Tinternet hackers

jpod

jpod

jpod

Associate
Joined
16 Jun 2011
Posts
1,893
Location
Cheshire
By the way I have no idea what I am talking about. But I was reading this:

http://arstechnica.co.uk/tech-polic...ping-lizard-squad-run-hack-for-hire-websites/

And the court complaint is here:
https://www.justice.gov/usao-ndil/file/900826/download

And I for one agree if guilty the hackers did a bad thing to innocent folk and should be punished so there is a deterrent.

But then I was thinking - isn't this just another example of the rubbish and irresponsible way software and hardware is designed so it is easily exploitable and causes harm to users.

TLDR
Isn't there just a really simple way of way of preventing DOS attacks? Like designing the tinternet better in the first place?
 
jpod said:
TLDR
Isn't there just a really simple way of way of preventing DOS attacks? Like designing the tinternet better in the first place?
Click to expand...

Nope.
A "DOS" attack is nothing clever, it's just using a normal function of a network, like loading a web page or something, but done multiple times in rapid succession.
Spread all those page loads across thousands of compromised computers worldwide and there's no way you could possibly tell the difference between a malicious bit of code loading a page and a normal user loading a page.
 
jpod said:
TLDR
Isn't there just a really simple way of way of preventing DOS attacks? Like designing the tinternet better in the first place?
Click to expand...

Security gets better every year, but the hackers are always finding new exploits too. It's a nip and tuck war of attrition that is just a fact of life.
 
touch said:
Nope.
A "DOS" attack is nothing clever, it's just using a normal function of a network, like loading a web page or something, but done multiple times in rapid succession.
Spread all those page loads across thousands of compromised computers worldwide and there's no way you could possibly tell the difference between a malicious bit of code loading a page and a normal user loading a page.
Click to expand...

Understood. But my point is suggesting that if the PC hardware, their OS's and the tinternet servers had a system of preventing it in the first place......we no longer have the problem.
 
Thats not a suggestion though. We have this attack because of the way the internet works. AFAIK there's no way to solve such an issue without breaking the internet. Maybe P2P would be an option for decentralised sites. Only other thing we can do bar mitigate is break up the bot nets and prevent manufacturers decisions like default passwords that users inevitably dont change.
 
some services have started "breaking the internet", e.g. Cloudflare (a service which helps sites stay online during attacks) started blacklisting IP addresses coming from TOR relays in order to reduce comment spam on websites. I believe they have since toned down (or at least allow websites to choose whether to block), but it's the canary in the mine... It may take a generation or 2 but ,in my opinion, it's only a matter of time before we see a more closed internet replace what we have now.
 
jpod said:
Understood. But my point is suggesting that if the PC hardware, their OS's and the tinternet servers had a system of preventing it in the first place......we no longer have the problem.
Click to expand...

Preventing what? Preventing people from loading web pages?

A dos attack doesnt even need to have any scripting, it could just be a few people sitting loading a web page again and again.
 
jpod said:
Hi Silver
Click to expand...

Howdy jpod :)

I was just browsing Wiki's IPsec page. https://en.wikipedia.org/wiki/IPsec

As I understand it encryption lies at the heart of most internet security measures. It's not universally applied equally to all websites though. Some may use lesser encryption than others. I'm sure I read somewhere that 128-bit encryption is considered to be logically unbreakable. If true then it would be good to see 256-bit encryption just to be sure.
 
Bantu said:
some services have started "breaking the internet", e.g. Cloudflare (a service which helps sites stay online during attacks) started blacklisting IP addresses coming from TOR relays in order to reduce comment spam on websites. I believe they have since toned down (or at least allow websites to choose whether to block), but it's the canary in the mine... It may take a generation or 2 but ,in my opinion, it's only a matter of time before we see a more closed internet replace what we have now.
Click to expand...

Not sure if you're using the "breaking the internet" line as a dig :D.

Cloudflare are great but they just mitigate the attack. They're "just"(I say just as if it's a simple thing) spreading the load rather than it all being focused in one area.
 
jpod said:
Understood. But my point is suggesting that if the PC hardware, their OS's and the tinternet servers had a system of preventing it in the first place......we no longer have the problem.
Click to expand...


You still have to deal with incoming requests - even if it's just to throw them away. That will always happen at some point along the route where some hardware has to filter out the incoming packets. Throw enough packets at something, and it will grind to a halt or swamp the bandwidth available.

If I organised for a thousand people to each post you a thousand letters, you'd still have to sort through it all to find out which ones you wanted to keep, you'd still have to take the letters from the postman, you'd still have to empty your letterbox and then take the rubbish to the dump or put it in the bin.
 
jpod said:
Isn't there just a really simple way of way of preventing DOS attacks? Like designing the tinternet better in the first place?
Click to expand...

Typically the large attacks over the past few years have been because of UDP reflection, where an attacker is able to spoof the source address and essentially request various servers to send data back to that source address. A lot of ISPs block spoofed UDP packets from leaving their network but there's still a lot throughout the world who do not for reasons which go beyond my scope.

The large TCP-based attacks over the past week to some big boys like OVH have been possible because 'Internet of Things' devices - essentially any device connected to the Internet, like CCTV, TV, ... - having the same default credentials across every device they sell and some chaps have managed to automate their hijacking. IoT-based attacks would have been preventable if vendors weren't stupid enough to use the same credentials for every device they sold. :rolleyes:
 
Mynight said:
Not sure if you're using the "breaking the internet" line as a dig :D.

Cloudflare are great but they just mitigate the attack. They're "just"(I say just as if it's a simple thing) spreading the load rather than it all being focused in one area.
Click to expand...

no not a dig :) it's more around the fact that i didn't mean technically breaking the internet (by breaking the routing etc that actually makes it work), but breaking the spirit of it. Moving from open anyone can click anywhere, go anywhere, to a growing set of closed networks.
 
Bantu said:
no not a dig :) it's more around the fact that i didn't mean technically breaking the internet (by breaking the routing etc that actually makes it work), but breaking the spirit of it. Moving from open anyone can click anywhere, go anywhere, to a growing set of closed networks.
Click to expand...

Ahh my bad. I'm sensitive today :D.
 
Steampunk said:
You still have to deal with incoming requests - even if it's just to throw them away. That will always happen at some point along the route where some hardware has to filter out the incoming packets. Throw enough packets at something, and it will grind to a halt or swamp the bandwidth available.

If I organised for a thousand people to each post you a thousand letters, you'd still have to sort through it all to find out which ones you wanted to keep, you'd still have to take the letters from the postman, you'd still have to empty your letterbox and then take the rubbish to the dump or put it in the bin.
Click to expand...

Okay in olden days I would write my letter, seal it with wax and my ring (no sniggering please), a ring which was issued to me, and some underling would run off and deliver it for a cabbage. The recipient can check it is genuine and whether it has been tampered with. So a tech version must me possible to sort the wheat from the chaff.

Couldn't humans just have to do a squiggle to access some sites to prove they are human and not bots?

Like I said I have no idea what I am going on about - but I am interested in why the process is so flawed that it can be grifted.
 
jpod said:
Okay in olden days I would write my letter, seal it with wax and my ring (no sniggering please), a ring which was issued to me, and some underling would run off and deliver it for a cabbage. The recipient can check it is genuine and whether it has been tampered with. So a tech version must me possible to sort the wheat from the chaff.

Couldn't humans just have to do a squiggle to access some sites to prove they are human and not bots?

Like I said I have no idea what I am going on about - but I am interested in why the process is so flawed that it can be grifted.
Click to expand...

Using the seal and ring analogy if they were issued to each and every PC as they'd have to be. Then every compromised device would still have the correct seal.

Equivalent of someone stole your ring and used it to send letters or you've been brainwashed into sending said letter.
 
You must log in or register to reply here.
Back
Top Bottom