Internet Under Attack

Guys remember when l0pht dudes were bragging that they can take down the net in 10 minutes. most people said its impossible to bring down the net completely and I will agree but there is a way to limit 99.9% of people from accessing Internet. Attack Internic\'s servers. now THAT will be scary as hell. you will be able to play good old quake cause most servers use straight forward IP but you will not be able to go to shugashack.com only to its IP. this will screw Internet completely. so bringing down ALOT the net is not THAT impossible. these DoS attacks show off what organized person/persons can do. yea and by the way Mitnick is out of the prison :)

http://listserv.syr.edu/scripts/wa.exe?A2=ind0002&L=foi-l&F=&S=&P=9484

i saw this last night and found it quite humerous. Although the chance of that being true
is slim to none... you never know...

#62 - I warned you all in #37, but no-one would listen! Fools! How could they resist a huge target like the Shack!

I concede one point though..... if you can\'t filter fast enough you can cook an egg on the router.

#67, wrong - an (incoming) smurf attack only effects very lame sites configured by idiots. If you think that yahoo and the other big wigs don\'t filter ICMP flood at the router, think again. Same goes for (outgoing) broadcast amp smurfs. These sites are being swamped with legitimate traffic, not ping.

btw, You can go to http://www.netscan.org/ to have em quickly scan your network for the simpler outgoing smurf amplification vulnerability.

Oh, now that I\'ve read your posts, haven\'t you people heard of SMURF? that\'s what they are using. It calls up tons of misconfigured hosts and tells them to keep sending shit to the specified target.

Damn those AOL HACKERS!!! STOP WINNUKING THE WORLD WITH YOUR POWERFUL 56K TECHNOLOGY MODEMS!!!!

haha

Paradigm

P.W.A.

Hmm...could this foolishness be affecting the Shack?!? I\'m having a hell of a time accessing the site. :(

Host Name IP Address Hop Ping Time Ping Avg % Loss Pkts r/s Ping best/worst

pos3-1-0-155M.hr2.IAD.gblx.net 206.132.253.50 11 164ms 144ms 0% 17 / 17 131ms / 164ms
s3-0.cr1.BWI.gblx.net 209.143.255.6 12 193ms 193ms 94% 1 / 17 193ms / 193ms
alabanza.s3-1.cr1.BWI.gblx.net 209.143.255.26 13 150ms 197ms 0% 16 / 16 136ms / 694ms
shugashack.com 216.147.36.10 14 140ms 143ms 68% 5 / 16 140ms / 149ms

Thanks!

-Lex

Ah, what do I care? We all know that Steve controls the entire internet, so when he is done going back door on Buffy he will take care of this minor hacker problem.

Wait.

Um, Maarten, Steve might be a while, could you look into the hacker thing?

that was nasty

Actually,whatever is going on,it\'s still happening.E-trade.com and zdnet got hit.Don\'t these kids have school?

#49
no, i wouldn\'t call DoS hacking. i\'d call it cracking - there\'s a diff.

Because, #8, if your customers can\'t get to you, you can\'t make money. Ever heard the saying, \"time is money?\" Buy.com and Amazon.com probably lost a good chunk of profit due to this. Why did they do it? Why does any hacker hack into any site? Believe or not, it\'s a social thing. They do it to impress their hacker friends.

I still don\'t understand why the big money hasn\'t done something about these distributed DoS attacks. These hax0rs having 10\'s of thousands of hosts at their command is formidable but still.

What seperates the human traffic from the DoS traffic in order to filter it? Human traffic has an intelligent pattern (well.. maybe heh), DoS traffic can simulate those patterns beyond a random url walk. Human traffic is a mix of browers, http DoS traffic can simply use a log of user_agent frequency to simulate this.

Anyway... a site like yahoo has a baseline right? and they know their \"we\'re screwed\" ceiling right? When the spike occurs and they\'re running out of sockets /resources why not just ignore all the new IP\'s encountered during the spike while continuing to respond to those before it? A human won\'t continue to hammer a site that isn\'t responding to it, but an automated DoS client will... perm ban those.

As long as we can still get porn and play Quake, everything\'s fine...

Besides, would you really even call DoS hacking? Its not like they broke into the servers, they sent a huge bunch of requests that overloaded them. It would be something entirely different if they replaced Yahoo with a pr0n site or something similar.

Pick a target... any target: http://www.mediametrix.com/TopRankings/TopRankings.html

#45, they only have to take out a few sites to make the majority believe \"the internet went down\"
hell, whenever Yahoo won\'t come up for my dad (not too often) he asks if the Internet crashed....wtf?

I read somewhere that the top .1% of sites are responsible for something like 50% of the total bandwidth/hits/visitors.
so someone can take down Yahoo, MSNBC, AOL, and CNN and some people will think that the entire thing went down
[and heck, once you have the major sites down, it takes less effort than that to take the rest down (which like you said is impossible with the thousands (millions?) of servers out there]

#31

That\'s not how smurfing works at all. You don\'t send the packets through \"lots of routers so its hard to trace\", you change the packet to say that it came from a different IP entirely. Also, you don\'t launch the packets from your own machine, you use shells on other people\'s machines (usually ones they\'re not aware of, like grabbing lots of cable modems).

* O O P S *

http://www.detonate.net

Hey, does anyone have the link to the guys site who put up the screenshots of the Matrix & Hackers with added \"text bubbles\"? I lost the link..

Um,is this why my ping keeps flipping from double digits to quadrupal digits? Would clogging traffic on some pages affect all net traffic?

[man, i need to find a good time to post my GOTD... i just got it in a few minutes ago, and it was like 2 AM here when werd went up. ah well, there\'s always tomorrow]

JeffK did it!!

http://www.somethingawful.com/jeffk/hax0r1ng.htm