Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Has Progress Been Made In Fighting DDoS Attacks?

samzenpus posted more than 3 years ago | from the protect-ya-neck dept.

The Internet 206

alphadogg writes "As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites."

cancel ×

206 comments

Sorry! There are no comments related to the filter you selected.

What is Anonymous? (0, Funny)

Anonymous Coward | more than 3 years ago | (#34531174)

A miserable pile of dead bodies in a hidden mass grave -but enough of that, have at you!

Re:What is Anonymous? (0)

jappleng (1805148) | more than 3 years ago | (#34531342)

How dare you call my pile of dead bodies miserable you insensitive clod!

Re:What is Anonymous? (1)

GrumblyStuff (870046) | more than 3 years ago | (#34531582)

Well, next time stack them all neat and tidy!

Re:What is Anonymous? (1)

Anonymous Coward | more than 3 years ago | (#34531374)

A miserable pile of dead bodies in a hidden mass grave -but enough of that, have at you!

Your words are as empty as your karma! The interweb ill needs a savior such as you!

This reminds me of WW 1 (4, Interesting)

Fluffeh (1273756) | more than 3 years ago | (#34531176)

How a large chain of treaties, relationships and friends slowly spiraled downwards through a set of "Hey, you said you would help if..." into basically a war of people who weren't even remotely connected to the original event (assassination of a prince from memory) and general chaos for quite a while.

Amazon, Paypal, Visa certainly weren't connected to WL in any way prior to this, but have shown relationships and friends, and of course this means that friends to WL have now escalated the parties. I do wonder where it will all end.

Re:This reminds me of WW 1 (4, Insightful)

Hortensia Patel (101296) | more than 3 years ago | (#34531200)

assassination of a prince from memory

An Archduke, if you want to be picky. But nice analogy nonetheless. Like WW1, I think this is a fight that's been waiting to happen for a while now. Like WW1, the specifics of the flashpoint incident are largely irrelevant.

Unlike WW1, the two sides seem far from evenly matched this time. My gut says the pro-WikiLeaks side will get tired and give up; there's nobody paying them to keep going, and that matters in the long haul. I'd love to be proved wrong, though.

Re:This reminds me of WW 1 (2, Insightful)

poetmatt (793785) | more than 3 years ago | (#34531372)

uh, there is no such thing as the victims being outmatched on this.

this is roughly back to basics all over again - the people who are DDOS'ing don't need a central command location - that is easily mirrored anywhere in the world.

the people who are defending however, do need a centralized location.

meanwhile, calling this war, is just a blatant lack of understanding - this is more of a political statement than an act of a aggression - it is not harmless, but that is not the focus here.

If this were a war, it would be more about sneaking viruses onto servers and malware and things like that.

Re:This reminds me of WW 1 (4, Interesting)

jhoegl (638955) | more than 3 years ago | (#34531398)

Escalation is only a matter of time.
If these groups do continue to attack, then they will escalate because DDoS wont work.
The war on freedom on the internet has been escalating for some time now. I believe the recent events such as the DNS hijacking of torrent sites, the restrictions on Netflix network by Comcast, and DDoS attacks on wikileaks are possibly the tipping point. Its not that they all werent expected, but it is a lot to deal with within a few weeks. The internet we had is slipping away thanks to corporate greed and no one listening to the issues people have been talking about for years.
I say fight on, for it is important.

Re:This reminds me of WW 1 (0)

Anonymous Coward | more than 3 years ago | (#34531514)

the DNS hijacking of torrent sites

It was 1 torrent site. And is only possible under the com/net/org/us/gov/mil TLDs. Duh.

the restrictions on Netflix network by Comcast

Which had fuck all to do with Netflix.

and DDoS attacks on wikileaks

Perpetrated by whom?

Re:This reminds me of WW 1 (4, Insightful)

jc42 (318812) | more than 3 years ago | (#34531650)

Perhaps we should be pointing out that the problem here is the DDoSers, not their victims. And, more generally, the problem is that we are developing organizations that see it to their advantage to interfere with Internet traffic. Some of the organizations are political in nature, as with the wikileaks/amazon/etc snafu. Some are economic, as with the "traffic shaping" done by the Internet's supporting corporations for their own monetary gain and to damage competitors. Some are religious, as in the filtering done to block heretical and other indecent material by national chokepoint-type gateways.

All of these are the same threat to the rest of us: They are trying to limit our access to information that they don't want us to see. The best approach is to take an "agnostic" approach to their motives, ignore whether they're political or economic or religious, and just emphasize that we don't want them benefitting by controlling and limiting our access to information.

That Knowledge is Power is an old observation. These people all want power over us by limiting our access to information. Many of them have had such power in the past, and are now upset that their power is decreased by this newfangled "Internet" thing. This is, of course, part of why we built the Internet. The important thing is to prevent this control of information from being reestablished by anyone. We don't care how noble their motives are; we just want to make sure that they can't control what we are allowed to learn.

Re:This reminds me of WW 1 (0)

icebike (68054) | more than 3 years ago | (#34532070)

Perhaps we should be pointing out that the problem here is the DDoSers, not their victims.

And since the DDosers are the problem the fight should be taken closer to them, rather than starting at the target and working backwards. (Avoid fighting on your own turf, take the battle to the attacker's back yard).

Its like we need a DNS system for attack (load) management, where a site could simply broadcast that they are under heavy load (whether it is an actual attack or simply a slashdoting), and routers all over the net would stop sending repetitive traffic their way.

When backbone carriers get this notification they immediately start filtering sustained packet streams. Additionally they send the warning to each of their pairing partners, and ISPs for which they are an upstream.

If the carriers insisted that each of their subscriber ISPs established and use such system to heed load warnings and start automatically filtering repetitive traffic for those sites the system would pretty much manage high sustained attacks.

So you need something where joe sixpack sitting on his compromised computer reading his email would not have to even be aware that the ping flood running in the background was being killed off by his ISP. (I'm sure the DDOS attacks are more sophisticated than a ping flood, but the point stands. Sustained non-productive traffic can be distinguished from a web hit, or email check or gaming activity).

We use DNS like systems for spam signature detection, surely we can find a way to do it for routing of sustained high-load traffic.

Re:This reminds me of WW 1 (1)

cheater512 (783349) | more than 3 years ago | (#34532154)

Your post seems to indicate a fundamental lack of understanding how routing works. And what DNS does for that matter too.

Oh and even if your DNS DDoS prevention technique worked, you'd just DDoS the DNS server and the site would go down anyway.

Re:This reminds me of WW 1 (1, Informative)

MobyDisk (75490) | more than 3 years ago | (#34531934)

This came-up in the other Slashdot discussions and I am compelled to post it here too since this misinformation seems to have stuck. Comcast did not put any restrictions on Netflix. Comcast and Level 3 communications (who happens to host Netflix) had a peering agreement, which Level 3 violated. It has nothing to do with freedom, or network neutrality, or Netflix. [redstate.com]

Re:This reminds me of WW 1 (4, Informative)

sciurus0 (894908) | more than 3 years ago | (#34532036)

Comcast and Level 3 communications (who happens to host Netflix) had a peering agreement, which Level 3 violated.

That description of the Comcast and Level 3 dispute is too simplified. You might find two [arstechnica.com] articles [arstechnica.com] informative.

Re:This reminds me of WW 1 (1)

rtb61 (674572) | more than 3 years ago | (#34531544)

No central command is required, all that needs to happen, is the type of hardware that can directly connect to the internet needs to be defined. So instead of a modem, a firewall router that can detect DDosing and block it whether incoming or more importantly outgoing. So if a bot attempts to join a DDos attack it is blocked at it's connection. Also it will do a lot more to protect all poorly configured and administered computers out there on the internet. A global treaty, as distributed protection always works much better than central and with many brands of firewall routers, attack is made far more complicated (plus most of them already run Linux sure to PO M$).

Re:This reminds me of WW 1 (1)

icebike (68054) | more than 3 years ago | (#34532088)

Exactly.

I posted something similar above [slashdot.org] .

The process of detecting what might be a DDOS would trigger an arms race. I therefore suggested that any sustained non productive traffic to a site that ADVERTISES that it is under sever load (attack) would be filtered as close to the keyboard as possible.

Doesn't have to be on the customer's premises, but certainly at the ISP.

Any sustained repetitive traffic to addresses on the advertised list get a second look, or a throttling or something.

If done at EACH level (ISP, UPstream ISP, Carrier, etc) and if there were a method of sever load advertising, DDOS attacks would get flattened quickly.

 

Re:This reminds me of WW 1 (1)

SupremoMan (912191) | more than 3 years ago | (#34531500)

One sided wars are better than evenly matched wars by far. Better in terms of casualties anyway. Though if your goal is population control, evenly matched conflict will thin the herd quite a bit.

WRONG (2)

chronoss2010 (1825454) | more than 3 years ago | (#34531832)

you got bads guts. THe injustices that continue unabated for the last 10-12 years int hte after amth of 9/11 are just rearing there ugly head. THIS is why it won't stop and you do not know much about hackers of any kind. THey never get paid so why then do they according to you exist. Studies show ..every race, religion , creed and of every walk of lif and station. ITS is in affect actual human nature to become or act like a hacker. THE degree is what is the issue. Matters it matters to me that copyright is out of control...IT matters to me people are dy8ing because of drug patents. IT matters to me that free speech and democracy are under attack by a few greedy people. DO YOU THINK IN THE END PEOPLE WILL JUST GIVE UP? Only a coward will give in and up. Only the chickens and greedy ones want you to be sheep. It only gets worse as kids and youth have fewer and fewer outlets and you continue to grow laws ontrees that are unjust and not needed.

Re:WRONG (1)

icebike (68054) | more than 3 years ago | (#34532096)

You will either give up, grow up, or get caught.

Not necessarily in that order.

Once you get out of your mom's basement and discover girls you will find that your mission in life is not to police the world from the end of a wire.

Re:This reminds me of WW 1 (1)

Mashiki (184564) | more than 3 years ago | (#34531218)

The main reason that WWI started though was because the doctrine of mobilization still existed.

Re:This reminds me of WW 1 (3, Interesting)

Fluffeh (1273756) | more than 3 years ago | (#34531240)

The main reason that WWI started though was because the doctrine of mobilization still existed.

Yes, a spark set of a large chain of events. Sort of like a company refusing to deal with a website due to pressure and is now under a continued DDoS? Say what you like, WL has caused pretty much everyone to take a side in this ongoing and developing scenario. If that isn't the first steps to mobilization in a digital world I don't know what is.

Re:This reminds me of WW 1 (0)

Anonymous Coward | more than 3 years ago | (#34531588)

Perhaps one day there will be no secrets!

Re:This reminds me of WW 1 (0)

oliverthered (187439) | more than 3 years ago | (#34531810)

haven't you read the bible?
god is unchanging: the only thing unchanging is the truth.
the truth is always right,
the truth is always righteous,
if you have good reason then you are innocent.
the innocent, the lamb.
god is love ergo the truth is love.

let no man buy no sell least he have the mark of the beast.

Re:This reminds me of WW 1 (2)

The End Of Days (1243248) | more than 3 years ago | (#34531980)

Haven't you read Stranger in a Strange Land? It's equally (in)applicable, but it's a much better story.

Re:This reminds me of WW 1 (0)

oliverthered (187439) | more than 3 years ago | (#34532028)

well, seeing society is based on a adoption of the bible by the church, and then government, as a means of controlling the populous.

I think the original source of western government is very applicable.

Re:This reminds me of WW 1 (0, Offtopic)

oliverthered (187439) | more than 3 years ago | (#34532042)

look at the bible as such,
an attempt at social revolution, and the overthrow of those in power.

god is a metaphor, though some would personify it as a mode of misdirection and a method to overpower you with the will of a false god.

Re:This reminds me of WW 1 (1)

similar_name (1164087) | more than 3 years ago | (#34531404)

The main reason that WWI started though was because the doctrine of mobilization still existed.

The TOS for my celluar service is not a good sign.

Re:This reminds me of WW 1 (1)

dsanfte (443781) | more than 3 years ago | (#34531236)

Each side figured if they could amass a significant enough alliance, the other side would capitulate, making any battle short and largely symbolic. It was a whole lot of blustering and brinksmanship, but reputation meant so much that by the time things came to a head, they had to fight, nobody could stand to lose face. Thirteen million dead because nobody would call uncle.

Re:This reminds me of WW 1 (0)

Anonymous Coward | more than 3 years ago | (#34531264)

"The original event" - that's a good way of phrasing it. The assassination of that guy was the drop that caused the bucket to overflow, but if it hadn't been this, it would've been something else. WW1 didn't happen because of that assassination.

As such, I think this isn't actually the same situation at all, either. It's not as if there was a conflict between 4chan and Mastercard etc. waiting to erupt.

Re:This reminds me of WW 1 (0)

Anonymous Coward | more than 3 years ago | (#34531370)

Calling things like that a "conflict" is the first step in cybermilitarization.

Re:This reminds me of WW 1 (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34531408)

I worry that WL is the "cyber 9/11" that people in the IT industry have been dreading since the 1990s.

Here in the US, we have Congresspeople who have been obviously Internet hostile. One of which was one of the reasons Zimmerman made PGP because strong cryptography came perilously close to being made illegal in the early 1990s. And the people still keep trying -- the mid 1990s brought with it the CDA where cursing on the Internet could mean a prison sentence (which took a fight to the Supreme Court to get that overthrown.) Of course, every few years, we have a bill like the INDUCE act, COICA, and many other Internet-hostile acts. Looming over our heads is ACTA which is still in the "make as extreme as possible, then 'compromise'" stage.

The people wanting these laws (likely the same people who want a DRM chip in every single computing peripheral and computer) would score a coup like no other should Congress check their heads in at the door and blindly rubber stamp "anti-cyber-terrorism" laws (like they did with the USAPATRIOT act.) Their long term goal is more revenue streams, and DRM and locked-down operating systems help that greatly.

The result of the lawmaking: iPad-like lockdown on the desktop, NAC on upstream routers that would detect jailbroken hardware and permanently ban machines by IMEI or other identifying ID (think XBL bans for modchipped firmware), all browsing and usage history transmitted to LEOs and ad agencies in real time (with no way of saying "no" to it), forcing people to have a "license" to browse the Internet (and the onus on victims of ID theft to prove otherwise so their access can be regained), and a return to the days where there were no open source alternatives -- either pay someone for a tool (such as a compiler), or do without. To enforce this, machines would have an active DRM chip with its own IP stack and method of automatically downloading new definitions/patches, then randomly freezing and scanning the memory space looking for suspected items. Machines would also have an antivirus utility that would run in protected space to look for signatures of music or video files, then phone home about it, leading to the user either permanently losing net access, or actually getting raided and the equipment seized via civil means (similar to how cars are seized due to drug charges.)

Ironically, Joe Sixpack wouldn't care, until he has to pay money per play of his favorite Ke$ha song.

Yes, this sounds like a dystopian fantasy, but the technology is there (CISCO's NAC, active DRM chips [1], XBL bans, Internet IDs in Korea and China, just a few companies providing Internet service, large wholesale moves of the population from "open" devices like Netbooks to closed/locked down platforms [2] like the iPad, a wholesale move by Microsoft and Apple to application stores on the desktop.) If given enough impetus, one can see companies connecting the dots and going a good way in locking down the Internet. Of course, it wouldn't be 100%, but it can be effective. Especially if people's software investments are tied down to a user account (Steam, Apple Store, Google's App Store), and they could easily lose access to all their purchased software in an instant should piracy be suspected. This could be compared to Valve's Anti-Cheat where access can be taken away to all multiplayer games in an instant with no recourse [3], except with all other software that one purchases, perhaps even the license for the OS itself.

Of course, the world != the US. It would obviously cause an exodus of talent from the US to elsewhere (such as during the 1990s where all the cryptographic R&D moved from the US to Russia and Israel during the times when exporting a DES routine had the same criminal penalty as selling a nuke.)

I don't want to sound like a doomsayer, but there are a lot of well-heeled people and organizations who would love to see the Internet return to being a Compuserve with complete control of who accesses what, how many fees can be attached, dissidents being banned permanently, and the whole F/OSS ecosystem killed. All it takes is a single event and a US Congress can pass a bill in days with everything the big, nasty organizations that are railed about on /. to have their way completely.

[1]: There is a big difference between a TPM chip which essentially is just a cryptographic token and provides very useful functionality versus an active DRM enforcing chip that actively scans memory, has an active IP stack itself to rat people out, and has the power to halt the CPU.

[2]: Of course, the iPad can be jailbroken. As of now. Trusting that future devices can be jailbroken isn't a good idea.

[3]: This isn't putting down VAC -- it just means that the same technology put to good use for keeping botters off of the FPS multiplayer games can be used to deny someone access to all their installed stuff should (for example) a detection routine detect a shareware program on day 31 of a 30 day trial.

Re:This reminds me of WW 1 (3, Informative)

jc42 (318812) | more than 3 years ago | (#34531586)

Amazon, Paypal, Visa certainly weren't connected to WL in any way prior to this, but have shown relationships and friends, and of course this means that friends to WL have now escalated the parties.

Hmm ... It sounds like you're saying that wikileaks was the source of the DDoSs at Amazon, Paypal and Visa. Do we have any evidence for this? The reporting I've seen imply that it was "supporters of wikileaks", not WL themselves. From what little I know of their record, I'd think this wouldn't be their preferred tactic, since it would sorta amount to "shooting yourself in the foot", as the old metaphor goes.

(But I can imagine Julian & Co. quietly cheering the DDoSers on in private, as did a lot of us. ;-)

Re:This reminds me of WW 1 (2)

Fluffeh (1273756) | more than 3 years ago | (#34531794)

Hmm ... It sounds like you're saying that wikileaks was the source of the DDoSs at Amazon, Paypal and Visa.

Source? Not at all. Cause? Yup.

To use another analogy. A small kid at a school is getting picked on by a bunch of other kids. His friends step in and try to set things right. Is it the small kid's fault that his friends got into an altercation? No. Is he the cause of it? Yes. Indirectly, he is the cause of the other kids jumping in to save his bacon.

I totally agree with you that WL would be utterly stupid if they a) did anything like this or b) officially supported it - but I also agree with you that behind closed doors, there is likely a few glasses being clinked with smiles on faces when this is mentioned.

Re:This reminds me of WW 1 (0, Flamebait)

Saint Stephen (19450) | more than 3 years ago | (#34531610)

Oddly enough, the duke was assassinated by an Anarchist, who had been doing this kind of thing a lot since the 1840s. Read about the LONG history of anarchism in Europe to gain some insight into how unremarkable (and stupid) the acts of Wikileaks and the WTO protesters is. Long since discredited - except by the young

Re:This reminds me of WW 1 (1)

Saint Stephen (19450) | more than 3 years ago | (#34531628)

From wiki...

The anti-authoritarian sections of the First International were the precursors of the anarcho-syndicalists, seeking to "replace the privilege and authority of the State" with the "free and spontaneous organization of labor."

Re:This reminds me of WW 1 (2)

Motard (1553251) | more than 3 years ago | (#34531706)

From Band of Brothers....

While walking through the woods in Part 9, "Why We Fight" before stumbling upon the Landsberg Concentration Camp.

Frank Perconte: Hey Luz, this forest kinda reminds me of Bastogne.

George Luz: It does huh? Well, except for the fact that there's no snow, we got warm food in out bellies, and trees aren't exploding all around us,... but yeah Frank, it looks a little like Bastogne. -- Smack him for me Bull.

"Bull" Randleman, walking behind, then proceeds to slap Perconte on the back of his helmet.

Re:This reminds me of WW 1 (4, Insightful)

Anonymous Brave Guy (457657) | more than 3 years ago | (#34531878)

I do wonder where it will all end.

That one is fairly easy, actually.

First, a significant number of those who have been involved in the recent DDoS mess will be hunted down and thrown to the wolves as examples. It won't be the guys who set it up, who are hiding behind their anonymising proxies and not actually taking part in the DDoS attacks personally. A lot of young troublemakers/curious geeks* will suffer for playing along.

(* Delete as applicable)

Over the coming months and years, increasingly draconian lock-down of the Internet will follow. Wikileaks have helpfully provided the politically credible stick that major governments such as the US have been dying for to impose this on an international scale, and the end result of Wikileaks and its "supporters" acting like children will be the world's major governments treating us all like children and thus making things worse for everyone. It will be like all the security theatre (with the occasional genuine measure going by almost unnoticed) imposed after events like 9/11, because you can do anything as long as you're "fighting terrorism" now.

One consolation we have is that most of the government measures will in practice probably be miscalculated and ineffective because they will be politically driven rather than planned and implemented by people with actual clue about computer security, which means they will hit stumbling blocks when serious money and/or international concessions are required to implement them. However, those who just want to continue using the Internet freely and responsibly will probably still have to live under the perpetual threat of coming up as a false positive on the wrong government agency's or ISP's automated system and being messed around as a result, even though they have done nothing wrong according to the new laws. Naturally, the most likely candidates for such treatment will be those in minorities, such as people who don't just run $DOMINANT_PLATFORM on the $FORTUNE_500_VENDOR hardware they bought from $MAJOR_NATIONAL_STORE_CHAIN.

Finally, the one thing that will almost certainly be seriously compromised is on-line anonymity. This will no doubt still be achievable but probably only with a much more serious level of skill and understanding than most script kiddies ever have. Whether this is a good thing or not is open to debate: about the only worthwhile information we have learned from the Wikileaks fiasco is that the actions of both sides stink to a significant extent but neither side is really as bad as the other makes out. Most people going about their daily lives seem to be getting bored of the whole affair already. The media here in the UK certainly are.

Operation Payback never hit DNS hard (3, Informative)

Vekseid (1528215) | more than 3 years ago | (#34531196)

The people attacking Wikileaks did. Wikileaks' troubles would be nigh irrelevant without the omnipresent glaring vulnerability that is DNS. The mirrors would all be signed wikileaks.org and the client would choose the closest available. Or something to that effect.

Some of the reported DDOS vulnerabilities were dead even before they were released to the public. Sockstress? Meet connlimit.

Re:Operation Payback never hit DNS hard (1)

phantomfive (622387) | more than 3 years ago | (#34531664)

Do you have an idea for getting rid of DNS? Because as far as I can tell, it's pretty important.

Tired of this term... (5, Interesting)

Anonymous Coward | more than 3 years ago | (#34531198)

"sympathizers", when has this word ever been used in a good way
Nazi sympathizers
Russian sympathizers
Terrorist sympathizers

It's a term used to describe supporters of those who you think of as bad.
A neutral term would to be used is simply "supporters".

Re:Tired of this term... (2)

igreaterthanu (1942456) | more than 3 years ago | (#34531250)

As an AC sympathizer, I agree.

Re:Tired of this term... (1)

Anonymous Coward | more than 3 years ago | (#34531254)

Right, being a jock supporter is real neutral...

How could they not progress against a known threat (1)

DJRumpy (1345787) | more than 3 years ago | (#34531202)

I'd say there has been some progress. Although they may have taken down sites like Mastercard, which doesn't normally deal in high volumes of traffic, they apparently had no effect on Amazon that I could see. I tried it throughout the day that Anonymous stated they would target Amazon, with nary a pause or hiccup.

Re:How could they not progress against a known thr (1)

Anonymous Coward | more than 3 years ago | (#34531224)

The attack on amazon never happened. Of course even if it did happen it might not have done any visible damage.

Re:How could they not progress against a known thr (5, Informative)

Firewing1 (1072250) | more than 3 years ago | (#34531230)

According to the Anonymous press release [dump.no] two days ago, they never launched an attack against Amazon:

After this piece of news circulated, parts of Anonymous on Twitter asked for Amazon.com to betargetted. The attack never occured.

After the attack was so advertised in the media, we felt that it would affect people such as consumers in a negative way and make them feel threatened by Anonymous. Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste.

Re:How could they not progress against a known thr (1)

Anonymous Coward | more than 3 years ago | (#34531270)

aka, our attack failed, not even noticed by Amazon, so here's our attempt at saving face.

Re:How could they not progress against a known thr (1)

Fex303 (557896) | more than 3 years ago | (#34531390)

According to the Anonymous.... [snip]

Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste.

Right, because Anonymous and /b/ in general are such guardians of good taste.

Re:How could they not progress against a known thr (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34531528)

Right, because Anonymous and /b/ in general are such guardians of good taste.

The wording is easy to misunderstand. The statement is meant to indicate that interfering with people buying Xmas presents for their kids would be seen to be in bad taste and thus counter-productive to their goal. Screwing with the backend payment systems makes customers pissed off at mc/visa/e-stores but directly blocking the e-stores makes people pissed off the DDOSers.

Re:How could they not progress against a known thr (0)

Anonymous Coward | more than 3 years ago | (#34531546)

Screwing with the backend payment systems makes customers pissed off at mc/visa/e-stores

[Screwing with] the e-stores makes people pissed off the DDOSers.

Does not compute.

Re:How could they not progress against a known thr (4, Informative)

MachDelta (704883) | more than 3 years ago | (#34531978)

The backends of Visa and MC were never targeted for the exact same reason. Their corporate sites (largely symbolic, mostly useless) were taken down instead. Paypal is a bit of an exception, but they were too big for Anon to completely drag down. But they did manage to slow it and make their presence heard - Paypal released the remaining funds in Wikileaks' account.

Re:How could they not progress against a known thr (4, Insightful)

bsDaemon (87307) | more than 3 years ago | (#34531556)

"simply put, attacking a major online retailer when our parents are buying our christmas presents might affect us" -- what they really meant.

Re:How could they not progress against a known thr (1)

Duradin (1261418) | more than 3 years ago | (#34531400)

Of course they never launched that attack. They never tried and spectacularly (in its lack of effect) failed. To say that they tried would be admitting they were as effective as a gnat is against a freight train.

Re:How could they not progress against a known thr (1)

Anonymous Coward | more than 3 years ago | (#34531966)

They absolutely did try to take down Amazon and PayPal, despite what the "press release" said. AFAIK, there was no notable affect on Amazon, and any noticeable affect on PayPal was very brief in nature, outside of thepaypalblog.com.

Re:How could they not progress against a known thr (1)

Haedrian (1676506) | more than 3 years ago | (#34531266)

That's because Amazon is designed to withstand such heavy use. If I decide to DDOS some server which usually gets 10-15 visitors a week, I probably won't need more than a single client.

Amazon (which apparently does hosting too) - is designed to take thousands upon thousands of concurrent connections at the same time.

Its not about progess - its like discovering that your i5 CPU can handle more spyware running at the same time than your Pentium MMX - its still the same method.

Re:How could they not progress against a known thr (0)

Anonymous Coward | more than 3 years ago | (#34531302)

More like millions, and let's not even get into Amazon's highly distributed architecture.

Re:How could they not progress against a known thr (2)

Shemmie (909181) | more than 3 years ago | (#34531406)

In unrelated news, most of Amazon in Europe suffered an outage tonight. BBC story [bbc.co.uk]

Re:How could they not progress against a known thr (1)

mysidia (191772) | more than 3 years ago | (#34531360)

How could they not progress against a known threat

The threat is not of a static nature. DDoS attack methodology evolves, just like defenses evolve.

It's kind of like asking "How could the US not have progress against the terrorist threat?". Or "How could one side of a war not have progress against the other side"

If your opponent evolves faster than you do, then you have the opposite of progress. If they evolve at essentially the same speed as your defenses evolve, then you basically use a lot of energy and develop lots of new defenses, but are essentially standing still.

Is DDoS a crime? (2)

Wolfling1 (1808594) | more than 3 years ago | (#34531210)

If I were to arrange a thousand people to turn up at the corporate headquarters of Visa, and then simply sit down on the ground outside the main doors, would it be a crime?

So, how can it be a crime if I achieve the same thing in cyberspace?

Re:Is DDoS a crime? (0)

Anonymous Coward | more than 3 years ago | (#34531232)

Because this "sit in" is disrupting business. In your analogy you conveniently leave out that you are stopping the flow of business and halting people going about their own lives.

Re:Is DDoS a crime? (3, Insightful)

Raptoer (984438) | more than 3 years ago | (#34531244)

If you do so in an attempt to harm or otherwise deny access, then yes, it would be. It's more akin to getting a thousand people to sit outside their building and forcefully block anyone who tries to come in.

Re:Is DDoS a crime? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34531316)

No it's not.

It's like a crowd gathered in front of a service window all trying to get an order - only most of them asking for things they don't offer there. Now you as a legitimate customer need to get through that crowd to get to the window and make your order.

Re:Is DDoS a crime? (2)

RandomAdam (1837998) | more than 3 years ago | (#34531256)

The same was as the physical act will be made into a crime... Some officer of the law will ask you to move and when you don't then you are arrested for failure to comply with an officer of the law, which is barely a step away from resisting arrest when you protest that this is a ligitimate protest...

Re:Is DDoS a crime? (1)

Anonymous Coward | more than 3 years ago | (#34531286)

Yes.
Trespass.
Causing a public nuisance.

But here is a thought. Try it sometime. See how many people you can get to turn up.

Re:Is DDoS a crime? (1)

MysteriousPreacher (702266) | more than 3 years ago | (#34531300)

Depends on the country, but yes indeed probably would be a crime to get 1000 people together and have them block access to the Visa headquarters. Protest is not the same as physically obstructing access.

Re:Is DDoS a crime? (1)

ToasterMonkey (467067) | more than 3 years ago | (#34531336)

If I were to arrange a thousand people to turn up at the corporate headquarters of Visa, and then simply sit down on the ground outside the main doors, would it be a crime?

So, how can it be a crime if I achieve the same thing in cyberspace?

If you prevent people from entering/exiting the building, or do that on private property without permission, yes. There isn't so much as a sidewalk to stand on in the Internet as far as public space goes, so good luck with your analogy.

Re:Is DDoS a crime? (1)

Lord Kano (13027) | more than 3 years ago | (#34531352)

If I were to arrange a thousand people to turn up at the corporate headquarters of Visa, and then simply sit down on the ground outside the main doors, would it be a crime?

So, how can it be a crime if I achieve the same thing in cyberspace?

It would be a crime if you did that at an abortion clinic. 10 years in Federal prison and $100K+ in fines.

LK

Re:Is DDoS a crime? (2, Informative)

Anonymous Coward | more than 3 years ago | (#34531440)

If they are blocking commerce, they can be removed. Criminal trespass arrests usually empty the streets out of people doing a sit-in, and gives an added bonus of felony-hard charges should they even come near the place again (even if they protest on the sidewalk and not on the property.)

When push comes to shove, most places go into "arrest them now, they can sue later on in the courts and lose later" mode. Every four years, you will see this exact phenomenon in action during the DNC and RNC meetings during the US election year.

how to fight off ddos attacks, in one step (1)

Anonymous Coward | more than 3 years ago | (#34531220)

1. take down slashdot :D

jk.

but seriously, many websites has fallen victim to slashdot!

Re:how to fight off ddos attacks, in one step (4, Interesting)

alvinrod (889928) | more than 3 years ago | (#34531846)

I think you've inadvertently stumbled upon the difficulties of fighting DDoS attacks. Sometimes it's just a flood of legitimate traffic with no malicious intent behind it at all.

Answer (1)

Haedrian (1676506) | more than 3 years ago | (#34531228)

No.

There you go.

DDOS = Digital Sit-in (5, Interesting)

Palmsie (1550787) | more than 3 years ago | (#34531242)

A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal. A DDOS (Note the Distributed) is basically a ton of people visiting the site at once so that others can't. In essence, the unknowing visitor to mastercard.com is also contributing to the DDOS by merely visiting the already flooded site (albiet in a small way) just as an unknowing visitor to a bank is contributing to a sit-in by disrupting the flow of work. Their mere presence is making the work more difficult. However, there is nothing illegal about one person visiting a bank and standing there, just like there isn't anything illegal with a number of people going to a bank... at the same time. Ultimately, the question isn't "has progess been made" to stop DDOS attacks, but SHOULD there be progress to stop them? Sounds like an easy question to answer but in the case of freedom of expression, it makes the waters a bit more muddied.

Re:DDOS = Digital Sit-in (1)

Haedrian (1676506) | more than 3 years ago | (#34531288)

To continue with your analogy - I'm pretty sure its illegal to have thousands of customers in front of the bank clerks insisting that its their turn, and not allowing real customers to access the clerks - while the bank needs to thwart their efforts by hiring more clerks and paying extra funds for nothing.

Of course its a crime - you're removing people's access to a resource someone else is paying for.

Re:DDOS = Digital Sit-in (0)

Anonymous Coward | more than 3 years ago | (#34531538)

If I protest a brick and mortar by sitting down on the sidewalk in front of the building, and the customers who want to enter have to wade through, thats legal.

If I protest a web company by DDOSing, and all the customers who want to shop have to wade through my packets.. that is...

Wait.. those seem strangely similar.

Re:DDOS = Digital Sit-in (2)

jc42 (318812) | more than 3 years ago | (#34531708)

I'm pretty sure its illegal to have thousands of customers in front of the bank clerks insisting that its their turn, ...

Actually, this sort of thing has happened repeatedly throughout the history of banks. It's called a "run on the banks", and typically happens as part of some economic disaster that makes people fear loss of their savings. To my knowledge, nobody has ever been arrested and charged with attempting to withdraw their funds from a bank. (Though if it has happened, it might be interesting to read about.)

Typically, banks and governments react to this by first trying to calm the population and convince people that they aren't about to lose their money. And sometimes, they will declare a "bank holiday" that shuts all the banks down until the PR campaign has calmed the population down. This can backfire, of course.

But people descending on a bank all at once and wanting access to their money isn't a hypothetical thing; it has happened on numerous occasions.

Re:DDOS = Digital Sit-in (0)

Anonymous Coward | more than 3 years ago | (#34531296)

Most of the public places (banks by following your example) have set limit (published somewhere in said facility), how many people are allowed inside at the same time, at least in US.

Re:DDOS = Digital Sit-in (1)

Duradin (1261418) | more than 3 years ago | (#34532092)

The people bending logic to its limits to make DDoS a valid form of protest won't care about trifling things like fire codes.

Re:DDOS = Digital Sit-in = Illegal (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34531384)

However, there is nothing illegal about one person visiting a bank and standing there, just like there isn't anything illegal with a number of people going to a bank... at the same time.

Actually, that is called trespassing and is very illegal, especially if you do not leave when they ask you to. While it is true that businesses are open to the public, that is not blanket permission. They are giving an invitation of, "come on in if you want to do business." If you don't want to do business, then you have no right to be there. Likewise, if you are accessing someone's network not involved in business with them, then you have no permission to be there and are violating the law.

Re:DDOS = Digital Sit-in (1)

Palmsie (1550787) | more than 3 years ago | (#34531430)

While I generally agree with the comments posted above (e.g. no loitering), I find this an interesting analogy to compare to DDOS attacks - an analogy, btw, that isn't mine, I've just seen it repeated a few times recently from people who are not simply being mindless talking heads to the fact that Anon isn't some elite/super-secret hacker group but rather 4chan being 4chan.

Re:DDOS = Digital Sit-in (5, Insightful)

Duradin (1261418) | more than 3 years ago | (#34531438)

With a sit in, the protestor faces the (immediate) risk of arrest. With a sit in once they are asked to leave and they refuse it becomes trespass and the cops can be called in to clear them out. Not so with a DDoS.

Equating DDoS with sit-ins is a disservice to the sit-in as a valid form of protest.

Re:DDOS = Digital Sit-in (0)

Anonymous Coward | more than 3 years ago | (#34531476)

A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal. A DDOS (Note the Distributed) is basically a ton of people visiting the site at once so that others can't. In essence, the unknowing visitor to mastercard.com is also contributing to the DDOS by merely visiting the already flooded site (albiet in a small way) just as an unknowing visitor to a bank is contributing to a sit-in by disrupting the flow of work. Their mere presence is making the work more difficult. However, there is nothing illegal about one person visiting a bank and standing there, just like there isn't anything illegal with a number of people going to a bank... at the same time. Ultimately, the question isn't "has progess been made" to stop DDOS attacks, but SHOULD there be progress to stop them? Sounds like an easy question to answer but in the case of freedom of expression, it makes the waters a bit more muddied.

If these people were just visiting up the site and hitting the "reload" button repeatedly, you might make a case for this. But the "Anonymous" attack was using a custom crapflooding tool to DDoS their targets. They were not staging a virtual sit-in; they were holding a virtual riot.

Re:DDOS = Digital Sit-in (2)

MachDelta (704883) | more than 3 years ago | (#34531992)

So where does one draw the line between hitting F5 repeatedly, getting a drinking bird to do it for you, or running LOIC? Is the drinking bird illegal? Can you even prove LOIC was in use?

Re:DDOS = Digital Sit-in (2)

Dachannien (617929) | more than 3 years ago | (#34531666)

A number of sources

Are these neutral, independent, reputable sources? Or are they sources that have taken sides in favor of Wikileaks and the DDoSers and are trying to justify the act of perpetrating a DDoS attack?

Note that Julian Assange has already indicated that neither Wikileaks nor he approve of the DDoS attacks, first and foremost because they are a muzzle to free speech.

Re:DDOS = Digital Sit-in (1)

Duradin (1261418) | more than 3 years ago | (#34532110)

I thought Wikileaks doesn't approve or disapprove of the attacks, a tacit condoning of the attacks by not condemning them.

Re:DDOS = Digital Sit-in (1)

jeff4747 (256583) | more than 3 years ago | (#34531900)

A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal.

Sit-ins aren't legal.

A sit-in is a minimum of trespassing, with a few other charges depending on what you do and where you do it.

Re:DDOS = Digital Sit-in (1)

Nemyst (1383049) | more than 3 years ago | (#34532066)

I might be inclined to concede this for DDOS where 1 visitor = 1 person. Unfortunately, you simply can't ignore that a great proportion of the traffic in a DDOS comes from botnets, which are and should always be illegal. The dangers of a single person with control of a large botnet can be incredible for small sites - I've personally seen entire communities crumble because one single idiot was angered at the others and decided to take revenge.

I'm sorry, but I can't equate DDOS with a sit-in. We need to make progress in stopping those.

Why are DDoS attacks hard to avoid anyway? (5, Informative)

Musically_ut (1054312) | more than 3 years ago | (#34531260)

If you are curious about the slightly deeper and murkier details, this [ktn.epfl.ch] will tell you why handling DDoS attacks is still difficult.

No more DDoS? (1)

Mr Pleco (1160587) | more than 3 years ago | (#34531306)

Simple...

Stop linking to said site from slashdot. Then the DDoS will stop. =)

There's only one way (0)

Anonymous Coward | more than 3 years ago | (#34531308)

A DDoS is like a brute-force cryptographic attack. You can't design a (classical) cryptosystem that's immune to brute force attacks. You can only make it more resistant by increasing the number of keys.

Similarly, the only way to protect against a DDoS is by increasing your server capacity.

Ironically criminal botnets are helpful here... (5, Interesting)

antifoidulus (807088) | more than 3 years ago | (#34531346)

The article talks a lot about botnets, but how many botnets are actually involved in the wikileaks attacks? I haven't read about any and my bet is that there probably aren't a lot. Why? Simple, the purpose of most botnets has turned from fun into profit. 10 years ago most of the botnets were designed just to screw with people, delete files, open ports, ddos ebay etc. However over the past 10 years a lot of the creators of botnets have found that they can use the botnets to generate lots of cash by moving spam, selling information etc. I doubt that very many of them would want to risk subjecting their botnets to discovery and removal by getting involved in in such a high profile attack.

Re:Ironically criminal botnets are helpful here... (0)

Anonymous Coward | more than 3 years ago | (#34531548)

Unless they are getting paid in gold bars. Lots of precious gold bars. mmm

Re:Ironically criminal botnets are helpful here... (2)

John Hasler (414242) | more than 3 years ago | (#34531638)

However over the past 10 years a lot of the creators of botnets have found that they can use the botnets to generate lots of cash by moving spam, selling information etc.

No, they've found that they can rent out their botnets to people who generate lots of cash by moving spam, selling information, etc. If you've got the cash and are willing to spend it you can rent a botnet for your political DDOS.

Re:Ironically criminal botnets are helpful here... (0)

Anonymous Coward | more than 3 years ago | (#34531642)

From what I've heard there's solid reason to believe that Wikileaks was taken down by a Slowloris attack running from a single machine run by The Jester (ascii transliteration from l33tspeak). That would explain why the attack was not able to take down the much larger amazon cloud.

Origins of the internet (3, Insightful)

girlintraining (1395911) | more than 3 years ago | (#34531366)

You all may recall that the internet was designed as a peer to peer network. It was assumed that every node would have equal access to a decentralized network with many interconnects and pathways between each. The rise of DDoS attacks and other vulnerabilities is a direct result of the internet being used for other than it was designed: Businesses have forced a "one to many" relationship, a client-server architecture, and uneven upstream/downstream ratios. The centralization here is the weakness, not the internet.

The internet wasn't designed to support the business and organizational models that now dominate it. The solution to the DDoS problem is to decentralize, and restore a peer-based communication model -- that is how it was designed to be used. Of course, we could sit here and debate how to "save" the internet from "hackers" who are using the strengths of the network to great effect to attack those who built their solutions without much mind to the foundation.

Slashdot effect (2)

sunderland56 (621843) | more than 3 years ago | (#34531380)

How do you differentiate a DDoS attack from the usual slashdotting of a web site?

Re:Slashdot effect (5, Funny)

Rinnon (1474161) | more than 3 years ago | (#34531456)

How do you differentiate a DDoS attack from the usual slashdotting of a web site?

One is intentionally malicious with the intent to bring down the site. The other is usually the Botnet on Autopilot.

Re:Slashdot effect (1)

n_djinn (1883738) | more than 3 years ago | (#34531458)

I am waiting for the punch line.....

Re:Slashdot effect (1)

MichaelSmith (789609) | more than 3 years ago | (#34531484)

How do you differentiate a DDoS attack from the usual slashdotting of a web site?

DDoS attackers don't do normal http queries. They make an initial connection to the server and leave it dangling to later time out. The server supports a finite number of external connections and can be easily kept out of action.

Puck (1)

Nethead (1563) | more than 3 years ago | (#34531602)

And the NANOG list has been reading more and more like slashdot and less like an operators list for the last few months. Nice to see it come full circle with this article.

Yes.... and, no. (1)

VortexCortex (1117377) | more than 3 years ago | (#34531784)

Yes, "headway has been made heading off DDoS attacks".
ISPs & Hosting providers can now charge you large sums of money to ensure your pipes are big enough to handle a DDoS, thereby "heading off DDoS attacks" before they even begin.

No, this doesn't really protect you from a large scale botnet executing a reflective DDoS attack; The amount of protection is in proportion to the amount you spend on your pipes. Some providers offer automatic up-scaling via server virtualization, but this just means you get to pay for the big pipes after the attack.

So, in the face of a RDDoS in most cases the only advise is still: "Kiss goodbye your IP Stack, It's an SYN-ACK Attack!"

prevention is the best cure (4, Interesting)

thej1nx (763573) | more than 3 years ago | (#34531940)

Pretty easy. Make it standard for all OSs to default to updating/patching *without* prompting the user. I believe Chrome etc. do this already? A DDOS usually requires a botnet with lots of infected drones. And those in turn, usually require vulnerable un-patched systems. If someone actually wants the system to prompt them for applying updates, they can configure it so, instead of that being the out of box behavior.

Microsoft alone is responsible for majority of these. The old excuse of *this is because windows is most popular OS" is pure hogwash. When dozens of unix variants can update system components without requiring a reboot, it simply implies a horrible design on part of Microsoft. And the reboots and the required prompting for updates are what is responsible for at least half of the infected systems on internet. If the user needs to control the updates, it should be configurable, not the default. The reaction of your mom and pop, after seeing the usual "updates are ready" pop-up, is to simply ignore it.

Perhaps all that is needed is for someone to do an analysis of the compositions of Botnet systems and simply launch a class action suit against Microsoft. If they want to charge the public hundreds of dollars for a product that has a fixed cost and requires near-zero cost to replicate, they better be ready to provide a hell of a better product.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?