I can think of games that could be modded from way back when half of the little slashdotters were barely dirty thought in their daddy's head.
Wolfenstein 3D Doom Doom2 Duke Nukem
And that is just off the top of my head.
There were 3rd party editors and people put whatever content in there that they wanted. Duke Nukem had some prostitutes and erotic dancers in it at the best of times. You could add the entire playboy bunny line with a simple mod that was freely available from just about every BBS (www.bbsdocumentary.com for those who don't know what a BBS is) that I used.
We made a model of my high school in doom and put in photos of teachers as the monsters. It was cute. That doesn't mean that I wanted to go and kill everyone.
This author is a twonk.. first GTA then The Sims2. I mean, really... The GTA Hot Coffee thing was probably in the game, but it was never intended to be accessible. I bet they just plain forgot it was there anyway. If twonkbrain hadn't made such a fuss about it then a good many people would never have known about it.
It can't be the game maker's fault if people hack their software to make it do things they didn't intend.
Now to attack the Sims 2. This guy is sad. Does he not have a girlfriend? What other possible reason could he have for going looking in videogames for nude people?
And for the comment about paedofiles being able to "rehearse in virtual reality". Bah... that is a throwaway line put in there to prove that he diesn't have a clue and he only wants to invoke the fear response to make people do what he wants them to.
You can make anyone do anything these days by mentinoning the kiddy fiddlers or the terrorists.
What's next? Pick on some of the war games becasue you can join the "enemy" and play against the US players? Does that encourage terrorism? It must. We should ban all those games too because they teach tactical bombing skills that can be used against the US.
The world is really a sad place. Where's my BFG and a nice solid wall... it's time to respawn!
Set the network up right, and you shouldn't give a rat's ass.
True, but unauthorized access points give one more point of entry that someone outside the company can use to find a weakness; no network can be 100% secure, and preventing physical access is yet another tool in securing it.
If you have a wireless AP around then someone can get in from outside the building, after hours, when nobody is around to notice the intrusion...
Clearly. I would rather the US control those points than someone frankly and overtly evil.
Really, in the grand scheme of things...
Space is huge, really really huge. Some might say space is infinite.
The US is small, really really small. Some might say infinitely tiny.
Let p be the total volume occupied by the US (can make a simple assumption that the US occupies roughly the smallest cube that encloses the US, and extends from sea level to the top of the earth's atmosphere...
Let q be the total volume of space
Let the significance of the US in the grand scheme of things be
s = 100p / q (percent)
If
q -> infinity Then
s -> zero.
The US is insignificant. Why is it worrying who controls a few points in space?
Hot on the heels of this... I believe the linked thread resolved that digital formats are doomed to fail because they are unreliable over long term (ie > 5 or 10 years). Anywho, the thread might help you with the storage and backup aspect:)
Having used both RHEL (albeit only for a few days) and Suse recently, I can say that I feel RHEL is the better distro.
Actually, I was looking on the Suse website and somehow ended up at a German page. Clicking back loaded the previous page in German as well, and so on. That made it even easier to justify downloading the RHEL evaluation.
RHEL installed with minimal fuss. All the hardware in my PC was picked up, including the wireless networking and bluetooth. The installer is pretty-much Fedora but RedHat branded. The whole thing feels much like Fedora, but obviously there are some improvements and proprietary parts.
We are trying to get ClearCase installed on RHEL ES4, but it's proving to be ellusive even though Rational claims it's fully supported. I'm going through the second round of ClearCase patches now to try and fix the userspace and stop the kernel panics (it is a ClearCase problem - doesn't do it until clearcase is installed).
All I can suggest to the OP is download both the evaluations; Suse/Novel have a DVD download and RHEL comes as 4 CDs. You have to register with the respective companies and you get a 30 day trial. Run them on two similar machines, side-by-side and see how they stack up in terms of a few criteria that are important to you.
It does make sense... I, for one, am not richer for knowing that CentOS is a "attempts to be 100% compatible RHEL clone". I'll be able to run it at home and hopefully have better compatibility with work.
If you can't add anything, please don't post a comment that detracts..
Incidentally, I want to form a SONY-haters club, any takers...any thoughts?
You can join mine... I started it back when cassette tapes were the next big piracy issue. My auto-reverse walkman just would not play the reverse side of any cassette without chewing it. Take out the cassette and turn it over and it played the back side fine.
Sony had it back on no less than 10 occasions. Eventually the year ran out and the warranty was expired.. do you think I could get a refund? They wouldn't even fix it.
I've voted with my wallet ever since.
The moral of this really long story is that I HATE Sony too.
Oh, and on the topic of music players that you can't extract anything from, why not get one of those encrypted USB memory sticks and plug it into your... computer. If your co-workers swipe it the most they'll get is garbage. If anyone with a clue swipes it.. well they might be able to figure it out, and if they can work out your encrypted USB memory then they can thwarte the anti-readback on and-old media player.
If it was Windows xp-pre-sp2 it would have automatically connected to the network.
The shittiest part is that wireless has facilities to "secure" it, even if that security is weak. If your accesspoint is open then I don't see it as any different to having your machine accept telnet connections and default to the root account without requiring a username/password.
IF the wanker that owned the AP consciously made a choice to disable even the most basic of security measures then I dont' see how he has a case for filing criminal charges.
I don't care what the wanker with the laptop was doing on the net. It's not relevent at all. I hope this gets thrown out of court, or it will set a VERY dangerous precedent; basically making it illegal to connect to any computer network without prior authorization (ie, making a HTTP request to a web server you have not asked the owner about first).
Assuming I'm right, just keep the laptop (and cat) out of your lap while you're trying to knock your wife up, and you'll be fine.
Given this was posted on Slashdot, don't you think the OP has more to worry about than his sperm? I mean, having a laptop on your lap is a sure-fire way to not get laid in the first place.
I mean, being someone who posts on slashdot is a surefire way to not get laid in the first place.
So, OP, stop worrying about your sperm and start worrying about how many FPS you can get in your fav shooter. Worry about how quickly it will compile the Linux kernel. Worry about how much cool eye candy you can install and still be able to run edlin with acceptable performance.
Most importantly: Worry about how great your new laptop is because if it's not the absolute greatest you won't have bragging rights with your geek friends...
Um, it's supposed to be distributed. If the US retains control of all the root servers then the US retains control of the Internet. If the US is ever turned into "Lake US" by the "$TODAYS threat" what happens to the rest of the world's Internet?
It allows the US to retain that thing they seem to think they have a fundamental right to - control over the whole world.
It is also a profitable exercise. It forces more and more data to pass through the US. They can charge $$$ for that data and i doubt the running costs of the servers comes close to the amount they are charging for data.
It allows monitoring. They can monitor the sorts of queries that are being performed and the sorts of places they are coming from. Sure, a lot of ISPs run caching name servers but there would still be a lot of queries that get passed throught the root servers. Even though the root servers just pass the request off to the appropriate second and third-level servers the request can still be logged.
Keep one/two root servers in each country...
I agree with this suggestion. Except, those servers can not be administered by the US. The server must be administered by the country that it resides in with some form of verification system in place, such that they can't do something malicious with their root server.
But then you go on like you have no idea what you just said. It makes my head hurt!
This discussion is specifically about what happens to criminals once they have been released from prison. I have a very good idea what I said.
I agree that locking people up for a crime is a deprivation of their rights. But, as so many people seem to want to say, "an eye for an eye". If you commit a crime you have obviously trampled on the rights of someone and hence your punishment is the deprivation of liberty that is prison. Hence, you deprived someone of a right, and the legal system deprived you of the right to freedom, temporarily.
Once you are released, you are deemed to be punished/rehabilitated and allowed to re-enter society. If you're released early (on parole) then certain conditions apply until the end of the allocated sentence time. At the end of that time you are pretty-much allowed to participate in society like everyone else.
I read one comment about convicted criminals not being allowed to purchase handguns, and how that is a deprivation of their fundamental rights. However, the ability to own a gun is not a fundamenal right, it is a privelage, just like driving a car, getting on a plane, etc.
The right to privacy is fundamental. Tagging people and making their location available on a real-time, publicly accessible map is a violation of that right.
What is next in this great chain of things? Tag sex offenders. People pick on them because "sex offence" is automatically translated to "child sex offence" in the minds of a lot of people. Thank the mainstream media for this. They seem to have gone kiddy sex mad lately (at least where I live there is about 1 new story in the mainstream news every day). There are still plenty of other sex offences happening but you don't hear about "attractive middle-aged woman raped" anymore because nobody really cares. Involve the children and you get public rage.
Next it will be murderers and drug dealers. After that it won't be so hard for them to justify tagging all criminals. After that everyone who is ever suspected of a crime. And before you know it, they're tagging and tracking everyone on a real-time publicly accessible map.
Perhaps your head hurts because of the government's mind altering conformity ray. It's time for you to invest in a new tin-foil hat.
The question is: Would you be comfortable with having a person who has been convicted of raping five small girls - who has served his sentence - living next door to you and your 8 year old daughter?
If you are, I pity you and your family.
You are free to move if you don't like it. I admit I would not be entirely comfortable in that situation. At the end of the day you wouldn't really want a convicted murderer, car thief, drug dealer, etc living next door to you either but you'd likely never know.
Compared to non-sex offenders released from State prisons [who later were rearrested for a sex crime], released sex offenders were 4 times more likely to be rearrested for a sex crime.
This makes no inferrence that sex offenders are likely to reoffend. It says they're likely to be re-arrested for other crimes. It is conceivable that they are being arrested for crimes committed before they were imprisoned in the first place.
But your link and analysis was very informative, thanks.
Their set of rights is smaller than yours or mine.
Why? They'd done the time. Their rights and liberty have been deprived as punishment. You do realise the seriousness of your thinking? For any offence where there is a court ordered conviction (and that can mean repeatedly unpaid parking tickets that a court will eventually enforce) then you would have a smaller set of rights than others.
Once you commit a sex crime (or are convicted of ANY felony) you lose the majority of your rights.
So you don't believe that the rehabilitation system works then. Certainly you lose your rights for the duration of the applied sentence, but once you are released and your parole period is up you are once more deemed to be an up-standing, reputable member of society.
Blocking ads won't end free content on the Web. It will lead to innovation and new opportunities.
Blocking ads might even lead to improved content instead of the pages and pages of mindless drivel that we see.
Blocking ads should lead to me being able to view a specific hardware vendor's web page for information without being bombarded with ads and tracked. People who's sole business is to make a profit from selling things on webpages shouldn't need to employ the service of people like doubleclick. It's like getting paid twice for the same job (even though ad revenue is likely low per visitor).
found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen quickly.
That's true to an extent, except that the Insane setting generally does not wait for a reply to packets before sending the next. It lets you flood the host, and if their connection is slower than yours and you run it enough times they end up with quite a backlog of packets they need to download from their ISP.
My point was that it is possible to DoS someone using just a portscan if your connection is significantly faster than theirs and you feel like running a few thousand portscans on their IP address. Whether it is smart, easy or generally useful remains to be seen, but it is possible.
Then you're not really port scanning him anymore -- your DoS'ing him
Well, technically I am still portscanning. The side effect is that I'm DoS'ing him. Alas, he won't know that. All he'll see is a bunch of port scans in his firewall logs.
but there's little point in doing it more than once per port, unless you think his system will respond randomly or something.
There is point if all I want to do is cause him grief. It doesn't matter how the remote system responds - whether there's closed or open ports, or even if I get a reply at all. If I was seriously interested in finding open ports I'd use scans that are less likely to be noticed, not just bombard him with zillions of packets.
Ideally you should send no reply at all to port scans.
Actually, that's not true. Sending no reply is as good as sending a reply. If my IP address was not routed by my ISP at any time (ie, I'm not online) then the ISP's router should send some kind of reply telling the scanner that my IP address is not reachable.
Sending no reply actually says "hey, I'm here but I am 1337 and trying to hide behind this transparent screen with a big flashing light and siren on my head".
True, sending a port closed reply does disclose some information that can possibly be used to determine what OS and IP stack you are running, but at the end of the day I don't think that's such a problem. If you really think it's a problem you can mangle the packets in your firewall output chain to try and give them a bum steer.
Sending a host/destination unreachable reply with my ISP's router as the source address really tells the attacker nothing at all and actually (unless their router runs exactly the same IP stack as my desktop) sends the attacker on a bum steer if they are trying to do OS fingerprinting.
Mere portscanning doesn't intentionally clog all bandwidth.
Mod that statement up!
Not true at all - I have a whopping great 24/1M ADSL plan and I constatnly achieve full speed (being only across the road from the phone exchange). If I portscan my mate with the Insane settings in Nmap he goes down for the count. I can flood him with enough traffic to saturate his 512k link for a couple of minutes.
If I didn't like my mate I could easily take him off the net by asking nmap to scan his IP address repeatedly with the insane options. It doesn't quite DOS him completely but it does slow him down heaps.
Now, imagine all these script kiddies who don't know crap about shit running their latest 1ee7 h4x0r "tool". I'd wager that any rate control settings on their tools won't get used.
I constantly see scans in my logs that come in so quick they do put a drain on the connection. It costs me money, its annoying and there's nothing I can do about it because they don't seem to accept the ICMP-HOST-UNREACHABLE reply that my router sends them.
I agree with the only solution. Log all the packets being sent, even a simple firewall log showing the scan helps, but tcpdump or etheral will be better. Send that to the attacker's ISP and also your own ISP. My ISP is particularly helpful when a huge slab of your monthly data allowance (I counted 1G last month and I didn't have the modem plugged into the phone for all of it) gets chewed up by these morons.
99% of them will end up working in fast food restaurants for the rest of their lives anyway. Maybe they should drop out.
There are lots of people at universities for which university is way above them. I remember a number of Computer Science topics at university in the 3rd and 4th year where half the populous couldn't grasp the idea of non-decimal numbering and basic logical operators (and/or). They were there because it was the start of the dot-bomb boom and CS degrees were looked upon as a way to get filthy rich quickly.
I used to know a girl who dropped out of CS to get a job with a well known web portal company in Sydney. She walked out of a course she was failing miserably at second year level into a $100k job.. Her $100k job didn't last long and last I heard she was sweeping floors to pay the rent!
Same went for engineering (that was actually the course I studied) and the arts (we were required to take a couple of free electives from non engineering/science topics). So many people in so many courses have no clue about what they've been studying.
University is doing nothing more than running them into debt. They'd be better off leaving and getting learning a practical trade. At least they'd pass and be able to hold a real job in their trade at the end of it.
Slashdot Mirror
I can think of games that could be modded from way back when half of the little slashdotters were barely dirty thought in their daddy's head.
Wolfenstein 3D
Doom
Doom2
Duke Nukem
And that is just off the top of my head.
There were 3rd party editors and people put whatever content in there that they wanted. Duke Nukem had some prostitutes and erotic dancers in it at the best of times. You could add the entire playboy bunny line with a simple mod that was freely available from just about every BBS (www.bbsdocumentary.com for those who don't know what a BBS is) that I used.
We made a model of my high school in doom and put in photos of teachers as the monsters. It was cute. That doesn't mean that I wanted to go and kill everyone.
Nobody complained back then. Why complain now?
This author is a twonk.. first GTA then The Sims2. I mean, really... The GTA Hot Coffee thing was probably in the game, but it was never intended to be accessible. I bet they just plain forgot it was there anyway. If twonkbrain hadn't made such a fuss about it then a good many people would never have known about it.
It can't be the game maker's fault if people hack their software to make it do things they didn't intend.
Now to attack the Sims 2. This guy is sad. Does he not have a girlfriend? What other possible reason could he have for going looking in videogames for nude people?
And for the comment about paedofiles being able to "rehearse in virtual reality". Bah... that is a throwaway line put in there to prove that he diesn't have a clue and he only wants to invoke the fear response to make people do what he wants them to.
You can make anyone do anything these days by mentinoning the kiddy fiddlers or the terrorists.
What's next? Pick on some of the war games becasue you can join the "enemy" and play against the US players? Does that encourage terrorism? It must. We should ban all those games too because they teach tactical bombing skills that can be used against the US.
The world is really a sad place. Where's my BFG and a nice solid wall... it's time to respawn!
This has got to be a 5 line script in any language of choice.
I did it all on one line in C, but now I'm not sure what it was I originally intended to do
True, but unauthorized access points give one more point of entry that someone outside the company can use to find a weakness; no network can be 100% secure, and preventing physical access is yet another tool in securing it.
If you have a wireless AP around then someone can get in from outside the building, after hours, when nobody is around to notice the intrusion...
Really, in the grand scheme of things...
Space is huge, really really huge. Some might say space is infinite.
The US is small, really really small. Some might say infinitely tiny.
Let p be the total volume occupied by the US (can make a simple assumption that the US occupies roughly the smallest cube that encloses the US, and extends from sea level to the top of the earth's atmosphere...
Let q be the total volume of space
Let the significance of the US in the grand scheme of things be
s = 100p / q (percent)
If
q -> infinity
Then
s -> zero.
The US is insignificant. Why is it worrying who controls a few points in space?
*grrrr* Forgot the link:
LINK
Hot on the heels of this... I believe the linked thread resolved that digital formats are doomed to fail because they are unreliable over long term (ie > 5 or 10 years). Anywho, the thread might help you with the storage and backup aspect :)
Having used both RHEL (albeit only for a few days) and Suse recently, I can say that I feel RHEL is the better distro.
Actually, I was looking on the Suse website and somehow ended up at a German page. Clicking back loaded the previous page in German as well, and so on. That made it even easier to justify downloading the RHEL evaluation.
RHEL installed with minimal fuss. All the hardware in my PC was picked up, including the wireless networking and bluetooth. The installer is pretty-much Fedora but RedHat branded. The whole thing feels much like Fedora, but obviously there are some improvements and proprietary parts.
We are trying to get ClearCase installed on RHEL ES4, but it's proving to be ellusive even though Rational claims it's fully supported. I'm going through the second round of ClearCase patches now to try and fix the userspace and stop the kernel panics (it is a ClearCase problem - doesn't do it until clearcase is installed).
All I can suggest to the OP is download both the evaluations; Suse/Novel have a DVD download and RHEL comes as 4 CDs. You have to register with the respective companies and you get a 30 day trial. Run them on two similar machines, side-by-side and see how they stack up in terms of a few criteria that are important to you.
It does make sense... I, for one, am not richer for knowing that CentOS is a "attempts to be 100% compatible RHEL clone". I'll be able to run it at home and hopefully have better compatibility with work.
If you can't add anything, please don't post a comment that detracts..
You can join mine... I started it back when cassette tapes were the next big piracy issue. My auto-reverse walkman just would not play the reverse side of any cassette without chewing it. Take out the cassette and turn it over and it played the back side fine.
Sony had it back on no less than 10 occasions. Eventually the year ran out and the warranty was expired.. do you think I could get a refund? They wouldn't even fix it.
I've voted with my wallet ever since.
The moral of this really long story is that I HATE Sony too.
Oh, and on the topic of music players that you can't extract anything from, why not get one of those encrypted USB memory sticks and plug it into your... computer. If your co-workers swipe it the most they'll get is garbage. If anyone with a clue swipes it.. well they might be able to figure it out, and if they can work out your encrypted USB memory then they can thwarte the anti-readback on and-old media player.
The shittiest part is that wireless has facilities to "secure" it, even if that security is weak. If your accesspoint is open then I don't see it as any different to having your machine accept telnet connections and default to the root account without requiring a username/password.
IF the wanker that owned the AP consciously made a choice to disable even the most basic of security measures then I dont' see how he has a case for filing criminal charges.
I don't care what the wanker with the laptop was doing on the net. It's not relevent at all. I hope this gets thrown out of court, or it will set a VERY dangerous precedent; basically making it illegal to connect to any computer network without prior authorization (ie, making a HTTP request to a web server you have not asked the owner about first).
Given this was posted on Slashdot, don't you think the OP has more to worry about than his sperm? I mean, having a laptop on your lap is a sure-fire way to not get laid in the first place.
I mean, being someone who posts on slashdot is a surefire way to not get laid in the first place.
So, OP, stop worrying about your sperm and start worrying about how many FPS you can get in your fav shooter. Worry about how quickly it will compile the Linux kernel. Worry about how much cool eye candy you can install and still be able to run edlin with acceptable performance.
Most importantly: Worry about how great your new laptop is because if it's not the absolute greatest you won't have bragging rights with your geek friends...
Um, it's supposed to be distributed. If the US retains control of all the root servers then the US retains control of the Internet. If the US is ever turned into "Lake US" by the "$TODAYS threat" what happens to the rest of the world's Internet?
It allows the US to retain that thing they seem to think they have a fundamental right to - control over the whole world.
It is also a profitable exercise. It forces more and more data to pass through the US. They can charge $$$ for that data and i doubt the running costs of the servers comes close to the amount they are charging for data.
It allows monitoring. They can monitor the sorts of queries that are being performed and the sorts of places they are coming from. Sure, a lot of ISPs run caching name servers but there would still be a lot of queries that get passed throught the root servers. Even though the root servers just pass the request off to the appropriate second and third-level servers the request can still be logged.
I agree with this suggestion. Except, those servers can not be administered by the US. The server must be administered by the country that it resides in with some form of verification system in place, such that they can't do something malicious with their root server.
I might point out that depending on who you talk to the right to vote is not fundamental, and can be considered a privelage.
If it is a fundamental right to vote then children should be able to vote!
This discussion is specifically about what happens to criminals once they have been released from prison. I have a very good idea what I said.
I agree that locking people up for a crime is a deprivation of their rights. But, as so many people seem to want to say, "an eye for an eye". If you commit a crime you have obviously trampled on the rights of someone and hence your punishment is the deprivation of liberty that is prison. Hence, you deprived someone of a right, and the legal system deprived you of the right to freedom, temporarily.
Once you are released, you are deemed to be punished/rehabilitated and allowed to re-enter society. If you're released early (on parole) then certain conditions apply until the end of the allocated sentence time. At the end of that time you are pretty-much allowed to participate in society like everyone else.
I read one comment about convicted criminals not being allowed to purchase handguns, and how that is a deprivation of their fundamental rights. However, the ability to own a gun is not a fundamenal right, it is a privelage, just like driving a car, getting on a plane, etc.
The right to privacy is fundamental. Tagging people and making their location available on a real-time, publicly accessible map is a violation of that right.
What is next in this great chain of things? Tag sex offenders. People pick on them because "sex offence" is automatically translated to "child sex offence" in the minds of a lot of people. Thank the mainstream media for this. They seem to have gone kiddy sex mad lately (at least where I live there is about 1 new story in the mainstream news every day). There are still plenty of other sex offences happening but you don't hear about "attractive middle-aged woman raped" anymore because nobody really cares. Involve the children and you get public rage.
Next it will be murderers and drug dealers. After that it won't be so hard for them to justify tagging all criminals. After that everyone who is ever suspected of a crime. And before you know it, they're tagging and tracking everyone on a real-time publicly accessible map.
Perhaps your head hurts because of the government's mind altering conformity ray. It's time for you to invest in a new tin-foil hat.
You are free to move if you don't like it. I admit I would not be entirely comfortable in that situation. At the end of the day you wouldn't really want a convicted murderer, car thief, drug dealer, etc living next door to you either but you'd likely never know.
This makes no inferrence that sex offenders are likely to reoffend. It says they're likely to be re-arrested for other crimes. It is conceivable that they are being arrested for crimes committed before they were imprisoned in the first place.
But your link and analysis was very informative, thanks.
So you don't believe that the rehabilitation system works then. Certainly you lose your rights for the duration of the applied sentence, but once you are released and your parole period is up you are once more deemed to be an up-standing, reputable member of society.
Blocking ads might even lead to improved content instead of the pages and pages of mindless drivel that we see.
Blocking ads should lead to me being able to view a specific hardware vendor's web page for information without being bombarded with ads and tracked. People who's sole business is to make a profit from selling things on webpages shouldn't need to employ the service of people like doubleclick. It's like getting paid twice for the same job (even though ad revenue is likely low per visitor).
found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen quickly.
That's true to an extent, except that the Insane setting generally does not wait for a reply to packets before sending the next. It lets you flood the host, and if their connection is slower than yours and you run it enough times they end up with quite a backlog of packets they need to download from their ISP.
My point was that it is possible to DoS someone using just a portscan if your connection is significantly faster than theirs and you feel like running a few thousand portscans on their IP address. Whether it is smart, easy or generally useful remains to be seen, but it is possible.
Then you're not really port scanning him anymore -- your DoS'ing him
Well, technically I am still portscanning. The side effect is that I'm DoS'ing him. Alas, he won't know that. All he'll see is a bunch of port scans in his firewall logs.
but there's little point in doing it more than once per port, unless you think his system will respond randomly or something.
There is point if all I want to do is cause him grief. It doesn't matter how the remote system responds - whether there's closed or open ports, or even if I get a reply at all. If I was seriously interested in finding open ports I'd use scans that are less likely to be noticed, not just bombard him with zillions of packets.
Ideally you should send no reply at all to port scans.
Actually, that's not true. Sending no reply is as good as sending a reply. If my IP address was not routed by my ISP at any time (ie, I'm not online) then the ISP's router should send some kind of reply telling the scanner that my IP address is not reachable.
Sending no reply actually says "hey, I'm here but I am 1337 and trying to hide behind this transparent screen with a big flashing light and siren on my head".
True, sending a port closed reply does disclose some information that can possibly be used to determine what OS and IP stack you are running, but at the end of the day I don't think that's such a problem. If you really think it's a problem you can mangle the packets in your firewall output chain to try and give them a bum steer.
Sending a host/destination unreachable reply with my ISP's router as the source address really tells the attacker nothing at all and actually (unless their router runs exactly the same IP stack as my desktop) sends the attacker on a bum steer if they are trying to do OS fingerprinting.
Mere portscanning doesn't intentionally clog all bandwidth.
Mod that statement up!
Not true at all - I have a whopping great 24/1M ADSL plan and I constatnly achieve full speed (being only across the road from the phone exchange). If I portscan my mate with the Insane settings in Nmap he goes down for the count. I can flood him with enough traffic to saturate his 512k link for a couple of minutes.
If I didn't like my mate I could easily take him off the net by asking nmap to scan his IP address repeatedly with the insane options. It doesn't quite DOS him completely but it does slow him down heaps.
Now, imagine all these script kiddies who don't know crap about shit running their latest 1ee7 h4x0r "tool". I'd wager that any rate control settings on their tools won't get used.
I constantly see scans in my logs that come in so quick they do put a drain on the connection. It costs me money, its annoying and there's nothing I can do about it because they don't seem to accept the ICMP-HOST-UNREACHABLE reply that my router sends them.
I agree with the only solution. Log all the packets being sent, even a simple firewall log showing the scan helps, but tcpdump or etheral will be better. Send that to the attacker's ISP and also your own ISP. My ISP is particularly helpful when a huge slab of your monthly data allowance (I counted 1G last month and I didn't have the modem plugged into the phone for all of it) gets chewed up by these morons.
99% of them will end up working in fast food restaurants for the rest of their lives anyway. Maybe they should drop out.
There are lots of people at universities for which university is way above them. I remember a number of Computer Science topics at university in the 3rd and 4th year where half the populous couldn't grasp the idea of non-decimal numbering and basic logical operators (and/or). They were there because it was the start of the dot-bomb boom and CS degrees were looked upon as a way to get filthy rich quickly.
I used to know a girl who dropped out of CS to get a job with a well known web portal company in Sydney. She walked out of a course she was failing miserably at second year level into a $100k job.. Her $100k job didn't last long and last I heard she was sweeping floors to pay the rent!
Same went for engineering (that was actually the course I studied) and the arts (we were required to take a couple of free electives from non engineering/science topics). So many people in so many courses have no clue about what they've been studying.
University is doing nothing more than running them into debt. They'd be better off leaving and getting learning a practical trade. At least they'd pass and be able to hold a real job in their trade at the end of it.
Am I the only one who cares that this article is really just about BOOBS!!!
Tiger Woods is nerdy? Since when was a champion sportsman nerdy? Having champion sports ability and being a nerd are two mutually exclusive things...