quote from hackers

We just wiped out the login server for Eve Online, and it accidentally took their website out at the same time
http://twitter.com/#!/LulzSec/statuses/80681360292978688 (http://twitter.com/#%21/LulzSec/statuses/80681360292978688)

Re-read the thing Mesar, then edit your post. Not hacked, DDoS'd. "Wiped out", "Took out", "Took offline due to hammering the srver so traffic can't get in.out from it"... That's what they meant. CCP paniced after they saw the tweet from lulzsec and took everything else offline as a precaution.


LulzSec The Lulz Boat
Silly Eve have taken their entire network offline after our very simple DDoS attack. Oh well, another day, another lulz!

the thread title is more understandable for thoose who don't know what a ddos is, changed it for you.

I don't understand why CCP doesn't use a firewall with high bandwidth connections to drop packets from abusive hosts and allow regular requests through to the service being DDOS'd via reverse proxy. Its not that hard.

Honestly its not funny, its not for the "lulz", its jsut so tehy can say "umad", the most hated game phrase ever.

Been done for what, 5 hours by now???

Re-read the thing Mesar, then edit your post. Not hacked, DDoS'd. "Wiped out", "Took out", "Took offline due to hammering the srver so traffic can't get in.out from it"... That's what they meant. CCP paniced after they saw the tweet from lulzsec and took everything else offline as a precaution.

Any more phrases to add? I think he got the point.

Pretty neat actually, maybe there's some extra bandwidth, hard feelings and ego left over from the last banwave to come?

I don't understand why CCP doesn't use a firewall with high bandwidth connections to drop packets from abusive hosts and allow regular requests through to the service being DDOS'd via reverse proxy. Its not that hard.

This was a DDoS of such a huge size, that even the INet backbones were feeling it. And if the INet backbones were having a hard time, then there's nothing CCP would have done. I am sure CCP has routers in place that drop random data, but when you have so much coming in at once, nothing else can get through, even if it is blocked.

Think of LA Traffic on the express ways at rush hour. they are so flooded with traffic, that if only ONE person in that huge line of traffic, was trying to get to one place, they would still be held up by everyone else. Same thing
with internet traffic.

Yeah, they should try hitting the backbone. That would be some challenge. It would cause chaos, but that would be awesome lulz !
I dont really know what LulzSec were trying .... Nagging at 4chan after ... I really dunno. I would of thought they would target stuff like Paypal, .gov's etc ... to get the support from /b/, but no ...

apparently they infected a load of 4chan users and used their comps to do the ddos, looks like they are going to lose any friends they had very quickly

Yeah, they should try hitting the backbone. That would be some challenge. It would cause chaos, but that would be awesome lulz

No, not a challenge anymore. with the increase in internet pipe speed to the home, and with those home's being infected with a hidden botnet, taking down a backbone is quite simple.

It used to be a challenge, but not impossible, say 11 years ago, but I knew, back then, quite a few that had pulled it off (including a 10min DDos to my ISP's backbone to prove it)
But with as easy as it is for them to infect systems now... its as simple as "attack IP.AD.DY.HERE" and boom, it goes offline.

Its kinda sad really, I remember the hacker groups of old... they had true skill... but most of the newer ones have little in terms of skill, because they use Publicly available exploits. They know WHAT the term "Buffer Overflow" is, but have not, and never will, find one on their own.

@tehgeek

I would disagree about the overflows. Most of botnets around exploit the wetware ;). 0-days in windows or other common software are _expensive_.

Yeah, but if they try hitting the backbone, the FBI will probly be knocking at their door withing hours/day.

And im really not sure about /b/. Thats what Lulzsec say : We infected /b/ but thats crap. I go onto /b/ sometimes, and I believe most people on /b/ are pretty good computer wise, and most probs arent even on Windows.

Really, it is Microsoft's fault for providing such crappy OS's ... They should get sued for allowing botnets to be created ... :D

Really, it is Microsoft's fault for providing such crappy OS's ... They should get sued for allowing botnets to be created ... :D

Yeah right, that would be like me winning a lawsuit against ford because a guy was drinking and driving in a ford explorer and and killed someone i knew.

@tehgeek

I would disagree about the overflows. Most of botnets around exploit the wetware ;). 0-days in windows or other common software are _expensive_.

All I am saying, is that its easy to get the software needed, made by someone else, to allow you to hack into these systems.
"Script Kiddie" as I like to call them.


Yeah, but if they try hitting the backbone, the FBI will probly be knocking at their door withing hours/day.

you are forgetting something, by attacking CCP with as much as they did, they interrupted a few backbones, that alone gets the FBI's Attention. However, with most DDoS attacks, finding the source of the attack is a PITA.

apparently they infected a load of 4chan users and used their comps to do the ddos, looks like they are going to lose any friends they had very quickly

They arent looking for friends and this is one of the major reasons why I don't go to 4chan

Looks like the second coming was commencing again

Oh man, again? This is getting annoying, right in the middle of a mish.

yep, here we go again... freakin kids.



@LulzSec The Lulz Boat
Eve server status: eve-offline.net Uh-oh Tranquility!
4 minutes ago via web

fcking @holes....was in middle of vanguard sansha...vindicator pilot is proly breaking all his stuff in house x)
guess that ship has gone poof by now :'(

Yeah, but if they try hitting the backbone, the FBI will probly be knocking at their door withing hours/day.


What backbone are you talking about? Root DNS servers? Very limited impact. One of thousands of NAPs? Please. BGP adverts? For that they would actually need to hack something.

What backbone are you talking about? Root DNS servers? Very limited impact. One of thousands of NAPs? Please. BGP adverts? For that they would actually need to hack something.

Backbones as in the big inet pipes that connect states/countries.

Ohnoes, there go the tubes ;). To block just one fiber they would have to put out quantites of traffic beyond the reach of any botnet. And that does not take into account dynamic routing and QoS. It would be much simpler to take an axe, do some breaking and entering and snip the cabe at the landing point :p.

actually with the size of botnets today, its easier then you mite think.

Actually, you seem to have very little idea of what you are talking about. Please explain to us how would your avearge botnet (do you even know what is a large size for a botnet?) go about clogging up your tubes.

As of 2006, the average size of botnet networks was estimated at 20,000 computers... Each... However some operate in much higher numbers than that (IE: In the multi-million range), however they risk getting detected as they increase in size.

:D

Actually, you seem to have very little idea of what you are talking about. Please explain to us how would your avearge botnet (do you even know what is a large size for a botnet?) go about clogging up your tubes.


As of 2006, the average size of botnet networks was estimated at 20,000 computers... Each... However some operate in much higher numbers than that (IE: In the multi-million range), however they risk getting detected as they increase in size.

:D

just as treluk stated... However civan, there is something you are forgetting. even with 1000 computer botnet, its not the number of computers you have in your botnet, its the internet connection that they are on. you can have a 10,000 botnet, all on home network connections, that can easily take down the smaller routes. However, a 1000 computer botnet, comprised of higher end, company systems, with business connections, or even worse, gigabit network links, can take down a major route with ease.

You haven't answered my question, if it is so easy please tell us how would you do it. I'm really interested in the implementation details of your idea, if they exist at all and it is not simply "100k * 100mbit, lez go and clog some tubes !!!!!1!1".

@treluk
You almost got it right. Average size is about 10k, 100k is large, I have heard of a couple in the region of 1000k but those usually don't last very long without dedicated programming effort. I have never heard of anything above 5 mil.

You haven't answered my question, if it is so easy please tell us how would you do it.

A simple "ping -f" would be enough to flood a major router if all bots ran it at the same time.

Lets not forget , SYN flood, etc.

Hell, just think if all the bots sent out a Reflected attack to a bunch of servers....

http://en.wikipedia.org/wiki/Denial-of-service_attack if you want more reading.

And how would that affect the internet? BTW, you might be thinking of "ping -t", unless you want to explain how would an ip flag do the trick :)

And how would that affect the internet? BTW, you might be thinking of "ping -t", unless you want to explain how would an ip flag do the trick :)

/facepalm

you are doing nothing but reading the help from the windows ping program

ping -f, in LINUX, means to FLOOD, in other words, send out pings as fast as the computer, and the connected internet, can send it, WITHOUT waiting for any reply.

(And before you ask, YES you can compile the linux version of ping into windows, and YES, it can be added to a botnet)

Oh, linux botnets now you know my wet dream fantasy :). Unfortunately you were so busy with ad hominem to answer my basic question of how would taking down a single router affect the internet.

If you want to trade ad hominem, then quite frankly you dont make much more sense than "I'm going to attack the interent with man-in-the-middle attack and finish it off with chosen-plaintext". Yes, you have heard of them, you might even know what a SYN flood is, but for example you have no clue that you can't SYN flood from a windows system since 2004 (iirc, thx Microsoft!)

And how would that affect the internet? BTW, you might be thinking of "ping -t", unless you want to explain how would an ip flag do the trick :)

Ping -f is actually the flood flag, for older *nix operating systems, and only someone with SuperUser status could perform it. I cant remember what year they changed it, but it shows roughly the length of your experience.

EDIT: Ahh, it still exists, sorry been a while since i've used unix ping :)

Ping -f is actually the flood flag, for older *nix operating systems, and only someone with SuperUser status could perform it. I cant remember what year they changed it, but it shows roughly the length of your experience.

Yea, I used to be into this kind of stuff YEARS ago. And even back when it required a superuser to perform -f, it was easy to bring along your own source for a modified ping that got around that, or to put that code into your bot.
But even back then we could take down big routers, so with all the added tools they have now, its even easier then it was before.

Yea, I used to be into this kind of stuff YEARS ago. And even back when it required a superuser to perform -f, it was easy to bring along your own source for a modified ping that got around that, or to put that code into your bot.
But even back then we could take down big routers, so with all the added tools they have now, its even easier then it was before.

Yeah me too, when i was in my teenage years. But all of that is Kiddie shit now. In the end of it all Civan, no one is going to explain the process of taking down the interwebz, no one cares. Just watch the news, it happens, maybe you can learn something from it.

I will let you two dissolve into a cosy conversation where you pretend to be linux geeks while calling root a superuser, or even SuperUser :P. As for the internet, it sure does happen (inset a you broke my internetz pic here), I will have my popcorn ready for when somebody succeeds at it. Just to stroke your ego, yes people have tried to do that. I will give you bonus points if you find the name of the worm that did this on wikipedia.

Superuser is what they used to call it, back in the day when hacking was cool and even your idiot nextdoor neighbour knew how to take down your biggest cable internet provider for roughly 2 hours. Wikipedia is for people who refuse to read real articles, and the name of the worm that sits in my mind as the most dangerous worm that has ever hit the newspapers front page was called Slammer. Anyways, i'm done with this thread, its gone silly. And BTW, anyone who cares about this particular subject doesnt need "Bonus Points" they probably already knew that.

Your wilingness to insult tehgeek's reliance on wikipedia upsets me, wikipedia can be a nice resource if you need background on some unknown topic, unfortunately it is just that. As to the worm, I was thinking of CodeRed (which acutally tried to break the internet), but you can have the points, and yet the internet did not stop, and any outage was highly local. Not to mention that worm can operate on a much larger number of hosts than a botnet.

Your wilingness to insult tehgeek's reliance on wikipedia upsets me, wikipedia can be a nice resource if you need background on some unknown topic, unfortunately it is just that. As to the worm, I was thinking of CodeRed (which acutally tried to break the internet), but you can have the points, and yet the internet did not stop, and any outage was highly local. Not to mention that worm can operate on a much larger number of hosts than a botnet.

Highly LOCAL? WTFNOOB. Lol - okay you're right, it was so local that it shut down emergency services in remote areas across 5 continents and it almost caused 2 nuclear power plants to meltdown in 2 seperate continents, not to mention dropping something like 40% of all of the internet root name servers. Yep, local it is. WTB Intelligent conversation.

Same can be said about any worm, you don't seem to differentiate between disabling individual hosts and the internet's capacity to carry data. Regarding the intelligent conversation, im not the one that resorts to insults :).

Your wilingness to insult tehgeek's reliance on wikipedia upsets me, wikipedia can be a nice resource if you need background on some unknown topic, unfortunately it is just that.

Actually I didn't need wikipedia at all, I used to to be a sysadmin back when FreeBSD was at 3.4-Stable. But its been years since I was into that "world" with hacks/botnets/etc.

I provided that link for you, since you really seem to not understand just how easy it is for a botnet to flood the major backbones.

It isn't, you might crash a router or two, but that is hardly significant in the grand scheme of things. But then again i'm getting bored of repeating myself with every post.

.... if a group is lucky enough to get a bot on a few systems with an OC-768, say 5, thats 199gbit/sec, give or take 6.5gbit/sec for overhead, tell me what backbone can sustain that much data at a flood rate? Even if the bigger backbone could handle the traffic, the router on said connection has a real good chance of crashing due to the overload on the CPU, plus, what about all the smaller connections it has to go through from the backbone, Its like a set of Domino's that spread out like a tree, drop one, the rest fall.

Just do the simple math required to figure out. I mean come on, a single OC-768 is only around 38gbit/sec, so if you have 5 hitting it, GUESS WHAT, the data rate is completely filled with bullshit data, and nothing else can come through.

The data still comes through links before it hits a firewall. so even if your firewall is blocking it, the real, legit packets are so lagged behind, that you'll have major latency.

so YES, it is EASY for groups as big as lulzsec, to take down a backbone.

Lets do the math for all home systems shall we? Lets take an avg of 3.5mbit/sec per bot, thats 3.5gbit/sec (give or take about 130mbit for overall overhead), so 3.47gbit/sec. Now, thats just HOME systems that have been added to the botnet... but any GOOD group, will not just leave it at home systems.. oh no... they want the big guns on the big connections...

so its hopefully starting to make sense to you just how easy it really can be. Back when I was doing this kind of stuff, the best we could get ahold of was a system on a nice OC-48 connection. (around 2.4gbit/sec)

when we had our botnet, it was about 800 strong, 3 of those were nice OC-48's, because they were major DNS Servers that still ran the old DNS, which was easy to get into. we also had many Multi-T3 connected servers on our botnet as well. So, slowing down a backbone to a major crawl wasn't hard at all.

Anyway, I have already said way too much about my life back then and I'm glad I'm not in that world anymore. But don't say it can't be done. As I said, just do the math. I agree with Truluk, WTB Intelligent conversation.

Its kinda sad I get more intelligent conversation from the Anti-Botter Campaign leader...

is it possible to bring down the internet, i don't know, but it doesn't seem how in theory you couldn't. Afterall, data has to go over fiber cables under the atlantic and they have a theoretical maximum bandwidth. whoever owns them isn't in the business of providing more than they need to, so besides an arbitrary overhead pushing it above typical usage should get you there. yes, there is probably redundancy across multiple companies but in theory it is still possible.

at the end of the day though, hackers are always at a disadvantage in this regard compared to a government, who can arbitraily shut it down as and when they please, if memory serves, the president of the USA still has the big red "Internet Off" switch at his disposal, which other countries are trying to pry from his hands

.... if a group is lucky enough to get a bot on a few systems with an OC-768, say 5, thats 199gbit/sec, give or take 6.5gbit/sec for overhead, tell me what backbone can sustain that much data at a flood rate? Even if the bigger backbone could handle the traffic, the router on said connection has a real good chance of crashing due to the overload on the CPU, plus, what about all the smaller connections it has to go through from the backbone, Its like a set of Domino's that spread out like a tree, drop one, the rest fall.

Considering that you are a sysadmin _and_ a botter, it is interesting how you forgot about adaptive routing. How would you target just one fiber? Source routing?

I'm skipping the part where you claim to be leet because you installed your botnet (for the specators, there are no linux botnets) on servers with super-fast connections since I don't relly care about your epeen. At the next attempt please at least try to be belivable ;)