[Dshield] monkeys.com UPL being DDOSed to death
dan_20407 at msn.com
Wed Sep 24 15:06:40 GMT 2003
I would happily give up some of the horse power I have to do a good thing
for the community. Since I already have done this, especially on a
distributed IDS net using DSL Customers and Broadband customers, I could
The only problem I would have, is if I go down due to a DDOS, then I have an
issue. Or the other issue would be will it violate my terms of service from
Qwest? I'll check. If it will help, and will work, then I am there.
CTO Oak Tree Infosec
>From: Al Reust <areust at comcast.net>
>Reply-To: General DShield Discussion List <list at dshield.org>
>To: General DShield Discussion List <list at dshield.org>
>Subject: Re: [Dshield] monkeys.com UPL being DDOSed to death
>Date: Tue, 23 Sep 2003 22:39:34 -0700
>It has been a Long Computing week, is it Friday yet? I am going to point
>out some things that are food for thought. It may be a bit disjointed,
>please take the time to read and then think about how it can be done!
>Please do not let Blockers stand in the way they just need to be
>identified. We all know that "you/we" find a way to get around them anyway.
>Maybe I am a rabble rouser, but if there were more distributed servers then
>that would mean more "particular" networks would be under distress not a
>single one. This would also mean that more "providers" would be under the
>gun to stop the attacks. Meaning various NOC's would shut down the threat,
>as quickly as possible. More "Big Money" would put pressure where it
>Simple, More Big Voices equal More Power.
>So if the distributions were based in as many networks as possible with a
>minimum level of hardware and communications. It could work. Win 2K was
>designed to communicate directory changes across a 33.6K modem connection.
>It only propagates changes.
>Other things that would be necessary would be a common list of NOC access
>points and who to call/email. This also could be coordinated. While it
>might not totally make the attack useless, it would distribute it across
>many networks and still be able to maintain some functionality.
>A fairly Solid Win2K box would do and then import the DNS files.. Then
>setup a transfer of the database and then bring it live, most could be
>scripted. Yes I know that there are a lot of Unix people ( I have been
>forced to live in the Wn32 world for the last 4 years) and that can also be
>scripted. The big idea and the hard part would be the load balancing.
>Imagine a 1,000 plus machines on something as simple as a Broadband
>connection. Incoming is More open, it is then distributed "locally" that
>means less requests getting into the larger network. To an extent that was
>the purpose of BGP4. At a point in time (ideal) larger networks could host
>it at the routing point which means they offload more traffic for better
>utilization of their resources. It makes Sense but takes time to mechanize.
>So someone smaller starting it, so they can easily make the transition as
>it makes more sense.
>So if Seti can do it "distributed computing" then there are ways to make
>this work. Then, Proof that email marketers are the cause would open new
>verifiable News Stories..
>Some us of that could meet the hardware level, network connectivity and
>Software requirements; would volunteer for a period of time. Depending on
>the income to support basic costs other would be in for the long haul.
>So while this looks Grim, planning to insure that a single attack can not
>disrupt this kind of service becomes more important.
>The other side benefit would be that "we" know thousands of home users
>computers are used for this type of attack. The more that can be identified
>and taken off the network the overall health of the network improves. Yes
>we know that ISP's would prefer to ignore a single box that is under
>"Black" control. Knock it Offline and the problem is solved until next
>time. It all comes back to education and training. During the MSBlaster
>Series I talked with 4 people that thought the McAffee 4.x Cd protected
>their computer.. When I pointed out that McAffee (and Symantec, et al) no
>longer support those older versions and You have to Upgrade. Realistically
>some of those "people" that paid money to some computer repair shop to put
>the basic OS back and then not patch it. The Users does not understand,
>they paid money to fix a problem (or thought the problem was fixed). They
>are now open candidates for the next round.. So the first step in education
>is telling all those that ask a you question about their home machines.
>Take time to inform them, and they then tell their friends. If a Web page
>explains in simple terms then they can send the link to friends. It then
>becomes People helping People.. Word of Mouth advertising.
>Yes I also know a lot of System Administrators that think it is not a
>Problem until it happens to them. I also know they do not have time or
>resources to test what they should be updating. yes this a Large Problem
>If someone has time to create the web pages to explain this, I will
>advertise them on My web site, send them to 7 Security Managers, 5 CIO's,
>several Security Engineers, several System Administrators and a couple of
>contacts in Microsoft/Dell Fed Sector, last but not least 59 independent
>users to start spreading the information. I will even Mirror with proper
>credits the originals. As this is started I am sure that many others (that
>You also) can touch hundreds of people. Those Hundreds touch thousands. All
>that is needed is one person, to write information in a form that a User
>can understand. Then this August Group support it. I know that we all can
>touch several thousand(s) Internet Users. End of Statement! How many people
>can they Touch?
>Yes we have been at the "disadvantage," it is now time to start turning the
>tables. It should be based on common sen$e.
>Scrap as I put the soap box away.
>At 06:41 PM 9/23/2003 -0400, you wrote:
>>John Hardin wrote:
>> > On Tue, 2003-09-23 at 13:48, Jon R. Kibler wrote:
>> > > Greetings to all:
>> > >
>> > > I have some really sad news. I just got off the telephone with Ron
>> > > Guilmette who runs the monkeys.com Unsecured Proxies List DNSBL. I
>> > > hate to say it, but monkeys.com has been killed. It has been DDOSed
>> > > death.
>> > >
>> > > This makes two DNSBLs that have been DDOSed to death recently. Which
>> > > one is next? NJABL? ORDB?
>> > There has to be a way to eliminate the single-point-of-failure here.
>> > What if the community sets up a distributed DNS net to serve the DNSRBL
>> > data? The root server could distribute updates only to secondaries that
>> > have registered. If there were several hundred secondaries then the
>> > would be harder to kill.
>> > How many DNS secondaries can one zone be served by?
>> > I know there are commercial services that provide this. How difficult
>> > would it be to set up and manage by a community?
>>I talked to Ron about this type of an idea. The problem is not so much a
>>single point of failure as it is the massiveness of the attack. If you
>>have several thousand attackers against one database, having 40 replicates
>>would not do much to thwart an attack of that scale.
>>There are also the problems of distributing the reporting and testing, and
>>keeping all of that coordinated and in sync.
>>I am not saying it can't be done... in fact, I would like to see it be
>>done... the only question is how to do it in a reasonable manner, pay for
>>Filtered by: TRUSTEM.COM's Email Filtering Service
>>No Spam. No Viruses. Just Good Clean Email.
>>list mailing list
>>list at dshield.org
>>To change your subscription options (or unsubscribe), see:
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
Share your photos without swamping your Inbox. Get Hotmail Extra Storage
More information about the list