...it sounds like your servers are ripe for a logging based DOS. Have you thought about tweaking your logging so it rate-limits similar and identical log entries?
..and my article about the Snort 2.0 release (released April 14) was rejected. Sure an out-of-print, horribly out of date PDF gets TWO notices, but a leading edge, security monitoring device is blown off...
Gotta wonder who the "Stuff" is in the "Stuff that matters" tagline...?
Dan
Re:Reliability of TCP
on
VRRP
·
· Score: 2, Informative
Yes, the Internet is very reliable in the big picture, but things like BGP routes can take about 5 minutes to update. Just think how irritated we are when Slashdot is "off the map" for five minutes while the routers update their tables? That is reliability at work. What the VRRP tries to accomplis is to take that from 5 minutes to less than 5 SECONDS or sub-second.
Side note: When your service providor says that they have "99.999%" uptime to the Internet, ask them if their up-stream providors ever have routing/router problems... Since "Five Nines" a year equates to "five minutes" of downtime per year, a single BGP route update is five minutes. In the real world, if an ISP is up >99.9% of the time (99.9% == 8.8 hours) using a simplistic monitoring (pinging their outside routers, pinging the firewall I am behind, etc) then I am happy.
Just what you need...
on
Landshark
·
· Score: 2, Funny
Just what you need to get you from point A to point B.... via point "sea"!
Ok, bad pun...
Dan
For our non-english speaking readers, the letter "C" in English sounds like "Sea" (the large bodies of water).
So, is there any writeup of a technical breakdown of this DDoS? I.E. If I want to monitor my outbound links to see if any of my customers are inadvertantly participating in this, what is the Snort signature I would use?
The thing that causes me the most concern is the lack of basic troubleshooting and "thinking" skills that a lot of engineers seem to be lacking today.
I am only 30 myself so I am not an "old codger", but many of my peers (and superiors!) continually seem to forget the basics when designing things.
One recent example is a multi-media exhibit we were doing. The other "engineers" on the project didn't see any problem with having 1500 customers access a 600Kbit/sec. video from a single 100Mb connected server. If you do the math, you see that those users would require a 1Gb connection, or nine 100Mb servers (minimum!). Even after explaining the math, they were still skeptical that I wasn't "blowing smoke"... AARRUGH!! [Insert Dilbert comic here...]
In a previous job, I was part of a small Internet startup that was working on a large application hosted on a redundant Sun 10K system with three fiber-attached raid cabinets (each filled to near capacity). My company was in Omaha Nebraska, but the company that this system was for is located in Detroit Michigan (about 800 miles from door-to-door).
The cost of shipping this system via a normal courier was outrageous so management decided that we could rent a U-Haul one way for the trip! Each time we stopped for food, gas, snacks, etc, we made darn sure that one of us could keep an eye on the truck! Having $250K+ of computer equipment in the back of a U-Haul was bad enough, but knowing that the lock on the door wasn't really locking was all the more worse!
In the end, we made it and got it delivered to their datacenter so things worked out well... Our biggest fear is that we would get into a wreck or the equipment would be stolen. I am sure our insurance didn't cover us moving equipment in that fashion!
What about loading XPilot (the Palm OS emulator) onto the Zarus? Yeah, kinda a kludge but it would get the Palm applications up and running with minimal effort...
OTH, I can see why Sharp didn't pre-load the XPilot app -- or did they? If it runs Palm apps under XPilot, then who will ever right native apps for the Zarus?
Great, now I can see Microsoft and/or a P.H.B. lifting excerpts and mis-quotes from this post and calling it "insightfull" because it came from one of the largest OpenSource soap-boxes on the Internet...
You don't get the point, do you? There is *no* spoofing going on. The same packages will be available on both the "free" and the "paid" services, just that the systems which are using the "paid" services will have access to faster mirror sites. Yes, I could pay for the service, download all the patches at a high speed and save the files to a public server so my friends can download them, but what is really the point? Remember, Linux is evolving beyond the four walls of a hackers cubicle.
A business which uses RedHat Linux for business purposes is probably willing to pay for the safety and convenience of having a reliable paid service to get patches from instead of trying to find a decent mirror site. A home user on a DSL link is probably not going to see any speed difference by paying for the faster service, but then a home user is probably a hacker and doesn't use RPMs that much, or they are willing to start a big 50MB download, go to supper, and come back in an hour when it is done.
Upgrade disks will by necessity require the entire OS[...]
I remember an early RedHat distribution (4.X?) that would let you update the MetroX xserver binary. They assumed that you had the original CDRom (which Apple could have done), and the upgrade binary file. The installer used the original binary install file and XORed it (I believe) with the "binary upgrade file" to create a new binary file (actually another RPM) which could be run through rpm to install the upgrade. If I were to download the upgrade file, I wouldn't get anything without the binary RPM from the original CD.
No, it is not perfect, but it was a bit harder to circumvent than Apples upgrade CD. No, the upgrade doesn't need the entire OS to upgrade if you have a known source to get part of your data from.
Can you give us some of the low-level details of the current Slashdot setup and daily running averages? I.e. the number and types of servers (100MB or GigEther, bonded networks, etc), load balancers, routers/switches, the bandwidth loads of your connection to the Internet (MRTG graph?), etc?
I remember the technical description from May 2000 but I haven't seen an update or other information. For those of us who like to make our network scream, these hints from the trenches could shed some light.
If InfraRed does not have the range, and line of site is possible, you could look into making a simple laser diode/receiver that hooks into the serial port for data transmission.
Anyone have any schematics? An old Popular Electronics hacked up two laser pointers to make a simple wireless transmitter/receiver for voice (the microphone modulated the amplifier feeding the laser I think). Anyone up to modifying it for 9600 baud data?
Dan
dan_linder.at.yahoo.com@somewhere.else
(Remove the "@somewhere.else" and replace ".at." with "@" to e-mail me.)
I hope the above article gets it's score upped. Even though it is by an AC, it does spell out what could easily happen to these "borderline" teenagers. I shudder to think what I would have been classified had this been available 15 years ago. I wore a lot of black, got picked on a bit, had a small group of friends but stayed at home a lot, Friday nights were mostly spent in front of the computer (DEC Rainbow 100A!) conversing with people via a BBS rather than drinking and making out by some hidden road outside of town.
Another way of looking at this is that, although the light seems to travel faster than light, the _information_ in the signal can only travel as fast as light.
What happens when you use the light as a Morris code or binary state? In that case the presence of light *IS* the information...
Slashdot Mirror
The wife ranked 5th!? At least she was above the dog.
:)
Well, this is Slashdot after-all...
...it sounds like your servers are ripe for a logging based DOS. Have you thought about tweaking your logging so it rate-limits similar and identical log entries?
..and my article about the Snort 2.0 release (released April 14) was rejected. Sure an out-of-print, horribly out of date PDF gets TWO notices, but a leading edge, security monitoring device is blown off...
Gotta wonder who the "Stuff" is in the "Stuff that matters" tagline...?
Dan
Yes, the Internet is very reliable in the big picture, but things like BGP routes can take about 5 minutes to update. Just think how irritated we are when Slashdot is "off the map" for five minutes while the routers update their tables? That is reliability at work. What the VRRP tries to accomplis is to take that from 5 minutes to less than 5 SECONDS or sub-second.
Side note: When your service providor says that they have "99.999%" uptime to the Internet, ask them if their up-stream providors ever have routing/router problems... Since "Five Nines" a year equates to "five minutes" of downtime per year, a single BGP route update is five minutes. In the real world, if an ISP is up >99.9% of the time (99.9% == 8.8 hours) using a simplistic monitoring (pinging their outside routers, pinging the firewall I am behind, etc) then I am happy.
Just what you need to get you from point A to point B.... via point "sea"!
Ok, bad pun...
Dan
For our non-english speaking readers, the letter "C" in English sounds like "Sea" (the large bodies of water).
...I am sure there are lots of pornographic websites trying to get this perfected also. Imagine the searches... :)
So, is there any writeup of a technical breakdown of this DDoS? I.E. If I want to monitor my outbound links to see if any of my customers are inadvertantly participating in this, what is the Snort signature I would use?
Dan
If we are both referring to the same thing, that line would be the shadow of the exhaust plume.
Dan
The thing that causes me the most concern is the lack of basic troubleshooting and "thinking" skills that a lot of engineers seem to be lacking today.
I am only 30 myself so I am not an "old codger", but many of my peers (and superiors!) continually seem to forget the basics when designing things.
One recent example is a multi-media exhibit we were doing. The other "engineers" on the project didn't see any problem with having 1500 customers access a 600Kbit/sec. video from a single 100Mb connected server. If you do the math, you see that those users would require a 1Gb connection, or nine 100Mb servers (minimum!). Even after explaining the math, they were still skeptical that I wasn't "blowing smoke"... AARRUGH!! [Insert Dilbert comic here...]
In a previous job, I was part of a small Internet startup that was working on a large application hosted on a redundant Sun 10K system with three fiber-attached raid cabinets (each filled to near capacity). My company was in Omaha Nebraska, but the company that this system was for is located in Detroit Michigan (about 800 miles from door-to-door).
The cost of shipping this system via a normal courier was outrageous so management decided that we could rent a U-Haul one way for the trip! Each time we stopped for food, gas, snacks, etc, we made darn sure that one of us could keep an eye on the truck! Having $250K+ of computer equipment in the back of a U-Haul was bad enough, but knowing that the lock on the door wasn't really locking was all the more worse!
In the end, we made it and got it delivered to their datacenter so things worked out well... Our biggest fear is that we would get into a wreck or the equipment would be stolen. I am sure our insurance didn't cover us moving equipment in that fashion!
What about loading XPilot (the Palm OS emulator) onto the Zarus? Yeah, kinda a kludge but it would get the Palm applications up and running with minimal effort...
OTH, I can see why Sharp didn't pre-load the XPilot app -- or did they? If it runs Palm apps under XPilot, then who will ever right native apps for the Zarus?
Dan
Great, now I can see Microsoft and/or a P.H.B. lifting excerpts and mis-quotes from this post and calling it "insightfull" because it came from one of the largest OpenSource soap-boxes on the Internet...
Dan
...and one to bind them all...
So, shouldn't this event be a webcast?
Dan
You don't get the point, do you? There is *no* spoofing going on. The same packages will be available on both the "free" and the "paid" services, just that the systems which are using the "paid" services will have access to faster mirror sites. Yes, I could pay for the service, download all the patches at a high speed and save the files to a public server so my friends can download them, but what is really the point? Remember, Linux is evolving beyond the four walls of a hackers cubicle.
A business which uses RedHat Linux for business purposes is probably willing to pay for the safety and convenience of having a reliable paid service to get patches from instead of trying to find a decent mirror site. A home user on a DSL link is probably not going to see any speed difference by paying for the faster service, but then a home user is probably a hacker and doesn't use RPMs that much, or they are willing to start a big 50MB download, go to supper, and come back in an hour when it is done.
I remember an early RedHat distribution (4.X?) that would let you update the MetroX xserver binary. They assumed that you had the original CDRom (which Apple could have done), and the upgrade binary file. The installer used the original binary install file and XORed it (I believe) with the "binary upgrade file" to create a new binary file (actually another RPM) which could be run through rpm to install the upgrade. If I were to download the upgrade file, I wouldn't get anything without the binary RPM from the original CD.
No, it is not perfect, but it was a bit harder to circumvent than Apples upgrade CD. No, the upgrade doesn't need the entire OS to upgrade if you have a known source to get part of your data from.
Dan
Cmdr Taco,
Can you give us some of the low-level details of the current Slashdot setup and daily running averages? I.e. the number and types of servers (100MB or GigEther, bonded networks, etc), load balancers, routers/switches, the bandwidth loads of your connection to the Internet (MRTG graph?), etc?
I remember the technical description from May 2000 but I haven't seen an update or other information. For those of us who like to make our network scream, these hints from the trenches could shed some light.
Dan
Opps, forgot to login as myself, the above comment was mine if anyone cares.... :)
Dan
If InfraRed does not have the range, and line of site is possible, you could look into making a simple laser diode/receiver that hooks into the serial port for data transmission.
Anyone have any schematics? An old Popular Electronics hacked up two laser pointers to make a simple wireless transmitter/receiver for voice (the microphone modulated the amplifier feeding the laser I think). Anyone up to modifying it for 9600 baud data?
Dan
dan_linder.at.yahoo.com@somewhere.else
(Remove the "@somewhere.else" and replace ".at." with "@" to e-mail me.)
I hope the above article gets it's score upped. Even though it is by an AC, it does spell out what could easily happen to these "borderline" teenagers.
I shudder to think what I would have been classified had this been available 15 years ago. I wore a lot of black, got picked on a bit, had a small group of friends but stayed at home a lot, Friday nights were mostly spent in front of the computer (DEC Rainbow 100A!) conversing with people via a BBS rather than drinking and making out by some hidden road outside of town.
Dan "The Techno-Outsider" Linder
Another way of looking at this is that, although the light seems to travel faster than light, the _information_ in the signal can only travel as fast as light.
What happens when you use the light as a Morris code or binary state? In that case the presence of light *IS* the information...