lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <87B72110-9C23-4D13-ABDA-9D38D0BCFB92@preussker.net>
Date: Sat, 17 Aug 2013 08:08:06 +0200
From: Daniel Preussker <daniel@...ussker.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Who's behind limestonenetworks.com AKA DDoS
	on polipo(8123)

+1


Daniel Preussker

[ Research and Engineering
[ Daniel@...ussker.Net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1

On 16.08.2013, at 23:49, adam wrote:

> Jann, you know what's even worse than someone being a dick for no
> reason? Someone being a _stupid_ dick for no reason. In case you're
> unaware, the word "massive" was completely absent from this thread
> until YOU attempted to put it in someone elses' mouth. Beyond that,
> since you want to rip apart an innocent guy's post, let's see what
> happens when someone does it to yours.
> 
> "DDoS? So you mean your systems were impacted by that?"
> 
> Impacted is not the word you were looking for, since the answer to
> that would technically be a yes - not the no you were expecting. That
> aside, a denial of service attack is still a denial of service attack
> regardless of whether it succeeds or not. In fact, if you look up the
> definition - you'll see that it's _an attempt_ to make X unavailable.
> Not necessarily a successful one.
> 
> "Let me google that for you. Hmm. Assigned to "Polipo Web proxy"."
> 
> Psst.. you may want to read the entire thread title.
> 
> "Oooh, a storm!"
> 
> storm
> Verb
> Move angrily or forcefully in a specified direction: "she stormed off".
> 
> Whether you like it or not, it meets the definition.
> 
> "Your systems were impacted by a DoS attack with 30 packets per
> second? You might
> want to upgrade to hardware that is a few decades newer."
> 
> How much of the original post did you actually read? Nowhere in it did
> the OP say that this attack succeeded. Again, just like above - YOU
> are the one who first used the word impact[ed]. It's funny how you put
> words in peoples' mouths, and then reply to them as though they
> actually said it. More than that, the only thing the OP mentioned was
> that one of his log files were corrupted in the process of the attack.
> I didn't read that the attack succeeded, shut down the service, his
> machine, his network or anything else - and neither did you.
> 
> "You were attacked by "O=TCP SPT=2216"? Cool story."
> 
> Oh my God, there was a line in there that didn't have an IP address?
> What a RETARD the OP must be. How can anyone be so stupid? I bet the
> earth stopped spinning when that happened. Think so?
> 
> "He said above 30 packets per second, right? I'll just assume it's around 30.
> And the sample packet from that "packet storm" contained this part: "LEN=52".
> So that's around 1500 bytes per second, or 12 kilobits per second. And those
> packets are downstream for him."
> 
> You're randomly assuming that all of the packets were the exact same
> length, which makes anything derived from that assumption
> automatically flawed.
> 
> "A good modem connection can give you up to 56kbit/s per direction as far as I
> understand."
> 
> You've never used dialup, have you? What you're saying is that "good
> modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up -
> that is completely untrue. It's a lot closer to 5KB/s down (if you're
> lucky) and 2KB/s up. Aside from all of this, again, I reiterate that
> you have no idea what size the other 19,044 packets were. Anyway, yes
> - if your assumption were correct (52*19045 through a 56k modem) then
> it'd take only a few minutes to download all of the data (which
> doesn't even total a meg).
> 
> HOWEVER, there are still a multitude of things wrong with your entire
> stance. Firstly, bandwidth exhaustion is NOT the only way to perform a
> denial of service. In fact, in my opinion, it should be the last
> resort. There are much much better ways to do it, depending on the
> service being targeted. For example, some popular multiplayer games
> can be brought down with a single packet. Some can be kept down with
> that single packet, others require one group of packets to be kept
> down, and then some others require that one packet every X minutes. I
> use game servers only as an example.
> 
> If his log becoming corrupted was intentional, then it's entirely
> possible that the point of the attack wasn't to exhaust bandwidth but
> to crash the actual server application (or worse, exploit it in a way
> that can lead to remote access). No matter what the case though,
> almost every one of your points have been based on seemingly random
> (and likely inapplicable) assumptions you've made. So on top of coming
> across as a prick, you're also coming across as a clueless prick. And
> for no reason whatsoever.
> 
> Way to go.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


Download attachment "PGP.sig" of type "application/pgp-signature" (842 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ