NEO_PhyteWe need shirtgons!Join Date: 2003-12-16Member: 24453Members, Constellation
<!--QuoteBegin-dr.d+Aug 2 2004, 02:00 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (dr.d @ Aug 2 2004, 02:00 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Did I have to add that Midgits crawl out of your CD rom drive to have it register as a joke? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> yes
The point is it doesn't matter WHAT OS your are running in a DOS attack.
The weakness isn't that your server is compromised. The weakness is that there are so many requests coming in that legitimate traffic can't get in.
Adding an extra D to that (DDOS) means it's a distributed attack--coming from subverted machines all over the internet. No single place you can just block.
It's very similar to what happens when a server is "slashdotted" except that it's targetted, purposeful, malicious, and usually much worse then just being "slashdotted". (Replace "slashdotted" with "farked" if that means more to you.)
A packet header contains the sender's IP address. A ping request returns a packet to the sender's IP address provided in the incoming packet header. Some computer networks have a "broadcast IP". When you send anything to this IP it's sent to all computers on the network.
DDOS attack consists of sending many ping requests to such a broadcast IP. THe packets being sent have your victim's IP address in the sender's address field. Thy're falsified. As a result, the victim recieves a lot of ping answers from all the computers on a network. At some point, the server can't handle all the data and it crashes.
Meh the people who did it probably don't even know that they are doing it. Hackers infect those people with viruses that can do their dirty work. Then they rent the "botnet" to anyone who wants to attack a server. Or in cases like this, looks like they are using it for their own purposes. Unless those kids who whine at the Steam forums are capable of paying a botnet to do a DOS on Steam.
<!--emo&:0--><img src='http://www.unknownworlds.com/forums/html//emoticons/wow.gif' border='0' style='vertical-align:middle' alt='wow.gif' /><!--endemo--> I find this kind of intresting but I guess it's all over n done with now,I was playing ns_delta lastnight.After I was done it must have been maybe afew minutes,
I connected to GameSurge,then joined #naturalselection and I see alot of peeps saying that STEAM was getting owned through a DoS n DDOS etc.
To make sure this was true n to findout for myself I tried connecting to steam which I was just on lastnight,it said it was updating then tried connecting to my account then said it couldn't connect to the steam network.
Maybe Valve,STEAM should consider getting or make some kind of "Ricochet" Program where if and when attackers are attacking steam whatever it bounces back to the attackers computer and crashes them instead of steam lol.
These kind of people hackers whatever else ya may wanna call them they need to be hungup by their <censored> and then <bleep> and then castrated and then <bleep> lol.
<!--QuoteBegin-Firedragon+Aug 2 2004, 11:19 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Firedragon @ Aug 2 2004, 11:19 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Maybe Valve,STEAM should consider getting or make some kind of "Ricochet" Program where if and when attackers are attacking steam whatever it bounces back to the attackers computer and crashes them instead of steam lol. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> They can't. They don't have the IP address of the true attacker, but they have the IPs of the computers the "hackers" use to do the DDOS attack. The people who send the packets are innocent, they're used by the "hacker" to attack the target.
<!--QuoteBegin-dr.d+Aug 2 2004, 02:40 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (dr.d @ Aug 2 2004, 02:40 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> That comming from someone with 6 posts and a day old reg date....bravo. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Thank you for providing supporting evidence for my statement.
Wasn't that mentioned on the second reply <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->
<!--QuoteBegin-dr.d+Aug 2 2004, 02:29 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (dr.d @ Aug 2 2004, 02:29 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-Ahnteis+Aug 2 2004, 01:42 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Ahnteis @ Aug 2 2004, 01:42 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-g0t.w00t?+Aug 2 2004, 08:11 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (g0t.w00t? @ Aug 2 2004, 08:11 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> haha, maybe they should run the servers on Linux, then these lamer script kiddies wont be able to do jack
EDIT: unless they ARE running Linux, then im just an idiot <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo--> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Do you even know what a DOS attack is?! <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Its when hackers root into your Windows and change the auto.exe and make you download viruses that delete your hardrives and install sub sevens in your DOS drive and make it impossible to install any Windows products except for ME. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> omg rofl
Denial of Service: Someone tries flooding a target (by themselves) with worthless packets so that it's overloaded. You can DoS a friend of yours off a game of NS by yourself if your connection is pretty good...most people don't bother with a regular DoS.
Distributed Denial of Service: A h4x0r or whatever you want to call him infects a lot (perhaps hundreds) of computers so that he can direct them to flood a target at the same time. This is obviously MUCH more effective than a standard DoS and a little harder to do, it's usually used to attack large servers such as Steam or webservers.
Distributed Reflection Denial of Service: A person manufactures packets with a fake source IP to random IP addresses which results in a response to the fake IP. You're still using potentially hundreds of machines but you're abusing their normal behavior to spam someone.
Most people who try this stuff usually make programs to do this...I don't think ANYONE uses ping to attack someone unless they don't have anything better. When you ping someone it waits for a response before sending another one.
<!--QuoteBegin-Alkiller+Aug 2 2004, 09:51 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Alkiller @ Aug 2 2004, 09:51 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-Sizer+Aug 2 2004, 03:35 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Sizer @ Aug 2 2004, 03:35 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Maybe Valve is ddosing their own servers to excuse another possible HL2 delay? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> oh noes!1 h4x0r 0n t3h y0ur pC? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> I have seen that sig before.. have you used any other nicks before this one? If so, PM me them. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
I doubt it has to do with quantity of packets but more frequency of connections.
I can't remember the exact numbers so you'll have to correct me there. TCP can only make so many sockets and after a connection is closed it goes into a sort of wait mode where a connection cannot be made to that socket for I think 2 minutes. This is to ensure that any packets still lingering in the network make their way to the destination. So a dos attack only has to connect to the appropriate port enough times every 2 minutes and all the sockets remain in this end mode. So a dos attack most likely just exploits the specification of the TCP protocol
Actually, a DoS attack doesn't involve 'connections' at all. In general a computer/many computers send as many maximum sized packets with useless information to a target and because the target is busy dealing with these packets any kind of legitimate traffic is unable to get through. For example, if a bunch of people are trying to view a page like Yahoo the browser is requesting the main page and then the Yahoo server needs to process this request and send the html file with all the images. If Yahoo wasn't such a big name and they didn't have enough money for good servers a queue would start to form where thousands of people would wait for their request to be processed.
The packets exchanged in viewing a website aren't very large so if hundreds of machines are sending useless max. size packets Yahoo would be bogged down because it would be taking time to process those requests instead of real ones. Optionally the SYN packets being sent could have a fake source IP so that when the target responds with a SYN/ACK packet (as part of the 3-way handshake) it will timeout and then resend the packet because there will be no response from the fake IP. I'm not sure if thats what you meant by your post.
Comments
yes
The weakness isn't that your server is compromised. The weakness is that there are so many requests coming in that legitimate traffic can't get in.
Adding an extra D to that (DDOS) means it's a distributed attack--coming from subverted machines all over the internet. No single place you can just block.
It's very similar to what happens when a server is "slashdotted" except that it's targetted, purposeful, malicious, and usually much worse then just being "slashdotted". (Replace "slashdotted" with "farked" if that means more to you.)
Some computer networks have a "broadcast IP". When you send anything to this IP it's sent to all computers on the network.
DDOS attack consists of sending many ping requests to such a broadcast IP. THe packets being sent have your victim's IP address in the sender's address field. Thy're falsified.
As a result, the victim recieves a lot of ping answers from all the computers on a network. At some point, the server can't handle all the data and it crashes.
I connected to GameSurge,then joined #naturalselection and I see alot of peeps saying that STEAM was getting owned through a DoS n DDOS etc.
To make sure this was true n to findout for myself I tried connecting to steam which I was just on lastnight,it said it was updating then tried connecting to my account then said it couldn't connect to the steam network.
Maybe Valve,STEAM should consider getting or make some kind of "Ricochet" Program where if and when attackers are attacking steam whatever it bounces back to the attackers computer and crashes them instead of steam lol.
These kind of people hackers whatever else ya may wanna call them they need to be hungup by their <censored> and then <bleep> and then castrated and then <bleep> lol.
They can't. They don't have the IP address of the true attacker, but they have the IPs of the computers the "hackers" use to do the DDOS attack.
The people who send the packets are innocent, they're used by the "hacker" to attack the target.
Thank you for providing supporting evidence for my statement.
No?
Odd.
EDIT: unless they ARE running Linux, then im just an idiot <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo--> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Do you even know what a DOS attack is?! <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Its when hackers root into your Windows and change the auto.exe and make you download viruses that delete your hardrives and install sub sevens in your DOS drive and make it impossible to install any Windows products except for ME. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
omg rofl
Denial of Service: Someone tries flooding a target (by themselves) with worthless packets so that it's overloaded. You can DoS a friend of yours off a game of NS by yourself if your connection is pretty good...most people don't bother with a regular DoS.
Distributed Denial of Service: A h4x0r or whatever you want to call him infects a lot (perhaps hundreds) of computers so that he can direct them to flood a target at the same time. This is obviously MUCH more effective than a standard DoS and a little harder to do, it's usually used to attack large servers such as Steam or webservers.
Distributed Reflection Denial of Service: A person manufactures packets with a fake source IP to random IP addresses which results in a response to the fake IP. You're still using potentially hundreds of machines but you're abusing their normal behavior to spam someone.
Most people who try this stuff usually make programs to do this...I don't think ANYONE uses ping to attack someone unless they don't have anything better. When you ping someone it waits for a response before sending another one.
oh noes!1 h4x0r 0n t3h y0ur pC? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
I have seen that sig before.. have you used any other nicks before this one? If so, PM me them. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
...once again people hate VALVe for the release date stuff. I swear, every single one of you must have not been in the gaming community very long.
...as for the attacks, I'm kind of sad that someone would do this just because they couldn't use that worthless wreck of WON.
...and to Mr. 6 posts ignorance guy, hang around OT quite a bit longer and you'll note the best.
I can't remember the exact numbers so you'll have to correct me there. TCP can only make so many sockets and after a connection is closed it goes into a sort of wait mode where a connection cannot be made to that socket for I think 2 minutes. This is to ensure that any packets still lingering in the network make their way to the destination. So a dos attack only has to connect to the appropriate port enough times every 2 minutes and all the sockets remain in this end mode. So a dos attack most likely just exploits the specification of the TCP protocol
The packets exchanged in viewing a website aren't very large so if hundreds of machines are sending useless max. size packets Yahoo would be bogged down because it would be taking time to process those requests instead of real ones. Optionally the SYN packets being sent could have a fake source IP so that when the target responds with a SYN/ACK packet (as part of the 3-way handshake) it will timeout and then resend the packet because there will be no response from the fake IP. I'm not sure if thats what you meant by your post.