×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Visual DDoS Representation and Its Ramifications

Zonk posted more than 8 years ago | from the seeing-things-helps-to-understand-them dept.

Security 104

winterbc writes "Prolexic has a report on Zombie infections that bring a visual representation of a DDoS attack. Besides being a rather cool picture, it brings to mind a possible future of personal computing. I would love to see a real-time picture of my 'net connections as my desktop picture, allowing me to change my 'net habits based on what I see. For example, I can download new images from the OPTE Project and set my desktop that way, but a more individual pathway highlighted with my favorite color could happen someday. My point is that while DDoS are painfully ubiquitous today, tomorrow visual mapping in real-time could be a path to the source of the problem."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

104 comments

Neat! (5, Interesting)

failure-man (870605) | more than 8 years ago | (#12668103)

Can it build a map for a /.ing?

Also, it's nice to see that, for once, a story on Slashdot uses "its" correctly.

Re:Neat! (4, Informative)

geomon (78680) | more than 8 years ago | (#12668147)

Not exactly a map, but a nice graph [smu.edu]of a site getting slashdotted.

I still wonder... (2, Interesting)

game kid (805301) | more than 8 years ago | (#12668245)

...which exact people/bots do the most requests.

Servers should get the IPs that do the most of said refreshing, and create a public Most Likely IPs To Slashdot Your Server(TM) list, so other web servers can restrict traffic a bit to them (maybe serve their pages after casual readers get them?). It's either that or sticking with no one seeing the page for a while as usual, after every hot topic...or something like that. (Of course, IPs can and often are dynamic, in which case I have no clue for a plan-B.)

Re:I still wonder... (2, Informative)

DrSkwid (118965) | more than 8 years ago | (#12668820)

please, no more IP based filtering

it is bad enough that I get regularly banned from posting because my ISP (ntl:) uses an inline cache that reports itself as the remote address and slashcode can't differentiate between different ntl: customers. And, yes, it has been reported many times, the /. attitude is : if you're such a geek, sort yourself another proxy (which I do but it is still a pain).

Re:I still wonder... (0)

Anonymous Coward | more than 8 years ago | (#12670076)

Personally, I'd refuse to deal with an isp that thinks it's a good thing to have a colon in their name. But it's probably your only choice--and I know what that's like.

But seriously...

Re:I still wonder... (1)

DrSkwid (118965) | more than 8 years ago | (#12670222)

It was called Diamond Cable when I signed the contract.

Our illustrious former leader carved the country up into regions and then auctioned off the areas to act as cable TV stations to give new start up telecoms companies a boost while generating revenue for vote winning tax breaks.

Anyhoo, these days they are amalgamated into just about two big cable providers Telewest and ntl: who went on a buying spree once the statutory period of buyout protection expired.

I'm lazy. I got my 512k the day it came out and haven't changed a thing since. And yay, it's 1mb now! I use my own proxy with 4mb upstream elsewhere so 100k a sec is fine for the last hop.

Re:Neat! (1)

notAyank (597271) | more than 8 years ago | (#12668265)

Thanks to you we can all watch it happen all over again!

Re:Neat! (1)

geomon (78680) | more than 8 years ago | (#12668277)

Thanks to you we can all watch it happen all over again!

True, but I suspect that due to the time of day it will probably not reach the hits per second that it did in the *two* other occasions that the server was stressed.

And this one wasn't associated with a post that emanated from their department. That ought to keep the admin busy for a few minutes.

In the future will we have net traffic reports? (4, Insightful)

rokzy (687636) | more than 8 years ago | (#12668118)

I hope not!

isn't the whole point that there's redundancy and stuff to make things reliable and invisible to the end user?

time spent visualising problems is a total waste unless you use it to stop the problem happening again. and prevention is better than cure.

Better (0)

Anonymous Coward | more than 8 years ago | (#12668126)

This site [randomhouse.com] has a much better visualisation of zombie infections.

Europe has most zombie infested networks.. (3, Interesting)

guyfromindia (812078) | more than 8 years ago | (#12668142)

From TFA, Overall, Europe has the most zombie infested networks ranking over the United States.
Considering the PC usage in United States, versus Europe, it is really surprising that most zombie infested networks are in Europe... Is it because people in US are better at defending their PC, than Europe... ? (comparitively speaking)

Re:Europe has most zombie infested networks.. (4, Funny)

Anonymous Coward | more than 8 years ago | (#12668155)

Clearly, their PCs must be liberated.

Re:Europe has most zombie infested networks.. (0)

Anonymous Coward | more than 8 years ago | (#12670196)

Psst... they don't have any oil.

Re:Europe has most zombie infested networks.. (1)

Tyler Eaves (344284) | more than 8 years ago | (#12668237)

Errm, the total population of Europe alone is easily twice the US, at least.

Re:Europe has most zombie infested networks.. (1)

HermanAB (661181) | more than 8 years ago | (#12668368)

Almost 2/3: USA = 295M EU = 457M

Re:Europe has most zombie infested networks.. (0)

Anonymous Coward | more than 8 years ago | (#12670914)

err.. Europe != EU.

Re:Europe has most zombie infested networks.. (2, Informative)

xenocide2 (231786) | more than 8 years ago | (#12668478)

The rankings are per capita, which means they're adjusted for population.

Re:Europe has most zombie infested networks.. (1)

Stauf (85247) | more than 8 years ago | (#12668588)

The rankings are per capita, which means they're adjusted for population.

From the article: "Overall, Europe has the most zombie infested networks ranking over the United States. Hong Kong is the most infested network per capita."

So the 'Europe has more' figure is explicitly not adjusted for population.

Re:Europe has most zombie infested networks.. (1)

xenocide2 (231786) | more than 8 years ago | (#12671973)

Most of the European states beat out the US in the per capita ranking, given by the table in the article.

Re:Europe has most zombie infested networks.. (1)

Stauf (85247) | more than 8 years ago | (#12674009)

But that doesn't prove anything. If 10% of 100 people puts LittleCountryA at the top of the list, but BiggerCountryB has 1% of 1000 and is at the bottom of the list - then out of the total population, 20 machines of 1100 people or not even 2% are infected.

So, the argument that most european countries beat out the US in the per capita ranking does not support the argument that those same european countries, taken as part of a whole will beat the US per capita. That's not to say that it proves it won't, but your data isn't relevant to your conclusion.

Re:Europe has most zombie infested networks.. (1)

martin-boundary (547041) | more than 8 years ago | (#12668262)

Unfortunately, the statistics are meaningless, and therefore so is your conclusion.

TFA reports number of networks (but not how big the compared networks are, so if Europe has two networks with 10 connected PCs each that's what compared to the US with one network with 100 connected PCs, say?) and infections per capita (which is also meaningless because capita measures population size, not number of internet connected PCs. They should at least give the number of households connected to the internet in each country).

Re:Europe has most zombie infested networks.. (1)

meestaplu (786661) | more than 8 years ago | (#12668406)

Another issue is the proliferation of broadband connections. Europe has a lot more of these than the US, and they are generally faster. A 10 mbps connection in the US is pretty much unheard of -- my Comcast 4.5 mbps connection is considered excellent -- while 10 mbps is commonplace in Sweden and other European countries.

Grammar Cop (0, Offtopic)

Doc Ruby (173196) | more than 8 years ago | (#12668157)

"Prolexic has a report on Zombie infections that bring a visual representation"

That would be a report, which brings a visual representation. These kinds of grammar errors come from the speaker/writer paying more attention to the last word they spoke/wrote ("infections") than to the subject of the sentence ("report") with which their next words must agree. The choice of "that/which" is a subtle style point in which few are skilled these days. But getting the plural of the subject and adjective to agree should be natural. Spoken English requires quick thinking, but written English allows a chance to reread the sentence before publishing it. The publishing effort is going to pay off a lot more when the statements are intelligible consistently by most readers.

Relevant info missing (4, Funny)

Stormwatch (703920) | more than 8 years ago | (#12668159)

They forgot to list zombies per operating system.

Oh, wait...

Re:Relevant info missing (3, Insightful)

trelanexiph (605826) | more than 8 years ago | (#12668549)

I've seen dosnets on IRIX, Linux, SCO Unix/Openserver, and Solaris. Windows users are not the only ones running infections. Ooh yeah, the guys hitting unix are usually far more skilled than those using cookie cutter exploits to mass-infect windows machines, meaning that though they don't hit harder, they may hit smarter.

Along that same line of thought... (2, Insightful)

lullabud (679893) | more than 8 years ago | (#12668671)

If somebody takes the time to 0wn a server, it's likely because that server is on a fat pipe. If the purpetrator throttles his network usage it could go undetected and have much more serious reprecussions than a dozen infected desktop PC's on DSL. Then again, not all computers on fat pipe's are non-windows boxes... I had to clean up a Serv-U hack on our T1. =/

provocative, tasty little parent (1)

Dioscorea (821163) | more than 8 years ago | (#12669076)

I've seen dosnets on IRIX, Linux, SCO Unix/Openserver, and Solaris. Windows users are not the only ones running infections. Ooh yeah, the guys hitting unix are usually far more skilled than those using cookie cutter exploits to mass-infect windows machines, meaning that though they don't hit harder, they may hit smarter.

go on then trelanexiph u cheeky little chappie, tell us about one of these linux dosnets you've seen.... how did you learn of it? exactly

Re:Relevant info missing (1)

someone1234 (830754) | more than 8 years ago | (#12669198)

Wowie, you saw ENTIRE dosnets on IRIX? You might come up with a 'proof of concept' thingie which 'might' work on a completely defenseless machine, but i doubt you'll find so many of them on the net to build a net. How many IRIX is still on the net? One would believe dosnets are viable only on an OS (aside from OS vulnerabilities) with a large and ignorant user base. Maybe in the future you'll see linux dosnets but i guess they are only in your fantasy.

Re:Relevant info missing (1)

Frogbert (589961) | more than 8 years ago | (#12669221)

And lets face it any Unix/Irix/Non-Windows operating system is going to have access to a much fatter pipe then your average windows system.

Re:Relevant info missing (1)

dbIII (701233) | more than 8 years ago | (#12673957)

the guys hitting unix are usually far more skilled than those using cookie cutter exploits
I've been called in after a couple of *nix machines were rooted, and in both cases it was simple rootkits run by people who didn't appear to have the slightest ability to cover their tracks, who left dos commands like "dir" in the history. Whoever put together the rootkits did appear to have a clue, so the only answer is to reformat, re-install and be sure the data files restored from backup are what they are supposed to be.

Of course, other people deal with this sort of stuff daily and may have other ideas.

What's the surprise? (2, Insightful)

FireballX301 (766274) | more than 8 years ago | (#12668195)

For all intents and purposes, that could just be a list of largest ISP networks. Large ISPs generally don't have the time to perform broad sweeps against zombie computers.

What is surprising is the European zombie count is higher than that of the United States. I wonder why.

Re:What's the surprise? (3, Informative)

HermanAB (661181) | more than 8 years ago | (#12668385)

Why?

EU population is 460 million, US population is only 300 million.

No surprises there - more people, more PCs.

Re:What's the surprise? (1)

Jesus_666 (702802) | more than 8 years ago | (#12669253)

Also, consider that some European countries are quite Internet-crazy. IIRC, German is the second most frequent language spoken on the Internet, even before Franch, Spanish and Mandarin. Note that outside of Europe, German is not quite as common as the other three languages.
As of 2004, 47% of all German households had Internet access, versus 43% in 2003 - and the number is still growing (source: German Federal Statistical Office (destatis.de)).

Re:What's the surprise? (0)

Anonymous Coward | more than 8 years ago | (#12672205)

Franch?!

Re:What's the surprise? (0)

Anonymous Coward | more than 8 years ago | (#12674089)

No surprises there - more people, more PCs.

and still they refuse to use soap!

Re:What's the surprise? (1)

scupper (687418) | more than 8 years ago | (#12669372)

what's important is per capita. US isn't the worst offender, but the krauts could improve.

Re:What's the surprise? (1)

gorbachev (512743) | more than 8 years ago | (#12669679)

"What is surprising is the European zombie count is higher than that of the United States. I wonder why."

If I may hazard a guess...and that's all these are.

I think three reasons.

1. There are a couple of very big and completely clueless ISPs in Europe (blueyonder, tiscali, wanadoo). You think Comcast is bad? You have no idea...

2. Some of the national ISPs in a lot of the European countries have a much larger percentage of users within their countries than any US ISP. If that ISP happens to be one of the completely clueless ones, you have a REALLY big problem.

3. In US, the biggest ISP, AOL, has cleaned house so well that there's very little network infestation coming from them.

Details (1)

FrozedSolid (201777) | more than 8 years ago | (#12668198)

The site is short on details. I'm kind of curious how their DoS filtering systems work. How can you detect the difference between a valid client and one that that's just part of an attack?

Re:Details (the devil always lurks there) (1)

eUdudx (880557) | more than 8 years ago | (#12668550)

it's not the single challange/response that's identifiable but the fact that seldom is an attack a single transaction, by monitoring the stream of activity both signature and learning filters can do a good job. Config-free IPS's are not impossible.

And what is being done about this? (4, Interesting)

khasim (1285) | more than 8 years ago | (#12668200)

From TFA:
The primary attack of choice in the first half of 2005 was an advanced full connection based flood. This particular attack exposes the real IP address of the attacking bot/zombie, however, the sheer number of IP addresses that must be blacklisted places overwhelming load on mitigation hardware, ACLs, and web services farms.
Okay, so you hve the IP address of a cracked machine ...

From that, you can find the ISP ...

From that, you can find the machine ...

From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.

Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?

Re:And what is being done about this? (2, Informative)

rel4x (783238) | more than 8 years ago | (#12668225)

From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.
Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?

Several reasons.
First off, a lot of the zombies are in countries different from the person controlling them, making it tricky to pass information, and get search warrants(for the sniffer). A lot of people use proxies, which also complicates things.

Re:And what is being done about this? (3, Informative)

Anonymous Coward | more than 8 years ago | (#12668240)

It's not quite that easy. There is no such thing as a 'sniffer' you can put on an internet connection.

Odds are these bots will all be logged on to an IRC channel somewhere. You can track it back to that by simply monitoring the network activity of the machine. After that, you can monitor that channel and find the user who is directing the botnet. Unfortunately, the best you are going to get - unless the botnet operator is an idiot - is the last proxy in a chain of four to eight, each of which is located in a foreign country. Being able to get obtain the logs from such a single such proxy is very unlikely. Four to eight simply isn't going to happen.

Re:And what is being done about this? (4, Interesting)

plover (150551) | more than 8 years ago | (#12668301)

Botnets have evolved beyond your 2003 viewpoint. They now are implementing encrypted peer-to-peer communications networks, and are not run from a central point like the IRC-based botnets of old.

I briefly chatted with a guy who tracks these people down, and looked at some research posted by the honeynet project. My understanding is the operator fires a message into just one zombie, and it passes it around to its immediate circle of friends, then launches the requested task. Each zombie only relays the command to its peer circle, making it "cell based". The investigator really has no idea which cell was "cell 0", where the command originated.

Many of the DDoS attacks are things like SYN floods with forged IP headers, making it very tough to track back to any single machine, let alone the thousands the zombie operators had under their control.

Religious Botnets (2, Funny)

lullabud (679893) | more than 8 years ago | (#12668676)

So, what you're saying is that current botnets function like the prayer chain of Satan, the Lord of Spam?

Re:And what is being done about this? (0)

Anonymous Coward | more than 8 years ago | (#12668833)

The advantage with this peer-based method is that the cop, once they get control of one zombie, can find all of the other zonbies on the network, by looking at one zombie's peers, looking at the peers' peers, until the entire botnet is traversed.

Re:And what is being done about this? (1)

plover (150551) | more than 8 years ago | (#12673542)

But only if they can actually find to the next zombie. If one bot infected and recruited 100 other windows boxes, which of those lead to others? Can you get to the next box? Is it in the same country? Can you get logs from the ISPs involved to identify it? When they're not under direct use, they're kept busy portscanning for other victims, so it's never a static "snapshot", either. How do you know when you've got 'em all?

Remember, there are over 10,000 bots in a typical professional extortionist or spammer's botnet. Are you capable of rolling them all up and identify the single one which received the spammer's actual input? That's a helluva feat.

There are tools, such as the "internet telescope", which might reveal the "first source" of a spam or of an attack. But when the bots are syncrhonized, as when an extortionist commands "Begin a DDoS attack on www.foo.com at 0800 GMT", timing on the telescope reveals nothing other than "which of these idiots with infected PCs also don't have their clocks set properly."

Homer (1)

rhizome (115711) | more than 8 years ago | (#12668636)

Okay, so you hve the IP address of a cracked machine ...

From that, you can find the ISP ...

From that, you can find the machine ...

From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.

Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?


"In America, first you get the sugar, then you get the power, then you get the women."

Re:And what is being done about this? (1)

DrSkwid (118965) | more than 8 years ago | (#12668855)

I don't think that the person controlling the botnet sends out a "do ddos now" command to all of his owned hosts from home.

You will trace it from the zombie to the controller then it's off back to court, possibly in another country, to get another warrant to monitor the controller. Then you trace that back to another controller ad nauseum.

Re:And what is being done about this? (2, Insightful)

Isomer (48061) | more than 8 years ago | (#12668987)

I help out on the Undernet IRC Network. We have automated tools that detect botnets, but what can we do after we've detected them? Email their ISP's? They in general don't care. Talk to the FBI? They don't care either. Ban (Gline) them from the network? We get DDoS'd for the trouble, either directly by the kiddie taking revenge, or even indirectly by just having to live with the constant synflood of thousands of DDoS drones still trying constantly to reconnect to our servers.

Finding out who these people are isn't hard, we often know who they are, and even where they live, but nobody cares. These kiddies start by playing around DDoSing a few IRC servers here or there, but then they move on to bigger things like extortion rackets etc. Almost all of the people being put away for various High profile Cybercrimes have at one stage or another been well known by IRC administrators, but nobody cares until they've turned their sights on bigger fish than IRC networks.

Re:And what is being done about this? (3, Insightful)

Kent Recal (714863) | more than 8 years ago | (#12669053)

what can we do after we've detected them?
we often know who they are, and even where they live

Easy. Make a public list.
Put up a description of all incidents and all related information (IP-Address -> ISP -> personal info) that you have gathered.

The kids don't like to read their real name on a website.

Re:And what is being done about this? (2, Funny)

Darkman, Walkin Dude (707389) | more than 8 years ago | (#12669685)

Argh, do I even need to talk about the futility of publicly posting the authors of DDOS attacks on a website? This calls for good ol' vigilante justice. When the law doesn't suffice to cover your needs, or hasn't gotten that far in terms of enforcement, you need to take it into your own hands. Yes yes, I know all the arguments against that, but they all fall flat; the law is unwilling or unable to help where you have a legitimate greivance, therefore you become the law.

There should be an agency or group to mess these people up, not cause actual physical harm, but play with their tiny minds. Hire a private detective to ferret out their most personal details and bring them to the attention of local law enforcement and media. Hire a male escort to get their girlfriends drunk and give them syphillis. Disconnect their phones, steal their identities and use them to open bank accounts, then post these up on warez sites. Get creative, people, think like Sherriff Lucas Buck in American Gothic. When the law fails, you may not have the right to take it upon yourself to take revenge, but that doesn't mean you shouldn't.

Re:And what is being done about this? (1)

Kent Recal (714863) | more than 8 years ago | (#12670440)

Well, while your approach sounds sensible ;-), I want to make clear that I don't encourage that way of dealing with it.

I really think just posting these names will be enough. Not so that people can go and beat the kids up (I doubt anyone would bother anyways!) but more as a blunt message to the DDoS kids saying "We are paying attention and we know who you are".

Once your name shows up on such a list you'll probably re-think whether your hobby is really worth the potential backlash.

Re:And what is being done about this? (1)

Pyrrus (97830) | more than 8 years ago | (#12674498)

They certianly won't when future employers grep these lists for the name of any potential employee.

As an operator in one of your largest channels... (1)

Animaether (411575) | more than 8 years ago | (#12669630)

that isn't warez, mp3, or sex-based, #chatzone, it would at least be nice if you could acknowledge the existance of certain botnets, their owners, etc. That and give -us- some level of information on what -we- can do against them.

This isn't directly referring to those botnets used for IP DDoS'ing - UnderNET users typically have very little notice of them, I'm sorry that the UnderNET servers obviously do by sheer connection/disconnection power - but more to those used to DDoS channels and users by crapflooding/messaging/ctcp'ing/etc.

I'm talking about botnets like those under control by AlkkatraZ (username Almighty1 - connects using a plethora of vhosts). Some of which can be dealt with by a simple ban due to their structure, others could be dealt with if there was such a thing as a regex ban and banning capabilities on the username part - but alas.
But all in all, they could most easily be dealt with by crippling them. For example: flagging all of these bots as not being able to receive messages.

At best, the botnet operator will wonder why the frick his bots are no longer responding.
At semi-worst, there's somebody real behind one of those infected machines as well and they'll wonder why their friends are no longer messaging them.
At worst, the botnet operator figures it out and goes on a revenge-tour and DDoS's UnderNET servers.

Oh, and for what it's worth, yes we do contact the ISPs behind the infected machines, and although response rate isn't 100%, it's not zero either. We think it's worth the try - why wouldn't you ?

Please note that 'you' here isn't directed at you personally, but at IRCopers and Admins of UnderNET. I just think it's lame that obviously you have automated tools to detect them, but then you (apparently, from your own post) do diddly-squat about them.

Just my 2 cents. For what it's worth, UnderNET still kicks EF/DAL/IRCnet ass :P

Where is the Spinning Cube of Potential Doom? (3, Interesting)

qualico (731143) | more than 8 years ago | (#12668233)

This story reminds me of the Spinning Cube of Potential Doom.
http://developers.slashdot.org/developers/04/06/01 /1747223.shtml [slashdot.org]

It seems the source for this is still unavailable.
Does anyone know where to get binaries or a similar program?

The concept is fantastic and would certainly help in security.
Although, I'd prefer to have a text version similar to how Nethack displays in text mode.

Call me old school, can't shake my affinity for text only Linux. :P

Re:Where is the Spinning Cube of Potential Doom? (1, Informative)

Anonymous Coward | more than 8 years ago | (#12668584)

Re:Where is the Spinning Cube of Potential Doom? (2, Interesting)

Isomer (48061) | more than 8 years ago | (#12669049)

The WAND visualisation (lovingly called BSOD by the people who use it) is very interesting to watch. We use it on the Universities /16, and we see all kinds of neat patterns ranging from background scans from viruses, to highly sophisticated scans obviously looking for infectable machines.

The visualisation supports a "darknet" mode where it can show all traffic that isn't being responded to by internal machines, showing scans on other useless traffic (on our capture point it shows up heaps of NTP traffic going to an old NTP server that has been decommissioned).

The visualisation is fully customisable by a series of plugins for things such as layouts (for the left (internal) and right (external) networks), and colours (letting you colour traffic based on the type of traffic).

You can see infected machines on it as a cone of traffic, port scans as a sparkling of different colours to one machine. You can see that different parts of the Internets address space have different protocol mixes (P2P and HTTP interestingly don't have the same patterns). You very quickly get a feel for what "normal" traffic looks like, and can see at a glance if something on the network isn't working right. It's fascinating to watch, and even a layperson can easily see what's going on and understand what's happening. It makes great eyecandy for investors and managers too :)

We're almost ready for a new release supporting a lot more really cool features, including the ability to choose colours based on BPF expressions, tonnes of performance improvements, new plugins such as a geoip layout module.

Download it and it a go (the URL is in the parent post), and let us know if you have any suggestions, we're really keen on new ideas to extend it with.

Re:Where is the Spinning Cube of Potential Doom? (1)

qualico (731143) | more than 8 years ago | (#12670234)

sweet!

Thanks for my new project.
Looks like the client will run on Windows so I don't have to setup a graphical X machine.

Let you know how it goes.

Re:Where is the Spinning Cube of Potential Doom? (1)

qualico (731143) | more than 8 years ago | (#12670681)

Road block.
Need to install another Hard Drive.
My 3Gb of 9 year old SCSI technology is full.

Not to the fault of a 190k BSOD, but because I need g++ version > 2.95.
And to install that version of g++ I need more space.

From the INSTALL file:

The bsod server requires:

* libtrace (http://research.wand.net.nz/software/ [wand.net.nz])
* g++-3.0 or greater (known to work with 3.0, fails with 2.95)

In the famous words of Arnold: "I'll be back"

DDoS protection (2, Insightful)

StreetFire.net (850652) | more than 8 years ago | (#12668236)

With more and more ISP's offering DDoS protection in the cloud I have to wonder how much longer DDoS in it's current form will remain relevant. Most of the Tier I backbone providers are shutting down these things in the cloud keeping the traffic from ever reaching the customer Gateway (for customers that subscribe to this service), however these systems are looking for uncompleted TCP connections and scripted browsing sequences. So in the next round of DDoS arms escalation, any thoughts on what the next evolution of the zombie net attacks will be?

Re:DDoS protection (1)

mrchaotica (681592) | more than 8 years ago | (#12668369)

any thoughts on what the next evolution of the zombie net attacks will be?
Ones that parse webpages and follow random links (staying on the same server, of course) so that they look as much as possible like legitimate traffic? Maybe have it emulate a Slashdotting by forging the referer headers? ; )

Cool Picture (2, Informative)

vga_init (589198) | more than 8 years ago | (#12668306)

This picture is a little bit different, but this concept reminds me of the depiction of large scale computer networks given in William Gibson's Neuromancer [amazon.com].

From what I remembered, he depicted computer networks as having visual representation, describing how colors changed based on the level and types of network activity.

What is given in the novel is more of a virtual reality type thing, though. I thought that was nifty. Now, if only we could get some diagrams like the one in the article done in 3D and rendered in real time as variables changed.

Digital Pictures (0)

Anonymous Coward | more than 8 years ago | (#12668454)

Digital Information Graphics [amazon.com]

"The information age has brought inconceivable amounts of data to every area of life-at home and in the office, for leisure and travel, for shopping and banking. While the Internet provides instant freedom and instantaneous access to hundreds of valuable resources, navigating through the streams of cyber-information can be maddening. Today's web designers are beginning to understand that it's not just how good the home page looks, but how quickly and easily information can be displayed, accessed, and delivered. Digital Information Graphics confronts the issues that directly affect our interaction with the screen, whether for the World Wide Web, multimedia programs, or even small-screen devices like mobile phones or PDAs. Filled with tested principles, surefire strategies, and scores of examples and case studies, here are the effective, proven ways to present deep arrays of data for the information age. Readers will discover how to display complex environment and infrastructure in simple, innovative ways; analyze and present data gathered from demographics and news sources; convey complex events and situations in a clear, straightforward manner; and push today's technology to its limits, resulting in brand-new ways for navigating a website or interacting with the computer. Filled with 500 stunning examples from top information designers from around the world, Digital Information Graphics makes a vital part of design available to everyone living and working in the digital age."

LOL... (3, Funny)

d474 (695126) | more than 8 years ago | (#12668342)

FTFA:

"Interesting Notes:
AOL is the most infested network on the Internet."


Gee. I wonder why.

Re:LOL... (2, Insightful)

qualico (731143) | more than 8 years ago | (#12668400)

too funny, I'll venture a guess... ...is it cause people on AOL are the same people who click punch the monkey ads, install comet cursor and New.net along with Gator and WebShots?

Re:LOL... (2, Funny)

t0ny747 (849486) | more than 8 years ago | (#12668463)

...is it cause people on AOL are the same people who click punch the monkey ads, install comet cursor and New.net along with Gator and WebShots?

I thought aol came with all that by default?

Re:LOL... (1)

qualico (731143) | more than 8 years ago | (#12670258)

LOL!

Dell out of the box has Norton and AOL by default.
A winning combination. :->

Re:LOL... (1)

t0ny747 (849486) | more than 8 years ago | (#12672676)

Dell out of the box has Norton and AOL by default.

All the Dells I've seen like my Insporon 8600 and the ones at work came with a 30 day demo of Mcafee. Before I uninstalled it my on laptop took 10-20mins to boot.

Re:LOL... (1)

l3v1 (787564) | more than 8 years ago | (#12668731)

Maybe it's not the AOL who has the fault, but the people. Hell, I've heard people finding it nice that they have that buddy thing installed :) - oh, that's not funny

Amazing photos... (4, Funny)

d474 (695126) | more than 8 years ago | (#12668361)

...they almost look like a "web" of some sort...

Re:Amazing photos... (0)

Anonymous Coward | more than 8 years ago | (#12668461)

and it's world wide!

You're looking for something like Carnivore (1)

jgaynor (205453) | more than 8 years ago | (#12668452)

I would love to see a real-time picture of my 'net connections as my desktop picture, allowing me to change my 'net habits based on what I see.

Try Carnivore [rhizome.org]. It's a simple sniffer that acts as a backend to any visualizer you can write (in a number of supported languages). There's a nice online library of those frontends on their site as well. The only downside is that currently there's no linux version :(.

Do the numbers... (1)

Flabasha (18195) | more than 8 years ago | (#12668555)

It's funny just to think what percentage of these boxes are Windows machines. Has anyone ever even heard of botnet boxes being run on Linux/*BSD/non-Windows machines? I guess there's one thing Microsoft should be thanked for... Inadvertently starting a new technology market.

John

Re:Do the numbers... (1)

sosume (680416) | more than 8 years ago | (#12668739)

doh, i think its safe to assume that

windows users vs non-windows users ~= windows bots vs non-windows bots.

Re:Do the numbers... (1, Interesting)

DrSkwid (118965) | more than 8 years ago | (#12668864)

Botnets used to be found mostly on infected redhat and solaris boxes infected by trinoo [washington.edu]

DDoS? (1)

sunwolf (853208) | more than 8 years ago | (#12668580)

Which one is the picture of the site being Slashdotted?

Radioactive-DDoS? (0)

Anonymous Coward | more than 8 years ago | (#12668624)

"Which one is the picture of the site being Slashdotted?"

The one with the mushroom cloud above it."

---
"Slow Down Cowboy!

Slashdot requires you to wait till hell freezes over between each successful posting of a comment to allow everyone a fair chance at posting a comment about Taco's weight.

It's been 1,000 BC since you last successfully posted a comment that didn't poke fun at CowboyNeal."

Visual DDoS Representation and Its Ramifications (0)

Anonymous Coward | more than 8 years ago | (#12668633)

This is Slashdot. You should have used "it's" in the story title, then the grammar Nazis could have had fun shooting you down.

Missing Color in key? (1)

ThePolkapunk (826529) | more than 8 years ago | (#12668642)

Am I going blind, or is there a color missing in the key? Or perhaps it's a firefox rendering error? At any rate, I can't find out what light blue is supposed to represent.

LGL is used, but does anybody have it working? (1)

MavEtJu (241979) | more than 8 years ago | (#12668878)

OPTE is using LGL to make their graphs. Their website is at http://bioinformatics.icmb.utexas.edu/lgl/ [utexas.edu].

I have tried to get it running on Linux and FreeBSD, but it doesn't want to compile due to mismatches in their C++ classes. This is with gcc 2.95, 3.3 and 3.4. (See http://www.mavetju.org/~edwin/lgl.fail.txt [mavetju.org] for the full log)

Has anybody gotten LGL to compile on their machines? Or does know patches to get it working?

Thanks in advance, Edwin

lots of ramifications (1)

cahiha (873942) | more than 8 years ago | (#12669337)

Thousands of ramifications [reference.com]. (quite literally).

What it is lacking in however, is utility [reference.com]. Other than noticing that denial of service attacks use thousands of zombies all over the world, this doesn't really help you.

peep! (1)

Archeopteryx (4648) | more than 8 years ago | (#12669594)

There is an audio network status tool called peep.

http://sourceforge.net/projects/peep/ [sourceforge.net]

Give it a try!

Back in "the day" we used to put an AM radio on top of the IBM 1130 and listen to the resulting noise to determine if the programs were working properly. Every program had a different sound and every phase of operation of each program was usually discernible from the sound.

Has anyone here used Prolexic? (1)

Tancred (3904) | more than 8 years ago | (#12669654)

I met with them a while back and I think outsourcing the sinking and scrubbing of DOS traffic is a great idea. I'd like to hear from anyone using their service though.

Malaysia, so small yet so vulnerable (1)

timyang (516777) | more than 8 years ago | (#12673780)

A big thank you to the admins at TMNet. You have finally made Malaysia one of the best at something.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...