Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The DDoS Attacks, One Year Later

CmdrTaco posted more than 13 years ago | from the something-to-think-about dept.

The Internet 117

ATKeiper writes: "One year after the DDoS attacks against major Web sites, C|Net reports that there are still 'no strong defenses deployed' against such attacks. The only person so far accused by prosecutors is Canadian teen hacker mafiaboy, whose trial starts in a month. Was it a forgettable stunt? A much-needed wake-up call for insecure e-commerce sites? Lame script kiddies giving hackers a bad name?"

cancel ×

117 comments

Sorry! There are no comments related to the filter you selected.

Warning! Approaching buzzword overload! (1)

Anonymous Coward | more than 13 years ago | (#449258)

Please form an orderly line and exit the website via the clearly marked escape routes.

The front line. (1)

chrome (3506) | more than 13 years ago | (#449259)

I work for an ISP in the UK. We're pretty high profile here, so I can't exactly name the company. I can make some observations here though, as this topic really hits quite close to home for me.

Since December last year, we were on the wrong end of some SERIOUSLY large DoS attacks. Some of them were your run-of-the-mill smurf, but the most common has lately been a little SYN flooder which I won't mention here, lest the wannabies all go download it and try and take down Yahoo with their 56k modems. (Not that you could, you'd need more that that).

We use BTnet as our uplink provider, and initially we got very poor response from them. One attack which crippled us for 12 hours, however, managed to get their attention. Apart from the fact it wiped us from the face of the planet, stopping millions of users from dialling up or accessing their web-pages, they also managed to take out a huge chunk of BTnet's core infrastructure. BT are not happy, and neither are their customers. Strangely enough, BT has transformed into the most impressive anti-packetkiddie juggernaut I have ever seen.

Sure, it's hard to track them down, but we're learning a lot. I guess the packetkiddies think this is a one-way process. They attack and sites go down, and they think they can just keep doing it without anything happening.

Everything is in their favour, for the moment, but every single attack the packetkiddies do teaches us something. It won't be long until we have both the technology and the knowledge to actually track them down and arrest them.

And we've had some success in that arena, too.

I think the main thing here, is this:

You have everything to lose by attacking a company on the internet. The bigger the company you attack, the bigger the thing you are risking.

A large company has NOTHING to lose by tracking you down. Sure, it might cost it money, but they have plenty of that.

You might think it's a great laugh right now, but when you're arrested and taken to court, and suddenly a lot more is on the line than your reputation amongst the other kiddies on IRC, I think maybe then you will regret even getting involved.

It's not cool, it's not elite, and we will catch you.

Re:One way to stop DoS (1)

otis wildflower (4889) | more than 13 years ago | (#449261)

Why don't sysadmins start blocking off invalid TCP/UDP packets that the router?

Because many ISPs can't be bothered. UUNet, for example, refused to do backtraces on a DoS attack on my network at all. Multiple ISPs would need to cooperate in a very thorough way, and they don't see the $$$ in it I suppose.

I know at least 1 piece of software (Manhunt) is looking to get installed within ISPs to monitor routers and automate this backtracking and concomitant inter-ISP coordination, but I don't know if that's gotten anywhere.


Your Working Boy,

Re:There's no defense against tacks either (1)

h2odragon (6908) | more than 13 years ago | (#449262)

Spike strips usually consist of hollow spikes that break off and stay in the tire; "self-sealing" tires are no defense. There exists a superball type rubber compound you can use to fill tires instead of air; it is commonly used in construction equipment and tractors but will fuck up the handling and ride of cars on a highway.

Re:DDOS and responsibility (1)

consumer (9588) | more than 13 years ago | (#449263)

You can't blame slashdot for a site's inability to keep up with legitimate demand

Interestingly enough though, you can blame Slashdot for inciting DDoS attacks. When the editors post articles claiming that such and such company did something bad, you will often see comments (highly rated!) saying "let's DoS them" and even posting scripts to do it. I didn't take this seriously until one day Slashdot decided to pick on a place where I worked and suddenly hundreds of DoS attacks started.

This kind of thing doesn't exactly help with the hacker/cracker distinction that Slashdotters seem so keen to enforce.

Re:Cracking & DOS (1)

rcp (12077) | more than 13 years ago | (#449265)

Acutally, I prefer Spider Robinson's analogy that this DOS attack was like "a 12-year-old nincompoop gluing shut all the doors of the mall". Very appropriate as most of the sites are nothing more than commerce. I don't much care if I can't get into a store.

Spider on Nincompoops (1)

rcp (12077) | more than 13 years ago | (#449266)

I forgot to add a link to the full Globe and Mail story [globetechnology.com] .

Re:Defenses? (1)

swb (14022) | more than 13 years ago | (#449267)

What should really happen is that ISPs should demand that egress filtering take place at the client side and charge extra for connectivity -- a DoS tax, if you will -- to sites that will not egress filter or refuse to provide proof that they ARE egress filtering.

Even with this type of protection, there may still be topologies (DSL? Cablemodem?) where egress filtering may not be either possible or practical until much higher in the food chain. If the ISP in question is a large one, successful spoofing may only require spoofing that ISP's CIDR blocks or other addresses that could pass an 'exit router' egress filter.

I'm not sure that there is a real solution to DoS attacks with many current protocols. Requiring a brief client handshake/auth mechanism may be the only solution, and that makes the net a whole lot less anonymous.

Re:detail (1)

generic (14144) | more than 13 years ago | (#449268)

If he knew the details of such an attack, he would also know the severity. How does a "not very technical" person outline a DDoS attack. You have to have a decent understanding of TCP/IP.
And the behavior of ICMP protocols. I cant imagine someone who has been using the internet for a few years to surf and email understanding what mixter wrote in his papers. What normal users do you know of bought a book on TCP/IP and even know what ICMP stands for? No one I know.

Re:dDOS attack "relatively unheard of" attack? (1)

generic (14144) | more than 13 years ago | (#449269)

We actually tested this here with a default install and a basic firewall setup. What we thought a user who just wanted to be a user and not anything more would do. It worked quite well, the host had all ports filtered. incomming UDP/TCP. ICMP still worked.

Re:DDoS makes Microsoft .NET Impractical (1)

Osty (16825) | more than 13 years ago | (#449270)

You obviously have no clue how Microsoft's .NET architectures work. Data is stored locally, as well as on the server. The whole point of having the server in the architecture at all is for replication to other machines and/or devices. So, no, you won't be writing your monthly report online, but when you save it, it will get replicated to the server (and probably at intervals before you save it, as well, as a work-in-progress).

So, some skript kiddie takes out the connection to your .NET server. Maybe you can't get your e-mail, but any documents that have been replicated to your local store, and any documents you're currently working on, will be perfectly accessible. Any changes you make won't get replicated to the server yet, as you can't reach it, but at that point it's back to pre-.NET business-as-usual. You'll just have to do "old-fashioned" replication to your mobile devices and such.

dDOS attack "relatively unheard of" attack? (1)

perrin5 (38802) | more than 13 years ago | (#449272)

Really? I was sure I knew exactly what one was WAY before the 7th of January last year... But maybe that was just me. In related news: RedHat's new Beta release has something that I've been bitching about for years: a NETWORK SECURE client install!!! At last, someone who doesn't know what they're doing won't have RPC, statd, named, telnet, ftpd, and all the others running on their machine for some 1337 moron to crack into to use as a dDOS tool. Took them long enough.

Re:Since the fall on the dot-coms (1)

MadAhab (40080) | more than 13 years ago | (#449273)

Ignoring the trollity of your comment:

Closing the implementation would do nothing to enhance security. It just makes analyzing and fixing problems and preventing attacks that much harder.

The things that would actually make a more secure protocol - controls to prevent spoofing and protocol-layer encryption - are in no way easier to accomplish with closing the implementation. In fact, they will be the better for the openness.

And, it's worth pointing out that the openness of TCP/IP has allowed it to become the de-facto networking protocol, period, beating out closed candidates that were arguably better protocols.

F Jackie.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Canadian Troublemakers (1)

Kenshin (43036) | more than 13 years ago | (#449274)

Perhaps today would have been a much better day for those UBC students to do their Golden Gate prank. Right place: San Francisco, heart of the dot-com craze. Coulda used Cat-5 cabling to hang the bug off the bridge :)

Re:Cracking & DOS (1)

Minupla (62455) | more than 13 years ago | (#449275)

You have my thanks for informing me of such a cool Spider Robinson quote that I was unaware of. *tosses a mug into the fireplace in your honor!*

Cheers!

--
Remove the rocks to send email

Re:There's no defense against tacks either (1)

Nehemiah S. (69069) | more than 13 years ago | (#449276)

I'm thinking that a properly oriented high power snowblower-like device, mounted in front of your tires, could probably do pretty good job against at least small-time Tackers. Those who put more time and effort into their work (by sticking nails into 1x8 boards or pounding their tacks into the soft pavement) would be harder to fight- but it could be done. Self sealing tires would be the obvious easiest solution, although you could have lots of fun combining directed energy/acoustic weapons, liquid nitrogen, and road analyzing radar.

The roads must roll!

Products to address these issues in the pipeline (1)

pooge (79750) | more than 13 years ago | (#449277)

take a gander:
http://www.mazunetworks.com/ [mazunetworks.com]

Marketing info states:Mazu's technology is uniquely suited to solving the DDoS problem because it enables a proactive, focused and intelligent approach instead of the after-the-fact, fragmented and manual methods that most businesses try to employ today. With Mazu, businesses can outwit, outflank and outplay DDoS because, for the first time, they can operate with more fine-grained knowledge and resources than the attackers.

Re:ATTENTION Script Kiddies! (1)

Tweezer (83980) | more than 13 years ago | (#449279)

First Saturday in April is the hash bash in Ann Arbor MI, so that wont work.

Hmm, cracks and security. (1)

smoondog (85133) | more than 13 years ago | (#449280)

IMO, unfortunately the best prevention method for prevention of DOS attacks requires work by people who generally don't get attacked. Yahoo can't truely protect itself, it is the hundreds of insecure server operators that must work. Perhaps ISP's should work with server operators to make their servers better equipped to prevent an entry by a nefarious source...

-Moondog

Re:What we really need (1)

pope nihil (85414) | more than 13 years ago | (#449281)

YES! I was entirely serious. As another person commented, there are already unrelated organizations and taskforces, but we need one single international Internet police force!

What we really need (1)

pope nihil (85414) | more than 13 years ago | (#449282)

I think the solution we need is some sort of "CyberCop" organization. This group could be involved in tracking down online criminals who engage in DoS attacks, web defacing, and other terroristic acts. The FBI is obviously not doing their job, so someone new that is completely dedicated to Internet crime could help.

Additionally, this organization could set guidelines for ISPs, like requiring them to keep tracking information on certain packets for a period of time, or requiring them to block packets from unrouteable addresses. @Home is horrible about this. I've noticed routers in the 10.x.x.x subnet upstream from me on the @Home network! That is unacceptable. What happens if that router tries to send information to my computer? It gets blocked by my firewall because I don't allow IP spoofing!

Anyway, we NEED CyberCops to enforce laws on the Internet. Maybe we can get other countries besides America to help pay for it too. That could give them some say in the rules were.

Err. (1)

dave-fu (86011) | more than 13 years ago | (#449283)

I'm not going that far; what I'm saying is that if I'm running an ISP and I know that I own the 23.45.67.* block, I won't let packets with a source address of 98.x.x.x or what have you out of my network.
I'm not saying you need to validate every packet that comes out (way too computationally expensive, i imagine), just that the same way you set up ingress filters preventing packets with a return address of 127.0.0.1 or 10.x.x.x and whatnot come in, you should prevent those obviously falsified packets from ever going out.

Speaking of script-kiddies... (1)

fanatic (86657) | more than 13 years ago | (#449284)

I saw a box get rooted that was only connected to the 'net via dial-up. Couldn't believe it, but:
  • ifconfig wouldn't show promiscuous mode,
  • netstat wouldn't honor -p and
  • ls, ps, find and du were also modified.
Amazing.

Moral: the script kiddies are totally indiscriminate. Once you're connected, you're vulnerable if you haven't taken protective measures, which include applying patches or upgrading vulnerable software, turning off un-needed services and firewalling/packet filtering. File integrity checking is also a good idea to warn you ASAP of a compromise.

For nomination(s) to 'assholes of the century', how about the schmucks who write the scripts that script-kiddies use? Why would anyone do this?

Re:Since the fall on the dot-coms (1)

gordzilla (97994) | more than 13 years ago | (#449285)

"I mean, who on Slashdot was really freaked out when the Yahoo DDoS happened?"

Just because it was Yahoo, does that makes it ok. What if it was your online brokerage company that was being DOS'ed and you couldn't get through to tell you're broker to sell your RedHat stocks before they evaporated?

Does your above statement still work?

Re:I wonder... (1)

techiemac (118313) | more than 13 years ago | (#449286)

Hold on a second... Steve Bellovin's area of research consists of DOS attacks. Should we immediatly suspect someone who does research in this area. This is exactly like saying all Sys Admins are script kiddies. If he were such a suspect I can assure you that he probably would not be chairing the ICMP Traceback working group at the IETF. Come on Slashdot... this should practically be flamebait. Let's not chastize the researchers that are trying to prevent DOS attacks.

Re:Mafiaboy pleaded guilty in January (1)

ATKeiper (141486) | more than 13 years ago | (#449287)

Thanks for the update, I hadn't heard that.

A. Keiper

a nice suggestion for stopping DDoS attacks (1)

thexdane (148152) | more than 13 years ago | (#449288)

i have seen many suggestions, such as online cops and such, but i got a good idea that might work and might get some sys admins mad and actually to take responsbitity for their comprimised boxes.
well here is the idea i came up with if there's a known script kiddie or comprised box the admin refuses to deal with that network should be blackholed, don't allow them to route to any place outside their own network, until they can prove it has been fixed. some admins won't listen to another person screaming at them to fix THEIR problem, i know this from personal experience, but give them several hundred or thousand paying customers and people who pay them yelling to fix the problem and then you will see how fast things change.

Re:the word hacker has gone all wrong (1)

molg (153497) | more than 13 years ago | (#449289)

Becouse the term does describe an individual that has a strong disire to learn how things work no matter what the context, and this is being turned into a negitive attribute of the citizen. Thus encourging the citizen to give up his rights to figure out how things work. This ofcourse keeps the money at the top where the people who hold the knowladge reside.

the word hacker has gone all wrong (1)

molg (153497) | more than 13 years ago | (#449290)

Hey where I grew up a hacker was someone how didn't RTFM. In other words it was someone who taught himself. You want to know how that car works well go out there and take it apart (Unfortunitly this will soon be illegal)Its not about cracking or whatever.. it's shouldn't even just refer to computers.. hacking is about thinking and about having a unusually strong disire to learn. To understand the universe and not take things for granted.

Betcha can't do it twice (1)

peccary (161168) | more than 13 years ago | (#449292)

Mess with the internet on the other hand and you're a force to be reckoned with.

You only become a credible threat when people believe you can hurt them again and again and again, whenever you want to. That's what it takes to be "a force to be reckoned with."

Even assuming that you aren't arrested shortly after taking down the root servers, you have to be able to convince everyone that you can and will cause similar havoc again and again.

But all of these holes are one-offs. Every time you abuse one, it will be fixed. You would have to convince us that you can invent new exploits faster than we can fix them.


...i'm using "you" figuratively here.

Re:What we really need (1)

Modeflip (161271) | more than 13 years ago | (#449293)

Is this a serious post?

My thoughts (1)

knurr (161310) | more than 13 years ago | (#449294)

Was it a forgettable stunt? No, It was funny event. A much-needed wake-up call for insecure e -commerce sites? Yeah If a young kid with very little skill could do that, to a big huge company. I magine what a really skilled vetran of the scene could do if that person really got pissed off. Lame script kiddies giving hackers a bad name?The only things those attacks was to KEEP THE FOCUS on the Geek Community. Much un needed focus. Things are hard enough. We got things like -- "The mind boggles. Police have apparently raided a student's dorm room due to his participation in a heavy metal music inspired Starcraft clan, 'Bled For Days.'" Posted by jamie on Tuesday February 06, @03:15PM from the darkened-hearts dept. -- Just because a person thought a file was a threat. Not thatstudent meant any harm. There a real fear out there when it comes to computers(thatnks to the media) and its only gonna get worst if Lame script kiddies keep F*$#ing around....

It was all the (1)

monkeyfamily (161555) | more than 13 years ago | (#449295)

stupid firstposters

hmm... (1)

phoxix (161744) | more than 13 years ago | (#449296)

Ever wonder what real hackers such as Theo de Raadt (OpenBSD), and Alan Cox (Linux kernel), feel about this?

They are, after all, real hackers ...

Re:H4xx0r5 gave hackers a bad name. (1)

Bluesee (173416) | more than 13 years ago | (#449297)

CNN tried to get it right back in 1999 when they interviewed Emmanuel Goldstein of 2600, but then they interviewed this guy from IBM and forever got it wrong...

Anyway, I had written up a whole history of the term 'hacking' on CNN, but then Netscape crashed and I am Not a Hacker so I can't really retrieve it all that easily. I WAS a Hacker, but that was Fortran on the DEC... *sigh* I can't keep up with hacking anymore... which may not be a bad thing if hacking is so evil... :/

Here's the links:

The Palmer Guy [cnn.com]

Goldstein [cnn.com]

Rethink (1)

glowingspleen (180814) | more than 13 years ago | (#449298)

Lame script kiddies giving hackers a bad name?

Hmm. It is the general belief of most /. readers that we respect someone who does something that is hard and takes a lot of effort and creativity.

From that mindset, the person (or people) who first thought up a DDos attack are to be respected, since you must admit, it took some skill, programming, hacking, and theory to get it accomplished. (Note I leave morals out of this)

Yet who is REALLY to blame when a Script Kiddie does a bad deed? Personally, I blame the idiot who MADE the toolset easy enough for a mindless goon to use.

new networking in linux kernel? (1)

7-Vodka (195504) | more than 13 years ago | (#449299)

I thought there was some protection against these attacks included in the new linux kernel networkings.

Unplugged? (1)

Beowu1f (209753) | more than 13 years ago | (#449301)

Why not just unplug the internet? That'll solve the DoS problems. Maybe DOS as well...

Really though, DoS (or DDoS) attacks don't do anything except spank the owners of the site for not protecting themselves as best as possible, no? It's expensive for them, yes, and nothing's perfect, but as far as I know, it doesn't cause other vulnerabilities; so it seems to be a matter of convenience for most sites.

Perhaps I'm just insanely naive?

...He was old
With years and wisdom, fifty winters
A king, when a dragon awoke from its darkness...(92) [everything2.com]

Re:dDOS (1)

LowneWulf (210110) | more than 13 years ago | (#449302)

Haw. It'd solve the wave of denial of service problems for sure.

Re:DDOS and responsibility (1)

WildHunter (219172) | more than 13 years ago | (#449305)

150 mph isn't that fast.... depending on the skill of the driver and the type of road. Don't belive me, look at nascar or drag races. My motorcycle takes me way past 150 mph but I've never killed anyone because I wasn't in an area to do damage. I was on a track that was equipped to handle such speeds. Now for the segway to the net.

The internet is like a race track if you can't handle the load you need to, then get out of the race. Slashdotters are legitimate people (except for the trolls) that wish to view the page, if the site can't handle it perhaps they need to reevaluate their site. Slash dot irresponsible I think not, more like irresponsible web hosting.

I know what it was. (1)

AFCArchvile (221494) | more than 13 years ago | (#449306)

Was it a forgettable stunt? A much-needed wake-up call for insecure e-commerce sites? Lame script kiddies giving hackers a bad name?

Lame script kiddies. All they had to do was download a DDoS proggy, then upload to many choice workstations (probably a school's computer labs). That wasn't hacking. Now DeCSS, THAT's hacking!

Re:It's not the script kiddies ... (1)

Xuther (223012) | more than 13 years ago | (#449307)

It's also other media as well, television, the movie industry. Journalists who don't have a clue should not write tech stories. Since more likely than not they try to relate information with either something totally different, or inaccurate terms which they don't understand. I think as a community, any group that's gotten bad press due to stupidity should stand up and demand an apology or at least start a petition that the journalists be better educated. Symbolism can be used for good as well as bad, people need to take back symbols that had their real meaning perverted.

Re:DNS is a kludge (1)

mojo-raisin (223411) | more than 13 years ago | (#449308)

Okay. He doesn't use the words "poor hack", but the freenet faq [sourceforge.net] does say it's use will "...prevent DNS-style abuse of the mechanism."

DNS wasn't designed with true builtin redundancy in mind, which was the whole point of DARPA. Freenet attempts to add redundancy in addition to privacy.

DNS is a kludge (1)

mojo-raisin (223411) | more than 13 years ago | (#449309)

As Ian Clarke of the Freenet [sourceforge.net] project has said, the whole DNS system is a poor hack that reduces the strength of the internet. Using a distributed system like Freenet will make DDOS inconsequential.

You have ALL been trolled. You have Lost... (1)

Kasreyn (233624) | more than 13 years ago | (#449310)

...have a nice day. =)

Either that, or this is highly sarcastic and not very clearly written as such. However, a sarcastic piece disguised as a serious one is ALSO called a troll, because it's designed to catch the unobservant and hasty posters.

"...throw cash at the problem"

No one uses language like that except to argue AGAINST something. Not to mention the reference to the Tower of Babel, which seems like a sly joke to me.

"The internet needn't be a lawless frontier anymore"

Anyone who posts as much as this guy does has GOT to know what effect that sentence will have on /.

Thus, the above post is: A troll, a flamebait, or a moron who after posting a TON still can't see that this sort of thing is inflammatory here.

So what's with "5, Insightful"?! Maybe "4, Nicely Subtle Troll".

-Kasreyn

The Only Defense... (1)

xxxtac2 (248028) | more than 13 years ago | (#449311)

The only defense against DDoS attacks(and DoS attacks in general) is to distribute important servers and services over different networks with different IPs and ISPs. Keeping your webservers all on the same network segment is suicide for a big company that needs uptime. Same goes for any other services like DNS. without a central target to attack it becomes much harder to take down site. Use numerous isps and mirror the website(or DNS records) on seperate servers, it really isnt that hard to do and the costs are minor at best, definately worth the investment for companies that need 100% uptime. Couple this with a good routing setup and competent sys-admins and you have the best defense against any DoS attack.

Re:There's no defense against tacks either (1)

BLAMM! (301082) | more than 13 years ago | (#449316)

If I were a moderator, I'd mod this up +1, Insightful.

But I'm not.

So I won't.

The outcome (1)

onepoint (301486) | more than 13 years ago | (#449317)

The outcome of DDos / hacker attacks, will only lead to better security. Look at the advancements in personal pc security and how many more people are aware of them ( black ice, Zone alarm ...). Also take into account the affects of mafiaboy's action related to CERT's recent annoucing that they will broadcast the exploits after a certain amount of days. ( i think it was CERT ).

The greater good of script kiddies and hackers is that they make people aware of the weakness. And knowing where your weak is the greatest advantage you can have to secure your system beter

spambait e-mail
my web site artistcorner.tv hip-hop music news
please help me make it better

Re:dDoS's can be a good thing. (1)

ender's_shadow (302302) | more than 13 years ago | (#449318)

uhh, the comment was meant to be a joke. duh.

important fact (1)

chavster77 (303957) | more than 13 years ago | (#449319)

CmdrTaco is an idiot.

Hey. (1)

alphaparadigm (306270) | more than 13 years ago | (#449322)

Checkpoint software (Nasdaq's CHKP) claims to have some sort of defense against that sort of attacks... are they wrong, or did I hallucinate? -Alphaparadigm

Re:What we really need (1)

IceHunter (308561) | more than 13 years ago | (#449323)

Various initiatives have alredy been set up by various departments of the government, police, etc.

Recently one was set up specifically to track down the script-kiddies who make ddos attacks

Only problem is they are all seperate unrelated organizations, one large world-wide group would be more effective but is not in place and probably won't be for a while.

What about the military? (1)

xkenny13 (309849) | more than 13 years ago | (#449324)

Wasn't the Internet initially designed as a tool for the military, with the ability to fire off missiles from remote locations even if Washington D.C., New York, Los Angeles, etc. were already laid to nuclear waste?

What if someone decided to fire missles at us while at the same time flooding all our military computers with packets such that we couldn't respond?!

Not that I'm in favor of a nuclear holocaust, mind you, but I figure the military brass would be particularly interested if their massive computers could get knocked off the 'net by a couple teenagers.

Tacks? (1)

AX.25 (310140) | more than 13 years ago | (#449325)

Tacks? Silly boy. Didn't you see Blues Brothers 2000, it's roofing nails.

Don't see a solution (1)

khyron664 (311649) | more than 13 years ago | (#449326)

I don't really see a way to prevent DoS or DDoS attacks in the future. The concept is way too simple. All you have to do is flood a site with enough packets to overload the server, and you've committed a DoS attack. The DoS attack will probably continue to evolve into something that isn't as esily stopped as some people mention. The DDoS will probably never be stopped because no matter how alert you are with security patches, there is still the likelihood that a hole will be found and exploited before it is patched. Once the machine is cracked, that's it. With the number of machines connected to the net, you could easily gain access to enough to start a DDoS attack once you find just one such security hole. You can't punish them because companies don't have jusidiction in foreign countries and as we've noted several times, each country appears to look at things differently. IMO, the best you can do is use the most secure OS you can find and pray. Am I missing anything?

Khyron

DDOS and responsibility (1)

Yoshi Have Big Tail (312184) | more than 13 years ago | (#449327)

This is something that Slashdot does. When it posts a link to a small site, it knows, from experience, that this is likely to break the site.

This is no different from a script kiddie attacking a site. Both are acting irresponsibility.

Slashdot knows that by posting the link it is likely to cause serious loss of function - so do the hackers. It's like driving your car at 150mph and then saying "You can't blame me because people are dead". It's a silly argument.

Slashdot is being hypocritical by posting this story, considering it hass killed more sites than any script kiddie.

Excuses are not good enough. Slashdot has no obligation to link to sites. Other business are forced to act in a responsible manner - they don't let factories release any amount of chemical they like, and so it should be with Slashdot.

I really don't like this hypocrisy.

Re:Okay. Maybe not. But it still scares me. (1)

Schnedt McWhatever (313008) | more than 13 years ago | (#449329)

A document with two spaces in it is probably 19,460 bytes in size. One with twelve words is 19,600 bytes. There's a constant 'header' minimum for any Word document. That seems reasonable. There's a miniumum size for a LaTeX file with one space in it, too. What's your problem, then?

You script kiddiez are pussies (2)

defile (1059) | more than 13 years ago | (#449330)

Stop going after the small shit.

I can't believe no one has taken down the root servers yet.

The attorney general went apeshit just because of Yahoo.com and e-trade. Imagine what would happen if the *.root-servers.net suddenly stopped responding. 99.9% of internet users would be paralyzed and helpless.

Here, instead of releasing poison gas into the subways or toppling the world trade center, this is really easy to do and americans will so get their panties in a bunch:

  1. Amass lots of rooted boxen (given). Use the BIND exploit for the ultimate irony.
  2. Write a perl script and use a resolver module to send bogus random requests to each root server in sequence. The more random the better, as they will be harder to filter. Don't forget to spoof the source address.
  3. Run on each rooted box in background. Cron it to start on boot.
  4. Gloat to world newspapers.
It's ludicrous that none of you extremist terrorists have done this yet. You can do this from the comfort of your own homes and you don't even have to risk capture if you live in a US hating country.

Killing a bus full of passengers is good for horrifying headlines, but in the end no government will really care. Mess with the internet on the other hand and you're a force to be reckoned with.

And for all you jackasses crying Treason, would you rather they poisoned your local water supply or that they just took down .com? I know what my priorities are.

Re:There's no defense against tacks either (2)

Masem (1171) | more than 13 years ago | (#449331)

There is a defense, at least against the small-time script kiddie: you educate the public at large how to check for viruses, compramised computers, and get OS features up to speed as that untrusted code cannot be run without user intervention.

The DDoS attacks last year relied on the ability for Mafiaboy to install programs that would help propigate the DDoS across a large number of unintental volunteers' computers, such that all he had to do was wake them up at a given time with a given target, and that's all he needed. He was able to get such programs installed thanks to the help of email viruses, web page javascripting, and activeX. IIRC, many of the computers that were found to be part of the attack were computer clusters at universities, implying how easy it was to get this propigated.

If we had OSes and browsers that would not run untrusted code unless the user said yes, the DDOS would not have had been as effective. Even if that option's there, the important of what untrusted code is is not well implied. MS's 'error' message if you use prompting for ActiveX controls and scripting is "Scripts and ActiveX controls are usually safe..."; this is NOT true. Sandbox the browser, do not let it access any system files (as there's need for it to!). And make sure that computer users KNOW this and the effects that running such programs can have, don't take a passive view of "oh, a new bug fix is out, you ought to install it when you get a chance...".

detail (2)

MouseR (3264) | more than 13 years ago | (#449332)

What the article doesn't mention is that is father is called up on the witness bench, and his name has come up in the list of acusee, as he is, according to the procecutor, probably involved in the DDoS attack.

MafiaBoy's father allegidly gave him information on the technicalities of such an attack.
Local newspapers have reported at some point during the year that this is what's going to be used as a defense. The father allegedly knew how to do such an attack, for having read about it, and discussed it to his son, which then tried it. The father did not know the extent of the attack, not being very technical himself, hence the defense relying on the fact that MafiaBoy did not know either that this would cause such a severe attack.

Another newspaper had reported that the kid itself was "frame through ignorance" by his friends to do th3e attack itself.

Both newspapers were full of inaccuracies, of course, such as for the usage of the word "hacker", as usual.

Karma karma karma karma karmeleon: it comes and goes, it comes and goes.

DDoS for fun and profit (2)

c (8461) | more than 13 years ago | (#449333)

Once people start combining attacks with stock market manipulations, people might start paying more attention.

Sell short EBay, DDoS them for a couple days, collect some cash. Day trading and the speed at which attack news travels has made the markets so much more reactive to the slightest bit of bad news. Do this just before some kind of major EBay event so you can claim a legit excuse for the sell and hide your tracks carefully when starting the DDoS (AOL via a stolen cell phone?)

You heard it here first.

c.

Re:There's no defense against tacks either (2)

Kenshin (43036) | more than 13 years ago | (#449334)

If you did that, would that make you a Tacker?

Then the media could go bonkers about attacks by crazed teenage Tackers out to bring down the highway system!

(But seriously, a thumbtack wouldn't do sh!t against a car tire...)

A whole year? (2)

Wind_Walker (83965) | more than 13 years ago | (#449336)

Geez, how could time have passed by so quickly? I mean, a year since these devistating attacks happened... Where could it have all gone?

Oh, yeah. It all went back to real life, where this is no more than some offended 5kr1p7 k1dD13Z deciding to lash out. It had no influence on the world as a whole, had (as the article pointed out) no influence over the cyber-world...

This was an event that didn't shape anything. It didn't cause any sweeping changes (i.e., Columbine or the Challenger explosion), and certainly didn't bother anybody a week after it happened. I recall being astonished at the organization, having so many people DoS-ing at the same time... it gave me hope that the Internet community could bind together and fight for a common cause. Instead, it was just a trojan run by a single person.

It was a non-event of Y2K proportions. Get over it.
------

Defenses? (2)

dave-fu (86011) | more than 13 years ago | (#449337)

Like sane egress routing checks set up on the individual ISPs end?
No, it won't prevent DDoS attacks, but if the checks are set up so as to prevent packets with spoofed IPs from ever leaving their segment, then the people being attacked can see who's attacking, drop packets from them and notify the ISP hosting the (inadvertent?) attacker, letting them know what's happening.

ICMP Traceback Messages (2)

techiemac (118313) | more than 13 years ago | (#449338)

One of the latest developments in the war again DOS attacks has been with a working group at the IETF that is trying to create ICMP Traceback messages.

Essentially what these messages do is generate an ICMP packet with the previous IP address and the present IP address with, I believe, the first 60 bytes of the packet for every 20,000 packets that pass through the router. This packet will be sent to the source address so whoever the poor victim is can figure out who the REAL culprit is and not have to chase after spoofed IP addresses. Of course this should only be done on the edge routers and not the core so as to not generate unnessary traffic and to keep the internals of a service provider secret.

Now when this would happen is somewhat up in the air. Those of you that have attended IETF meetings know how slowly things can move (my personal experience is with diffserv... shudder, 4 years to argue about 6 bits of data in the IP header). Not to mention every single router vendor has to implement this and on top of this, the service providers have to update their routers with the software updates that support ICMP traceback messages.

Re:ATTENTION Script Kiddies! (2)

StandardDeviant (122674) | more than 13 years ago | (#449339)

May Day might be a historically consistent day for rebellion/mischief/etc. Hey, it works for the anarchists and whatnot, no?

Problem is that these "internet trash" have exactly 0 respect for rules to begin with, so thinking that all of them (or probably even a significant portion of them) would abide by the one-fun-day-a-year approach is probably optimistic. Cool idea though! :-)


--
Fuck Censorship.

Re:DNS is a kludge (2)

joto (134244) | more than 13 years ago | (#449340)

I am pretty sure you quote him out of context here. DNS is not a kludge, it is a relatively good way of naming hosts. Especially if people would still use it as a hierarchy. As a general naming system for web-content, it is a kludge.

Re:DNS is a kludge (2)

joto (134244) | more than 13 years ago | (#449341)

And "DNS-style abuse" doesn't even refer to the DNS system per se, but to the current policies surrounding the use of DNS on the Internet. Read: trademark-disputes, cybersquatting, etc...

Slashdot is the culprit (2)

Amon CMB (157028) | more than 13 years ago | (#449342)

We all know these sites weren't DOS'ed. They were Slashdotted!

Re:Unplugged? (2)

doctor_oktagon (157579) | more than 13 years ago | (#449343)

Perhaps I'm just insanely naive?

You are naive, but not insanely so :-)

There is not a lot you can do if 500Mb/s starts trying to ram itself down your 100Mb line. These vulnerabilites are an inherent part of the infrastructure.

Re:State of the Art vs. Production Systems (2)

doctor_oktagon (157579) | more than 13 years ago | (#449344)

While the state of the art in withstanding an attack has advanced measurably with the new kernel (SYN cookies, etc.), the Ramen Worm and other recent security problems have shown pretty conclusively that it takes a long time for security patches and package updates to make it into production servers.

Unfortunately my friend this has nothing to do with OS kernels, and everything to do with infrastructure elements like pipes, routers, switches, and firewalls.

The infrastructure cannnot handle the level of load being placed on it when these attacks take place.

I agree you can actually DOS a server, but these attacks were against the infrastructure.

ATTENTION Script Kiddies! (2)

jonfromspace (179394) | more than 13 years ago | (#449345)

Why not have a DDOS reunion tour? I'm sure the folks at CNN, Ebay, etc would love to see your sup3r 1337 skillz again...

morons...

Re:DDOS and responsibility (2)

jonfromspace (179394) | more than 13 years ago | (#449346)

are you on glue?

the "/. effect" is not malicious(sp?), nor dose it "Kill" sites... the odd /. link to a small webserver which happens to get crushed for an hour or two is not irresponsible . How many sites have had their fame MADE by a good slashdotting?

/.'s responsibility is to provide it's readers with interesting content, and unfortunatly, not all the good stuff is on Yahoo or CNN.

In closing...Take yer reactionary karma whoring elsewhere.

As bad these attacks were..... (2)

philkerr (180450) | more than 13 years ago | (#449347)

They did draw attention to the fact that a lot of e-com companies had failed to secure their sites.

The rush-to-market took presidence over security, even though preventative measures against DDos attacks was outside the remit of most sites, it was a wake up call.

A year later secuity is a lot higher in the product requirements!

Okay. Maybe not. But it still scares me. (2)

BigBlockMopar (191202) | more than 13 years ago | (#449348)


Okay. So, it's basically DNS that ships around Word documents instead of zone records...

Hmmm... Opening Word, hitting the space bar once, and then saving the document creates a file that is 19,456 bytes in size. (Under Word 97, Windows 95B, using the normal.dot template.) Adding a few generations of Microsoft Bloat, multiplying it by millions of proles... afraid to estimate the implications of PowerPoint...

Sounds like, through sheer volume, it might create its own DoS attacks...

;)

DDoS makes Microsoft .NET Impractical (2)

BigBlockMopar (191202) | more than 13 years ago | (#449350)


How are we to protect ourselves, and save the new economy and way of life and working we see growing for the first time?

Yeah! But if Microsoft moves all of, for example, Office 2003 to their ".NET" philosophy before DDoS has been conclusively thwarted, they're shooting themselves in the foot.

Who is going to buy into .NET when any 15-year-old with a cable modem can lock every secretary in the world out of Word? Every accountant out of Excel? Every CEO out of PowerPoint?

(Okay, not *ALL* of them, but it will be enough that almost all global business stops at the mercy of a mouseclick over a WWF desktop in a New Jersey bedroom.)

The ease of committing a DDoS is therefore, in my view, a very convincing deterrent to the mass adoption of centralized pay-per-use software subscriptions.

I wonder... (2)

autocracy (192714) | more than 13 years ago | (#449351)

Less than an hour later, Yahoo seemingly dropped off the Internet, as the company's servers were targeted with the very attack that Bellovin had warned about.

Did anybody check this guy out? I mean, come on right?

The problem with capped Karma is it only goes down...

Let go of the Cookie (2)

robbway (200983) | more than 13 years ago | (#449352)

Reminds me of the allegory of the monkey who can't get his hand out of the cookie jar because he won't let go of the cookie. Security measures to help prevent all DoS attacks as well e-mail virus-like scripts and web scripts severely impair the ability to control and advertise. Until then, you're better off using 3rd party security measures.

----------------------

Priorities are all messed up... (2)

wrinkledshirt (228541) | more than 13 years ago | (#449353)

Was it a forgettable stunt? A much-needed wake-up call for insecure e-commerce sites?

The sad thing is, e-business will probably decide that the better way to deal with events like these is NOT to secure their sites better, but instead prosecute the hell out of the offenders. That'll work well the moment someone else tries it and isn't too much of a stupid HaX0r to brag about it on a chat site. Also interesting is how these opportunities for learning generally end up involving the lawyers.

It's not the script kiddies ... (2)

codewolf (239827) | more than 13 years ago | (#449354)

"Lame script kiddies giving hackers a bad name?" It's not the script kiddies giving hackers a bad name, it's the press's misunderstanding and misuse of the word.

One way to stop DoS (2)

mr_stark (242856) | more than 13 years ago | (#449355)

Why don't sysadmins start blocking off invalid TCP/UDP packets that the router? AFFIK lots DoS attacks use packets with invalid TCP flags, have a look here [cs.hut.fi] . If they are dropped by the backbone provider end of problem..... mind you having said that most crackers will simply find another exploit.

I suppose some sort of stateful tracking would be handy as well, but that wouldn't stop DDos.

Its a game of chess


People are desensitized to it - like crime :) (2)

baptiste (256004) | more than 13 years ago | (#449356)

Seriously. When this first happened, many people were agahst that you could take down the big sites like that. But it happened, the sites came back, and life goes on. I think people (normal people ;) ) are starting to realize that in their everyday life, if a site like Microsoft or Yahoo goes down, it'll be back up in a few hours. Its not life threatening. Even the investment brokers. Unless they are dying to trade at that instant (and most folks are LTBH investors) they don't care.

Its a dangerous attitude in some respects, but in others its not. Its dangerous because it makes folks think hacking is harmless (till their credit report gets ripped off, etc) But heck most people survive just fine if the power goes out for a bit, why not the Internet?

I'm not agreeing with them, I just see that in responses from folks I talk with that aren't /. readers. The scary part is, DDos attacks ARE the tip of the iceberg. Its kinda like a doofus with a gun. Someone fires one in the air, everyone runs for cover, life stops for a sec, and then folks go about their business, not caring if the bullet came down and killed some poor sap. It just leaves folks unprepared for the real deal like when hackers manage to cull sensitive info on many of the top public officials (or their comuter systems) and hold the government hostage. They'll be totally unprepared.

The best we can do is a) spread the word to our less technically inclined friends that it IS a big deal, b) hacking is different from cracking, and c) contribute to hack prevention/detection systems like Snort [snort.org] (Not necessarily in that order!

I hate to say this... (2)

TheSHAD0W (258774) | more than 13 years ago | (#449357)

I'm afraid the only way to make DDoS attacks infeasible is for victimized companies to begin suing both the owners of the networks that have been hacked to produce the floods of packets, and one or more of the ISPs responsible for forwarding those packets to the victims' networks. The grounds for such lawsuits would be negligence in not repairing security holes in those machines, and-or allowing communications from obviously spoofed packets inside their network.

When companies are informed of the potential liability of not properly securing their networks, they will finally take serious steps to prevent their property from being hijacked and used to attack other systems.

H4xx0r5 gave hackers a bad name. (2)

blair1q (305137) | more than 13 years ago | (#449358)

We all know this, but sometimes forget, so bear with me here. Hacking didn't used to have anything specific to do with security. Now it's all about security and how to circumvent it. Trying to call it "cracking" will never work. CNN has bigger disinformation pipes than the original hacker community, which has a "tiny urethra" of a PR pipe, and nobody wants to talk about that.

Mafiaboy is nonetheless the fall-guy for a worldwide Society Of Loners who will get the message just in time for their little sisters to find the crack pipe behind the auth server.

Meanwhile, national ISPs like WWC.Com and Frontier.Net can't keep their billion-dollar networks running for a week without a major outage. MSN hires gorillas who don't know Cisco from Crisco. Go.Com is its own worst enemy rather than the cyberjewel of the most widely held corporation on Earth. And Intel jailed Randal Schwartz for doing his job.

Cracking is relatively about as debilitating to the net as keying Vint Cerf's car. But I don't want to be associated with that, either.

--Blair
"My tan is the color of a television tuned to a dead channel."

State of the Art vs. Production Systems (2)

lupercalia (310569) | more than 13 years ago | (#449359)

While the state of the art in withstanding an attack has advanced measurably with the new kernel (SYN cookies, etc.), the Ramen Worm and other recent security problems have shown pretty conclusively that it takes a long time for security patches and package updates to make it into production servers.

Red Hat hopes to make a splash through their automated update services, but so far they don't seem to be making much of a splash.

What is really amazing is that there aren't more DDoS attacks, considering the continued vulnerability.

Oh, dear lord, not again... (2)

$eyeB0rq_munqee (313802) | more than 13 years ago | (#449360)

you dumb fucks actually modded this fuck up again. good god, people, have you no sense anymore?

IMO, Urban Existentialists will be the curse of slashdot. They are becoming ever more frequent, and are frighteningly easy to implement. How are we to defend the moral upright citizens from attack when you can grab a hotmail address and troll away? Script Kiddies, with long winded trolls running amock, who needs 'em?

The e-economy is like a shining jewel, eh? Man, you smoke too much fuckin' pot, dude... lay off the weed.

My suggestion is to nuke your sorry ass off the planet, but that'd be unfair to those unfortunate enough to be near you.

punishment for script kiddies (3)

kettch (40676) | more than 13 years ago | (#449361)

The punishment for being a script kiddie who initiates a DDoS attack should be this:

Tie him to a table. then get about 20 people to stand in a circle around him. Then they should all converge on him, and poke him repeatedly. Just hard enough to hurt a little bit, but not too much. One person doing it would be annoying, but not bad. Multiply it by 20, or more and BWAHAHAHAHAHAH.

punishment for more serious attacks could replace sticks with finger poking. Lets see how long DDoS attacks would keep happening.

Of course, all of that would require that they actually put some effort into trying to find out who is responsible. All you have to do is get an infiltrator into some kiddie group. they like to bragincessently about their latest enterprise, whether it be leeching the latest warez release, or using 31337 sk1llz (some program made by someone who was actually semi intelligent) to h4x0r some computers.

For the people who actively try to crack systems, there should be a different punishment. If they get caught, they should be required to submit to a colonostomy. (To those non-medical geeks, a colonostomy makes a prostate exam look like a walk in the proverbial park.)Basically, they would be violated, and examined in the same way that they did to whatever system they got into.

Mostly script kiddies should obey my sig:
----------------------

Cracking & DOS (3)

Minupla (62455) | more than 13 years ago | (#449362)

Denial of service attacks are to cracking what parking a logging truck in the no parking zone in front of a bank is to bank robbery. It takes no talent, just a disregard for public convience and a big truck/pipe.


--
Remove the rocks to send email

Since the fall on the dot-coms (3)

chancycat (104884) | more than 13 years ago | (#449363)

With the possible recession down the road and the recent slew of failing dot-coms, this topic seems to have made less news lately than it had a year ago.

I'm still wondering why the attack against Microsoft the day after they fixed their DNS routing mistake made so little news. There are still plenty of major web/e-commerce shops out there, but perhaps the spector of DDoS just can't make news and grab eyes like it did just a few months ago.

But he uses a computer! He can't be bad! (3)

MongooseCN (139203) | more than 13 years ago | (#449364)

...as a typical slashdot posting would say. Now really DDoSing may be a simple thing to pull off but it's damaging and annoying to many people so why not arrest the little script kiddie? Maybe it will serve as an example to all the other kiddies out there. Saying that websites should be more secure instead of arresting crackers, script kiddies, etc is the same thing as saying we should be creating better bullet proof vest rather than arresting phsychotic gunmen.

Let's pretend that we're rational people. (3)

BigBlockMopar (191202) | more than 13 years ago | (#449365)


Just because it was Yahoo, does that makes it ok.

No. It doesn't. In fact, Yahoo is my browser home page. I probably hit it dozens of times a day. As far as I'm concerned, it's the best all-around portal/search engine out there.

What if it was your online brokerage company that was being DOS'ed and you couldn't get through to tell you're broker to sell your RedHat stocks before they evaporated?

[sigh]

Can we be rational about this for a moment? You write like you have exactly the same sort of momentum and hysteria going as NASDAQ in general did.

Okay. Brainflash: the Internet is merely a communication tool.

A DDoS interrupts your communication. Like walking into an elevator with a cellphone.

It's an outage, an interruption, inconvenient and frustrating but not the end of the world.

On the other hand, what would the ramifications be if someone could press a button and selectively give a cellphone user a brain tumor? (Oh, think of how useful that would be when you're driving!) For one thing, it would absolutely kill the cellphone. No one would use them.

This could be a parallel to more malicious and dangerous cyber-terrorism; breaking into secure machines and disseminating private information.

The DDoS is inconvenient and makes you reconsider your reliance on the medium. Hold the fire and brimstone: give your broker a call with a telephone.

Does your above statement still work?

Unless the Internet is blown beyond all proportion, from being the (revolutionary) communications tool that it is to the realm of a lifestyle, yes, it does work.

A year ago, the Internet was basically down. The traffic from the DDoS was such that most other pages that I tried to load were unusably sluggish. At the time, I didn't know why. I pinged big sites (including Yahoo) and did traceroutes trying to figure out where the bottlenecks were. Satisfied that it wasn't on my LAN or even with my ISP, I gave up: Instead of looking up a supplier using www.four11.com, I picked up the Yellow Pages.

It sucked, it was inconvenient, I had dozens of users asking me why mail was bouncing and pages didn't load, but it wasn't the end of the world.

Re:Hmm, cracks and security. (4)

doctor_oktagon (157579) | more than 13 years ago | (#449366)

Perhaps ISP's should work with server operators to make their servers better equipped to prevent an entry by a nefarious source...

I actually wrote all the Terms & Conditions of service for an Asian ISP last year, and I made a point of including a section which made the customer responsible for having a secure system, or the ISP could cut their access.

Unfortunately ISPs don't (generally) have the resource required to police all their customers, and thus the problem is ignored.

I strongly agree that the problem is with all those broken boxes hanging off the internet, and not the site administrators at the target.

We are slowly moving towards automated self-updating servers, but don't hold your breath!

Re:Since the fall on the dot-coms (4)

BigBlockMopar (191202) | more than 13 years ago | (#449367)


There are still plenty of major web/e-commerce shops out there, but perhaps the spector of DDoS just can't make news and grab eyes like it did just a few months ago.

I think you hit the nail on the head exactly.

So Yahoo is down for a few hours. It's inconvenient to users, and it costs them money in lost revenue, but it doesn't mean the end of the Internet.

Now that the dot-com bubble has burst, perhaps we're starting to see a more rational approach to the whole issue of technology and its embrace by the proles.

I mean, who on Slashdot was really freaked out when the Yahoo DDoS happened? It's the same thing as we've been used to for years, just on an incrementally larger scale. No big whup. No credit card numbers got out. No one got the number to the cellphone on Air Force One.

I'm still wondering why the attack against Microsoft the day after they fixed their DNS routing mistake made so little news.

Yeah, especially pushing their .NET concept. What happens to the users that I serve at work, when they're using Office 2003, and Microsoft makes a similar error?

Problems with software are inevitable, but I think this weakness has been glossed over in the mad frenzy for centralized software. I'd rather know that if Office blows up, I'll simply go to the computer in the next cubicle.

That way, I don't have to wait for them to get their servers back up before I can manipulate my document. Let alone my telco, my ISP, their backbone provider...

DDoS isn't a big deal. Yet.

Re:ATTENTION Script Kiddies! (4)

JWhitlock (201845) | more than 13 years ago | (#449368)

Why not have a DDOS reunion tour? I'm sure the folks at CNN, Ebay, etc would love to see your sup3r 1337 skillz again...

Interesting idea - what if one day out of the year was known as the unofficial "hack" day, when all the 1337 SKs and true crackers concentrated all their attacks. The sys-admins would know as well, so they could actually take time to update software and try to secure their system, set up honeypots, etc. For one day, the limits of security would be tested. And, given that most sys admins don't know much about security, we'd all get a day off work.

But what date? The date Kevin Mitnick was arrested / released / scheduled to get off parole? The anniversary of the DDoS attack? Personally, I like the idea of the first Friday /Saturday in April. Every few years, it would fall on April Fools Day, it would give sys-admins a Friday to secure the systems, and would allow them to get the systems up and running by Monday.

Or maybe not, since it is all illegal. But wouldn't it be nice knowing when it was coming?

There IS a DEFENCE..... (4)

FKell (253556) | more than 13 years ago | (#449369)

The defence is for the freaking administrators of all the main systems (major IP subnets) to not allow a subnet ping (a ping where every node that is alive returns a ping to the sender)...This would stop ALL DoS attacks in which the person causing the attack is only in control of one computer.

That leaves us with attacks that are comming from super-high bandwidth systems, and attacks that are using large numbers of systems. The high-bandwidth systems are MOST likely NOT going to be responsible for many attacks, as most hackers can not afford to pay for the kind of bandwidth needed. This leaves us back to the issue that the person starting the attack will need to break into any/all systems that start the attack. Now this could be easily resolved if people were just informed correctly about what security issues they need to worry about (like placing your system behind a decent firewall, software or hardware based).
That would then block out a very high number of the people trying to do these attacks, because face it, most of these attacks are from novice hackers who can not actually hack the system/entity that they have a problem with so they launch a DoS attack because it is so easy to do. Increasing the difficulty of launching this type of attack and the people who are doing these attacks will either need to learn how to be a better hacking (in which case they will probably find a way to actually gain access to the system that they are DoS'ing and just wipe them) or they will get fedup with it and go piss and moan to they friends.

dDoS's can be a good thing. (4)

Urban Existentialist (307726) | more than 13 years ago | (#449370)

dDoS'es, IMO, will be the curse of the Internet. They are becoming ever more frequent, and are frighteningly easy to implement. How are we to defend the new economy, the Internet, against the attacks of societies malevolent rejects, the Script Kiddies? The e-economy is like a shining jewel, offering a new way forward for mankind. But the ignorant and small minded have every desire to destroy it and tear down the towers of Babel.

How are we to protect ourselves, and save the new economy and way of life and working we see growing for the first time?

My suggestion is that we greatly improve punishments for script kiddies and throw cash at the problem by initiating 'online cops' with special dispensation to track them down. The Internet needn't be a lawless fronteir anymore.

Israel has done this to an extent. We should too.

You know exactly what to do-
Your kiss, your fingers on my thigh-

Stopping DDoS (4)

stigmatic (310472) | more than 13 years ago | (#449371)

I wrote a text from the administrative standpoint on how to pretty much eliminate 80% or so of an attack on a variety of hardware/software based level which can be found at my site [antioffline.com] .

Now as for the attacks themselves, this wasn't anything new as DDoS became popular after Mixter [antioffline.com] coded a scriptkiddiot [antioffline.com] tool, which allowed malicious users to actually implement these attacks on a ./script basis.

The foundations for DDoS though are a bit old and could have long been resolved had thorough network's been set up to deny any malicious activity to leave their networks and attack others.

Many admins have the knowledge to do so, but I think theyre resources are tied into making things work right then and there as opposed to doing it right.

Mafiaboy pleaded guilty in January (5)

Bishop (4500) | more than 13 years ago | (#449372)

The linked article is out of date. On January 18th Mafiaboy pleaded guilty to 56 of the 66 charges. The other 10 charges were withdrawn. CBC has some details [montreal.cbc.ca] .

Re:DDOS and responsibility (5)

Foochar (129133) | more than 13 years ago | (#449373)

The key difference between slashdot and a DDOS is the legitimacy of the access.

When slashdot links to a site all they are doing is advertising the existance of said site. Its not that much different from when a gas station does a roll back the clock sale and marks their prices down to $0.49 for the day and it has similar results. Every person going to a site linked to by slashdot has a legitimate reason to go there. Additionally many of the sites benifit from the added traffic. For many of the small sites if just 1 percent of the slashdotters that visit the site keep coming they will have increased their number of readers by an order of magnitude or more, and by increasing their numbers they have increased their earning from any advertising they may do.

The traffic generated by a DDOS attack on the other hand is not legitimate traffic. Its sole intenet is to bring down the site. It dosen't bring new people to the site, it dosen't generate banner revnue for the site it just brings it down. It'd be the equivalent to somehow brainwashing a bunch of people to all get in their cars at the same time, drive down to the gas station. Once they got there they'd pull up to the pump, take the nozzle out, flip the lever and then hang it back up again without pumping any gas. All you are doing is preventing legitimate access from taking place, and in the gas station example they'd all probably get prosocuted for trespassing.

You can't blame slashdot for a site's inability to keep up with legitimate demand, the same way you can't blame the community for a store's inability to keep a hot item in stock, say a Furby a couple Christmases ago. Who do you blame, the store who can't meet demand, and the site who can't keep up with traffic.

There's no defense against tacks either (5)

Microsift (223381) | more than 13 years ago | (#449374)

If I took a bag of tacks and spread them across a busy highway, traffic would slow down to a crawl as the road became littered with disabled vehicles(or if I hung a VW from a bridge). Not much has been done to combat this, except that most people are decent enough not to drop a bagful of tacks on the road.

Regard these attacks for what they are irresponsible acts by people with little regard for the public good.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>