
Full Disclosure mailing list archives
Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123)
From: Daniel Preussker <daniel () preussker net>
Date: Sat, 17 Aug 2013 08:08:06 +0200
+1 Daniel Preussker [ Research and Engineering [ Daniel () Preussker Net [ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1 On 16.08.2013, at 23:49, adam wrote:
Jann, you know what's even worse than someone being a dick for no reason? Someone being a _stupid_ dick for no reason. In case you're unaware, the word "massive" was completely absent from this thread until YOU attempted to put it in someone elses' mouth. Beyond that, since you want to rip apart an innocent guy's post, let's see what happens when someone does it to yours. "DDoS? So you mean your systems were impacted by that?" Impacted is not the word you were looking for, since the answer to that would technically be a yes - not the no you were expecting. That aside, a denial of service attack is still a denial of service attack regardless of whether it succeeds or not. In fact, if you look up the definition - you'll see that it's _an attempt_ to make X unavailable. Not necessarily a successful one. "Let me google that for you. Hmm. Assigned to "Polipo Web proxy"." Psst.. you may want to read the entire thread title. "Oooh, a storm!" storm Verb Move angrily or forcefully in a specified direction: "she stormed off". Whether you like it or not, it meets the definition. "Your systems were impacted by a DoS attack with 30 packets per second? You might want to upgrade to hardware that is a few decades newer." How much of the original post did you actually read? Nowhere in it did the OP say that this attack succeeded. Again, just like above - YOU are the one who first used the word impact[ed]. It's funny how you put words in peoples' mouths, and then reply to them as though they actually said it. More than that, the only thing the OP mentioned was that one of his log files were corrupted in the process of the attack. I didn't read that the attack succeeded, shut down the service, his machine, his network or anything else - and neither did you. "You were attacked by "O=TCP SPT=2216"? Cool story." Oh my God, there was a line in there that didn't have an IP address? What a RETARD the OP must be. How can anyone be so stupid? I bet the earth stopped spinning when that happened. Think so? "He said above 30 packets per second, right? I'll just assume it's around 30. And the sample packet from that "packet storm" contained this part: "LEN=52". So that's around 1500 bytes per second, or 12 kilobits per second. And those packets are downstream for him." You're randomly assuming that all of the packets were the exact same length, which makes anything derived from that assumption automatically flawed. "A good modem connection can give you up to 56kbit/s per direction as far as I understand." You've never used dialup, have you? What you're saying is that "good modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up - that is completely untrue. It's a lot closer to 5KB/s down (if you're lucky) and 2KB/s up. Aside from all of this, again, I reiterate that you have no idea what size the other 19,044 packets were. Anyway, yes - if your assumption were correct (52*19045 through a 56k modem) then it'd take only a few minutes to download all of the data (which doesn't even total a meg). HOWEVER, there are still a multitude of things wrong with your entire stance. Firstly, bandwidth exhaustion is NOT the only way to perform a denial of service. In fact, in my opinion, it should be the last resort. There are much much better ways to do it, depending on the service being targeted. For example, some popular multiplayer games can be brought down with a single packet. Some can be kept down with that single packet, others require one group of packets to be kept down, and then some others require that one packet every X minutes. I use game servers only as an example. If his log becoming corrupted was intentional, then it's entirely possible that the point of the attack wasn't to exhaust bandwidth but to crash the actual server application (or worse, exploit it in a way that can lead to remote access). No matter what the case though, almost every one of your points have been based on seemingly random (and likely inapplicable) assumptions you've made. So on top of coming across as a prick, you're also coming across as a clueless prick. And for no reason whatsoever. Way to go. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Luther Blissett (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Bart van Tuil (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Luther Blissett (Aug 17)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jann Horn (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jeffrey Walton (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jann Horn (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jeffrey Walton (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) adam (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Stefan Jon Silverman (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Daniel Preussker (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jann Horn (Aug 17)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Valdis . Kletnieks (Aug 17)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jann Horn (Aug 18)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Valdis . Kletnieks (Aug 18)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) coderman (Aug 18)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Stefan Jon Silverman (Aug 18)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Alex (Aug 19)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Luther Blissett (Aug 21)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Daniel Corbe (Aug 19)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jeffrey Walton (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Bart van Tuil (Aug 16)
- Re: Who's behind limestonenetworks.com AKA DDoS on polipo(8123) Jordon Bedwell (Aug 19)