Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anti-DDOS Alliance In The Works?

timothy posted more than 12 years ago | from the defusing-disruption dept.

News 145

Rackemup writes: "This article on ZDNET says McAfee and some anti-DDOS vendors are finally teaming up to address DDOS attacks and Code-Red-like network scanning. Seems like they're finally catching on that a purely reactive approach to Internet and virus attacks isn't going to cut it anymore, even after all the media coverage of these latest virus attacks there are still loads of zombie machines out there merrily scanning away, looking for others to infect."

cancel ×


Sorry! There are no comments related to the filter you selected.

Anti-DOS Alliance? (4, Funny)

SpanishInquisition (127269) | more than 12 years ago | (#2199589)

It was called a Mac User group in the 80's, but now, I don't see how it could be relevent.

Re:Anti-DOS Alliance? (1)

cirix (73809) | more than 12 years ago | (#2199608)

And so, for the 90s and the new millenium we have Linux as the Anti-DDos People.

Wow, we're getting modern!

fp? (0, Offtopic)

imadoofus (233751) | more than 12 years ago | (#2199591)


Re:fp? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199771)

I regret to inform you that you are off by 2,199,590. Congratulations, you fucking idiot.

frost pist (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199594)

frost pist

Linux facts! (-1)

Anonymous Coward | more than 12 years ago | (#2199595)

If you put Linux next to some other operating systems out there for a cost comparison, the conclusions are devastating for Linux.

Linux costs not only more because of the frequent updates which require new cdrom's to be bought if you don't have a high speed Internet connection.

Another factor in Linux cost is its maintenance. Linux requires a *lot* of maintenance, work doable only by the relatively few high-paid Linux administrators that put themselves - of course willingly - at a great place in the market. Linux seems to be needing maintenance continuously.

Add to this the cost of loss of data. Linux' native file system, EXT2FS, is known to lose data like a firehose loses water, when the file system isn't unmounted properly. Other unix file systems are much more tolerant towards unexpected crashes. An example is the FreeBSD file system, which with soft updates enabled, performance-wise blows EXT2FS out of the water, and doesn't have the negative drawback of extreme data loss in case of a system breakdown.

Factor in also the fact that crashes happen much more often on Linux than on other unices. On other unices, crashes usually are caused by external sources like power outages. Crashes in Linux are a regular thing, and nobody seems to know what causes them, internally.

The steep learning curve compared to about any other operating system out there is a major factor in Linux' cost. The system is a mix of features from all kinds of unices, but not one of them is implemented right. A Linux user has to live with badly coded tools which have low performance, mangle data seemingly at random and are not in line with their specification. On top of that a lot of them spit out the most childish and unprofessional messages, indicating that they were created by 14-year olds with too much time, no talent and a bad attitude.

I can go on and on and on, but the message is clear. In this world, there is no place for Linux. It's not an option for any one who seeks a professional OS with high performance, scalability, stability, adherence to standards, etc. The best place it should ever reach is the toy store, and even that would be flattering.

Troll facts! (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2199618)

w0w! j00r tr0ll sk1llz0rz have made me see the 3rr0r of my w4ys!

There's no need for truthfulness when proper grammar is involved!

I'm going to go out and beat up Alan Cox now, and I owe it all to you, you big hunka hunka burnin' troll meat, you!

p.s. I want to have your child.

Re:Troll facts! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199633)

I already had his child, she's all stretched out and loose now...

fp (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199603)


Hmm.. (3, Funny)

PopeAlien (164869) | more than 12 years ago | (#2199604)

For the anti-DDoS vendors, the partnership with McAfee is a golden opportunity to show that their nascent solutions can detect and shut down these attacks before they cripple corporate networks.

We did it.. Yep, we saved you from a huge attack that would have crippled your network.. No, honestly, we did.. Please see attached invoice.

Re: Hmm.. (2)

hodeleri (89647) | more than 12 years ago | (#2199663)

I can see the ads now:

Mcafee -
THE MSTD Solution

But can anyone plug up all the flaws in Holier than the Pope software (MS et. al.)?

Re: Hmm.. (0)

Anonymous Coward | more than 12 years ago | (#2200174)


I regret to inform you that you have used the words 'But' and 'Plug' in the same sentence. Please report a San Fransisco Bath House at once.


Re: Hmm.. (2)

Zalgon 26 McGee (101431) | more than 13 years ago | (#2200214)


Is that a Microsoft [] STD [] ?

Re: Hmm.. (1)

jhantin (252660) | more than 13 years ago | (#2200253)

That usually seems to be expanded simply as "Microsoft-transmitted disease" [1] [] [2] [] , though the derivation of the term is indeed as you suggest.

Question... (1)

LinuxGeek (6139) | more than 12 years ago | (#2199609)

"...and also to discover and eliminate the "zombies" that attackers use to launch their assaults."

How will they identify the zombies that happen to be WinXP boxes and have their IP addresses spoofed?

Re:Question... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199643)

Who're you, Steve Gibson?!

Re:Question... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199664)

They'll find Alyson Hannigan and put her in a huge bowl of hot grits... that's how.

fuck you (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199610)

first post lozers

McAfee Presents... (1)

smack_attack (171144) | more than 12 years ago | (#2199619)

The latest in protecting your networks; Our skilled team of ninjas will stealthily infiltrate data centers where infected machines are running and slice off their network connection.

McAfee: We have lots of ninjas(TM).

Big event coming up! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199621)

It's almost there: the 2,200,000th post on Slashdot!

Who is it gonna be? Who will post the magic number? Who is gonna be #2200000 ???

Let's hope it will not be an AC! We want to deliver champagne and cavair to the winner personally! Next to this, he or she will receive a free subscription to and for a year!

Let the game begin! Oh, it's so exciting!!

[#452338] large numbers of trolls in user base (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2199622) =104421&func=detail&aid=452338

heh. heh. heh. []

but wait... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199629)

Will it let me scan Alyson Hannigan and a tub full of hot grits?

Please say it's so, Joe!

Stephen King, author, dead at 54 (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199637)

I just heard sad news on talk radio -Horror/fiction writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure we'll all miss him - even if you didn't read his books you've probably enjoyed one of his movies. Truly an American icon.

Re:Stephen King, author, dead at 54 (0, Offtopic)

72beetle (177347) | more than 12 years ago | (#2199734)

You wish.

The guy that hit him, however, was found dead.

Read it here [] .


Zombies? (3, Funny)

Tregod (441880) | more than 12 years ago | (#2199640)

we all know that the only way to kill a zombie machine is to accidentally lose one's hand, therefore, giving one the oppurtunity to replace it with a chainsaw and hack-away (physically) at the undead machines.

Re:Zombies? (2)

Self Bias Resistor (136938) | more than 12 years ago | (#2199746)

Yes, I can certainly see it now:

"Every dead machine that is not exterminated gets up and kills! The machines it kills get up and kill!"

Or maybe it's just way too early in the morning...

Re:Zombies? (1)

Pinchy (253673) | more than 12 years ago | (#2199755)

we all know that the only way to kill a zombie machine is to accidentally lose one's hand, therefore, giving one the oppurtunity to
replace it with a chainsaw


and hack-away (physically) at the undead machines.


Re:Zombies? (1)

Nanookanano (213568) | more than 12 years ago | (#2200090)

"More brains!"
The Return of the Living Dead (1985)

warning: may require ISPs doing work (2)

jeffy124 (453342) | more than 12 years ago | (#2199647)

Something like this may be dependent on the ISPs to fully implement. McAfee may release a tool that can sit on a Cisco router on a firewall or something that will watch for possible DDoS data, such as a flood of UDP packets to a port that's rarely accessed, in an effort to protect one of their customer's from being DDoS'd. Given the number of ISPs out there that pay attention to security issues (see Steve Gibson's DDoS Post-Mortem [] ), will ISPs actually expel the effort to help the situation with DDoS?

I suspect not, given how quickly some email viruses spread despite both McAfee and Symantec providing virus scanning products for use on SMTP relay servers.

Corrected Link (2)

jeffy124 (453342) | more than 12 years ago | (#2199699)

Sorry, try this link instead []

Re:warning: may require ISPs doing work (2, Insightful)

zyklone (8959) | more than 12 years ago | (#2199786)

So the next time you begin playing q3 multiplayer your ISP cuts your connection.

As for the stuff. He got countless offers of help he just decided that it would be a better article if he ignored them.

You really don't want the ISP monitoring everything going to/from your computer. Do you really trust them enough for that? A sudden increase of traffic can't be marked as a DDoS attack. It might just be that your site was linked from slashdot.

If everyone would just patch their systems we would not have these problems. There are too many incompetent system administrators out there.

Re:warning: may require ISPs doing work (2)

jeffy124 (453342) | more than 12 years ago | (#2199979)

most of the ddos troubles could not be prevented by patching correctly, as some have exploited holes for which there is no patch, hence the isps can help by intelligently disallowing useless incoming traffic. being the company grc is, I'm 100% sure they had all their patches up to date, yet what could they have done ahead of time to prevent being hit with a DDoS?

I trust my isp with my data. I pay them to transport it from my machine to another. Who knows what they can already do with it? Many blocked tcp port 80 because of code red. I'm on a cable modem, anyone on my cable segment with the right equipment can pickup on my traffic, hence I'm not concerned if someone sees my data, I encrpyt the stuff I dont want others to see. Besides, the isp would be watching the entire network, not just me, and they would be filtering for obvious junk traffic directed at a single IP in a possible ddos attack.

A site being slashdotted would be allowed because the traffic is from tens of thousands (maybe even millions) of IP addresses (as opposed to a few hundred from the typical ddos attack) all going after tcp port 80 (which is a standard port, as opposed to UDP port 5785, which isn't a standard port for anything afaik)

The hardware companies need to be involved too (3, Interesting)

Ryu2 (89645) | more than 12 years ago | (#2199651)

Stopping these DDOS attacks in software is a step, but still, you're using bandwidth and CPU cycles you otherwise wouldn't have. Network infrastructure companies like Cisco etc. could probably play a good role.

Imagine if routers could be dynamically updated to intelligently scan traffic for DDOS attack patterns and block these before any host in the internal network even sees it.

MIT has done a lot of work in this area of "Active Networking".

Re:The hardware companies need to be involved too (1, Informative)

Anonymous Coward | more than 12 years ago | (#2199737)

Intrusion detection boxes already do this. The problem is most networks hosting the devices scanning (ex: @home and dsl providers) are not monitoring for it.

Re:The hardware companies need to be involved too (2, Insightful)

Moosifer (168884) | more than 12 years ago | (#2199758)

Not a chance that we're going to see routers doing this anytime soon, especially not the Big Ass (tm) Cisco or Juniper routers. It's simply too computationally expensive for them to do this (today, at least) and having this feature would put them at a competitive disadvantage in terms of the # of billions of packets they can push in 23 nanoseconds.

After all, it's marketing data that drives the industry - not the product's actual worth.

Re:The hardware companies need to be involved too (1)

Murphy(c) (41125) | more than 12 years ago | (#2199866)

Very true. But to a lesser extent, you can already have a somewhat similar effect by using Box running snort [htt] [], which is an excellent IDS, and a couple of third party tools that dynamically update an IPTable on the server. Effectivelly droping all traffic from a host that has been marked as 'hostile' by snort.

I honestly don't see the big difference from what McAfee is trying to do, that snort doesn't already do(as in monitor network traffic and raising warnings on suspect connections).


woohoo (1)

meggito (516763) | more than 12 years ago | (#2199658)

Recent threats such as the code Red and Leave worms are proof that virus writers and hackers are pooling resources to produce hybrid weapons that can cause tremendous damage.

Yes, more anti-hacker media hype caused by a couple of retards who just fucked up everyone's day.

Anti-DDOS patch for NT 2000 (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2199659)

Developed external to Microsoft (of course), so use at your own risk. Purchase it here. [] I've been using it on my servers at work (Eckard's) and we've fended off many DOS attacks with it.

Re:Anti-DDOS patch for NT 2000 (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199668)


ert (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199660)


Fuck it (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199673)

We don't need that kind of anti-DDOS crap. A webserver is a machine that receives URLs and outputs webpages. I don't see how something that simple can be exploited, unless the server software is coded by drunk monkeys in shitty conditions under ordinary management.

Finally (5, Funny)

Reality Master 101 (179095) | more than 12 years ago | (#2199674)

Apparently they read my post [] on this subject. :)

There is no doubt in my mind that ISPs need to take better action. I should be able to report probing and infection to the ISP, and they should investigate the other party. If it's a rogue hacker, they report them to the authorities. If it's a virus, the other party should be notified and their connection pulled until the system is disinfected.

Having had my Linux box infected/hacked via the WU-FTPd bug, I know that this is not limited to Windows machines.

In fact, I might even be open to public financing of ISP's investigation departments under a law-enforcement arm. This is a public nuisance issue. Just as you don't want a fire at your neighbor's house setting fire to your house*, we should have "fire fighters" putting out viruses as well.

*Incidently, to all the Libertarian wackos who think that fire departments should be privately hired by each homeowner, this is why it needs to be under the "promote the general welfare" part of the constitution.

Re:Finally (1)

CptnKirk (109622) | more than 12 years ago | (#2200093)

I know a few people who are running non-infected Web Servers and they're still getting a fair amount of traffic related to the Code Red (and variants) virus.

To them this is an annoyance (cuz it smears the access log) at worse and a conversation piece at best. But what actions should be taken to eliminate this? Because most of these people are Windows 2k or XP users and have a web server turned on be default (thanks again MS), they spew out these requests whenever they're online. These users have no idea they're infected and may not even know they were at risk in the first place. It seems pretty harsh to kill their connection just for running a buggy OS. But they should be notified by someone.

If the ISPs can't or won't notify these users, is there some legal and moral middle ground others could take? We've kicked around the idea of sending winpopups to these users with instructions on how to clean their systems. Someone could write a nice virus that would close this hole for them and reboot their systems.

Any other suggestions? Have people really been successful at getting support from ISPs regarding this issue?

Re:Finally (2)

Rick the Red (307103) | more than 12 years ago | (#2200143)

I should be able to report probing and infection to the ISP, and they should investigate the other party.

Don't you read [] ? It works like this: You report the probing and infection to the ISP, they contact the FBI, and you're arrested.

Alyson Hannigan (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199679)

and hot grits... two taste treats that go great together.

This message has been brought to you by the grits council.

Got Willow?

I don't really see how this could work (1)

ferratus (244145) | more than 12 years ago | (#2199682)

How is this going ot work ? They are going to "exchange researchs, and researchers". Big deal! A DDOS attack cannot be predicted so how are they going to help stupid sys admin who feel applying patches is "time-consuming" ?

Any OS can be targetted by a DDOS and a DDOS attack will always exist. You can't force a stupid kid to write a small program that will "only ping random servers, like 1billion time. That's it..."

You can "help" by teaching sys admins to apply patches when they come out and possibly by running a safer OS. (what's the name again ? pretty sure it ends with "ux".)

Anyway, i'm not sure this "alliance" is anything more than marketing. On the plus side, those other small cies (with mcafee) are going to see if they can resist a Distribute /.-attack.

Re:I don't really see how this could work (0)

Anonymous Coward | more than 12 years ago | (#2200150)

Don't you mean an OS that ends in "SD"?

Re:I don't really see how this could work (0)

Anonymous Coward | more than 13 years ago | (#2200242)

you mean the one that had a remotely exploitable buffer overrun in telnetd for over 20 YEARS, just fixed this month?

wonder how long certain people have known about *THAT* one. they only made it public now that no one uses telnetd anymore.

lets all scan ports (1)

tandr (108948) | more than 12 years ago | (#2199686)

basicaly -- "Let us scan your network in order to prevent other scanning activities".

How many firewall will be triggered by this?

Oh, and usual "Sed Quis Custodiet Ipsos Custodes?"

Lots of advance warning... (1)

RollingThunder (88952) | more than 12 years ago | (#2199687)

Well, not for the basic DDOS network scanning, but the later item in the story is slated to come out in May. That coupled with a moderately clear description of what the technology does ought to pretty much guarantee that the virus writers will have something developed to evade it by then.

It's not DDoS but... (3, Funny)

Gordonjcp (186804) | more than 12 years ago | (#2199690)

... I wish there was an ethernet "magic packet" I could send to the wee shit that's been trying every NT4 and Win2K exploit against my machine, which would connect his ethernet cable between phase and neutral. A big relay and some logic ought to do it, 240v up his Cat 5 would stop him pissing me off.

They've been at it all weekend now.

Re:It's not DDoS but... (1)

zothorn (513480) | more than 12 years ago | (#2200171)

If those bastards burn on the lights on my cable modem, my friends and I are going after them with pitch forks and torches!

stinger? (2)

BroadbandBradley (237267) | more than 12 years ago | (#2199695)

I think it'll go like this:
DDos detectors send reports to central data pool, ISP's pay for acces to said pool (the bandwidth saved may be your own!!) ISP's terminate connections and ask questions later.
this way MC Crappy can charge for acess to the DDos Zombie list. any bets on if they'll provide this information for free?

stung by stinger? (1)

dzero (303151) | more than 12 years ago | (#2200060)

...and then the bad guys start spoofing ddos detectors and use the anti-ddos infrastructure itself to deny services.

even better than a traditional ddos attack!

We must fight this! (5, Funny)

PopeAlien (164869) | more than 12 years ago | (#2199700)

..All this talk of 'hackers' and 'zombies' shutting down websites.. Don't you understand? They're going to shut down Slashdot!! Where else do thousands of hackers gather together to load a single webpage all at one time, blocking 'legitimate' access? Oh! whats to be done! Won't somebody please think of the children!

Re:We must fight this! (1)

cpeterso (19082) | more than 12 years ago | (#2199920)

Where else do thousands of hackers and zombies gather together to load a single webpage all at one time, blocking 'legitimate' access?

nothing new (1)

Papa Legba (192550) | more than 12 years ago | (#2199704)

Unfortunatly the idea of being re-active instead of pro-active permiates the whole IT industry currently. This is why we see software being shipped with little or no beta testing resulting in massive patches after release.
Part of the problem stems from the fact that to often it is A.) Dangerous to report the problem to someone.
Example [] B.) Against the law to report it Example [] or C.) So common that it would take to much time to shift through it and report it to the apropraite people to have them take no action (I'd make an example of my firewal logs from just today but I suspect I would find out quickly what exactly the maximum size on a post could be as I overload it).
I don't think we shoudl wait for the manufactures to solve this problem for us, I think we should handle this problem ourselves. If you get a badly tested product return it, no matter how much it may hurt. Maybe we can have something like Earth day where , instead of cleaning the beachs, all the system admins can spend a day collectively informing each other ,without fear of prosecution, about their problems.

then again I may be just dreaming this all, at my job we cannot even get around to replacing the horribly flaky mail server yet because it has not gone tits up let alone arange a day for the internet community to pick up the litter on the side of the information super highway.

A final thought, aren't they advocating a DDOS circumvention tool? Isn't that agains the DMCA? Maybe the president of Mcafee needs a couple days in jail to think this one over next to Dmitry Sklyarov.

whatever (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199707)

niggers smell.

Re:whatever MOD PARENT UP!! (0)

Anonymous Coward | more than 12 years ago | (#2200190)

Makes sense to me.

Baby steps in the right direction. (2)

Rimbo (139781) | more than 12 years ago | (#2199712)

Right now, the wolves (black-hats) have two real advantages over the shepherds (white-hats). The first is that there are just too many damned sheep in the fold for the shepherds to keep track of, and the second is that the sheep farmers are too busy competing with each other to collaborate the way the wolves do.

This is a baby step towards eliminating two of those. The most important one is that although most folks don't have their ports locked down or update, they do have anti-virus software installed. So by teaming with McAfee to make an anti-trojan solution, a lot more computers are going to be able to be protected, and it'll really take the teeth out of a DDOS attack.

The second baby step is that by collaborating, the shepherds can now do a better job of keeping tabs on the wolves. It's only a baby step; this looks like it's just an ordinary corporate alliance, not a sign of genuine teamwork. But it's a start, and really cuts into the black-hats' current advantages.

Re:Baby steps in the right direction. (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199756)

Right now, the morons (blackheads) have two real advantages over the idiots (whiteheads). This first is that there are just too damn many bozos for the morons to keep track of, and the second is that the idiots are too busy trying to play "drop the soap" with each other the way the morons do.

Shutting Down Slashdot? (2, Funny)

Ratbert42 (452340) | more than 12 years ago | (#2199721)

Does that mean McAfee is going to try to shut down Slashdot?

whatever (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199723)

I don't give a fuck about DDoS. That's a just a boogy man people use to steal your rights. Unless your an op in #3l33t-d00dz-n00d or some other gay irc channel you don't have anything to worry about...

There might be a reason for this... (2)

tulare (244053) | more than 12 years ago | (#2199727)

From the article:
... said Vincent Gullatto, senior researcher at McAfee, in Santa Clara, Calif. "We anticipate this problem will only get worse, especially since people seem to be resistant to updating their systems for some reason."
Considering the fact that: the majority of internet users are using Windows, which has the tendancy to crash horribly whenever something new, particularly security-related, is installed, is it really any wonder? Not to mention the fact that that operating system caters to a mentality where, apparently, security "doesn't really matter." A little user education would go a long way in preventing zombies, but somehow Redmond won't take the initiative, and the rest of the net suffers. This isn't to say that there aren't vulnerabilities on every operating system, just that the total number of unsecured windows machines increases the risk to the population as a whole.

Re:There might be a reason for this... (1)

TheAwfulTruth (325623) | more than 12 years ago | (#2199788)

You mean like updating to the latest linux kernel and wiping out your file system?

Re:There might be a reason for this... (1)

zothorn (513480) | more than 12 years ago | (#2200188)

If Windows was secure, there would be a lot of jobless IT people. I've plenty of times had to "crack" NT boxes where I worked, when the user did something stupid and locked themselves out of their own machine, deleted a necessary file, or just a general file system error that set permission to an entire volume to "Everyeone - No access".. If Windows was secure, I'd have been fired years ago when some BIG WIG exec finds out I can't break in and get his precious pron.

2200000th POST! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199730)

In your face bitches!

stinger (1)

kz45 (175825) | more than 12 years ago | (#2199733)

Wasn't this the name of BE's integrated OS?

i wanna do a lotta things... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199740)

... to Alyson Hannigan...

all in hot grits, of course.


i'm (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199744)

i'm a nigger.

Go ahead whitey mod me down.

spics (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199751)

spics is so greasay! It's like they use a pile of fried chicken for a pillow.

220000th p! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199761)

oh ya! take that!

This has been in the works for years (3, Funny)

fobbman (131816) | more than 12 years ago | (#2199765)

Here's a list of groups actively working on Anti-DOS projects:

RedHat []

Slackware []

Debian []

One of the first []

Honestly, while I agree that we must stop DOS at all costs, I fail to see why this is news. Hell, it could be argued that even McRosoft [] themselves do a good job at getting people to quit using the product.

Re:This has been in the works for years (2)

fobbman (131816) | more than 12 years ago | (#2199903)

Most interesting! I ironically linked to Linux Mandrake [] in my link on McRosoft and it puts the TRUE name of the link in brackets! Must be the new feature.

Re:This has been in the works for years (1)

fobbman (131816) | more than 12 years ago | (#2199923)

Oh wait, it did it to all my links. Guess it's not THAT smart.

Alyson Hannigan (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199768)

Alyson Hannigan


the stuff that DREAMS are made of

DoS this (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199770)

iiiiiiiiiiiiii8888iiiiii888888888888888888888888 88 88
iiiiiiiiiiiii88iiiiiiii888iii8888888888888888888 88 8888
iiiiiiiiiii88888888iiii8iiiiiiiiiii8888888888888 88 88888
iiiiiiiii888i8ii888888iiiiiiiiiiiiiiiiii88888888 88 8iii888
iiiiiiiiiiii88iiii88888888iiiimiiiiiiiiii8888888 88 88iiii8
iiiiiiiiii888888888888888888iMiiiiiiiiiii8888888 88 8888
iiiiiiiii88888888888888888888iiiiiiiiiiiiM888888 88 888888
iiiiiiiii8888888888888888888888iiiiiiiiiM8888888 88 8888888
iiiiiiiiii8888888888888888888888iiiiiiiM88888888 88 88888888
iiiiiiiii8888888888888888ii88888iiiiiiM888888888 88 888888888
iiiiiii88888888888888888iii88888iiiiiM8888888888 88 888iii8888
iiiiii88888888888888888iii88888iiiiMii;o*M*o;888 88 8888iiii88
iiiii88888888888888888iii8888iiiiiMiiiiiiiiiii88 88 8888iiii8
iiii88888888888888888iiii88iiiiiiMi;iiiiiiiiiii8 88 888888
iii8888888888888888888iii8iiiiiiMiiaAaiiiiiiiiM8 88 8888888iiiiiii8
iii88iii8888888888ii88iiii8iiiiMiiiiiiiiiiiii888 88 8888888888i8888
ii88ii88888888888iii8iiiiiiiiiMiiiiiiiiii;ii88i8 88 88888888888888
ii8ii8888888888888iiiiiiiiiiiMii"@@@@@@@"iiii8w8 88 8888888888888
iii88888888888i888iiiiiiiiiiMiiiii"@a@"iiiiiM8i8 88 888888888888
ii8888888888iiii88iiiiiiiiiM88iiiiiiiiiiiiiM88z8 88 88888888888888
i8888888888iiiii8iiiiiiiiiM88888iiiiiiiiiMM888!8 88 888888888888888
i888888888iiiii8iiiiiiiiiM8888888MAmmmAMVMM888*8 88 88888iii88888888
i888888iMiiiiiiiiiiiiiiiM888888888iiiiiiiMM88888 88 8888888iii8888888
i8888iiiMiiiiiiiiiiiiiiM88888888888iiiiiiMM88888 88 88888888iiii88888
ii888iiiMiiiiiiiiiiiiiM8888888888888MiiiiimM8888 88 888888888iiii8888
iii888iiMiiiiiiiiiiiiM8888i888888888888iiiimiiMm 88 888i888888iii8888
iiii88iiMiiiiiiiiiiii8888i88888888888888888iiiii iM m8iii88888iii888
iiii88iiMiiiiiiiiii8888Mii88888ii888888888888iii ii iiMm88888iiii88
iiii8iiiMMiiiiiiii8888Miii8888iiiii888888888888i ii iiiiiMm8iiiii4
iiiiiiii8Miiiiiii8888Miiiii888iiiiiii88iii888888 8i iiiiiiiMmiiii2
iiiiiii88MMiiiii8888Miiiiiii88iiiiiiii8iiiii8888 88 iiiMiiiiiM
iiiiii8888Miiiii888MMiiiiiiii8iiiiiiiiiiiMiiii88 88 iiiiMiiiiM
iiiii88888Miiiii88iMiiiiiiiiii8iiiiiiiiiiiMiii88 88 iiiiiiMiiM
iiii88i888MMiii888iMiiiiiiiiiiiiiiiiiiiiiiiMi888 8i iiiiiiiiMi
iiii8i88888Miii88iiMiiiiiiiiiiiiiiiiiiiiiiiMMi88 ii iiiiiiiiiiM
iiiiii88888Miii88iiMiiiiiiiiii*88*iiiiiiiiiiMi88 ii iiiiiiiiiiiiM
iiiii888888Miii88iiMiiiiiiiii88@@88iiiiiiiiiMii8 8i iiiiiiiiiiiiiM
iiiii888888MMii88iiMMiiiiiiii88@@88iiiiiiiiiMiii 8i iiiiiiiiiiiii*8
iiiii88888iiMiii8iiMMiiiiiiiii*88*iiiiiiiiiiMiii ii iiiiiiiiiiii88@@
iiiii8888iiiMMiiiiiiMMiiiiiiiiiiiiiiiiiiiiiMMiii ii iiiiiiiiiiii88@@
iiiiii888iiiiMiiiiiiiMMiiiiiiiiiiiiiiiiiiiMMiiMi ii iiiiiiiiiiiii*8
iiiiii888iiiiMMiiiiiiiMMMiiiiiiiiiiiiiiiiMMiiiMM ii iiiiiiiiiiiiiM
iiiiiii88iiiiiMiiiiiiiiMMMMiiiiiiiiiiiMMMMiiiiiM Mi iiiiiiiiiiiMM
iiiiiiii88iiiiMMiiiiiiiiiMMMMMMMMMMMMMMMiiiiiiii MM MiiiiiiiiMMM
iiiiiiiii88iiiiMMiiiiiiiiiiiiMMMMMMMiiiiiiiiiiii ii MMMMMMMMMM
iiiiiiiiii88iii8MMiiiiiiiiiiiiiiiiiiiiiiiiiiiiii ii iiMMMMMM
iiiiiiiiiii8iii88MMiiiiiiiiiiiiiiiiiiiiiiMiiiMii ii iiiiMM
iiiiiiiiiiiiiii888MMiiiiiiiiiiiiiiiiiiMMiiiiiiMM ii iiiiMM
iiiiiiiiiiiiii88888MMiiiiiiiiiiiiiiiMMMiiiiiiimM ii iiiMM

Re:DoS this (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199777)

is that alyson hannigan?

where are the hot grits?

Re:DoS this (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199784)

awwww shit yo, you got 2199777th post! leetness!

Re:DoS this (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199789)

Sorry, I'd rather have Alyson Hannigan

new slashcode KICKS ASS

Re:DoS this (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199780)

it's cold...

but it's not coors light.

another anti cracker outfit (2)

RestiffBard (110729) | more than 12 years ago | (#2199790)

I heard recently (likely on NPR) about another anti-cracker outfit that was setting up servers with the intent of letting them get cracked so they could watch the invaders in real time to learn their techniques and so forth. apparently they are learning quite a bit. if i find a link to the site or group I'll reply to myself.

Re:another anti cracker outfit (2)

RollingThunder (88952) | more than 12 years ago | (#2199804)

The keyword you're looking for there is a "honeypot", or when multiple systems/nodes are involved, a "honeynet". A google search on those terms should turn up some good stuff.

I had some good bookmarks on the subject, but I forgot to bring 'em with me from the last job, I'm afraid.

Re:another anti cracker outfit (1)

zulux (112259) | more than 12 years ago | (#2199997)

I have my own honeypot on a firewall - it's an OpenBSD system with a Samba share that looks like drive C: on a Windows box:

Theres a file there called LotsOfPorn.Zip.Exe , that when dowloaded (it's padded to be large) - scans the hard-drive for unlocked files and renames them. After the Samba share has been probed, Samba causes a script to run that waits fifteen minuits (enough time for the file to be downloaded) then pulls down the ethernet connection on the Cisco router and brings it back up - the firewalls IP address changes due to our ISP's DHCP server. It took about a day for me to get everything working right (I was a bit over my head as far as the script was concerned) , but the two or three downloads a month that I see in the logs makes it all worthwile.

I know I'm evil, but it's fun.

Isn't this risky? (3)

banky (9941) | more than 12 years ago | (#2199791)

I can just see it now:

McAfee StrikeBack(tm) contains an [ActiveX|DLL] vulnerability, causing [mailcious email|specially formatted string on port XXX] to [crash the box|get root|return false results to unintended targets]. Users are advised to [upgrade|disable until upgrade posted|other].

Not that I'm against it, as such, but we're talking about the Keystone Kops of security, here.

Re:Isn't this risky? (0)

Anonymous Coward | more than 13 years ago | (#2200233)

Don't laugh, there was a remotely exploitable buffer overrun in ISS's IDS system.

That'd be fun to explain: "First the crackher compromised our IDS box, and used that as a springboard to take over the entire network. He then sold all of our data to our major competitors and forwarded our REAL accounting data to the IRS."

On the subject of zombie machines... (2, Insightful)

acoustix (123925) | more than 12 years ago | (#2199802)

"...there are still loads of zombie machines out there merrily scanning away, looking for others to infect."

I think there should be a law against this sort of thing. Think about it. You should get 10 days to patch your equipment and after 10 days the owner of the equipment should pay fines for wasting bandwidth and trying to infect other hosts.

I use a dial-up connection on a class C address and I'm still getting scaned for port 80 about 70 times in one day. I never got traffic like that before.

It seems to me that people are just running their boxes and not checking up on them or patching them and it irritates me. Oh well....

Re:On the subject of zombie machines... (1)

zothorn (513480) | more than 12 years ago | (#2200207)

Yep. I think that if more than X people have logs pointing to your machine infecting theirs, they should be able to class action sue for damages.

220000th post up in the pizneice! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2199805)


in your fucking face.

Why NOT write white-hat virii? (2)

Booker (6173) | more than 12 years ago | (#2199823)

Generally, when something like Code Red shows up, someone asks about exploiting the same flaws to patch up the systems, rather than proliferate the virus. That's when people chime in about how that would be immoral.

But if virii are opportunistic, and your average internet/Windows user is a babe in the woods, why not do what we do with our real children - innoculate them before they can be harmed?

Ok, so maybe that's an elitist approach, but the other stance - "don't do anything to their system without their permission" - has brought us Code Red et al.

If MS won't plug the holes, why shouldn't the internet at large look after it's own?

Accepting responsibility might help! (2, Interesting)

ParserONE (516818) | more than 12 years ago | (#2199868)

This is not gonna help by far.

The problem is rooted much deeper than you might think. People are simply not going to upgrade software out of security reasons. They don't care about anything as long as the software keeps working.

People should be held accountable for bad security, this is the only way to get them to friggin secure their internet connected boxes and thereby dramatically reducing the chance that a worm will ever reach proportions like Code Red II again..

The first thing people tell me when I try to convince them they need to keep up with security patches is that they "don't have anything interesting for a cracker to find"(TM). But they forget that if their servers get cracked into, the first thing the cracker is going to do is crack other boxes from there. So by not securing your internet connected boxes u are actually helping crackers(or worms) crack more and more boxes without anyone being able to trace them.

Worms like code red are just the beginning, I have already made a worm concept that will be far worse than Code Red II. Just add some P2P like networking between the compromised systems and u can actually make the worm aware of itself, by making it react if large numbers of hosts are being disconnected by starting to spread again. Even anonymous communication with the worm is possible through means of something like Freenet, and by communicating with the worm someone could feed new ip-ranges to scan or even upgrade the worm to use new exploits. Someone could have (close) to realtime control of hundreds of thousands of internet connected boxes. This is just a simple example of what a well written worm can do, and it will be practically unstoppable.

So instead of being one step behind all the time maybe it's time for some regulation here. If your box gets cracked using an exploit that has been patched over say... six months ago (whether it be done by a worm *or* a cracker), then you *should* be held accountable for the damage your system causes. It's just plain irresponsible to keep an insecure box connected to the internet, and if people won't use their common sense and thereby cousing problems for other innocent people they deserve getting in trouble.

pfew... end rant here...

Heisenberg could have been here...

Would you like to know more? (0)

Anonymous Coward | more than 12 years ago | (#2199881)

Here is the technology: Hummer []

Here is the company implementing the research: TriGeo []

there's no money in the correct fix (1)

bmidgley (148669) | more than 12 years ago | (#2199950)

There is money in antivirus software. The bigger the media coverage, the more money it will generate. But it's the wrong end of the equation. Antivirus outfits will never get enough people to buy in to stop the problem of DDOSs.

The right place to fix this is by holding ISPs responsible for traffic from their networks with invalid addresses and making them investigate zombie reports and notify people when they've been compromised. (Spoofed addresses makes the latter impossible so we need to make sure we can find the zombies.) There's no money in this though. Could ISPs charge users when they become infected? No, but no ISP will commit resources when their competition isn't doing it. Usually the market will right itself but this is a situation that needs oversight before it will get better.

Tired of spoofed packets (2, Informative)

darf (182630) | more than 12 years ago | (#2199983)

I think a big help to everyone would be if ISPs made sure that packets leaving their networks had a source address that belonged within their network.

I'm not sure why *I* have to deny all RFC1918 traffic and other garbage on my border router. In my shop, a packet doesn't leave unless its source address is from my network.

It could be easily done at the ISPs lowest branch routers so it wouldn't be too hard to configure or cost too much in performance.

Seems to me this would be the responsible thing to do for the entire community. I've never heard a reasonable argument for letting packets out onto the Internet that don't have a source address in your network.

Re:Tired of spoofed packets (0)

Anonymous Coward | more than 12 years ago | (#2200134)

Assymetric satellite links from other satellite providers using you as a landline for outbound traffic.

I worked for an ISP and we did block all outbound traffic as you suggested. It was just a pain in the arse when users would ring in and bitch at you about your service not working with their new satellite provider.

It only took 10 minutes to find out what they were sending addresses sourced as but still some people mightnt be willing to do so.

Mind you it didnt happen that often.And a proper implementation of a tunnel back to a nat server by the satellite provider would have been a better (and potentially more secure) solution, but you can expect people to do things properly :(


here's a strategic alliance for you (1)

bmidgley (148669) | more than 12 years ago | (#2199987)

How about if ISPs and antivirus outfits make an alliance? If ISPs got a cut whenever one of their users bought antivirus software, they'd be reporting the breakins to their users like nobody's business... then maybe we'd see some progress on the problem.

Shouldn't routing protocols address this... (1)

acq3 (315236) | more than 13 years ago | (#2200229)

Seems to me like the best way to do this would be to have the next-gen routing protocols be able to propogate 'blocks' in addition to routes.

Yes, I know this would be massively memory intensive on the routing tables, but how cool would it be if you could set a block on an ip on your border/edge/first router and that block would propogate to the border/edge/first router in front of the offending ip.

Again, yes,I know there are all sorts of security problems with this, but shouldn't this be the direction of the majority of effort in this regard?

Oh yeah, they just want to make money, not actually fix things... Sorry.

Already done (2)

SCHecklerX (229973) | more than 13 years ago | (#2200244)

TruSecure corporation started a similar initiative last year during the DDOS scare that was happening then.

See tml

Plain and simple: McAfee Sucks! (2)

Mustang Matt (133426) | more than 13 years ago | (#2200249)

Never again will I trust them or buy a product from them. They don't understand the meaning of tech support and they want to charge $2.95/minute for some no talent arse clown to sit on the other end of the phone and throw people for a loop.

It takes quite a bit of research to even find customer service to complain to about the crappy tech support.

scanning away (0)

Anonymous Coward | more than 13 years ago | (#2200270)

Today since 8 am EST i got ( hey 3 new ones )
72 tries on port 80 ! : )
That's everyday since Code Red has been out.
Are Windows users THAT clueless ?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?