[Dshield] monkeys.com UPL being DDOSed to death
webmaster at erthdra.com
Wed Sep 24 16:30:19 GMT 2003
I would certainly be willing to help too.
I have a small network with a 3 meg connection (http,smtp,dns etc)
From: Brenden Walker [mailto:BKWalker at drbsystems.com]
Sent: Wednesday, September 24, 2003 11:44 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] monkeys.com UPL being DDOSed to death
Same here, I'm just a small time Linux server admin (web, ftp, internal
pop/imap..etc) behing a cable modem.. But perhaps I could provide some level
of service for this.
> -----Original Message-----
> From: DAN MORRILL [mailto:dan_20407 at msn.com]
> Sent: Wednesday, September 24, 2003 11:07 AM
> To: list at dshield.org
> Subject: Re: [Dshield] monkeys.com UPL being DDOSed to death
> I would happily give up some of the horse power I have to do
> a good thing
> for the community. Since I already have done this, especially on a
> distributed IDS net using DSL Customers and Broadband
> customers, I could
> mirror anything.
> The only problem I would have, is if I go down due to a DDOS,
> then I have an
> issue. Or the other issue would be will it violate my terms
> of service from
> Qwest? I'll check. If it will help, and will work, then I am there.
> Dan Morrill
> CTO Oak Tree Infosec
> >From: Al Reust <areust at comcast.net>
> >Reply-To: General DShield Discussion List <list at dshield.org>
> >To: General DShield Discussion List <list at dshield.org>
> >Subject: Re: [Dshield] monkeys.com UPL being DDOSed to death
> >Date: Tue, 23 Sep 2003 22:39:34 -0700
> >Hello All
> >It has been a Long Computing week, is it Friday yet? I am going to
> >out some things that are food for thought. It may be a bit
> >please take the time to read and then think about how it can
> be done!
> >Please do not let Blockers stand in the way they just need to be
> >identified. We all know that "you/we" find a way to get
> around them anyway.
> >Maybe I am a rabble rouser, but if there were more
> distributed servers
> >that would mean more "particular" networks would be under
> distress not a
> >single one. This would also mean that more "providers" would
> be under the
> >gun to stop the attacks. Meaning various NOC's would shut
> down the threat,
> >as quickly as possible. More "Big Money" would put pressure where it
> >Simple, More Big Voices equal More Power.
> >So if the distributions were based in as many networks as
> possible with
> >minimum level of hardware and communications. It could work.
> Win 2K was
> >designed to communicate directory changes across a 33.6K
> modem connection.
> >It only propagates changes.
> >Other things that would be necessary would be a common list of NOC
> >points and who to call/email. This also could be
> coordinated. While it
> >might not totally make the attack useless, it would
> distribute it across
> >many networks and still be able to maintain some functionality.
> >A fairly Solid Win2K box would do and then import the DNS
> files.. Then
> >setup a transfer of the database and then bring it live,
> most could be
> >scripted. Yes I know that there are a lot of Unix people ( I
> have been
> >forced to live in the Wn32 world for the last 4 years) and
> that can also be
> >scripted. The big idea and the hard part would be the load
> >Imagine a 1,000 plus machines on something as simple as a Broadband
> >connection. Incoming is More open, it is then distributed
> "locally" that
> >means less requests getting into the larger network. To an
> extent that was
> >the purpose of BGP4. At a point in time (ideal) larger
> networks could host
> >it at the routing point which means they offload more
> traffic for better
> >utilization of their resources. It makes Sense but takes
> time to mechanize.
> >So someone smaller starting it, so they can easily make the
> transition as
> >it makes more sense.
> >So if Seti can do it "distributed computing" then there are ways to
> >this work. Then, Proof that email marketers are the cause
> would open new
> >verifiable News Stories..
> >Some us of that could meet the hardware level, network
> connectivity and
> >Software requirements; would volunteer for a period of time.
> Depending on
> >the income to support basic costs other would be in for the
> long haul.
> >So while this looks Grim, planning to insure that a single
> attack can
> >disrupt this kind of service becomes more important.
> >The other side benefit would be that "we" know thousands of
> home users
> >computers are used for this type of attack. The more that
> can be identified
> >and taken off the network the overall health of the network
> improves. Yes
> >we know that ISP's would prefer to ignore a single box that is under
> >"Black" control. Knock it Offline and the problem is solved
> until next
> >time. It all comes back to education and training. During
> the MSBlaster
> >Series I talked with 4 people that thought the McAffee 4.x
> Cd protected
> >their computer.. When I pointed out that McAffee (and
> Symantec, et al) no
> >longer support those older versions and You have to Upgrade.
> >some of those "people" that paid money to some computer
> repair shop to put
> >the basic OS back and then not patch it. The Users does not
> >they paid money to fix a problem (or thought the problem was
> fixed). They
> >are now open candidates for the next round.. So the first
> step in education
> >is telling all those that ask a you question about their
> home machines.
> >Take time to inform them, and they then tell their friends.
> If a Web page
> >explains in simple terms then they can send the link to
> friends. It then
> >becomes People helping People.. Word of Mouth advertising.
> >Yes I also know a lot of System Administrators that think it is not a
> >Problem until it happens to them. I also know they do not
> have time or
> >resources to test what they should be updating. yes this a
> Large Problem
> >If someone has time to create the web pages to explain this, I will
> >advertise them on My web site, send them to 7 Security
> Managers, 5 CIO's,
> >several Security Engineers, several System Administrators
> and a couple of
> >contacts in Microsoft/Dell Fed Sector, last but not least 59
> >users to start spreading the information. I will even Mirror
> with proper
> >credits the originals. As this is started I am sure that
> many others (that
> >You also) can touch hundreds of people. Those Hundreds touch
> thousands. All
> >that is needed is one person, to write information in a form
> that a User
> >can understand. Then this August Group support it. I know
> that we all can
> >touch several thousand(s) Internet Users. End of Statement!
> How many people
> >can they Touch?
> >Yes we have been at the "disadvantage," it is now time to
> start turning
> >tables. It should be based on common sen$e.
> >Scrap as I put the soap box away.
> >At 06:41 PM 9/23/2003 -0400, you wrote:
> >>John Hardin wrote:
> >> >
> >> > On Tue, 2003-09-23 at 13:48, Jon R. Kibler wrote:
> >> > > Greetings to all:
> >> > >
> >> > > I have some really sad news. I just got off the telephone with
> >> > > Ron Guilmette who runs the monkeys.com Unsecured Proxies List
> >> > > DNSBL. I hate to say it, but monkeys.com has been
> killed. It has
> >> > > been DDOSed
> >> > > death.
> >> > >
> >> > > This makes two DNSBLs that have been DDOSed to death recently.
> >> > > Which one is next? NJABL? ORDB?
> >> >
> >> > There has to be a way to eliminate the single-point-of-failure
> >> > here.
> >> >
> >> > What if the community sets up a distributed DNS net to serve the
> >> > DNSRBL data? The root server could distribute updates only to
> >> > secondaries that have registered. If there were several hundred
> >> > secondaries then the
> >> > would be harder to kill.
> >> >
> >> > How many DNS secondaries can one zone be served by?
> >> >
> >> > I know there are commercial services that provide this. How
> >> > difficult would it be to set up and manage by a community?
> >>I talked to Ron about this type of an idea. The problem is
> not so much
> >>single point of failure as it is the massiveness of the
> attack. If you
> >>have several thousand attackers against one database,
> having 40 replicates
> >>would not do much to thwart an attack of that scale.
> >>There are also the problems of distributing the reporting
> and testing,
> >>keeping all of that coordinated and in sync.
> >>I am not saying it can't be done... in fact, I would like
> to see it be
> >>done... the only question is how to do it in a reasonable
> manner, pay for
> >>it, etc.
> >>Jon Kibler
> >>Filtered by: TRUSTEM.COM's Email Filtering Service
> >>http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
> >>list mailing list
> >>list at dshield.org
> >>To change your subscription options (or unsubscribe), see:
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> Share your photos without swamping your Inbox. Get Hotmail
> Extra Storage
> today! http://join.msn.com/?PAGE=features/es
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list