UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
Amazon Gift Card Generator/KeyGen?te
by Gecko666
08/22/14 09:21 AM
Latest Reviews
Topic Options
Rate This Topic
#37847 - 01/25/03 01:56 AM mAssive DDoS attacks tonight...
Rapture Offline
Member

Registered: 04/23/02
Posts: 212
Loc: Redwood
dunno why i dind't think about posting this 5 hours ago when this shit started. the intraweb is fuXored.

Massive ddos attack on our name servers

This was taking from the military forums, looks like a all out cyberattack has just started taking place. heres some info

/quoted from forums.military.com/
AmericanIntel
Basic Training

Registered: Friday, 03 January 2003
Posts: 10
MASSIVE DDOS ATTACKS ALL OVER U.S.
------------------------------------------------------------------------ --------
We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight starting at around 11:30 PM CST. As many as 5 of the 13 root nameserver have been down, up to 10 with massive packet loss (xx%):

Internet Status to Root Name Servers
Date: Fri Jan 24 21:37:00 PST 2003

Place Address Packet Loss Time: Min/Avg/Max
Root b.root-servers.net 53% 25/40/48
Root c.root-servers.net 0% 82/82/82
Root e.root-servers.net 20% 16/29/33
Root f.root-servers.net 26% 17/27/32
Root h.root-servers.net 20% 91/101/108
Root i.root-servers.net 26% 190/199/205
Root j.root-servers.net 26% 81/91/96
Root k.root-servers.net 64% 172/188/201
Root l.root-servers.net 0% 5/5/6
Root m.root-servers.net 33% 160/171/205
GTLD b.gtld-servers.net 26% 52/63/67
GTLD c.gtld-servers.net 31% 85/93/95
GTLD d.gtld-servers.net 13% 88/100/103
GTLD f.gtld-servers.net 22% 38/50/57
GTLD i.gtld-servers.net 0% 198/200/203
GTLD k.gtld-servers.net 24% 90/100/105
GTLD l.gtld-servers.net 33% 128/138/171

All backbone providers are suffering major packet loss (XX%):

Place Address Packet Loss Time: Min/Avg/Max
AboveNet ns.above.net 28% 53/64/66
AGIS ns1.agis.net 26% 62/74/78
AlohaNet nuhou.aloha.net 35% 84/94/98
ANS ns.ans.net 26% 83/97/100
BBN-NearNet nic.near.net 28% 91/114/572
BBN-BARRnet ns1.barrnet.net 26% 16/26/32
Best ns.best.com 35% 79/89/95
Concentric nameserver.concentric.net 35% 18/31/56
CW ns.cw.net 28% 88/98/105
DIGEX ns.digex.net 31% 78/86/91
ENTER.NET dns.enter.net 28% 91/104/108
Epoch Internet ns1.hlc.net 33% 37/48/52
Flash net ns1.flash.net 17% 80/92/94
GetNet ns1.getnet.com 20% 40/52/56
GlobalCrossing name.roc.gblx.net 24% 85/97/104
GoodNet ns1.good.net 31% 83/92/97
GridNet grid.net 20% 80/92/101
IDT Net ns.idt.net 20% 91/104/121
Internex nic1.internex.net 26% 18/31/35
MCI ns.mci.net 22% 91/103/107
MindSpring itchy.mindspring.net 15% 75/88/106
NAP.NET ns2.nap.net 20% 73/85/94
PacBell ns1.pbi.net 0% 89/89/90
Primenet dns1.primenet.net 20% 31/41/45
PSI ns.psi.net 0% 82/84/160
RAINet ns.rain.net 31% 40/49/53
SAVVIS ns1.savvis.net 31% 88/99/102
SprintLink ns1.sprintlink.net 11% 15/27/35
UUNet,AlterNet auth00.ns.uu.net 26% 89/98/103
Verio-West ns0.verio.net 22% 31/42/47
Verio-East ns1.verio.net 22% 86/96/101
VISInet ceylon.visinet.ca 20% 102/116/188
MoonGlobal-ClubNET ns.clubnet.net 0% 0/1/2
MoonGlobal-Netway dns.nwc.net 4% 6/6/7
MoonGlobal-Netxactics verdi.netxactics.com 4% 6/6/7
InterWorld ns.interworld.net 0% 4/4/5

It's massive, no word on source yet. We are watching it closely.

Brad G
American Intelligence
http://www.americanintelligence.us

Top
Sponsored Links
      
#37848 - 01/25/03 04:22 AM Re: mAssive DDoS attacks tonight...
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
3 hours after above post...

I'm checking out the response time of some of the nameservers right now. Obviously they're doing pretty good still. Why people bother to ddos the root servers is beyond me. They can't keep them down long enough to make a difference.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#37849 - 01/25/03 06:18 AM Re: mAssive DDoS attacks tonight...
Predator Offline
Member

Registered: 03/01/02
Posts: 197
Loc: Belgium
It's a worm that sends out 376 byte UDP packets to port 1434 (ms-sql-m) And trying to exploit mssql. This scanning has been slowing down the internet for several hours now. It seems people are getting it under control.

As an example how much traffic the worm generates. Trueserver filters( a datacenter in the Netherlands) are dropping packets with 16 terrabyte /hour only cause of that worm
_________________________
Never argue with fools... They will only drag you down to their level, and beat you with experience...

Top
#37850 - 01/26/03 11:15 PM Re: mAssive DDoS attacks tonight...
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
I guess this screwed up some verizon networks this weekend... I heard about it as soon as I came in this morning.

here is some info
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
A virus similar to Code Red, which caused network chaos in the summer of 2002, today paralyzed much of the Internet for several hours.

The virus exploits a known flaw in MS SQL Server, whereby infected servers send out thousands of queries per second to find other vulnerable servers.

As many as 22.000 machines are currently infected. The virus does not appear to do anything but spread itself.

http://www.chron.com/cs/CDA/story.hts/business/1750941
_________________________
My New site OpenEyes

Top
#37851 - 01/27/03 03:23 AM Re: mAssive DDoS attacks tonight...
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7192
Loc: Portland, OR; USA
We were playing Scorched Earth when it hit, all of a sudden half the net was down lol...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#37852 - 01/27/03 12:34 PM Re: mAssive DDoS attacks tonight...
pergesu Offline
UGN Elite Poster

Registered: 03/14/02
Posts: 1136
Loc: Pimpin the Colorizzle
I heard that MS released a fix for this vuln a while back, like over a month ago. Kinda amazes me that the nameserver admins wouldn't be all over it... It was weird, apparently ATMs communicate over the net, too. I mean I know they have to, but I figured Wells Fargo would have a private network or something. But I couldn't get any cash out the other day because of that.

Top
#37853 - 01/27/03 01:16 PM Re: mAssive DDoS attacks tonight...
thebluegiant Offline
Member

Registered: 03/02/02
Posts: 109
6 months ago.
_________________________
"There is no end. There is no beginning. There is only the infinite passion of life."
--Fellini

Top
#37854 - 01/28/03 12:26 AM Re: mAssive DDoS attacks tonight...
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
ATM's/ Automated teller machines usally usw virtual private networking through some telco. Something like a

DS0 (64 kbs) Frame Relay Line to the circuit and a PVC (permanet virtual connection) to the bank which has a DS3 or OC3 that all these PVC's go back too.

If your bank sends traffic across the WWW from thier ATM they might have looked into DSL for thier services. A few banks have started to use DSL due to the savings verses. The trade off however is security. DSL is a public network there are many theoritcal way your data could be interceped.

I think a bussiness should have to dissclose what type of networking they use. FIDDI or TLS (Trans Lan Service) is the most secure. it is 100% fiber. As of yet to my knowledge no one has learned how to tap into a fiber line. Add to that in TLS the telco provides the equipment but thier lines are all thiers. There is no muxing (multiplexing) multiple customers data into 1 cable.

I say if they are not using ATM or TLS/FIDDI they could care less about protecting your info. If your bank runs across the www, they are greedy. Think of all the money they make on ATM fees. they could at least put that toward a decent secure network.

If a bank uses ATM, Frame Relay, SMDS, or TLS there is no domain name. TLS uses I.P. address's. But SMDS uses something like a phone number to route traffic, Frame relay uses a circuit ID and Switch info, and PVC/DLCI numbers.


http://frforum.com/


ATM uses something similar But the terms are different. VPI's and VCI's

http://www.atmforum.com/


Both sites above have tons of info. These are the heavy duty commecial alternatives to TCP/IP.


ATM is a service/protocol suit that can guarentee bandwidth. It is the only one that can. It is also the best at video and voice. It breaks data up into 53 octet (basicaly bytes) cells. It is usaly the back bone network DSL rides across.

Frame relay uses packets. Packets can have variable length unlike ATM.

Anyway I will get off my soap box now.
_________________________
My New site OpenEyes

Top
#37855 - 01/28/03 07:46 PM Re: mAssive DDoS attacks tonight...
jonconley Offline
UGN Super Poster

Registered: 10/08/02
Posts: 955
Loc: Merrill, IA, USA
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?

Top
#37856 - 01/28/03 10:52 PM Re: mAssive DDoS attacks tonight...
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
Quote:
Originally posted by jonconley:
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?
ATM you mean automaed teller machine?


Well they might dial in to do a diagnostic test. My job we do lots of loop back testing. We put a piece of equipment in loop. Then run testing patterns of various 1's and 0's to that equipment. If we get errors on different patterns we know what is wrong.

Could be that. Or maybe they dial in to retrive data the ATM has stored? When you swipe a card at a gas pump you are only checking to see if you have a buck or 2 in your account. the actual money isn't with drawn till well after you have pumped and left.

So based on that, I wonder if it is possible to hack into a gas pump and take out your credit purchase before the company gets it. I doubt it.

I would think it would make a connection with a home server or something and store the data. Then again...


you swipe the card,

pump your gass after.

When you are done do you think it dails back out to some server to record how much you pumped? Or maybe that is done remotely to the pump 1 or 2 times a day...

Think of it, free gas.
_________________________
My New site OpenEyes

Top
#37857 - 01/28/03 10:52 PM Re: mAssive DDoS attacks tonight...
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
Quote:
Originally posted by jonconley:
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?
ATM you mean automaed teller machine?


Well they might dial in to do a diagnostic test. My job we do lots of loop back testing. We put a piece of equipment in loop. Then run testing patterns of various 1's and 0's to that equipment. If we get errors on different patterns we know what is wrong.

Could be that. Or maybe they dial in to retrive data the ATM has stored? When you swipe a card at a gas pump you are only checking to see if you have a buck or 2 in your account. the actual money isn't with drawn till well after you have pumped and left.

So based on that, I wonder if it is possible to hack into a gas pump and take out your credit purchase before the company gets it. I doubt it.

I would think it would make a connection with a home server or something and store the data. Then again...


you swipe the card,

pump your gass after.

When you are done do you think it dails back out to some server to record how much you pumped? Or maybe that is done remotely to the pump 1 or 2 times a day...

Think of it, free gas.
_________________________
My New site OpenEyes

Top

Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
34045 Topics
69212 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 27207
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Gecko666, defghi795767, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 101 Guests and 149 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!