×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Britain's GCHQ Attacked Anonymous Supporters With DDoS

Unknown Lamer posted about 2 months ago | from the something-about-watching-watchers dept.

Government 133

An anonymous reader writes "NBC News reports that, during a 2012 NSA conference called SIGDEV, GCHQ's Joint Threat Research Intelligence Group bragged about using Distributed Denial of Service (DDoS) attacks against members of Anonymous during an operation called Rolling Thunder in 2011 (there is evidence that says it was a SYN flood, so technically it was a simple DoS attack). Regular citizens would face 10 years in prison and enormous fines for committing a DoS / DDoS attack. The same applies if they encouraged or assisted in one. But if you work in the government, it seems like you're an exception to the rule."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

133 comments

In defense of GCHQ... (4, Funny)

korbulon (2792438) | about 2 months ago | (#46161653)

...No, I got nothing.

Re:In defense of GCHQ... (1)

TWiTfan (2887093) | about 2 months ago | (#46161717)

But they're trying to stop T E R R O R I S T S ! ! !

Re:In defense of GCHQ... (5, Insightful)

Anonymous Coward | about 2 months ago | (#46161929)

But they're trying to stop T E R R O R I S T S ! ! !

Protesters are not terrorists. Sadly our governments don't make that distinction.

Re:In defense of GCHQ... (5, Insightful)

Anonymous Coward | about 2 months ago | (#46162137)

But they're trying to stop T E R R O R I S T S ! ! !

Protesters are not terrorists. Sadly our governments don't make that distinction.

No, that's not sad, it's quite terrifying. [theguardian.com]

What's sad is that the secret agencies been treating activists like terrorists to maintain the corporate status quo since their inception over a century ago. [wikipedia.org] That's what "national security" is.

Re:In defense of GCHQ... (0, Insightful)

Anonymous Coward | about 2 months ago | (#46162423)

And Anons are not "protestors" either. They're people who "protest" by illegally hacking government and business, not by peacefully protesting. So that's why the government reacts the way it does. If you weren't biased, you would see that.

Re:In defense of GCHQ... (0, Insightful)

Anonymous Coward | about 2 months ago | (#46162693)

If you weren't biased, you would see that.

I'm not biased. My comment was that governments consider protesters to be terrorists. Just take a look around the world today. How many countries are restricting, or trying to restrict, protesters and lock them away?

Think back to the 2008 GOP Convention in NYC [wikipedia.org]. This isn't new, not even in "the West".

Re:In defense of GCHQ... (0)

Anonymous Coward | about 2 months ago | (#46162787)

If you weren't biased, you would see that.

The irony...

Re:In defense of GCHQ... (0)

Anonymous Coward | about 2 months ago | (#46164145)

If the governments weren't biased, or if they were at least as mature as an adult is "supposed to be," they would realize fighting fire with fire only results in burning the entire world down.

Am I defending Anon? No. They are equally foolish. Most of them are children who think it's fun and use the excuse of "we're fighting for freedom" to justify harming innocent citizens instead of the "evil corporations" they claim to target. Hmm...sound familiar? *cough* NSA *cough* GCHQ *cough*

Both sides are wrong, both sides should burn in the fires they themselves set.

Re:In defense of GCHQ... (4, Interesting)

emagery (914122) | about 2 months ago | (#46163485)

While I understand I am replying to a point of sarcasm, nethertheless we really should invest some time in using words correctly. Terrorists user terror to achieve a goal. Period. Activists use activism to achieve a goal. Vigilanteism may or may not use terror, but it is using directed force (of one form or another) to achieve a goal (in this case, hacking deleterious services in the name of 'justice' as understood by those engaging in it.) Whether justified or not or misdirected or not, it's not terrorism unless the force being applied is terror, and that does not accurately describe anonymous. Tangentially, I wish we'd do the same with words like LIBERAL (to behave permissively) vs. AUTHORITARIAN (to behave restrictively) or CONSERVATIVE (to resist change) vs. PROGRESSIVE (to seek change.) In all cases, the context is what's most important. Are you permissive toward personal in-home nondangerous lifestyles? Well, then you're socially liberal and probably democratic (party) leaning. Are you permissive towards gigantocorporations buying legislation and dumping toxins into water supplies on the cheap? Then you're corporately (neo) liberal. Hell, you have to be both liberal (towards individuals) and authoritarian (toward those arguing to take personal liberties away) to achieve and end... so I guess using D(D)oS against D(D)oSers almost makes sense. MEH! I just wish people would be simple and clear about the labels we through around and understand them in contexts.

GCHQ: "Hey guys.. DDoS attacks are illegal!" (0)

Anonymous Coward | about 2 months ago | (#46161679)

... then they proceed to DDoS anonymous

Re:GCHQ: "Hey guys.. DDoS attacks are illegal!" (3, Insightful)

dreamchaser (49529) | about 2 months ago | (#46162841)

It's illegal in most places for private citizens to lob military grade ordinance around, but not for Governments.

Re:GCHQ: "Hey guys.. DDoS attacks are illegal!" (5, Insightful)

Patch86 (1465427) | about 2 months ago | (#46165299)

If government agents lobbed military-grade ordinance at innocent civilians in the UK, we'd call that unlawful killing and lock the bastards up. And by the same token, if GCHQ had DoS'd targets belonging to legitimate wartime enemies, we wouldn't be criticizing them.

As a rough rule of thumb, the government isn't allowed to do things to citizens above and beyond what any civilian could do without a court mandate or a valid piece of legislation. Unless GCHQ have such a thing, they did wrong.

In other news... (5, Insightful)

Anonymous Coward | about 2 months ago | (#46161697)

In other news, the UK military can drive tanks, fire missiles & carry weapons - but regular citizens cannot.

It's all about oversight, not an attitude of "why can't we legally do this too?".

Re:In other news... (1)

rossdee (243626) | about 2 months ago | (#46161767)

In the US citizens can carry weapons, but firing missiles is not allowed.

And as for driving tanks, well if you count SUV's then yes, but the armor plated, tracked vehicles with cannon in the turret aren't allowed.

Re:In other news... (1)

Anonymous Coward | about 2 months ago | (#46161849)

Actually, private citizens are permitted to own tanks in the USA. Lots of paperwork, security checks, and some sort of license is required. All "guns" must be inoperable.

Re:In other news... (0)

Anonymous Coward | about 2 months ago | (#46161973)

Actually, private citizens are permitted to own tanks in the USA. Lots of paperwork, security checks, and some sort of license is required. All "guns" must be inoperable.

Looks like it's finally time for me to embrace my dream.

Tanks R Us - Opening Summer 2014*

* rain date Winter 2029

Re:In other news... (1)

cayenne8 (626475) | about 2 months ago | (#46164719)

Looks like it's finally time for me to embrace my dream.

Tanks R Us - Opening Summer 2014*

Cool!!

You can promote it as the ultimate SUV!!

Re:In other news... (2)

stealth_finger (1809752) | about 2 months ago | (#46162473)

Actually, private citizens are permitted to own tanks in the USA. Lots of paperwork, security checks, and some sort of license is required. All "guns" must be inoperable.

You can have tanks in the UK too.

Ross Noble has a tank – or more accurately an Abbott 433 self-propelled gun – which he brought from a website called Tanks A Lot. 'What's amazing is that you don't have to pay the Congestion Charge,' he told Richard Herring on his Leicester Square Theatre podcast released this week. 'There are no rules about it,' he added. 'The guns are deactivated now, but if they worked, from where I live now, I could hit Gatwick. That's not a threat. That REALLY isn't a threat. But I tell you what, the badger cull in our village is going well. I got the fucking lot...'

http://www.chortle.co.uk/news/2013/11/15/19063/ross_noble%3A_tank_commander

I think he talks about it here but I'm at work so I can't really check. http://www.topgear.com/uk/vide... [topgear.com]

Re:In other news... (1)

lagomorpha2 (1376475) | about 2 months ago | (#46161865)

That's because in the US people are citizens, in the UK they are subjects.

Also it is legal to own and drive tanks both in the United States and the UK, and there is a community of hobbyists in England who purchase old Soviet armored equipment and restore it to drive to meets just as though they were participating in an antique car club. The machine guns/cannon have to be disabled though unless you live in the US and have the proper permits.

Tanks have padded tracks so they actually don't damage roads as much as many tracked construction vehicles would.

Re:In other news... (1)

LVSlushdat (854194) | about 2 months ago | (#46162353)

That's because in the US people are citizens, in the UK they are subjects.

You're a little behind the times, US people are subjects now, too.. Our 238 year old Constitution has been run thru the shredder by the last several administrations and many of us are sick and tired of it...

Re:In other news... (1)

jareth-0205 (525594) | about 2 months ago | (#46163183)

That's because in the US people are citizens, in the UK they are subjects.

Not what it says on my passport...

Re:In other news... (3, Insightful)

AmiMoJo (196126) | about 2 months ago | (#46163161)

The military can only use those weapons against other militarys and with direct authorization from the government. GCHQ feels it can use cyberattacks against citizens who had no, at the time, been convicted of or even charged with any sort of crime, with no oversight or authorization.

At most the Anonymous DDOS attacks were a criminal matter for the police, not national security or warfare.

Re:In other news... (0)

Anonymous Coward | about 2 months ago | (#46163409)

That example is awful.

It is more like the military running through every house between their base and their target in the middle east, without a care in the world.

DDoS screws with more than just the target, it target every node between their target.

Re:In other news... (0)

Anonymous Coward | about 2 months ago | (#46164303)

In other news, the UK military can drive tanks, fire missiles & carry weapons - but regular citizens cannot.

It's all about oversight, not an attitude of "why can't we legally do this too?".

I feel like that's identifying another problem rather than an example of good policy. The military should be required to buy criminal liability insurance for every tank they own like civilians already do with their cars. That way if the military causes billions of dollars worth of damages, the insurance company pays restitution to the victims and the military's rates go up. Right now they can bomb whoever they want with only political consequences.

Devil's Advocate... (1)

Anonymous Coward | about 2 months ago | (#46161699)

Police are allowed to do many things in their duty that non-police aren't allowed to do.

Can it not be argued that GCHQ is also allowed to do many things in their duty that non-GCHQ folk aren't allowed to do.

reality check (0, Interesting)

Anonymous Coward | about 2 months ago | (#46161753)

if you're a private citizen, and you get denies service... isn't that more of an inconvenience? it's not really costing individuals millions of dollars or setting them back. if my connection had been attacked, it would be hard to tell if I was being attacked or if my internet connection was on the fritz. really, it's kind of a waste of tax payer money they're bragging about. stupid.

Re:Devil's Advocate... (2, Insightful)

Lawrence_Bird (67278) | about 2 months ago | (#46161785)

The police are not permitted to intentionally harrass or harm persons and property unless directly threatened.

Re:Devil's Advocate... (2, Insightful)

sl4shd0rk (755837) | about 2 months ago | (#46161869)

The police are not permitted

False. What we are finding is that a badge and gun are all the permit needed.

Re:Devil's Advocate... (2)

rwise2112 (648849) | about 2 months ago | (#46162881)

The police are not permitted

False. What we are finding is that a badge and gun are all the permit needed.

Badges? We don't need no stinking badges!

Re:Devil's Advocate... (2)

Thanshin (1188877) | about 2 months ago | (#46162185)

The police are not permitted to intentionally harrass or harm persons and property unless directly threatened.

That depends if you define "permitted" there as "sanctioned" or as "allowed".

Re:Devil's Advocate... (0)

Anonymous Coward | about 2 months ago | (#46162255)

Of course not. they are ORDERED to do so. (with respect to the exception)

Re:Devil's Advocate... (1)

Anonymous Coward | about 2 months ago | (#46163449)

You're kidding right? Heard of stop and frisk which occurs in most major cities in the USA not just NYC? It's standard behavior.

Re:Devil's Advocate... (0)

Anonymous Coward | about 2 months ago | (#46164077)

In NYC, it was considered unconstitutional a few months ago in its current form and was ordered to be stopped by a federal court until a fixed.

Re:Devil's Advocate... (0)

Anonymous Coward | about 2 months ago | (#46163749)

Harassment has some special meanings in the US not used in some other countries, apparently. Police can use force in most places if the public security or order is being threatened, directly or indirectly. A citizen, or a security guard can use force if a person or property is directly or indirectly threatened in many places, but not in the case of public order. The question is if the GCHQ is a military or a police organization.

Re:Devil's Advocate... (2)

xelah (176252) | about 2 months ago | (#46162271)

Indeed it can be argued - but there still needs to be a law saying they can. A law subject to democratic (well, ish) and judicial oversight, a law that everyone can see and argue over.

The question is: have this been reported? (3, Insightful)

Megol (3135005) | about 2 months ago | (#46161703)

To the police that is? That government agents (no not only the 007 kind) tend to overstep their authorities and commit crimes from time to time isn't that uncommon or even strange (even a government consists of people after all) but the solution to that is to report the event to police and let the legal system handle it. And hope the guilty are punished, sadly that isn't certain...

Re:The question is: have this been reported? (1)

gstoddart (321705) | about 2 months ago | (#46161847)

Annoyingly, laws apply to us, and not them.

Things we aren't allowed to do they can say they're doing for Perfectly Good Reasons.

Essentially they get to give themselves a free pass and do this kind of stuff.

Increasingly, law enforcement everywhere in the so-called 'free world' is deciding that the rule of law is too inconvenient and skirt around it if it suits them.

Re:The question is: have this been reported? (1, Insightful)

ducomputergeek (595742) | about 2 months ago | (#46163557)

An Intelligence Officer is a criminal with a badge that makes it "ok". Seriously, it is their job to go into other countries and break their laws in order to gain information.

Government can do many things you can not (1)

Anonymous Coward | about 2 months ago | (#46161705)

It can levy taxes, print money, jail people involuntarily, declare war, kill people , etc.

Re:Government can do many things you can not (0)

Anonymous Coward | about 2 months ago | (#46164877)

yes, yes, no, yes, no, no.

GCHQ, Mossad, NSA racing to win biggest asshole (1)

TWiTfan (2887093) | about 2 months ago | (#46161707)

Who will win in the end? Stay tuned!

Re:GCHQ, Mossad, NSA racing to win biggest asshole (2)

gstoddart (321705) | about 2 months ago | (#46161921)

Who will win in the end? Stay tuned!

Fascism and the police state.

We all lose.

Re:GCHQ, Mossad, NSA racing to win biggest asshole (0)

Anonymous Coward | about 2 months ago | (#46161931)

Can anyone enter? Is Anonymous in the race? They should be, they've earned it with all the DDOS and hack attacks. What are the rules to determine if they win you?

Er... duh? (-1, Redundant)

beaverdownunder (1822050) | about 2 months ago | (#46161709)

Law enforcement agencies do 'illegal' things all the time, from a cop speeding to a crime, to shooting an armed suspect, to kidnapping and interrogating suspected terrorists.

Yes, they can do this shit and you can't. Get over it.

Re:Er... duh? (1)

Anonymous Coward | about 2 months ago | (#46161781)

If you live where shooting an armed criminal during the commission of a crime is illegal then you're already in trouble. If you're not trying to change it, then you're part of the problem.

Re:Er... duh? (1)

Anonymous Coward | about 2 months ago | (#46161815)

Yes, they can do this shit and you can't. Get over it.

Would you also say that to the people of North Korea?

At what point do you draw the line?

Re:Er... duh? (1)

cold fjord (826450) | about 2 months ago | (#46162325)

I suspect most North Koreans would gladly trade the problem of a DDOS attack against them by the government for engaging in DDOS in exchange for their current problems of political prisoners being experimented on [theguardian.com] and mass starvation due to the government diverting both local food and foreign food aid to the military.

Re:Er... duh? (0)

Anonymous Coward | about 2 months ago | (#46161845)

This is no satisfying order for the world i live in.

Please eat shit and die.

In defence of GHCQ... (0)

Anonymous Coward | about 2 months ago | (#46161739)

of course it's the least that they did. Do you really think the SIGINT community for the British Government is going to do nothing whilst our institutions are attacked? Anonymous declared war so they got attacked. Boo. Hoo.

The Schutzstaffel (4, Insightful)

pigsycyberbully (3450203) | about 2 months ago | (#46161745)

http://pigs-at-gchq.com/ [pigs-at-gchq.com] Do laws matter? When all agree to abide by a law it is called a social contract in English. “An agreement among the members of a society to cooperate for mutual social benefits, by safeguarding individual freedom for state protection.” The Oxford dictionary puts it this way: “Agreement among the members of a society or between a society and its rulers about the rights and duties of each.” The U.K. and the U.S. authorities have broken this agreement so badly in so many different ways that the future is not looking very good. Until they agree to keep within this social contract I will simply tell them at every opportunity to fuck off. Hope you do the same.

Re:The Schutzstaffel (2)

cold fjord (826450) | about 2 months ago | (#46161863)

Anonymous had already broken the social contract. You seem to be silent on that. Do you also complain about the police breaking the social contract for using force?

Re:The Schutzstaffel (5, Insightful)

gstoddart (321705) | about 2 months ago | (#46162003)

Anonymous had already broken the social contract.

I believe you'll find Anonymous is breaking the social contract because governments have already done so.

You've completely missed the part where the GP said:

"Agreement among the members of a society or between a society and its rulers about the rights and duties of each." The U.K. and the U.S. authorities have broken this agreement so badly in so many different ways that the future is not looking very good.

I find it difficult to disagree with the notion that the governments have already broken the social contract, and Anonymous is a reaction to that.

I don't necessarily agree with everything Anonymous does -- but I sure as hell understand the reason for them existing. When your rulers are unjust, you have little recourse except to break the social contract as well.

That those same unjust governments decide that gives them free reign to continue to be unjust is just more of the same.

Re:The Schutzstaffel (3, Insightful)

cold fjord (826450) | about 2 months ago | (#46162635)

I believe you'll find Anonymous is breaking the social contract because governments have already done so.

Perhaps you could explain then how attacking random people and corporations is a useful reaction? Anonymous aren't out to "enforce" the social contract but for "lulz" or to satisfy their pique. They are cyber vandals, little more. Anonymous is no more justified in most of what they do than most any other vigilante group.

I don't necessarily agree with everything Anonymous does -- but I sure as hell understand the reason for them existing. When your rulers are unjust, you have little recourse except to break the social contract as well.

Then you basically negate the social contract entirely since there will always be someone or some group that can claim that they have been treated unfairly, and we now move to the realm of vigilantes. I don't see them fighting for noble causes in the case of genuine oppression so much as petty grievances and fringe causes. They vandalize over the irk of the hour despite their noble claims.

You will notice that they are heavily active in Western democracies which have many rights guarantees, social safety nets, and little or no meaningful political oppression. Perhaps you can tell us, what country would they not vandalize? Where can we find an order so universally just and beyond reproach from every viewpoint, including the insane, juvenile, or foreign, that it cannot be assailed?

They neither support nor enforce the social contract, they undermine it.

Re:The Schutzstaffel (3, Insightful)

Pav (4298) | about 2 months ago | (#46165125)

...and we all know the vastly less powerful are equally morally culpable. That's why bombing illiterate goat herding religious nuts is also universally accepted as the epitome of Great Justice. Just replace "angry citizen" in this analogy... how could anyone fail to see?

Re:The Schutzstaffel (0)

Anonymous Coward | about 2 months ago | (#46162089)

Anonymous had already broken the social contract. You seem to be silent on that. Do you also complain about the police breaking the social contract for using force?

Something about two wrongs comes to mind... and their sum not being a right.

Re:The Schutzstaffel (1)

fustakrakich (1673220) | about 2 months ago | (#46162187)

Anonymous had already broken the social contract.

In the game of 'tit for tat', it's a matter of who drew first blood.

Re:The Schutzstaffel (1)

umghhh (965931) | about 2 months ago | (#46162939)

So if a system evolves from kind of democratic and respecting human rights into police state and we lose all the control possibility we should just agree with this and silently protest? Maybe we should. Gandhi did that after he found out military response to British rule is pointless. OC problem here is that oppressors are difficult to send away as they live among us. Another thing is - government agencies doing things that other cannot, operate under specific rules that are there to ensure no violations occur and if they do then they are handled appropriately. What we see now is that governments of today developed ways to bypass this - they hide their activities or if that is impossible they reinterpret the law. Considering abysmal record of British justice system I'd say the moment where a direct actions may be necessary, becomes close. I do not want to be around when that happens tho.

Perspective (0)

Anonymous Coward | about 2 months ago | (#46161755)

I'm not in support of their actions, but this is a pretty stupid thing to say:
"Regular citizens would face 10 years in prison and enormous fines ... But if you work in the government, it seems like you're an exception to the rule."
Yes, you are an exception to the rule if you work for the government. That's how the entire policing, military, intelligence system works. If you disagree with that then you have very fundamental philosophical problems with the way our society is structured.

Re:Perspective (1)

bazmail (764941) | about 2 months ago | (#46161805)

"Yes, you are an exception to the rule if you work for the government."

You have accepted your role as a cog. An unthinking unit of work and obedience to be monitored and vihttp://yro.slashdot.org/story/14/02/05/1318223/britains-gchq-attacked-anonymous-supporters-with-ddos#ewed with suspicion. But what is most worrying is that you did it without so much as a whimper.

Re:Perspective (0)

Anonymous Coward | about 2 months ago | (#46162393)

I thought slashdot was supposed to be where 'news for nerds' was discussed semi-intelligently, not a place for armchair dissidents to talk out of their arse.

Re:Perspective (0)

Anonymous Coward | about 2 months ago | (#46162723)

That's a common misconception. /. is an undercover terrorist cell created by the moon men to fight the oppressive reptilian regime.

For Luna!

Re:Perspective (4, Insightful)

AHuxley (892839) | about 2 months ago | (#46161911)

There is not 'exception to the rule' under UK law. You have to have some 'ok' from the gov to do this. The GCHQ staff understood that when they first collected all calls (domestic too) via their Intelsat efforts in the 1960's.
The Intelligence Services Act of 1994 offers a lot of new legal protections, then the Intelligence and Security Committee, SIGMod (sigint modernisation) followed in mid 2000 with more legal backing. Open court use of material is still under GCHQ veto, most is "passed" to other groups, MI5, ~ Special Branch.
The use of a "packet flood" back up would have been a new step beyond passive logging and longer term infiltrating efforts.

Re:Perspective (1)

hoboroadie (1726896) | about 2 months ago | (#46162141)

If you disagree with that then you have very fundamental philosophical problems with the way our society is structured.

Why, indeed I do. OTOH, if you agree, then I also have a fundamental philosophical problem with your interpretation of the concept of Reason.

newly minted custom monkeys get crown royal dna (-1)

Anonymous Coward | about 2 months ago | (#46161797)

it's new for the yachting season, the cr dna from the lhc composting accident + custom made monkeys? are we being born again, again, while we're still here? what a gig.

I am free! (1)

Anonymous Coward | about 2 months ago | (#46161813)

I know DDoS attacks against IRC servers aren't uncommon...

But we're talking about an IRC server being DDoS'd by a security agency.

A place where people go to talk (regardless of how affiliated they are with Anonymous or not.)

So I'm guessing this means that Freedom of Speech no longer means shit the fascists in charge.

Re:I am free! (1)

fustakrakich (1673220) | about 2 months ago | (#46162227)

So I'm guessing this means that Freedom of Speech no longer means shit the fascists in charge.

Are you implying that it ever did? The American's 1st Amendment didn't even survive a full decade before being rendered toothless 216 years ago.

Anonymous is composed of cyber vandals.. (0)

Anonymous Coward | about 2 months ago | (#46161821)

So it's rather odd to see a post crying over them being given a dose of their own medicine. But this is /. so I suppose it shouldn't be.

Syn flood? (1)

pcjunky (517872) | about 2 months ago | (#46161825)

This was the first DOS attack I ever heard of. Used against Panix (ISP in NY) back in the day. Now most systems (Linux kerel, etc) are hardened against syn floods.

Primitive.

Windows can be also, easily... apk (3, Informative)

Anonymous Coward | about 2 months ago | (#46161879)

DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note)!

---

Microsoft Windows NT-based OS settings vs. DoS:

Protect Against SYN Attacks

FROM -> http://msdn.microsoft.com/en-u... [microsoft.com]

A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.

To protect the network against SYN attacks, follow these generalized steps, explained later in this document:

Enable SYN attack protection
Set SYN protection thresholds
Set additional protections

Enable SYN Attack Protection

---

The named value to enable SYN attack protection is located beneath the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.

Value name: SynAttackProtect

Recommended value: 2

Valid values: 0, 1, 2

Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.

---

Set SYN Protection Thresholds

The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

These keys and values are:

Value name: TcpMaxPortsExhausted

Recommended value: 5

Valid values: 0?65535

Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.

Value name: TcpMaxHalfOpen

Recommended value data: 500

Valid values: 100?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.

Value name: TcpMaxHalfOpenRetried

Recommended value data: 400

Valid values: 80?65535

Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.

---

Set Additional Protections

All the keys and values in this section are located under the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:

Value name: TcpMaxConnectResponseRetransmissions

Recommended value data: 2

Valid values: 0?255

Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.

Value name: TcpMaxDataRetransmissions

Recommended value data: 2

Valid values: 0?65535

Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.

Value name: EnablePMTUDiscovery

Recommended value data: 0

Valid values: 0, 1

Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.

Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.

Value name: KeepAliveTime

Recommended value data: 300000

Valid values: 80?4294967295

Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.

---

Lastly, of course, there IS the "null-route" option (you need to have a network with multiple IP addresses, ala multi-homed servers BEFORE your production ones since this must be done "upstream" of them though - plus, many routers have this functionality built in, so that is another way to 'blackhole' such attacks) noted here:

http://en.wikipedia.org/wiki/N... [wikipedia.org]

The route command can do the job, per the specs/requirements noted above!

This use of the route command, however, is a MANUAL & slow/stodgy method, since it is commandline driven...

(However: A script or program using a listbox COULD automate this, given the data for the originating attack IP addresses).

---

Investing in one of THESE is a big help:

DDoS Appliances:

http://www.google.com/search?s... [google.com]

* Hope that helps...

Microsoft &/or Amazon - they have such TREMENDOUSLY POWERFUL setups for monitoring + alerting them to DoS/DDoS, they can start "shutting down" IP address sources of packets for DDoS easily, & way, Way, WAY before it's time to "panic" - it's the reason WHY "Anonymous" & the like can't "take them down" (& yes, they HAVE tried)...

For some material on what they do? See here (MS):

---

Microsoft: We're not vulnerable to DDoS attacks

http://www.networkworld.com/co... [networkworld.com]

PERTINENT QUOTE/EXCERPT:

"At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."

---

&/or

---

Why attackers can't take down Amazon.com:

http://money.cnn.com/2010/12/0... [cnn.com]

PERTINENT QUOTE/EXCERPT:

"So Amazon (AMZN, Fortune 500) has spent years creating and refining an "elastic" infrastructure, called EC2, designed to automatically scale to handle giant traffic spikes... But Amazon's entire business model is built around handling intense traffic spikes. The holiday shopping season essentially is a month-long DDoS attack on Amazon's servers -- so the company has spent lavishly to fortify itself."

INTERESTING STUFF - Hope the read helps those of you dealing with DDoS/DoS attacks...

APK

P.S.=> Usage of CDN - to distribute loads & "attack surface area" helps also...

... apk

Cool (0)

Anonymous Coward | about 2 months ago | (#46161831)

I need to know exactly the rules, before I face the exceptions.

Throw (0)

Anonymous Coward | about 2 months ago | (#46161855)

these fucking fucks out. FFS. The amount of shit I have to look forward to is dwindling. Domestic terrorism in the younger generation is going to be high, i think.

Re:Throw (0)

Anonymous Coward | about 2 months ago | (#46161917)

I doubt it.

What with the new idea of ten hour school days and toddlers to start school at two years old, they won't even be able to think for themselves.

stupid summary (and possibly article) (0)

Anonymous Coward | about 2 months ago | (#46161857)

(there is evidence that says it was a SYN flood, so technically it was a simple DoS attack

Um... no. DDoS means that the attack comes from a set of attacking servers, typically distributed geographically. A SYN flood can be performed with a single server or with multiple servers sending SYN requests to the target. In fact, if the target is more robust than the attacker (for example, if the target is a cluster and the attacker is an iPad) a DoS SYN flood will likely fail, and DDoS is necessary.

Whoever wrote that line needs more edumucation.

Not really that surprising (0)

Anonymous Coward | about 2 months ago | (#46161909)

The police can shoot someone, but a regular citizen can't. They can detain you and stick you in a room with a bright light. If a regular citizen does that it's called kidnapping. So there are lots of things the authorities can do that the average Joe can't.

Link error (0)

Anonymous Coward | about 2 months ago | (#46161945)

Since when is a link to twitter acceptable? Link straight to the NBC article next time plox.

Innocent bystanders. (1)

Narcocide (102829) | about 2 months ago | (#46161955)

Does this have anything to do with why FreeNode IRC was being DoS attacked a couple days ago?

3 Words! (1)

drpimp (900837) | about 2 months ago | (#46162027)

ABOVE THE LAW

Re:3 Words! (1)

Anonymous Coward | about 2 months ago | (#46162335)

ABOVE THE LAW

Time for a new Magna Carta. Next time, restrict both the king and the government action against the people by recognizing the universal truth of freedom.

The problem is in thinking there are no such things as rights, only permissions. No freedom of speech, only permission? This is ignorance of the highest degree. In the absence of all laws there is total freedom: Any action can yield any reaction. Laws restrict the fundamental freedom granted to intelligent forms by the nature of the universe itself through the core principals of cybernetics: To think one must be free to sense, decide and act. Less laws = more freedom. Life is born having as much freedom possible, and you trade some freedom for standards of governance to allow the government to act ethically on behalf of the people. When these systems fail to act to the benefit of the people and they can not be held accountable by the people, then the cycle of history repeats.

Next time, insist on protecting the true nature of freedom inherent in life itself as much as possible, not dispensing permissions from a sovereign source. Next time abolish secrecy of governance so that no hidden law may be leveraged against you without your knowledge of it; You almost got it right with rejection of the star chamber, if only you had applied this thinking to all rules. Next time do not create a law making body without an open and active law unmaking body to continually evaluate the validity of laws charged with maximizing freedom. Next time enshrine accountability such that the non-sentient rules that govern the sentient life forms are always questioned. Next time you might just solve the Fermi Paradox.

Why not just file criminal charges? (1)

Anonymous Coward | about 2 months ago | (#46162079)

Sure, they probably won't go anywhere, but it'll still be good to have it on public record that the government refuses to prosecute its own agency's crimes.

lowercase (2)

gmuslera (3436) | about 2 months ago | (#46162103)

Wasn't just the Anonymous group the attacked ones, but other people that wanted to stay anonymous too, like political dissidents and others. Is not the War on Anonymous [nbcnews.com], but the war on anonymous, privacy and anonymity is becoming outlawed (except for them, of course)

We're All Equal... (0)

Anonymous Coward | about 2 months ago | (#46162135)

... but some of us are more equal than others.

Am I the only one... (0)

benjfowler (239527) | about 2 months ago | (#46162281)

Am I the only one amused that the spooks have the basement-dwellers a taste of their own medicine?

Re:Am I the only one... (0)

Anonymous Coward | about 2 months ago | (#46164859)

So I guess you're ok with the cops mugging people, or stealing identities, or even burning down houses then, among many other possible crimes.

Don't forget that all this kind of stuff isn't about any form of law or justice, it's just petty vindictiveness, and it affects plenty of other people that had nothing to do with the situation. Do you ignore them as well?

At the very least, if there's any justice at all left, the ones responsible for illegal activity will be fired if not fired and prosecuted for their criminal activities.

The power to enforce the laws comes with a responsibility and requirement to be held even more tightly to those same laws.

Perfectly Legal (0)

Anonymous Coward | about 2 months ago | (#46162639)

Hey you, peasant! Laws are for you, not for us!

Robert Peel called.. (2)

Walterk (124748) | about 2 months ago | (#46162705)

and he mentioned something about ethics of policing [wikipedia.org]*.
  1. To prevent crime and disorder, as an alternative to their repression by military force and severity of legal punishment.
  2. To recognise always that the power of the police to fulfil their functions and duties is dependent on public approval of their existence, actions and behaviour and on their ability to secure and maintain public respect.
  3. To recognise always that to secure and maintain the respect and approval of the public means also the securing of the willing co-operation of the public in the task of securing observance of laws.
  4. To recognise always that the extent to which the co-operation of the public can be secured diminishes proportionately the necessity of the use of physical force and compulsion for achieving police objectives.
  5. To seek and preserve public favour, not by pandering to public opinion; but by constantly demonstrating absolutely impartial service to law, in complete independence of policy, and without regard to the justice or injustice of the substance of individual laws, by ready offering of individual service and friendship to all members of the public without regard to their wealth or social standing, by ready exercise of courtesy and friendly good humour; and by ready offering of individual sacrifice in protecting and preserving life.
  6. To use physical force only when the exercise of persuasion, advice and warning is found to be insufficient to obtain public co-operation to an extent necessary to secure observance of law or to restore order, and to use only the minimum degree of physical force which is necessary on any particular occasion for achieving a police objective.
  7. To maintain at all times a relationship with the public that gives reality to the historic tradition that the police are the public and that the public are the police, the police being only members of the public who are paid to give full time attention to duties which are incumbent on every citizen in the interests of community welfare and existence.
  8. To recognise always the need for strict adherence to police-executive functions, and to refrain from even seeming to usurp the powers of the judiciary of avenging individuals or the State, and of authoritatively judging guilt and punishing the guilty.
  9. To recognise always that the test of police efficiency is the absence of crime and disorder, and not the visible evidence of police action in dealing with them.

*: I did try and warn him about the future [xkcd.com] but he said he had to rush off to do some shopping..

Did anyone notice? (1)

SuricouRaven (1897204) | about 2 months ago | (#46162979)

Anonymous factions DoS each other all the time for fun and practice. They are fairly good at working around it.

Doesn't just deny the target (0)

Anonymous Coward | about 2 months ago | (#46163227)

Hey GCHQ: You're not just denying the target service. The internet isn't magic. It doesn't teleport your packets to the destination. It's a series of tubes, and your syn flood effects all the tubes between you and the target.

Dear Brits, (0)

Anonymous Coward | about 2 months ago | (#46163421)

do something about your government. It's out of rein.

(now going to do something about *mine*, it's out of rein too).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...