bear73
Metnav... Fly The Unfriendly Skies
Premium
join:2001-06-09
Grand Forks Afb, ND
 ·Midcontinent Commu..
| reply to ISurfTooMuch
Re: Illegal?
said by ISurfTooMuch  :Revision3 has asked the FBI to investigate. IMHO, Revision3 should sue Media Defender, if only to prove a point that this behavior must stop. +1 +1
--
If ya gotta go, Go with a SMILE!
»www.thereligionofpeace.com/ |
|
burner50
Pinlifter
Premium,VIP
join:2002-06-05
EN22wm
·Mediacom
 ·FrontierNet Intern..
| reply to Crookshanks
When the DoS attack is distributed over 2000 computers even if they are all in the same building IMO that is Distributed...
They DISTRIBUTED the DoS load over their entire server farm...
This company needs to go down.
--
I'm tired of killing stupid people just trying to do my job and go home! |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
 ·Skype
| reply to james
said by james :said by cornelius785 :i consider a DoS attack to be a DDoS attack when the packets come from computers that are distributed over a large area, not (from the sounds of it) a server farm. You can't just make up definitions for commonly used terms and then expect everyone to go along with you. The distributed refers to not being a single computer attack, physical location is irrelevant. Whatever. I don't disagree with you, but whatever. We're arguing over semantics while agreeing on what happened.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
|
|
james
join:2001-02-26
antarctica
| reply to cornelius785
said by cornelius785 :i consider a DoS attack to be a DDoS attack when the packets come from computers that are distributed over a large area, not (from the sounds of it) a server farm. You can't just make up definitions for commonly used terms and then expect everyone to go along with you.
The distributed refers to not being a single computer attack, physical location is irrelevant. |
|
moonpuppy
join:2000-08-21
Glen Burnie, MD
·Verizon Online DSL
| reply to TKJunkMail
said by TKJunkMail :said by footballdude :Aren't DDOS attacks illegal? If they admit doing it, shouldn't there be legal action? had their systems set to automatically bombarded the closed tracker with 8,000 SYN packets a second The systems weren't SET to create a DDos. That was a side affect of an attempt to reach a resource that was taken offline. Should MD been monitoring their system better? No doubt about it. But the characterization that they PLANNED a DDos is wrong. You can spin it anyway you want but Media Defender has enough of a history to show this was not an accident. If they released this type of code without testing it, it would be like leaving a loaded gun on a street full of children. |
|
quibbly
Premium
join:2003-02-07
Sugar Land, TX
| reply to footballdude
I provide computer security services for many large companies and this is a prime example of a DDOS.
8000 SYN packets / second? Pretty insane in my books.
I'm not surprise Federal charges are not being presented, especially since there are a couple of violations under code 18 USC 1030 : »www.techlawjournal.com/cong106/s···1030.htm |
|
anon1
@optonline.net | reply to footballdude
if you read about the mediadefender emails, you'll see the DA (or AG i forgot which) had friendly conversations with mediadefender.. so, it probably won't be him prosecuting his friends.. |
|
someuser
join:2003-12-10
Powell, OH
| reply to digitalfreak
said by digitalfreak :said by ISurfTooMuch :Revision3 has asked the FBI to investigate. IMHO, Revision3 should sue Media Defender, if only to prove a point that this behavior must stop. IIRC, in a previous article, the Revision3 CEO said they wouldn't sue because they couldn't afford the legal costs. Very unfortunate.
If the FBI brings a case against Media Defender, and especially if the the government wins, then it will be much easier for Revision3 to bring a private lawsuit. I'm not holding my breath... |
|
GamerGeek
join:2003-07-26
Fortuna, CA
| reply to Crookshanks
said by Crookshanks :said by Matt :Trying to establish 8000 new sessions a SECOND is a DDoS Minor nitpick but I don't know as if I'd call that a 'DDoS'. DDoS == distributed denial of service attack and is typically something that is launched with thousands of different hosts on hundreds of different networks, usually using owned systems (via a botnet). What Media Defender did definitely qualifies as a DoS but I'd question whether or not the usage of the term 'DDoS' is accurate here. I'd be inclined to agree. Swap distributed for directed and it becomes exactly what MD planned. |
|
Fieryphoenix
join:2004-05-10 | reply to dnoyeB
Actually, MD has a staggeringly huge pipe. All the servers were likely at their location, not distributed. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC | reply to Matt
very true |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| reply to Matt
I doubt that MD was utilizing all 9 Gbps to flood Revision3. I haven't seen the logs that funchords is referring to, but iptables or PF, or pick your packet filter can be quite effective against rudimentary DoS attacks. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to funchords
said by funchords :said by Necronomikro :"The company, with 2,000 servers and 9Gbps of dedicated bandwidth at their disposal" Sounds like a DDOS to me. May not have been distributed amongst many different networks, but it was many different computers within a high-speed network. According to the logs that I saw, two IPTABLES entries would have solved it. It sounds like they made a last-minute change on a Friday and left town for the weekend. MediaDefender's buggy scripts went nuts. This was "amateur hour" on both MediaDefenders and Revision3's accounts. That said, MediaDefender was the inflicter of damage and was the primary cause of this accident. Doesn't matter what you do with iptables if you're sitting on a 100Mbps, or even 1Gbps port, and you have 9Gbps of traffic coming at you. |
|
anon1
@optonline.net | reply to footballdude
what they did WAS illegal, but if you read the story on mediadefender, you'll see all the friendly calls made from the attorney general to mediadefender.. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| reply to Necronomikro
said by Necronomikro :"The company, with 2,000 servers and 9Gbps of dedicated bandwidth at their disposal" Sounds like a DDOS to me. May not have been distributed amongst many different networks, but it was many different computers within a high-speed network. According to the logs that I saw, two IPTABLES entries would have solved it. It sounds like they made a last-minute change on a Friday and left town for the weekend. MediaDefender's buggy scripts went nuts.
This was "amateur hour" on both MediaDefenders and Revision3's accounts. That said, MediaDefender was the inflicter of damage and was the primary cause of this accident.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
|
|
cornelius785
join:2006-10-26
Worcester, MA
| reply to Necronomikro
i consider a DoS attack to be a DDoS attack when the packets come from computers that are distributed over a large area, not (from the sounds of it) a server farm. i don't know all the little details but based on "The company, with 2,000 servers and 9Gbps of dedicated bandwidth at their disposal" and that all the packets originated from a small set of IP addresses (maybe one???), but i wouldn't consider that a DDoS attack. i'm guessing the reason for all the servers (assuming they were in a server farm) was to be able to ensure the entire bandwidth of the connection (9 Gbps) could be saturated. |
|
dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI
| reply to nixen
It could also be the difference between manslaughter and negligent homicide. Considering, one has no business with his gun pointed at your nugget in the first place.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16
|
|
dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI | reply to Necronomikro
I think its resonable to assume it was distributed. Otherwise 2000 computers are not getting out of the same network pipe without DOSsing themselves. |
|
Necronomikro
join:2005-09-01
| reply to Crookshanks
said by Crookshanks :said by Matt :Trying to establish 8000 new sessions a SECOND is a DDoS Minor nitpick but I don't know as if I'd call that a 'DDoS'. DDoS == distributed denial of service attack and is typically something that is launched with thousands of different hosts on hundreds of different networks, usually using owned systems (via a botnet). What Media Defender did definitely qualifies as a DoS but I'd question whether or not the usage of the term 'DDoS' is accurate here. "The company, with 2,000 servers and 9Gbps of dedicated bandwidth at their disposal"
Sounds like a DDOS to me. May not have been distributed amongst many different networks, but it was many different computers within a high-speed network. |
|
yock
TFTC
Premium
join:2000-11-21
Fairfield, OH
| reply to TKJunkMail
said by TKJunkMail :said by footballdude :Aren't DDOS attacks illegal? If they admit doing it, shouldn't there be legal action? had their systems set to automatically bombarded the closed tracker with 8,000 SYN packets a second The systems weren't SET to create a DDos. That was a side affect of an attempt to reach a resource that was taken offline. Should MD been monitoring their system better? No doubt about it. But the characterization that they PLANNED a DDos is wrong. They should have to live with the side-effects of their system configuration just like anyone else. That many packets per second is nowhere close to being reasonable, and their systems architect would know it.
It's either gross negligence, or intentional tort. |
|
