The Attacks on GRC.COM
[1/10] from: larry:ecotope at: 4-Jun-2001 21:20
Hi all,
A very nice dissection of a series of major denial of service attacks on
Steve Gibson's GRC site. Not directly related to REBOL but of some interest
to many of us.
http://grc.com/dos/grcdos.htm
[2/10] from: brett:codeconscious at: 5-Jun-2001 16:14
Thanks for the link Larry.
Made me turn a bit white though, as some of my fears were being confirmed.
Brett.
[3/10] from: gchiu:compkarori at: 5-Jun-2001 20:18
On Mon, 4 Jun 2001 21:20:18 -0700
"Larry Palmiter" <[larry--ecotope--com]> wrote:
> A very nice dissection of a series of major denial of
> service attacks on
> Steve Gibson's GRC site. Not directly related to REBOL
Pretty scary stuff. Though I wonder why if he knew which
PCs were attacking him, and he had access to that IRC
channel, he just couldn't send commands to the bots to stop
the attack, or better still, to download a firewall and
install it!
--
Graham Chiu
[4/10] from: mat:eurogamer at: 5-Jun-2001 11:38
Heya Graham,
GC> Pretty scary stuff. Though I wonder why if he knew which
GC> PCs were attacking him, and he had access to that IRC
GC> channel, he just couldn't send commands to the bots to stop
GC> the attack, or better still, to download a firewall and
GC> install it!
He's being quite smart and very mature about the whole thing. If he
does anything to piss these hackers off, they'll take down his site.
If he plays up to them and announces to the world what is going on
(sort of a security journalism) then this has a much more beneficial
effect on the whole.
I hope his plight gets a load of press. We need this sort of stuff to
raise the awareness of security because as Steve Gibson discovers,
ISPs and organisations really don't give a damn at the moment.
--
Mat Bettinson - EuroGamer's Gaming Evangelist with a Goatee
http://www.eurogamer.net | http://www.eurogamer-network.com
[5/10] from: chris::starforge::demon::co::uk at: 5-Jun-2001 11:58
Mat Bettinson wrote:
> I hope his plight gets a load of press. We need this sort of stuff to
> raise the awareness of security because as Steve Gibson discovers,
> ISPs and organisations really don't give a damn at the moment.
There's a double-page article on this in the G2 suppliment to today's
Guardian. Quite good piece of journalism as the writer has managed to
cover the subject in a way that most people not familiar with the
internet may be able to understand. I'd even recommend it for Suits!
Chris
[6/10] from: ptretter:charter at: 5-Jun-2001 6:23
Very interesting indeed. I read that carefully yesterday when I read about
that in a Cisco list. That is one of the best records of an attack I have
ever come across.
Paul Tretter
[7/10] from: chris:ross-gill at: 5-Jun-2001 19:17
Hi Chris,
> There's a double-page article on this in the G2 suppliment to today's
> Guardian. Quite good piece of journalism as the writer has managed to
> cover the subject in a way that most people not familiar with the
> internet may be able to understand. I'd even recommend it for Suits!
Thought I'd throw in a link to that article.
http://www.guardian.co.uk/g2/story/0,3604,501543,00.html
- Chris (rg)
[8/10] from: doublec:acc at: 6-Jun-2001 11:16
Installing a firewall wouldn't have done him any good because it was the bandwidth over
his T1 lines that was being drained. A firewall would stop the packets getting through
but the traffic would still travel over the T1 lines resulting in effectively being knocked
off the internet. That's why the filtering was done at a level before the T1 lines were
reached.
That's why a firewall is not always an effective solution. I have an ADSL line that I
pay for by volume (Telecom Jetstream) and if an attack like that was directed at my machine
it would do not harm...except I'd not be able to use the internet due to all my bandwidth
being used even though my firewall would stop it - and I'd be paying for the huge volume
of traffic going into my modem. The problem is worse with things like Saturn Cable where
you have a static IP address. It's enough to make you go back to dial up modem.
Chris.
>>> [gchiu--compkarori--co--nz] 06/05 8:18 >>>
On Mon, 4 Jun 2001 21:20:18 -0700
Pretty scary stuff. Though I wonder why if he knew which
PCs were attacking him, and he had access to that IRC
channel, he just couldn't send commands to the bots to stop
the attack, or better still, to download a firewall and
install it!
[9/10] from: gchiu:compkarori at: 6-Jun-2001 12:41
On Wed, 06 Jun 2001 11:16:39 +1200
"Chris Double" <[DoubleC--acc--co--nz]> wrote:
> Installing a firewall wouldn't have done him any good
> because it was the bandwidth over his T1 lines that was
<<quoted lines omitted: 3>>
> internet. That's why the filtering was done at a level
> before the T1 lines were reached.
I guess I wasn't too clear in what I wrote. I meant (tongue
in cheek) that he should have reprogammed the infected
machine's bot to download a firewall to protect that PC.
It's just a step up from the bot downloading a newer version
of itself. That might alert the owner's that their machines
were infected.
> That's why a firewall is not always an effective
> solution. I have an ADSL line that I pay for by volume
<<quoted lines omitted: 4>>
> I'd be paying for the huge volume of traffic going into
> my modem.
I've been a little worried about that scenario as well. I
guess if you could show it was a DOS attack, they shouldn't
charge you and they should be responsible for blocking it
for you.
> The problem is worse with things like Saturn
> Cable where you have a static IP address. It's enough to
> make you go back to dial up modem.
>
Never :-)
--
Graham Chiu
[10/10] from: chris:starforge:demon at: 6-Jun-2001 11:43
Graham Chiu wrote:
>>I'd be paying for the huge volume of traffic going into
>>my modem.
<<quoted lines omitted: 3>>
> charge you and they should be responsible for blocking it
> for you.
Let me guess, you've never tried to get a refund from an ISP have
you? ;) These people *really don't* care what goes one as long
as someone pays the bills, if you complain then you end up in a
paperchase being passed from department to department, each one
claiming it is someone else's responsibility. I think that phone
ops at ISPs need a degree in Buck Passing to get their jobs...
Actually there is a simple and scary reason why they take this
attitude: the minute they actually become involved in the data
they transfer, they admit that they are - at least in part -
responsible for it. This is all that some lawyers would need to
make lawsuits against ISPs are very common thing indeed. Rather
than face up to this, they prefer to deny all responsibility for
the actions of their subscribers (and their safety). Pretending a
problem doesn't exist in the hope it will go away is a common
practice among Suits.
On another note though, one thing I've never quite understood
about people falling victim to DDoS trojans and the rest is why
they never notice they are there. Like these email viruses that
send out 50 copies of themselves. Even if they don't take as
paranoid an attitude as people like me, they must notice their
bandwidth is being chewed up?! Perhaps it's the demise of
external modems with lots of Blinkenlights, or maybe they really
think that cable/DSL connections are really slow, but I know I
would notice something like that happening even without my
firewalls, packet logger and regular netstat...
>>The problem is worse with things like Saturn
>>Cable where you have a static IP address. It's enough to
>>make you go back to dial up modem.
> Never :-)
Some of us have never even manage to get cable or DSL :(( Damn BT..
Chris
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted