is war driving your neighborhood, they most likely won't take the time to capture hundreds of thousands of packets so they can decipher your WEP key, they'll just drive another 1/4 mile down the road and hijack Johhny Luser's completely unprotected WAP.
You need authentication security. Far too many people don't implement even basic security (WEP...and yes I know it's fairly trivial to break, but it deters people looking for a quick pipe hijack). If you don't secure your WAP from unauthorized users, they could cause all manner of mischief...downloading kiddie pr0n through your link, hacking outbound through your IP (guess who the feds are coming after when the audit trail points to your house?) Other than that, lots of people answered well about 'standards are great, just look how many we have!'
Okay, it's not a physics joke (or is it?), but you just gave me a great segue...
Q: How many surrealists does it take to change a light bulb?
A: The fish.
Anyone want a perfect copy of the first LOTR, which was widely available prior to the DVD release? (and, in fact, came out about the same time as the theatre release?) Yeah, I'd like that too.
Hey man...I don't know who you have been talking to, but I absolutely do NOT have illegal copies of 'White vs. Wong', 'American Dick-Tater', 'Paving Private Ryan (an ode to FemDom)', 'Lord of the Cock Rings', or any other illicitly acquired art. How dare you even suggest it.
Huzzah! Brilliant! VOR!! (voice of reason)
Hey, hippie. Go back to economics class and STAY AWAKE FOR A CHANGE!
Unless and until you have something of value to add, (wait...that may be an economic term you are unfamiliar with)...just let us adults talk, okay?
Damn...now I'm going to get a bad mod.
Okay...in very simple terms...just because someone does something (creates/performs a work of art) in front of people, doesn't mean that the people who witnessed it have a right to use it at their discretion.
Fair enough?
FANTABULOUS! EXQUISITE! Stop the bastages from having the kind of basages who would illegally film films and distribute them to bastages like us! Yes! Brilliant! "This set is secure. There will be no recording media of any kind allowed on set while actors are performing." Next year's Academy Award goes to: THAT GUY WHO DID THE AUDIO TAPE OF SHAKESPEARE'S SONNETS! (wait..where are you taking me? help! HELP!)
I don't have mod status yet...but let me say...
HAHAHAHAHAHAH!!!BAWAHAHAHAH!!! Good on ya.
As simple as your statement is, it really lies at the crux of the debate.
If I watch (look at) a work of art, who has gained and who has lost?
An idealist would say "neither."
In my mind, a true artist would say the viewer had gained.
In my mind, a fan of art would say that the artist has, since the viewer had to transfer a good or service (in this case, money) to the artist (or their agent) in order to see/hear/experience the art.
If I, as a performance artist, do a single show, I expect to get paid x$. If I, as a manufacturer of goods, create a product, I expect to sell it for x$ If I, as a member of the RIAA, create a legal entity, shrouded in the context of protecting the rights of "artists", and which will take 40% of all court imposed costs (including punitive, compensatory, and administrative), regardless of outcome, then I expect I can and will sue everyone and everything who may present the slightest danger to my revenue generation scheme. Why isn't this clear? Man, I fear the day that we geeks band together like the lawyers already have...on that day, we'll find out who TRULY runs this world.
don't worry about it...you can't 'right' anyway. Perhaps the industrial sciences would be a better career choice for you?
or...
/.er to make a post that should have been a POLL!
create an opportunity for a
Love, hugs, and puppies
Frennz
Not to be pedantic, but do you think everyting you see in a controlled venue is actual legal dogma?
Of COURSE the folks who you just paid want to make sure you don't do Bad Things(TM) that may Cost Them Money(TM).
This doesn't mean it's LAW, deary.
That'd be like your local grocery store telling you that you couldn't buy Baking Soda and Vick's Inhalers simultaneously....oh...crap...they did stop that...didn't they...
Not true. If you pay to see something, you are signing a contract (essentially a license) which allows you to see it for that instance. It does not transfer that allowance to anyone else, and, in most cases, the license you buy to see it prohibits you from recording it in any fashion, and specifically prohibits you from selling/reselling that 'something' to others. I am not a lawyer. But I beat the fuck out of one on TV.
Sorry man...bad click on my part. It's this crazy time filter from /. messing with my head. Really. It was 'sposed to be in response to that troll guy a couple of threads down.