lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 16 Aug 2013 16:49:24 -0500
From: adam <adam@...sy.net>
To: noloader@...il.com
Cc: Full Disclosure List <full-disclosure@...ts.grok.org.uk>
Subject: Re: Who's behind limestonenetworks.com AKA DDoS
	on polipo(8123)

Jann, you know what's even worse than someone being a dick for no
reason? Someone being a _stupid_ dick for no reason. In case you're
unaware, the word "massive" was completely absent from this thread
until YOU attempted to put it in someone elses' mouth. Beyond that,
since you want to rip apart an innocent guy's post, let's see what
happens when someone does it to yours.

"DDoS? So you mean your systems were impacted by that?"

Impacted is not the word you were looking for, since the answer to
that would technically be a yes - not the no you were expecting. That
aside, a denial of service attack is still a denial of service attack
regardless of whether it succeeds or not. In fact, if you look up the
definition - you'll see that it's _an attempt_ to make X unavailable.
Not necessarily a successful one.

"Let me google that for you. Hmm. Assigned to "Polipo Web proxy"."

Psst.. you may want to read the entire thread title.

"Oooh, a storm!"

storm
Verb
Move angrily or forcefully in a specified direction: "she stormed off".

Whether you like it or not, it meets the definition.

"Your systems were impacted by a DoS attack with 30 packets per
second? You might
want to upgrade to hardware that is a few decades newer."

How much of the original post did you actually read? Nowhere in it did
the OP say that this attack succeeded. Again, just like above - YOU
are the one who first used the word impact[ed]. It's funny how you put
words in peoples' mouths, and then reply to them as though they
actually said it. More than that, the only thing the OP mentioned was
that one of his log files were corrupted in the process of the attack.
I didn't read that the attack succeeded, shut down the service, his
machine, his network or anything else - and neither did you.

"You were attacked by "O=TCP SPT=2216"? Cool story."

Oh my God, there was a line in there that didn't have an IP address?
What a RETARD the OP must be. How can anyone be so stupid? I bet the
earth stopped spinning when that happened. Think so?

"He said above 30 packets per second, right? I'll just assume it's around 30.
And the sample packet from that "packet storm" contained this part: "LEN=52".
So that's around 1500 bytes per second, or 12 kilobits per second. And those
packets are downstream for him."

You're randomly assuming that all of the packets were the exact same
length, which makes anything derived from that assumption
automatically flawed.

"A good modem connection can give you up to 56kbit/s per direction as far as I
understand."

You've never used dialup, have you? What you're saying is that "good
modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up -
that is completely untrue. It's a lot closer to 5KB/s down (if you're
lucky) and 2KB/s up. Aside from all of this, again, I reiterate that
you have no idea what size the other 19,044 packets were. Anyway, yes
- if your assumption were correct (52*19045 through a 56k modem) then
it'd take only a few minutes to download all of the data (which
doesn't even total a meg).

HOWEVER, there are still a multitude of things wrong with your entire
stance. Firstly, bandwidth exhaustion is NOT the only way to perform a
denial of service. In fact, in my opinion, it should be the last
resort. There are much much better ways to do it, depending on the
service being targeted. For example, some popular multiplayer games
can be brought down with a single packet. Some can be kept down with
that single packet, others require one group of packets to be kept
down, and then some others require that one packet every X minutes. I
use game servers only as an example.

If his log becoming corrupted was intentional, then it's entirely
possible that the point of the attack wasn't to exhaust bandwidth but
to crash the actual server application (or worse, exploit it in a way
that can lead to remote access). No matter what the case though,
almost every one of your points have been based on seemingly random
(and likely inapplicable) assumptions you've made. So on top of coming
across as a prick, you're also coming across as a clueless prick. And
for no reason whatsoever.

Way to go.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ