New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
A VPS used to DDoS would usually be detected and shutdown quickly. At least much more quickly than some random owned home PC.
You can DDoS on a slow link. The cool kid today uses DNS/NTP attacks with high amplification factors. Basically how it works is you tell a server "give me a list of $foo" and then manipulate the ip you expect the server the answer to. That's it.
In real life you would put a letter in many mail boxes containing really bad words against a person in the letter and then just sign with the victims name and see what happens.
Not true. Windows itself is not insecure. Users are just more stupid than linux-users. They install shareware and click yes or no no matter what comes just to close some windows. I've also heard of a hacking experiment with a fresh installation of Windows Server against a Linux Server (don't know the exact distros, but was state of the art). The Linux box was hacked, the Windows box wasn't.
In my opinion, 80% of DDoS attacks can be stopped on the carriers side (like Cogent, Level3, HE, NTT, etc...), it only need to block spoofed IP traffic. But why they dont block that spoofed traffic? Because the earn money when someone send a DDoS because the attacker is using the network and then, paying for the traffic used in the attack.
I doubt it's that simple. To detect and effectively block attacks you would slow the entire network down to a crawl. Or maybe I'm wrong. Then again we have filtered IPs, Arbor Networks has a system, hardware firewalls, etc., but those are all data center/server side solutions.
Its not spoofed IP traffic. The IP's, most of the time, are legitimate residential connection IP's, and the owners have no idea that they are participating in a DDoS attack. Blocking the IP's would prevent the victims who's computers got infected by the botnet owners from accessing many other websites. Also, a DDoS attack rarely, if ever, downloads a file over and over again like shovenose, its more about the Gbps and PPS, so no, traffic isn't generally being consumed.
You would like to believe that.
Besides the fact that your post belies your ignorance of how IP routing works, the processing power required to do the necessary deep packet inspection without introducing significant latency to do this at the speeds of the links they are using is ridiculous. It takes government agency funding to do that kind of spying. What kind of equipment and load out am I going to need to do deep packet inspection on a 40 gbps link with less than 5ms of overhead? How much more is this going to cost me in setup costs and monthly costs? Could I build a second 40 gbps drop for the same price or would I just start building that 1.5 tbps drop that is going to replace my old link in 2-3 years?
A better question would be "Why do people DDoS?"
Because you banned them from your minecraft server for griefing.
Thats it lol.
It is just a way to deal with anger for some people, but they burn their own money doing it.. just like the host that gets attacked who has to pay for all that extra bandwidth!
everyone loses with it, except the guy that sells access to the DDoS network / booter.
No, the people who sell DDoS protection also make good money.
How could i forget about that.
That's why we should pass a law to legally prosecute individuals for having their PCs infected with Trojans used in DDoS attacks. I think it's time for people to start taking responsibility and not just play engineers using a technical device without reading the manual first. If you leave a gun on your table and someone steals it, shoots someone and returns it back without you even realizing it was missing, even if you didn't kill a man, you will still be held accountable for leaving your gun on the table unprotected like that.
Well obviously you're a lawyer.
But no. The justice system doesn't operate on simplistic analogies.
Simplistic analogies? Well obviously you're a smartass.
That makes no sense considering they peer.
Most countries have a 'Unauthorized use of a computer' as part of their criminal code either at the federal or state level. Coordinating enforcement is a different matter.
edit: Added reference: http://www.mosstingrett.no/info/legal.html
edit: ugh, re-reading your post, I think I got what you mean now. I mistook it as something else. Nevermind.
But then it would become a fascist NSA-ran country? We should work on stopping them, not preventing them because that would be impossible.
Wow, really? Would you also punish people, whos cars got stolen, for the things a thief does with it..eg killing someone? The difference here is, that a gun is always intended to kill (people) and therefore is only made for a bad purpose. Now if computers get hacked / cars get stolen they are misused for purposes they are not intended for. So thats not a valid analogy..
Passing laws is "easy". Enforcing them is the difficult part.
Actually I know many political individuals who would argue that guns have more purposes beyond killing people, how about injuring people for self defense? Or hunting?
http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks
Cloudflare just took 400Gps
Uhm no, they are meant to kill people, it's that simple.
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
One way you can ddos is to install a basic template to a vps, then let it sit online for a while. No work necessary.
Change your root password to 'root' and wait approximately 10 minutes.
Bonus points if you're using a SingleHOP or IBM IP address, as these are "tried" far more often that the IP addresses of ColoCrossing, Level3, etcetera.
Further bonus points if you change your root password to '' and edit your
/etc/ssh/sshd_configfile and allowEmptyPassword Yes. Note:passwdis smart enough to not let you set a blank password, you're going to have to do this one manually.Ya, I accidentally did that to poor nick at ramnode. A rebuild was going slower than usual that day and I got distracted and left it for a day or two. They sure work fast.
I actually was testing this. 1234 was hacked the fastest.
It pains me to know the bots even try that.
Really? I installed 100 OpenVZ containers (each with 100B/s network constraints, to prevent any funny business) with various faked OpenSSH versions spat out, and tailed all the secure logs/pam logs for password attempts (with cleartext workaround to watch the attempts).
root/rootandadmin/password123were the most tried combinations (yes, "admin" was tested very heavily over SFTP for some reason.)On FTP the most attempted was
root/rosebud... people have been watching too many movies.Haha.
Anyway, in my (much smaller) testbed, the most used were root/1234 root/12345 root/password