ICMP is the attack being used. You can't stop it at attacked site. Not responding doesn't mean your not getting 5billion packets from 1000 source A networks with 200 machines on each. Everyone is hurt by this type of attack except the person forging the packets with the targets IP as the return address.
The only way to stop this is to make sure EVERYONE"S router has do not send broadcast ICMP Ping packets turned on in all routers by default.
True syn attackes were stopped with BSDI putting out the first solution patch after getting news. To my knowledge this is a very workable and usefull solution.
SMURF type attacks are the problem taking these networks down at this point I believe. I have posted on this already.
I dont believe packet spoofing is the real problem. The current DoS attacks are using smurf type attacks. To do this they need to have networks that pass that kind of packet. Which is a ping to a broadcast IP of a larger network, where all people on the second network respond back to the forged IP in the packet. Cisco routers already have a simple do not pass broadcast packets statement, that essencially kills this whole attack at its source. The only problem not everyone on the internet knows this or has implemented it. THE REAL PROBLEM is the server admins haven't put the correct patches on thier servers. Overworked/Lazy/Ignorant, serveradmins putting servers on the net makes it easy to take control. This is the problem, if people were to have an easy upgrade/patch mechanism and that automatically sent them email when a patch is out with options to autopatch the box would solve this. Another solution would be someone notifying the sysadmins of the 1800+ networks listed as smurf sources that simple fixes are available for thier routers. I believe its just 1 line in the cisco config with no overhead that I can see. ISP's that connect systems to the net should require this to be on all routers connecting through them.
If you have a server on the net and you haven't installed Tripwire type security checks on it, you should rush over and sign yourself up at www.abuseme.com.
Lastly to put in the kind of logic suggested at the website listed in the article would add a huge amount of overhead and require layer3 switches as they sit now to be put out to pasture. 5.5 gigbits of IP throughput with 50+ 100mb ports would make it impossible to check everypacket source against a DNS alogrithim.
There are a couple things I think that will probably find you guilty when tried.
This is a bit from the injunction against www.2600.com. 2600 9 THE COURT: An infringement of copyright, by 10 definition, is the violation of the copyright proprietors' 11 exclusive rights as conferred in the Copyright Act. That is 12 not what your clients are charged with, as I understand it. 13 So I don't see what the applicability of 512(c) to this is at 14 all. Now, if I'm mistaken, that's the reason I raised the 15 point; I'd like to hear about it.
This is the problem, the MPAA went and got laws passed that protected the whole dvd process when it is used to protect copy protected works.
IF they use this clause and your country is one of the 14 that also agreed this was a good thing, your screwed. In effect you broke the law.
THE COURT: The charge against your clients is 2 providing a device which is a means for circumventing an 3 access limiting factor. The infringement would be done by 4 someone else, although it might be done by your client, it 5 need not be. Nor is the infringement essential to the 6 violation of 1201. Is there some error in that, counsel?
If they go after you for this, they can go after linking to a site containing this also. Its already a law in the U.S. ITS NOT A FREEDOM OF SPEECH THING. I think the 2600 guys are pretty muched hosed also. Change the law, or prove it unconstitutional, which looks a bit tougher.
I'm not entirely uncertain I disagree with this law in spirit, just because a movie maker spends 200million to make a move and millions more marketing and distributing it, doesn't mean you can rip it off. And lets face it, everyone that uses is will be looking at ways to copy and trade them off. Sorry, but I dont think I can back up what you did and probably side more in this case with the people protecting thier businesses. I'm not saying I like the idea that they will controll DVD players this way, but they planned well. IF you dont like this law, get it changed. I dont want to see anyone going to jail, but your in for some long worried nights.
Flame me if you want, but please read all the stuff going around from the legals, and look at the MP3 and VCR dubbing. This program was made to act like a copier, and with rising bandwidth and large 140gig florecent CD's coming out soon, I can't believe it wouldn't be used that way.
BTW the court pretty much hammered the 2600 guys in this initial hearing of injunction.
Check ISP software, such as the older BBS implementations and things of that nature. ISP's used online purchasing long before actuall retail outlets. This is a good place to start for previous examples.
Re:GPL Virus and Quake 2/3
on
Quake 1 GPL'ed
·
· Score: 1
No, I believe he is right. Since to GPL it, you have to first copyright it. It does not put GPL to the source for 2 and 3. But on the other hand if someone derives a program from the GPL'd code, other then ID they will have to keep the source open. Since that is how he has hence forth liscenced it to the public.
I think your all missing a very cool point here.
on
Quake 1 GPL'ed
·
· Score: 1
Since MS has this DirectX barrier to cross developement for game programs, here is a very good and well thoughtout GPL'd Piece of code that anyone can use to make a multiplayer games. IT WORKS ON LINUX, FREEBSD, and a Ton of non opensource Unix Boxes. Here is your sound code example, your GL example, your network game server example, and a ton of other stuff. Can anyone say 3d Mud CLIENT? The Key here is the Barrier to entry just had a huge hole punched through it with a BFG5000.
I've been playing Id Games since DOOM came out, and did the TeamFortress Scene for years, and there is only one thing I can say. I'm voting for John Carmack to be president.:) You rock man. --P.S. All you people whining about stuff not in or in this GPL, shut the hell up.;)
I'm Sorry sir, I opened the package and played with it. It seems that all I got was a blue screen reading GPF at the top. So I filled it with dirt and am using it as a flowerpot on the patio. ;)
Since I'm watching AT&T take over my area, buying up TCI and implementing Cablemodems on fiber. Will this save the one thing thats keeping access low? The mom and pop shops?
Hacks that effected more people, and showed us that by design MS is to busy steal code and buying inovation from poor startups. Ping packets that were of Max size, send to any MS product would lock it up. Windows 3.1 timeframe and tcpip for dos. WinNuke: Yea its lame, but damn was it simple. Anyone remember logging into a IRC channel and having someone nuke the whole channel of 300 plus users? Win 95 time frame. Brute Force WinNT password file: Since they made it everyone readable and made Guest accounts default. BLah, this was just dumb. And my very favorite that by design very funny, since it was something that should have been caught in the RFC stage. SMURF attack, You ping a subnet broadcast address such as 10.10.10.255, where 255 is the broadcast that all machines respond too. With a ping of 64k size, and then forge the return address. This one was such a obvious flaw in the design of IP, that it is just sad they never caught it.
Now these are now very scripted or obsolete, but from effect, the discoverers, of these really were doing something. Later
I believe when I looked into becoming an OEM distributor back when win95 was new, that to sell 1 OEM copy of windows on any PC, I had to ship WINDOZ on all the machines. I also had a QNX machine setup for some ISO9000 stuff where I used to work. The consultant said he would ship me a couple copies of windows unopened, because he couldnt get compaq's without an OS from MS. 3 boxes arrived with over 200 copies. No wonder why he charged a fortune for the system.
I do agree the lawyers are just money sucking leaches on humanity in this case. But there are some very valid points to thier lawsuit, and if they dont do it, someone else will I guess.
Didnt AOL have a lawsuit like this? About rounding up 5 second time estimates on usage, back when then charged hourly? I believe they lost that one for a multi million settlement. Later
The thing that keeps people coming back is the monopoly of the API and standards. So lets have M$ pay to put the API and standards on 2 competing OS's. Such as Linux and Free BSD? Make them responsible to make Direct X technology standards work with other OS's. Do this for say 5 years,just keep the API's open always. The Entry for new apps and cross platform API's is solved, and porting should be quite simple. They have to give everyone what they fought to stop with thier monopoly. Make API source open, and have then guarantee it works 99% as fast and bug free on all OS's or it doesn't go into windows. Also setup perhaps a consortium to regulate/look at all API's. This seems to work with HTTP, and XML quite well. And lastly force them break up horizontally, APPS, GAMES, OS, INTERNET, etc... This will solve most of the problems we currently have and allow them to maintain thier Windows ownership. We still need to have other regulation on thier purchasing of new technologies and thier contracts, that should go on for the next 10 years minimum. M$ pays for all burden to regulate themselves of course like every other company that has done this. Later
The thing that keeps people coming back is the monopoly of the API and standards. So lets have M$ pay to put the API and standards on 2 competing OS's. Such as Linux and Free BSD? Make them responsible to make Direct X technology standards work with other OS's. Make this for say 5 years. At thank point the Entry for new apps and cross platform API's is solved. They have to give everyone what they fought to stop with thier monopoly. Make API source open, and have then guarantee it works 99% as fast and bug free on all OS's or it doesn't go into windows. Also setup perhaps a consortium to regulate/look at all API's. And lastly force them break up horizontally, APPS, GAMES, OS, INTERNET, etc... This will solve most of the problems we currently have and allow them to maintain thier Windows ownership. We still need to have other regulation on thier purchasing of new technologies and thier contracts, that should go on for the next 10 years minimum. M$ pays for all burden to regulate themselves of course like every other company that has done this. Later
A couple things. 1) Unix really doesn't benefit from extra processors in gerneral. Especially if there isn't a proccessor intensive program. Delivering Web Pages and files isn't. 2) If you take a Unix system such as Linux several factors need to be looked at: a) Price versus usability. Can I change things I dont like, because I have the source code. b) Did I have to pay 3000dollars for a operation system, backoffice, and 50 addons to do what I can do with modperl with apache. 3) The biggest boost to NT came recently with multithreaded TCP/IP stack infrastructure. Does Redhat 5.1 support this with kernal used? I believe Linux has only recently had this added to the kernal. Are the programs being used on Linux tuned or written to support this feature? Other things to note: were these dynamic web pages? Were they flat files? Is the NT dedicated to this purpose? And were the tests run constantly for more then 1 or 2 hours? as in, try keeping a NT box loaded like that for over 30 days? Does it blue screen? does it need a reboot? After reading all 207 pages of the M$ fact finding. Its not a big leap to figure that M$ keeps buying up new technology and pasting it in and calling it MS innovation, frontpage and Visual basic come to mind, hmmmm... is Visio's product line next? How about Battlecom from www.shadowfactor.com . Later
Let me do a small prediction for you. Everything that hooks your house in the future will have a 1 way level connection. Meaning, you can go out but you can't come in from the net. The exception to this will be an encrypted PVN from a restricted client software. And even that will not work unless you have a NAT setup in this firewall. Its pretty standard now for ISDN routers. *** End of Prediction *** It all comes down too the same thing you do with your car. You dont let just any schmuck work on your car in thier garage. Same goes for networking your house, dont let just any 15year old with a computer set it up. What they are doing is making products, which makes jobs. Networking new houses is becoming very popular. Personally I can't wait till I can monitor all the heat probes from every appliance, and if it gets to hot, my X10 house control shuts off the Wall Circuit. Oh wait, my house does that already. Later....
This procedure is for the mathmatically challenged or the flat out stupid. Unless you have severe Eye sight problems, I'd not even contemplate this. Your risk is much higher of getting totally screwed vision then not. Even in the best of circumstances you have lose of edge vision and nightvision blur. You also could be putting yourself it a position to not get a better operation when its developed later on. http://www.pathfinder.com/time/magazine/articles/0 ,3266,31865,00.html This article pretty much sums it up.
Can somone Explain why I need this service so badly? I seem to be doing fine without it now, and I do online purchases and get bills paid. Just a thought: Anything on any computer is open for abuse. If you put everyones info in the same place. Its just that much easier to abuse. In the end its your life to abuse as you will.
Slashdot Mirror
ICMP is the attack being used. You can't stop it at attacked site. Not responding doesn't mean your not getting 5billion packets from 1000 source A networks with 200 machines on each.
Everyone is hurt by this type of attack except the person forging the packets with the targets IP as the return address.
The only way to stop this is to make sure EVERYONE"S router has do not send broadcast ICMP Ping packets turned on in all routers by default.
True syn attackes were stopped with BSDI putting out the first solution patch after getting news. To my knowledge this is a very workable and usefull solution.
SMURF type attacks are the problem taking these networks down at this point I believe. I have posted on this already.
I dont believe packet spoofing is the real problem. The current DoS attacks are using smurf type attacks. To do this they need to have networks that pass that kind of packet. Which is a ping to a broadcast IP of a larger network, where all people on the second network respond back to the forged IP in the packet.
Cisco routers already have a simple do not pass broadcast packets statement, that essencially kills this whole attack at its source.
The only problem not everyone on the internet knows this or has implemented it.
THE REAL PROBLEM is the server admins haven't put the correct patches on thier servers. Overworked/Lazy/Ignorant, serveradmins putting servers on the net makes it easy to take control. This is the problem, if people were to have an easy upgrade/patch mechanism and that automatically sent them email when a patch is out with options to autopatch the box would solve this.
Another solution would be someone notifying the sysadmins of the 1800+ networks listed as smurf sources that simple fixes are available for thier routers. I believe its just 1 line in the cisco config with no overhead that I can see. ISP's that connect systems to the net should require this to be on all routers connecting through them.
If you have a server on the net and you haven't installed Tripwire type security checks on it, you should rush over and sign yourself up at www.abuseme.com.
Lastly to put in the kind of logic suggested at the website listed in the article would add a huge amount of overhead and require layer3 switches as they sit now to be put out to pasture. 5.5 gigbits of IP throughput with 50+ 100mb ports would make it impossible to check everypacket source against a DNS alogrithim.
There are a couple things I think that will probably find you guilty when tried.
This is a bit from the injunction against www.2600.com.
2600
9 THE COURT: An infringement of copyright, by
10 definition, is the violation of the copyright proprietors'
11 exclusive rights as conferred in the Copyright Act. That is
12 not what your clients are charged with, as I understand it.
13 So I don't see what the applicability of 512(c) to this is at
14 all. Now, if I'm mistaken, that's the reason I raised the
15 point; I'd like to hear about it.
This is the problem, the MPAA went and got laws passed that protected the whole dvd process when it is used to protect copy protected works.
IF they use this clause and your country is one of the 14 that also agreed this was a good thing, your screwed. In effect you broke the law.
THE COURT: The charge against your clients is 2 providing a device which is a means for circumventing an
3 access limiting factor. The infringement would be done by
4 someone else, although it might be done by your client, it
5 need not be. Nor is the infringement essential to the
6 violation of 1201. Is there some error in that, counsel?
If they go after you for this, they can go after linking to a site containing this also. Its already a law in the U.S. ITS NOT A FREEDOM OF SPEECH THING.
I think the 2600 guys are pretty muched hosed also. Change the law, or prove it unconstitutional, which looks a bit tougher.
I'm not entirely uncertain I disagree with this law in spirit, just because a movie maker spends 200million to make a move and millions more marketing and distributing it, doesn't mean you can rip it off.
And lets face it, everyone that uses is will be looking at ways to copy and trade them off.
Sorry, but I dont think I can back up what you did and probably side more in this case with the people protecting thier businesses. I'm not saying I like the idea that they will controll DVD players this way, but they planned well.
IF you dont like this law, get it changed.
I dont want to see anyone going to jail, but your in for some long worried nights.
Flame me if you want, but please read all the stuff going around from the legals, and look at the MP3 and VCR dubbing. This program was made to act like a copier, and with rising bandwidth and large 140gig florecent CD's coming out soon, I can't believe it wouldn't be used that way.
BTW the court pretty much hammered the 2600 guys in this initial hearing of injunction.
Good luck.
I believe Veritas just annouced full support for thier backup software and other product on linux to be coming out very soon.
Port Everquest and I can wipe this virus masquarading as an OS from M$.
Check ISP software, such as the older BBS implementations and things of that nature. ISP's used online purchasing long before actuall retail outlets.
This is a good place to start for previous examples.
No, I believe he is right. Since to GPL it, you have to first copyright it. It does not put GPL to the source for 2 and 3. But on the other hand if someone derives a program from the GPL'd code, other then ID they will have to keep the source open. Since that is how he has hence forth liscenced it to the public.
Since MS has this DirectX barrier to cross developement for game programs, here is a very good and well thoughtout GPL'd Piece of code that anyone can use to make a multiplayer games. IT WORKS ON LINUX, FREEBSD, and a Ton of non opensource Unix Boxes.
:) You rock man. ;)
Here is your sound code example, your GL example, your network game server example, and a ton of other stuff.
Can anyone say 3d Mud CLIENT?
The Key here is the Barrier to entry just had a huge hole punched through it with a BFG5000.
I've been playing Id Games since DOOM came out, and did the TeamFortress Scene for years, and there is only one thing I can say.
I'm voting for John Carmack to be president.
--P.S. All you people whining about stuff not in or in this GPL, shut the hell up.
I'm Sorry sir, I opened the package and played with it. It seems that all I got was a blue screen reading GPF at the top. So I filled it with dirt and am using it as a flowerpot on the patio.
;)
Since I'm watching AT&T take over my area, buying up TCI and implementing Cablemodems on fiber. Will this save the one thing thats keeping access low? The mom and pop shops?
Hacks that effected more people, and showed us that by design MS is to busy steal code and buying inovation from poor startups.
Ping packets that were of Max size, send to any MS product would lock it up. Windows 3.1 timeframe and tcpip for dos.
WinNuke: Yea its lame, but damn was it simple. Anyone remember logging into a IRC channel and having someone nuke the whole channel of 300 plus users?
Win 95 time frame.
Brute Force WinNT password file: Since they made it everyone readable and made Guest accounts default. BLah, this was just dumb.
And my very favorite that by design very funny, since it was something that should have been caught in the RFC stage. SMURF attack, You ping a subnet broadcast address such as 10.10.10.255, where 255 is the broadcast that all machines respond too. With a ping of 64k size, and then forge the return address. This one was such a obvious flaw in the design of IP, that it is just sad they never caught it.
Now these are now very scripted or obsolete, but from effect, the discoverers, of these really were doing something.
Later
I believe when I looked into becoming an OEM distributor back when win95 was new, that to sell 1 OEM copy of windows on any PC, I had to ship WINDOZ on all the machines. I also had a QNX machine setup for some ISO9000 stuff where I used to work. The consultant said he would ship me a couple copies of windows unopened, because he couldnt get compaq's without an OS from MS. 3 boxes arrived with over 200 copies. No wonder why he charged a fortune for the system.
I do agree the lawyers are just money sucking leaches on humanity in this case. But there are some very valid points to thier lawsuit, and if they dont do it, someone else will I guess.
Didnt AOL have a lawsuit like this? About rounding up 5 second time estimates on usage, back when then charged hourly? I believe they lost that one for a multi million settlement.
Later
The thing that keeps people coming back is the monopoly of the API and standards.
So lets have M$ pay to put the API and standards on 2 competing OS's. Such as Linux and Free BSD? Make them responsible to make Direct X technology standards work with other OS's. Do this for say 5 years,just keep the API's open always.
The Entry for new apps and cross platform API's is solved, and porting should be quite simple. They have to give everyone what they fought to stop with thier monopoly.
Make API source open, and have then guarantee it works 99% as fast and bug free on all OS's or it doesn't go into windows. Also setup perhaps a consortium to regulate/look at all API's. This seems to work with HTTP, and XML quite well. And lastly force them break up horizontally, APPS, GAMES, OS, INTERNET, etc... This will solve most of the problems we currently have and allow them to maintain thier Windows ownership. We still need to have other regulation on thier purchasing of new technologies and thier contracts, that should go on for the next 10 years minimum. M$ pays for all burden to regulate themselves of course like every other company that has done this. Later
The thing that keeps people coming back is the monopoly of the API and standards. So lets have M$ pay to put the API and standards on 2 competing OS's. Such as Linux and Free BSD? Make them responsible to make Direct X technology standards work with other OS's. Make this for say 5 years. At thank point the Entry for new apps and cross platform API's is solved. They have to give everyone what they fought to stop with thier monopoly. Make API source open, and have then guarantee it works 99% as fast and bug free on all OS's or it doesn't go into windows.
Also setup perhaps a consortium to regulate/look at all API's.
And lastly force them break up horizontally, APPS, GAMES, OS, INTERNET, etc... This will solve most of the problems we currently have and allow them to maintain thier Windows ownership. We still need to have other regulation on thier purchasing of new technologies and thier contracts, that should go on for the next 10 years minimum. M$ pays for all burden to regulate themselves of course like every other company that has done this.
Later
A couple things.
1) Unix really doesn't benefit from extra processors in gerneral. Especially if there isn't a proccessor intensive program. Delivering Web Pages and files isn't.
2) If you take a Unix system such as Linux several factors need to be looked at:
a) Price versus usability. Can I change things I dont like, because I have the source code.
b) Did I have to pay 3000dollars for a operation system, backoffice, and 50 addons to do what I can do with modperl with apache.
3) The biggest boost to NT came recently with multithreaded TCP/IP stack infrastructure. Does Redhat 5.1 support this with kernal used? I believe Linux has only recently had this added to the kernal. Are the programs being used on Linux tuned or written to support this feature?
Other things to note: were these dynamic web pages? Were they flat files? Is the NT dedicated to this purpose? And were the tests run constantly for more then 1 or 2 hours? as in, try keeping a NT box loaded like that for over 30 days? Does it blue screen? does it need a reboot?
After reading all 207 pages of the M$ fact finding. Its not a big leap to figure that M$ keeps buying up new technology and pasting it in and calling it MS innovation, frontpage and Visual basic come to mind, hmmmm... is Visio's product line next? How about Battlecom from www.shadowfactor.com .
Later
Let me do a small prediction for you. Everything that hooks your house in the future will have a 1 way level connection. Meaning, you can go out but you can't come in from the net. The exception to this will be an encrypted PVN from a restricted client software. And even that will not work unless you have a NAT setup in this firewall. Its pretty standard now for ISDN routers. *** End of Prediction *** It all comes down too the same thing you do with your car. You dont let just any schmuck work on your car in thier garage. Same goes for networking your house, dont let just any 15year old with a computer set it up. What they are doing is making products, which makes jobs. Networking new houses is becoming very popular. Personally I can't wait till I can monitor all the heat probes from every appliance, and if it gets to hot, my X10 house control shuts off the Wall Circuit. Oh wait, my house does that already. Later....
This procedure is for the mathmatically challenged or the flat out stupid. Unless you have severe Eye sight problems, I'd not even contemplate this. Your risk is much higher of getting totally screwed vision then not. Even in the best of circumstances you have lose of edge vision and nightvision blur. You also could be putting yourself it a position to not get a better operation when its developed later on. http://www.pathfinder.com/time/magazine/articles/0 ,3266,31865,00.html This article pretty much sums it up.
Can somone Explain why I need this service so badly? I seem to be doing fine without it now, and I do online purchases and get bills paid. Just a thought: Anything on any computer is open for abuse. If you put everyones info in the same place. Its just that much easier to abuse. In the end its your life to abuse as you will.