monkeys.dom UPL being DDOSed to death

• Previous message (by thread): monkeys.dom UPL being DDOSed to death
• Next message (by thread): monkeys.dom UPL being DDOSed to death
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe St Sauver wrote:
> Note that not all DNSBLs are being effectively hit. DNSBLs which run with
> publicly available zone files are too distributed to be easily taken down,
> particularly if periodic deltas are distributed via cryptographically 
> signed Usenet messages (or other "push" channels). You can immunize DNSBLs
> from attack, *provided* that you're willing to publicly distribute the 
> contents of those DNSBLs. 

Actually, SBL has had a lot of issues. The issue isn't always with the 
dns zones. It is true that one can distribute the zones to make dDOS 
more difficult; although not impossible. However, in the case of SBL, 
they have had issues with the web servers being dDOS'd. The ability to 
lookup why a host is blacklisted, and in the case of relay/proxy lists 
to request removal, is also important.

There are still a lot of blacklists out there; njabl, ordb, dsbl, 
reynolds, sbl, and spews (in a round about sort of way). Yet what 
happens when  a business desides to destroy his competitor's website? 
What happens when someone decides they don't like magazine X or vendor X 
and attacks their web farms? Shall the Internet be called akamai? Don't 
get me wrong. It's a good service, but not invulnerable. 
windowsupdate.com can still be brought to it's knees if the attacker is 
persistant enough.

Of course, when big money businesses are involved, things get done. Yet 
what about the smaller business or the charity? What about critical 
infrastructure? Does anyone claim that MAE East and West couldn't be 
made inoperational by dDOS? How does that shift the network and peering? 
What are the ramifications?

Of the various RPC worms, spybot is the most malicious in intent. Yet 
what if parts of Swen/Gibe/Sobig.F were incorporated into blaster. 
Process terminations to make repair difficult and to open the computer 
to other viruses and vulnerabilites. Installed proxy servers and bots. 
Keyloggers. Now collect your information, gather your bots, and watch a 
single phrase create destruction.

Things have not improved over the last year. They have gotten worse. The 
Internet is more malicious than ever. It is quickly becoming the Inner 
City Projects of communication. Greed and hatred created some of the 
worst neighborhoods in the world. The same concept will apply to 
network. If action isn't taken, it will get worse. More money will be 
lost over the coming years. Many people will be hurt. Communication will 
be impaired.

Question: Why is it not illegal for an ISP to allow a known vulnerable 
host to stay connected and not even bother contacting the owner? There 
are civil remedies that can be sought but no criminal. Bear in mind, 
these "vulnerable" hosts are usually in the process of performing 
malicious activity when they are reported.

Ron has reported many of the IP addresses that dDOS'd monkeys.com. Under 
the same token, Ron has also reported to many ISP's about spammers which 
have abused servers under his control, scanning and utilizing open 
proxies; which is theft of resources. Why is nothing done about these 
people? Why is the ISP not held liable for allowing the person to 
continue in such malicious activity?


-Jack

• Previous message (by thread): monkeys.dom UPL being DDOSed to death
• Next message (by thread): monkeys.dom UPL being DDOSed to death
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]