Any amount of bandwidth Anon could take up would not compare to what Amazon deals with every day
They tried this same shit with tumblr
I'm not even sure if they affected it at all because that site already goes down so much
It's not 2004 anymore, you can't do lasting damage through DDOS
Don't think I have to tell anyone here that all they're doing is idle dickwaving, and when they do manage something halfway important its something terrible that makes their side look awful (ie: Palin's credit card numbers)
google, amazon, ebay, facebook and the like deal with so many customers a day that a "ddos" attack by 4000 people only shows up as a blip on their traffic if they look really closely..
wrong. and I say this as someone who has worked in ddos mitigation for a top 10 web company.
Query!
So, do ddos's that originate from social groups like this one look different from someone firing up a botnet? Or is it pretty much the same thing? I have it in my head that this sort of attack would prolly be much weaker.
depends on what they do. obviously, for sheer request/sec a large botnet is going to outweigh a bunch of kids, but if it's something nonidentifiable (eg, syn flooding with spoofed IPs) then you can't really say what came from where, so it wouldn't really "look different".
it's all about matching attack scale to desired outcome. if you're trying to ddos google.com, well, good luck. you'd probably need every botnet in existence working together to bring it down through traffic volume overload. but if you just want to knock down, say, ssl.google-analytics.com and prevent people from logging in to their ad words accounts, it would probably be feasible for a small group, at least until they noticed what was happening and took the appropriate preventative measures. down is down, and if the thing you want to go down isn't sitting behind a gigantic vip spread over dozens of colos, then it's not unreasonable to do it with a small group of people (at least, again, until the guys over in google's infrastructure resiliency group get paged and proceed to blackhole all your traffic, and then dispatch a team of ninjas to execute you).
being "weaker" just limits your potential targets. the anon-ops group or whatever targeted specific certification servers at mastercard, and managed to stop online transactions for a while; it was a smaller target than trying to bring down the whole domain, and financial institutions don't really take network security as seriously as google (or any other big web company) does.
Well I mean, I know people can pull down sites with ddos
But never for longer than a little while
that is only because the sites you would care about being ddosed have a lot of very smart people working for them whose job it is to prevent them from going down. it's serious fucking business if your big important site gets ddosed these days, and more and more people are investing in prevention.
there's no magic that brings sites back up, it's the hard work of bleary eyed network engineers at 3:00am that makes it seem like ddoses never work anymore. in china, it's effectively an accepted business practice to hire time on a botnet and ddos your competition's website. that site stays down until they pay someone to bring it back up. it's pretty funny, actually.
Oh, I agree, and I appreciate the work guys like you put into keeping things on the up and up
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
Oh, I agree, and I appreciate the work guys like you put into keeping things on the up and up
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
Pretty much no one has the sense that they are posing an existential threat to Mastercard.
ieyeasu on
0
Options
MrMonroepassed outon the floor nowRegistered Userregular
Oh, I agree, and I appreciate the work guys like you put into keeping things on the up and up
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
although I can understand their frustration with people who actually have jobs maintaining web security
To the Point on NPR just mentioned 4chan, the world is dead
What is the connection between NPR and 4chan?
(I'm not trying to be passive aggressive with this statement,
I just want to be sure I'm not missing something)
Oh, I agree, and I appreciate the work guys like you put into keeping things on the up and up
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
ah, well yeah. network engineers (which i'm not, i just did an internship with some and got to learn a bunch of cool shit, all the work i did was strictly application layer) are employed primarily so the important guys don't have to give a shit about people hacking all the IPs, simultaneously. it's certainly not an good way to effect policy change, but i don't think that's really what anon wants. as TS Elliot once said, some men just want to watch the world burn. they're like if loki was a skinny little nerd with a complex.
Anonymous seems to, or they wouldn't be doing what they are
No, really. No one on 4chan believes that they're destroying Mastercard.
So they're just flailing wildly for the sake of flailing? Okay
fuck 4chan
mensch-o-matic on
0
Options
FishmanPut your goddamned hand in the goddamned Box of Pain.Registered Userregular
edited December 2010
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
Anonymous seems to, or they wouldn't be doing what they are
No, really. No one on 4chan believes that they're destroying Mastercard.
So they're just flailing wildly for the sake of flailing? Okay
fuck 4chan
Essentially.
You don't start a ddos against something huge like Mastercard--you know, a multi-billion dollar entity? Expecting to take it down. You do so to make a point.
Whether the point or your methods are misguided is another thing entirely.
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
It's not that easy. 4chan is generally very apathetic.
ieyeasu on
0
Options
MrMonroepassed outon the floor nowRegistered Userregular
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
Anonymous is not WikiLeaks, and the more famous whistle-blower does not seem to be pulling the strings. Nor, in fact, does anyone. At any point, anybody can show up in one of several IRC conversations and make a case for a target. Whoever else is there registers a vote, or an argument. During the attack on Mr Lieberman's site, anons argued that America's .gov domains would be difficult to take offline, and therefore were not a worthwhile target. One anon pointed out that the Senator does not do business through his website. One wrote, simply, that the site was down in Germany, and that they were all going to jail.
If this picks up momentum, I'm sure it could have large impacts. Especially if they don't get caught and can act with impunity, I wager a lot of people are curious in joining, but waiting to see the consequences.
Jigrah on
0
Options
FishmanPut your goddamned hand in the goddamned Box of Pain.Registered Userregular
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
It's not that easy. 4chan is generally very apathetic.
You're right, it requires some skill at social engineering and steering a herd of cats, which is far from easy.
I was more pointing out the lack of checks and balances in their information systems. They rely on self-auditing, and from a systems perspective, that's about as weak as it gets.
To the Point on NPR just mentioned 4chan, the world is dead
What is the connection between NPR and 4chan?
(I'm not trying to be passive aggressive with this statement,
I just want to be sure I'm not missing something)
They were doing a story about anonymous, and talked about 4chan. I don't want 4chan in my npr!
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
that one update where they just made the text size slightly smaller, what the fuck was up with that?
one of my genius friends decided that it was to decrease their bandwidth costs. I'm uh... not convinced by that.
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
man, you think it's engineers making those decisions?
Tossrock on
0
Options
MrMonroepassed outon the floor nowRegistered Userregular
The joke is Anonymous is just a cheap botnet. A few inflammatory posts on some unsavoury image board and you can guarantee a steady stream of work for corporate network engineers. I mean, do they even check who's directing them? No, they're anonymous.
God, it's such an easy system to abuse.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
man, you think it's engineers making those decisions?
I think it's a programming team with a need to justify their continued paycheck
it might be a dev team with no actual programming input with a need to justify their paycheck
but either way
they need to fire somebody
and I'm just looking out for their bottom line here, not any kind of user revolt-oriented "I hate the new facebook page" bullshit
Am I the only one with Old Person Technology Syndrome when it comes to Facebook? I don't use it often, but when I do, it takes me forever (more than two clicks) to figure out how to get to where I want to go. For example, when I go to Facebook.com and log in, I want a list of my friends. So, I click Friends. Nope, it's some kind of friend finder. I have to click my own face, and then my friends show up. There is nothing anywhere that tells me to do that.
I'm not saying it's impossible, but it's the farthest system from intuitive I've ever had to use. That, or I'm an old man.
HugmasterGeneral on
0
Options
MrMonroepassed outon the floor nowRegistered Userregular
Posts
"Anon" relies on LOIC, which is sort of like a botnet, but not really.
Lucius Quintus Cincinnatus Lamar
depends on what they do. obviously, for sheer request/sec a large botnet is going to outweigh a bunch of kids, but if it's something nonidentifiable (eg, syn flooding with spoofed IPs) then you can't really say what came from where, so it wouldn't really "look different".
it's all about matching attack scale to desired outcome. if you're trying to ddos google.com, well, good luck. you'd probably need every botnet in existence working together to bring it down through traffic volume overload. but if you just want to knock down, say, ssl.google-analytics.com and prevent people from logging in to their ad words accounts, it would probably be feasible for a small group, at least until they noticed what was happening and took the appropriate preventative measures. down is down, and if the thing you want to go down isn't sitting behind a gigantic vip spread over dozens of colos, then it's not unreasonable to do it with a small group of people (at least, again, until the guys over in google's infrastructure resiliency group get paged and proceed to blackhole all your traffic, and then dispatch a team of ninjas to execute you).
being "weaker" just limits your potential targets. the anon-ops group or whatever targeted specific certification servers at mastercard, and managed to stop online transactions for a while; it was a smaller target than trying to bring down the whole domain, and financial institutions don't really take network security as seriously as google (or any other big web company) does.
But never for longer than a little while
that is only because the sites you would care about being ddosed have a lot of very smart people working for them whose job it is to prevent them from going down. it's serious fucking business if your big important site gets ddosed these days, and more and more people are investing in prevention.
there's no magic that brings sites back up, it's the hard work of bleary eyed network engineers at 3:00am that makes it seem like ddoses never work anymore. in china, it's effectively an accepted business practice to hire time on a botnet and ddos your competition's website. that site stays down until they pay someone to bring it back up. it's pretty funny, actually.
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
Pretty much no one has the sense that they are posing an existential threat to Mastercard.
although I can understand their frustration with people who actually have jobs maintaining web security
it's a rough beat out there these days
What is the connection between NPR and 4chan?
(I'm not trying to be passive aggressive with this statement,
I just want to be sure I'm not missing something)
No, really. No one on 4chan believes that they're destroying Mastercard.
no botnets are pretty cool
it's having a bunch of remotely controlled computers (like, tens of millions) doing whatever you want
unfortunately most of them are just used for spam which is boring
kpop appreciation station i also like to tweet some
ah, well yeah. network engineers (which i'm not, i just did an internship with some and got to learn a bunch of cool shit, all the work i did was strictly application layer) are employed primarily so the important guys don't have to give a shit about people hacking all the IPs, simultaneously. it's certainly not an good way to effect policy change, but i don't think that's really what anon wants. as TS Elliot once said, some men just want to watch the world burn. they're like if loki was a skinny little nerd with a complex.
it's not boring for the guys converting
So they're just flailing wildly for the sake of flailing? Okay
God, it's such an easy system to abuse.
Essentially.
You don't start a ddos against something huge like Mastercard--you know, a multi-billion dollar entity? Expecting to take it down. You do so to make a point.
Whether the point or your methods are misguided is another thing entirely.
kpop appreciation station i also like to tweet some
It's not that easy. 4chan is generally very apathetic.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
Not really
http://www.economist.com/blogs/babbage/2010/12/more_wikileaks
If this picks up momentum, I'm sure it could have large impacts. Especially if they don't get caught and can act with impunity, I wager a lot of people are curious in joining, but waiting to see the consequences.
You're right, it requires some skill at social engineering and steering a herd of cats, which is far from easy.
I was more pointing out the lack of checks and balances in their information systems. They rely on self-auditing, and from a systems perspective, that's about as weak as it gets.
They were doing a story about anonymous, and talked about 4chan. I don't want 4chan in my npr!
For some reason I'm hearing this said by the guy in this same matter-of-fact tone and I'm cracking up
that one update where they just made the text size slightly smaller, what the fuck was up with that?
one of my genius friends decided that it was to decrease their bandwidth costs. I'm uh... not convinced by that.
kpop appreciation station i also like to tweet some
man, you think it's engineers making those decisions?
I think it's a programming team with a need to justify their continued paycheck
it might be a dev team with no actual programming input with a need to justify their paycheck
but either way
they need to fire somebody
and I'm just looking out for their bottom line here, not any kind of user revolt-oriented "I hate the new facebook page" bullshit
Is...is it something recent? It looks the same to me?
click on people's profiles
they changed profiles to "the new profile"
Steam
which apparently is worth a segment on 60 Minutes
people discussing facebook
I'm not saying it's impossible, but it's the farthest system from intuitive I've ever had to use. That, or I'm an old man.
I'm afraid you only have fifty to eighty years to live
I'm talking 50+