Welcome to WebmasterWorld Guest from 54.161.255.61

Forum Moderators: incrediBILL & lawman

DDOS attack on internet root server system

It happened!

   
9:54 am on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member heini is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Washington Post [washingtonpost.com]

"This was the largest and most complex DDOS attack ever against the root server system", happening 5:00 p.m. EDT on Monday

Too much speculation on the who and how, possible consequences etc. at this point.
Investigations have started.

10:01 am on Oct 23, 2002 (gmt 0)
10:22 am on Oct 23, 2002 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



sounds like a warning!
10:24 am on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Its been in the pipeline for along time, ever since the cult of the dead cow group claimed that they could bring the Internet to its knees with a DDOS against all of the NAP's (Network Access Points) through out America.
2:40 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Yikes!

What can you do?

Turn off your Inet workstation when you're not using it. If you leave an unprotected workstation up and running and connected, your machine can be used in one of these attacks. Shut it off when it's not in use. This is primarily an issue with Windows based machines though Linux and MAC aren't totally invulnerable either.

2:47 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It can be done with out your knowledge when you are sitting at your work station happily replying to another false google update thread :)

Windows is an easy target, but dont be fooled as all operating systems are targets if they are connected to the net!

2:49 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



From the articel creative craig pointed to in The Register:

The attack is believed to have been an ICMP (Internet Control Message Protocol) ping flood,

Uhhh... Are the admins complete #@!$%@#$% @#$%! What the !@#$@#$ they !@#$@# thought when they set the @#$@#$ firewalls up?! For G-d's sake, the default setting of most decent firewalls is just to drop pings.

You know what?! They DESERVED it. I cannot STAND listening to "security experts" moaning and groaning about how these bad, bad, nasty hackers attack them. That they don't play nice and hurt their feelings... GET A LIFE! FIX YOUR FIREWALL RULES! Dorks.

Ok, off my soap box. I am having a bad day - client calls "network is completely down" - turns out his monitor was off.

2:54 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think that the firewalls for root servers that look after the DNS side of things wouldnt be set to default. But hey you never know :)
3:20 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Dropping certain packets still requires CPU time just for detecting their type. Given enough volume, that alone may overload a firewall, and the routers in front of the firewall need to process those packets as well.
3:26 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I would hope they have more then one router for root servers which can also be set to drop ICMP, and that they are not using default settings on firewalls or routers. Obviously not since they messed it up... ;)
3:40 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Obviously not since they messed it up...

Tapolyai, did you actually read the article referenced at the top of this thread?

...Despite the scale of the attack, which lasted about an hour, Internet users worldwide were largely unaffected,...

Just because a DDOS attack happened and was reported to the press doesn't necessarily mean that the administrators of the attacked systems messed anything up.

3:46 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Wasnt the English ISP Cloud 9 attacked internaly, they were having a few problems with DDOS but were gettting on top of things, when their own web server joined the attack and killed off a few of their own systmes.

They went bust cause of it, as the cost of upgrading and repairing their network came to more than they were worth.

4:47 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



client calls "network is completely down" - turns out his monitor was off.

ROFL! So I'm not the only one this happens to!

4:48 pm on Oct 23, 2002 (gmt 0)

10+ Year Member



I believe this is a never-ending story...
But how would you know if your server was part of the attack?
4:56 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It would be best to use characterisatoin software that would tell you if there were any differences in any systems or log files, do a search on everyones favorite and you will come up with some good results.

Have a look around the CERT web site for some good tips as well.

Craig

8:05 pm on Oct 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



bird, appreciate the reminder to read articles before discussing them. Surprisingly I did read the article, although didn't have to because I was impacted.

Here is an even better quote from Internetnews.com, (an other article I did not read :o :)):

Attacks orchestrated with this kind of complexity and power generally can't be executed by your run-of-the-mill "Script kid." It would take a lot of firepower, to amass the servers capable of that kind of bandwidth," said a freelance security consultant, who declined to be named.

[internetnews.com...]

Let me see... Write ICQ script, trigger ICQ client, or Hack KaZaa, Gator, etc. to ping instead of sending private info... Or, load VBX from web site , that does the same, or send e-mail with nice attachement, etc. ad infinitum....

This is the type of "experts" I am nuts about. It's like me trying to tell the rest of you how to do SEO! :) Just because they call themselves experts that does not make them one...

(Ehh, forget it. It's a loosing battle to actually value people's real abilities, it is much more important now what "appears to be" the value...

7:16 pm on Oct 24, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



A follow up article for 2002.10.23

[internetnews.com...]

 

Featured Threads

Hot Threads This Week

Hot Threads This Month