Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security The Military

UK, Not North Korea, Is Source of DDoS Attacks 175

Posted by kdawson from the one-master-to-rule-them-all dept.
angry tapir writes "The UK was the likely source of a series of attacks last week that took down popular Web sites in the US and South Korea, according to an analysis performed by a Vietnamese computer security researcher. The results contradict assertions made by some in the US and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered." The Vietnamese security site's blog is linked from the article, but it is very slow even before Slashdotting. The researchers observed 166,908 zombies participating in the attacks — a number far larger than most earlier estimates.
Update: 07/14 21:24 GMT by KD : Wired is reporting that the UK owner of the IP address in question is pointing a finger at a server in Florida, which it says opened a VPN to the UK machine for the attacks. Once again, the attacker could be anywhere.
This discussion has been archived. No new comments can be posted.

UK, Not North Korea, Is Source of DDoS Attacks More

UK, Not North Korea, Is Source of DDoS Attacks

Comments Filter:

  • Re:However.... (Score:3, Informative)

    by icebike ( 68054 ) on Tuesday July 14, 2009 @02:40PM (#28694387)

    RTFA: Zombies. Botnet.

    It takes coordinated digging to follow the botnet control channel upstream, especially if the botnet runs disconnected the vast majority of the time.

    As a target, you would only see packets from the particular bot that was dosing you.

  • Master Server Location != Controller (Score:3, Informative)

    by nweaver ( 113078 ) on Tuesday July 14, 2009 @02:48PM (#28694477) Homepage

    The researcher found the computer that was used as the entry point for commands into the botnet.

    This has nothing to do with who is responsbile for the attack.

  • Re:Come on, UK! (Score:2, Informative)

    by woodchip ( 611770 ) on Tuesday July 14, 2009 @02:57PM (#28694599)
    What are you talking about, the war of 1812 wasn't over until 194 years ago.

  • Re:Don't worry, the government has a plan! (Score:4, Informative)

    by legirons ( 809082 ) on Tuesday July 14, 2009 @03:14PM (#28694801)

    Cue UK government announcing multi billion plan to make the internet 'safe' with new content filtering, anti-filesharing and communication logging schemes in 5... 4... 3...

    uhh, they already did that.

    (well except for the '£billions' part, which they passed-on to the ISPs so it wouldn't appear in the budget defecit)

  • UK vs US war with actors (Score:3, Informative)

    by jimwelch ( 309748 ) on Tuesday July 14, 2009 @03:23PM (#28694901) Homepage Journal

    Hugh Laurie STAYS in USA!
    Send Stephie Fry STAYS too.
    We also want Alan Davies and Caroline Quentin.

    Wait? are there any good actors in USA to trade to UK?
    OK, Here is the deal! You get them all back, if you promise to make Aland Davies the next Doctor Who.

    Madonna we ship to North Korea! Oops, That is a violation of the rules of war. WMD used on civilians.

  • Re:However.... (Score:4, Informative)

    by clone53421 ( 1310749 ) on Tuesday July 14, 2009 @03:34PM (#28695003) Journal

    Well, it sort of is. The IP datagram specifies the source ("from") and destination ("to") IP addresses (1) [wikipedia.org]. (The IP address identifies a connection to the internet; on the "local" side of that connection there may be only one computer or there may be a network of computers; if there is more than one computer, the router has to be set up to know which computer to forward packets to, either by configuring it to open certain incoming ports to one computer or by establishing a connection from that computer going out, which the router can then keep open for the duration of the connection.)

    However the source/destination ports are actually specified in the TCP headers (2) [wikipedia.org]. Ports are typically thought of as representing which service on the destination computer is being requested (HTTP, FTP, SMTP, etc.), but the port will also help the router in a multi-computer network route incoming packets, e.g. a rule may be set to route all packets addressed to port 80 to a particular computer which is set up to serve web pages (port 80 is the standard port on which all web servers "listen" for connections); packets addressed to port 25 on the other hand can be routed to a computer set up to run the e-mail system (port 25 is used by SMTP servers), which may not be the same computer as the one running the HTTP server. The TCP headers are followed by the data, and together the TCP headers/data form the data portion of the IP layer's datagram.

    If the return IP is incorrect, you'll never get a response, of course. Since there's no legitimate reason to do this, and since the IP datagram is a standard format, modems/routers can be programmed to check the packets and ensure that the "from" IP is, in fact, correct.

  • Re:Inflammitory headline (Score:5, Informative)

    by zeromorph ( 1009305 ) on Tuesday July 14, 2009 @05:22PM (#28696539)

    Ssssshhhh, facts spoil the fun. The original blog post [bkis.com] -however - claims that the IP address they tracked is indeed the master server, that it is located in UK and is running on Windows 2003 Server Operating System. So on the basis of that post, the UK would have to be regarded as the source. It would be interesting to see whether this claim can be verified or at least substantiated, but it seems to be more supported by facts than any other claim I heard.

  • Re:Inflammitory headline (Score:2, Informative)

    by IRWolfie- ( 1148617 ) on Tuesday July 14, 2009 @05:45PM (#28696797)
    The C&C server doesn't have to be located in the same country as the bots it controls. I would think a corporate network in britain could host C&C server.

Slashdot Top Deals

Neutrinos have bad breadth.

Close