Mailing list home
  Find posts   Help

Latest messageRecent messages

Other threads:
 Prev: Browser Plugin == EXTREMELLY COOL!
 Next: A question in time saves... Clouds???

 Random thread

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
18-Apr 19:23 UTC
[0.077] 15.838k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

The Attacks on GRC.COM

 [1/10] from: larry:ecotope at: 4-Jun-2001 21:20


Hi all, A very nice dissection of a series of major denial of service attacks on Steve Gibson's GRC site. Not directly related to REBOL but of some interest to many of us. http://grc.com/dos/grcdos.htm

 [2/10] from: brett:codeconscious at: 5-Jun-2001 16:14


Thanks for the link Larry. Made me turn a bit white though, as some of my fears were being confirmed. Brett.

 [3/10] from: gchiu:compkarori at: 5-Jun-2001 20:18


On Mon, 4 Jun 2001 21:20:18 -0700 "Larry Palmiter" <[larry--ecotope--com]> wrote:
> A very nice dissection of a series of major denial of > service attacks on > Steve Gibson's GRC site. Not directly related to REBOL
Pretty scary stuff. Though I wonder why if he knew which PCs were attacking him, and he had access to that IRC channel, he just couldn't send commands to the bots to stop the attack, or better still, to download a firewall and install it! -- Graham Chiu

 [4/10] from: mat:eurogamer at: 5-Jun-2001 11:38


Heya Graham, GC> Pretty scary stuff. Though I wonder why if he knew which GC> PCs were attacking him, and he had access to that IRC GC> channel, he just couldn't send commands to the bots to stop GC> the attack, or better still, to download a firewall and GC> install it! He's being quite smart and very mature about the whole thing. If he does anything to piss these hackers off, they'll take down his site. If he plays up to them and announces to the world what is going on (sort of a security journalism) then this has a much more beneficial effect on the whole. I hope his plight gets a load of press. We need this sort of stuff to raise the awareness of security because as Steve Gibson discovers, ISPs and organisations really don't give a damn at the moment. -- Mat Bettinson - EuroGamer's Gaming Evangelist with a Goatee http://www.eurogamer.net | http://www.eurogamer-network.com

 [5/10] from: chris::starforge::demon::co::uk at: 5-Jun-2001 11:58


Mat Bettinson wrote:
> I hope his plight gets a load of press. We need this sort of stuff to > raise the awareness of security because as Steve Gibson discovers, > ISPs and organisations really don't give a damn at the moment.
There's a double-page article on this in the G2 suppliment to today's Guardian. Quite good piece of journalism as the writer has managed to cover the subject in a way that most people not familiar with the internet may be able to understand. I'd even recommend it for Suits! Chris

 [6/10] from: ptretter:charter at: 5-Jun-2001 6:23


Very interesting indeed. I read that carefully yesterday when I read about that in a Cisco list. That is one of the best records of an attack I have ever come across. Paul Tretter

 [7/10] from: chris:ross-gill at: 5-Jun-2001 19:17


Hi Chris,
> There's a double-page article on this in the G2 suppliment to today's > Guardian. Quite good piece of journalism as the writer has managed to > cover the subject in a way that most people not familiar with the > internet may be able to understand. I'd even recommend it for Suits!
Thought I'd throw in a link to that article. http://www.guardian.co.uk/g2/story/0,3604,501543,00.html - Chris (rg)

 [8/10] from: doublec:acc at: 6-Jun-2001 11:16


Installing a firewall wouldn't have done him any good because it was the bandwidth over his T1 lines that was being drained. A firewall would stop the packets getting through but the traffic would still travel over the T1 lines resulting in effectively being knocked off the internet. That's why the filtering was done at a level before the T1 lines were reached. That's why a firewall is not always an effective solution. I have an ADSL line that I pay for by volume (Telecom Jetstream) and if an attack like that was directed at my machine it would do not harm...except I'd not be able to use the internet due to all my bandwidth being used even though my firewall would stop it - and I'd be paying for the huge volume of traffic going into my modem. The problem is worse with things like Saturn Cable where you have a static IP address. It's enough to make you go back to dial up modem. Chris.
>>> [gchiu--compkarori--co--nz] 06/05 8:18 >>>
On Mon, 4 Jun 2001 21:20:18 -0700 Pretty scary stuff. Though I wonder why if he knew which PCs were attacking him, and he had access to that IRC channel, he just couldn't send commands to the bots to stop the attack, or better still, to download a firewall and install it!

 [9/10] from: gchiu:compkarori at: 6-Jun-2001 12:41


On Wed, 06 Jun 2001 11:16:39 +1200 "Chris Double" <[DoubleC--acc--co--nz]> wrote:
> Installing a firewall wouldn't have done him any good > because it was the bandwidth over his T1 lines that was
<<quoted lines omitted: 3>>
> internet. That's why the filtering was done at a level > before the T1 lines were reached.
I guess I wasn't too clear in what I wrote. I meant (tongue in cheek) that he should have reprogammed the infected machine's bot to download a firewall to protect that PC. It's just a step up from the bot downloading a newer version of itself. That might alert the owner's that their machines were infected.
> That's why a firewall is not always an effective > solution. I have an ADSL line that I pay for by volume
<<quoted lines omitted: 4>>
> I'd be paying for the huge volume of traffic going into > my modem.
I've been a little worried about that scenario as well. I guess if you could show it was a DOS attack, they shouldn't charge you and they should be responsible for blocking it for you.
> The problem is worse with things like Saturn > Cable where you have a static IP address. It's enough to > make you go back to dial up modem. >
Never :-) -- Graham Chiu

 [10/10] from: chris:starforge:demon at: 6-Jun-2001 11:43


Graham Chiu wrote:
>>I'd be paying for the huge volume of traffic going into >>my modem.
<<quoted lines omitted: 3>>
> charge you and they should be responsible for blocking it > for you.
Let me guess, you've never tried to get a refund from an ISP have you? ;) These people *really don't* care what goes one as long as someone pays the bills, if you complain then you end up in a paperchase being passed from department to department, each one claiming it is someone else's responsibility. I think that phone ops at ISPs need a degree in Buck Passing to get their jobs... Actually there is a simple and scary reason why they take this attitude: the minute they actually become involved in the data they transfer, they admit that they are - at least in part - responsible for it. This is all that some lawyers would need to make lawsuits against ISPs are very common thing indeed. Rather than face up to this, they prefer to deny all responsibility for the actions of their subscribers (and their safety). Pretending a problem doesn't exist in the hope it will go away is a common practice among Suits. On another note though, one thing I've never quite understood about people falling victim to DDoS trojans and the rest is why they never notice they are there. Like these email viruses that send out 50 copies of themselves. Even if they don't take as paranoid an attitude as people like me, they must notice their bandwidth is being chewed up?! Perhaps it's the demise of external modems with lots of Blinkenlights, or maybe they really think that cable/DSL connections are really slow, but I know I would notice something like that happening even without my firewalls, packet logger and regular netstat...
>>The problem is worse with things like Saturn >>Cable where you have a static IP address. It's enough to >>make you go back to dial up modem. > Never :-)
Some of us have never even manage to get cable or DSL :(( Damn BT.. Chris
Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted