The Real Impact of the Estonian Cyberattack 172
An anonymous reader writes "News.com offers up an interview with Arbor Networks' senior security researcher Jose Nazario. He takes stock of the denial-of-service attack against the Baltic nation of Estonia, and considers the somewhat disturbing wider implications from the event. 'You look around the globe, and there's basically no limit to the amount of skirmishes between well-connected countries that could get incredibly emotional for the population at large. In this case, it has disrupted the Estonian government's ability to work online, it has disrupted a lot of its resources and attention. In that respect, it's been effective. It hasn't brought the government to a crippling halt, but has essentially been effective as a protest tool. People will probably look at this and say, That works. I think we're going to continue to do this kind of thing. Depending on the target within the government, it could be very visible, or it could not be very visible.'"
Multicast theories (Score:5, Interesting)
Backbone QOS? (Score:3, Interesting)
no reason to get overly complicated (Score:4, Interesting)
Re:Multicast theories (Score:5, Interesting)
Just a thought from the 'stay in your happy place group' (TM)
Government-orchestrated and encouraged (Score:5, Interesting)
Decent well-connected countries would not engage in this sort of things. Russia — busily turning itself back into an Evil Empire — denies "officially" organizing the attacks...
Whether it did officialy organize them, or not is irrelevant — so many things in the country happen unofficially (including the unofficial salaries — in dollars — paid to top government bureaucrats to keep them from leaving for the private sector), that the government's claims may even be nominally truthful this time.
What is important is the government's official reaction. For example, a Russian health official is on record concerning the health hazards of the Estonian sprats. Those who follow the region would recognize the tactics already applied against Georgia's major exports. Georgia's most excellent wines are now called "alcohol-containing liquids" in Russia and their import is banned "on health grounds".
Sprats are safe for now — unlike Georgia, Estonia is an EU (and NATO) member. But Russia — in sore need of something glorious in its sorry past (we liberated Estonia, not reconquered it, you see) — is still enraged. In a decent country such rage wouldn't be enough to break law and order, but Russia is another story. There is no doubt, the cyber-attacks against Estonia used Russian governmental resources, including hardware and human ones — these will most certainly not be prosecuted.
Re:How insightful! (Score:5, Interesting)
Would this distributed DOS attack be possible without a vast army of compromised desktops being used as part of a botnet. Is it tecnnically possible to design against such attacks, or at least make it more difficult to compromise the desktops and route the rogue traffic. After all the Internet is supposed to be designed to be resistant to a nuclear attack. (I know Vint Cerf remembers it different)
Russia - cybercrime capital of the world (Score:2, Interesting)
The situation in Russia isn't helped by the fact that the mafia are basically the state (Putins FSB). Europe will eventually rely on these villains for natural gas, what can the west do about the situation before it's too late?
mod parent down (Score:3, Interesting)
Sure dude... So on, say, Linux, you'd have to exploit supposedly a buffer overflow to gain local access *then* you'd need to exploit a local root exploit to gain root privileges. Multiply this by the number of Linux distros out there and the number of different IM clients and suddenly your pet theory falls flat. Or maybe you were talking about rooting Vista boxes? Cancel or Allow?
You've posted links to this lame "infiltrated" website several times... This website is full of random babbling and misinformation, all the "exploits" look exactly like: "type sudo root apt-get install trojan" or "type sudo root rpm -Uvh trojan.rpm". See the flaw?
You predicted a major Un*x worm coming in the next 9 months... As a regular Un*x user bragging about your OS of choice using "uname -a", you really should know better about how Un*x OSes are working.
Your "tripwire on steroids" is plain laughable... But you mentionning Tripwire raise an interesting question: should people run your "Proof of Concept" [sic] backdoor using "sudo root" (how else could you execute root commands on a system you plan to attack? Wait, even without needing root, how do you plan to run your "Proof of Concept" backdoor on someone's computer?), how would you defeat people unmounting the drive and scanning it from a known clean system running an integrity tool like Tripwire?
Methinks you *pretend* to know something about security but you're actually just at the very beginning of your long journey (your MD5 + SHA1 +
It is really completely dumb to pretend to have a "Proof of Concept" backdoor for Un*x systems that needs to be installed doing "sudo root something".
I've got here at home one Debian etch (custom-compiled kernel), one old Fedora Core 4... And one OpenBSD box. Care to explain how from here to nine months those Un*x machines will get infected by a major Un*x worm/trojan/plague whatever?
For either you explain it or you accept you, and your website, are full of sh*t.
To moderators: that guy has been modded as troll previously, he doesn't know jack, put him in your "-1" list.
Re:Government-orchestrated and encouraged (Score:2, Interesting)
1) USSR won in WWII (destroying 80% of German military manpower).
2) USSR was the first country to launch a satellite.
3) USSR was the first country to launch a man into space.
etc.
It's Estonia that is like a small dog barking at a great elephant.
well yeah (Score:3, Interesting)
Re:that's the biggest problem with this warfare (Score:4, Interesting)
a) Focus inwardly, trying to be on the smallest possible number of 4GW organization target lists. The less people hate you, the better you are;
b) Focus locally, building your defensive strategy on fast deployed forces stationed where they act and, if possible, made up of residents of the area, as well as lowering the dependency each area has on resources deployed from too much away. The more centralized and distant and your military force is, the weaker you are. The more dependent you are on goods and services coming from other cities, states and countries, the weaker you are. (Note that this isn't the same as neglecting a strong and big army. It's more of the way said army is built.)
USA fails on both aspects. It fails "a" miserably by making its presence felt all over the world, thus entering the list of almost everyone. And it fails "b" by encouraging a false sense of security on its population, when it should be making local militias and weapon usage proficiency as much widespread as possible, as well as by having an absolute, complete, all-embracing dependency on foreign natural resources, goods, services and work.
On a 4GW world, this is a recipe for disaster.
Re:Backbone QOS? (Score:3, Interesting)
Sorry, but you have an odd definition of reality. Whitehouse.gov was completely taken out by a DDoS some years ago when it was a huge issue. Now in the last year we've had massive DDoS attacks on the root DNS systems which naturally held up because these trunk level ip filters you seem to think are impossible to implement HAVE been implemented. So in short, the only one that doesn't think this can be implemented globally is you.
I'll refer you to AT&T "Clean pipes" initiative as an example of a multinational corporation implementing this on a massive scale and using it to charge their customers more while giving their customers more value for their dollar. Face it, DDoS attacks were already a huge problem, you just never noticed because you were too busy saying everything is impossible and that countries can't work together despite that being the very nature of the Internet. AT&T is by far not the only ISP implementing this all over their backbone as well. Refer to at least a couple dozen other posts in this thread and you will see that are lots of options and many of them are deployed and the same method does not need to be deployed globally to be effective. As I said, it only really needs to happen when you peer with another provider. It saves the ISPs money on back haul charges and they can charge their customers more for the same service that they already had an interest in delivering.
I also don't understand how that proves your point and not mine when it clearly illustrates that the problem is indeed widespread and has affected people with the means to create real change. It might help your point as well as mine but it certainly discredits nothing. This is why the Whitehouse.gov is where it is today. It wasn't always distributed, why do the think they spent millions to make it that way in the first place? You think they just thought it was a good idea at the time? Perhaps you don't realize that big business is not proactive nor is big government.