The structure of the Internet?

[ArcticStones]

.
I’m rather astonished to read that 3 of 13 DNS rootservers in the world (!) were put out of action yesterday, albeit temporarily. That sounds significant, to put it mildly. Here is the article on CNN: Hackers hit key Internet traffic computer, and on the BBC: Hackers attack heart of the net.

So, I am curious:

>> Was anyone here significantly affected by yesterdays meta-scale hacking attempt?

>> Any thoughts on the objectives of this particular attack?

>> Or how future attacks on an even larger scale can be avoided or neutralised?

As I understand it, the consequences would be pretty immense if someone succeeded in putting most of the Internet out of action for any length of time...

Best regards,
ArcticStones
.

[CAlvarez]

Olav posted this after a conversation we had via PM. Those guys are colocated a few cabinets over from my servers, and a couple of mine were partially compromised also. I spent from about noon yesterday to 5am today fixing things, slept a bit, and I'm back at it. Just one machine left to recover.

One thing to know is that nearly all of the machines used for attacks like this are compromised Windows machines. There are millions of them, joined into and controlled by botnets.

Controlling attacks is somewhat art as much as science, and we're getting much better at it. Every attack leaves more information to learn from. There's no way to stop it altogether; it's literally impossible with the current architecture of the internet. However the attack yesterday showed that while there was a small impact, it was just that; small.

[ArcticStones]

.
Servers, compromised in what sense?

One more thing: Given the fact that botnets are used, is it realistic for anyone to actually trace such an attack to its original source (read: people)?

I would really like to understand this.


PS. My ISP’s email server was down for about nine hours. When I called them, they said it was "maintenance", but the person on the other of the line didn’t even sound like he believed that himself... Are there dots to connect?

[NovaScotian]

Quote: Originally Posted by ArcticStones . Servers, compromised in what sense?

And why did it take such a time-consuming effort for CAvarez to recover the machines? What happened to them?

[CAlvarez]

Three machines in the facility had weak passwords and no RSA keys for SSH. A script kiddie was able to gain access, but did so much damage through his ignorance that the machines were useless, even to him. We saw his traffic to a botnet on IRC, pretended to be a bot on the channel, saw what they were saying. Eventually talked to them while we tried to stop the access. There was a brief process-killing battle, we won, and they got really pissed off. Funny how those scumbags really do believe that you're the bad guy for kicking them off your own machine. Amazing.

Why so long? A number of reasons. First they are production machines handling VoIP traffic. We couldn't just kill them and reinstall. They had to remain up but we had to regain control. One way we did that was to have the NOC block out all non-VoIP traffic at the head end router while we tried to regain the machines.

Then there was just the comedy of stupid issues. One Dell server had a bad CD drive, couldn't boot from the Linux installer CD. The Dells also can't boot from USB--argh--I hate Dell. We had to back up many fluid files (voicemail, prompts, etc) to make sure we could restore to the last state, not to the previous full backup. That was challenging, given the limits of the size of the servers (1u), drives we had on hand, etc. Of course lots of little challenges popped up. In total there were five of us working on different things.

When a machine is rooted like that, you have to simply destroy it and install clean. There is no way to be sure it is clean otherwise.

The password thing would be funny and ironic if it wasn't such a pain in the arse... We are just taking over these machines, and three days ago I said to my partner that they had horrible passwords and root was enabled, so we had to fix that. Because of the transition and need for people to still have access, I though, "It's been that way for years, what can a few days hurt..."

Argh.

[fazstp]

I read that about 25% of computers on the net are bot-net zombies.

[CAlvarez]

The number ranges from 25 to 75, no way to really know. Even if just 10% of Windows machines are compromised, imagine the size of that botnet...

I spoke too soon. Found three more semi-compromised machines. Damaged but not owned, they don't have access but the machines are going to have to be fixed.

[tlarkin]

at any time please correct me if I am wrong....b/c I very well could be.

It is my understanding that windows uses a different method of processor hierarchy in their kernel. things like drivers and system processes run as root level processes. Where as in other OSes, like unix/linux/os x it's more of a mirco kernel or a micro managed kernel ( I could be using wrong terminology here) which lets things run as high level processes but never root, unless it is indeed a root process.

That being said, and having to help maintain a huge windows enviroment at work I can say windows has too many loop holes. I mean drive mapping itself is a pain because if a user authenticates via NDS/AD and needs to run an application off a network drive or needs the right to install updates you basically gave them a limited admin account. Through various known exploits you can map just about any drive on the network....pretty freaking scary. Gladly most users don't know this kind of stuff, and of course things that are too important or things that need restricted access are a lot more highly restricted. The problem lies in, if use A needs rescource access to resource X and we give it them, it opens up pathing exploits of windows to those things in the same permission range. So, effectively user A can access things user B can, but is not suppose to have access to them. This pathing exploit also works in other ways, allowing users access to the control panels and other system settings. I once had several computers drop internet connection, couldn't ping them or remote in so I had to go out on site. I check the nic on the machine, no link lights at all. so I test the drop and it tests good....Long story short the student had used a pathing exploit to give themselves access to device manager (which they do not have access to by default) and disabled the NIC, by hardware profiling it out. Even when policy is pushed out there is generally a way around it, and then you play cat and mouse. Patching each exploit until another one pops up. This gets annoying from the OS level to the application level.

Vista has change several things about their directory structure however, I have not messed with it enough to see what has exactly been changed. I know for one thing they changed, is there is no more documents and settings directory, its now all under the /Users which is a good move I think.

Also, MS just bought a bunch of security (like 300 million worth) from Novell, and not from Novell's netware products, it was from their Linux product. So, now MS has access to Linux security technology. It helps to have money I suppose.

sources: http://www.techworld.com/opsys/news/...fm?NewsID=7250
http://articles.techrepublic.com.com...1-6137444.html

[NovaScotian]

Quote: Originally Posted by tlarkin ... It helps to have money I suppose...

My grandmother always said "Whether you're rich or poor, it's nice to have money". Since I've experienced a substantial portion of that wealth range over the last 7 decades, I concur. Haven't thought about that for years, but Larkin's comment was a "deja vu all over again".

[trumpet_999]

Quote: Originally Posted by NovaScotian My grandmother always said "Whether you're rich or poor, it's nice to have money". Since I've experienced a substantial portion of that wealth range over the last 7 decades, I concur. Haven't thought about that for years, but Larkin's comment was a "deja vu all over again".

you've been spending up for 7 decades? dude, how old are you?

[CAlvarez]

Quote: . things like drivers and system processes run as root level processes.

Oh...where do I start. I mean, that's correct, but it's much much worse than that. Let's see... Lazy programmers have chosen to write programs that only operate as admin/root, so nearly all Windows users are forced to be running as admin at all times. I mean, even mainstream things like QuickBooks! Then you have the driver implementations which also must run as admin, and even the good ones are running at privilege level in the background even when the user is not. So then we have IE, which has massive security problems (intentional--that's another paragraph), and is also running in privileged mode. Well...I don't need to explain 2+2 for you.

IE, Outlook, and other MS programs were purposely written with interaction and extensibility in mind, but NO thought to security. Literally, they assumed all users were good. And every admin knows you can't even trust your own users, let alone the outside world.

Privilege escalation isn't so much a bug in Windows as it is a feature.

The CNN article that Olav referenced is, in my opinion, understated. And for good reason, you want to tell these losers that their efforts had no effect, to discourage them. The reality though is that I think this cost a lot of people a bunch of money. I know my company lost at least 20 of our own man-hours over it (two person company...ouch) plus many hours with our partners and contractors. The opportunity cost is huge because I should have been working on closing a deal for $30k for the next three months and another $100k over a year.

[tlarkin]

That is exactly why some students have to have admin privileges and how we hide mapped drives because of its design, and that is what enables the pathing exploits.

Yup windows is annoying

[ArcticStones]

.
It is with great dismay I read that the US Department of Justice is opposing legislation designed to guarantee Internet Neutrality. This is the complete opposite stance from what it would be reasonable to expect -- if, that is, they were truly concerned with democracy and justice.

The dismantling of Internet Neutrality would have grave consequences, seriously undermining a key characteristic of the Internet as we know it: Equality in the way traffic is handled.

There is a more complete BBC story here, and I’m sure there are other articles elsewhere.

Respectfully,
ArcticStones

[NovaScotian]

I agree with "astonishing"; an understatement, perhaps. Mind boggling, even. Leads to the question: "How on earth could a logical thought process lead to the notion that abolishing internet neutrality would be a good idea?

Let me guess. Aside from the heavy lobbying by the telecoms, the average North American or British legislator does not really use the internet the way it is used by the vast majority. To them, it's probably email, news, and Google.

Further, the RIAA & Movie folks have convinced the solons that most of the high-bandwidth use of the internet, strangling it to hear the telecoms tell the story, is contraband music and/or video and/or porn and/or internet gambling, while another big chunk is "kiddy crap" like Facebook and/or YouTube and/or violent, sex-filled games; I mean, who needs that, they say. The kids should be playing sports and getting decent grades, not sitting in a dark in front of a computer eating junk food.

"Real" businesses (i.e., read those banks, traders and corporations with tons of money and a lot of political clout with the solons) don't go for any of that; their use is (they say) the same as the solons', and all this crap content is slowing them down.

Blinded by those prejudices, they're out to save the world, absolutely unheeding of any rational understanding of the unintended consequences.... as usual. I'm not really surprised.

[J Christopher]

Quote: Originally Posted by ArcticStones . It is with great dismay I read that the US Department of Justice is opposing legislation designed to guarantee Internet Neutrality.

Apparently, the US Department of Justice is in favor of violations of the Sherman Antitrust Clayton Act, which they are supposed to be enforcing.

The real tragedy is that I don't find this the least bit surprising.

http://www.usdoj.gov/atr/foia/divisionmanual/ch2.htm

[ArcticStones]

Quote: Originally Posted by J Christopher Apparently, the US Department of Justice is in favor of violations of the Sherman Antitrust Act, which they are supposed to be enforcing.

Could you expand on that, please? I would also be interested in links to articles/sites where this particular point has been discussed in an intelligent way, if you know of any.

[J Christopher]

Quote: Originally Posted by ArcticStones Could you expand on that, please? I would also be interested in links to articles/sites where this particular point has been discussed in an intelligent way, if you know of any.

I misspoke. I was thinking of the Clayton Act, not the Sherman act. I edited my previous post, and added an appropriate link. I'm not aware of any discussions on the topic, but I would also be interested in reading them.

[ArcticStones]

.
Thanks, J Christopher.
I only vaguely remember the Clayton (and Sherman) Act from my US history classes, and that was a long time ago.

Roughly what are we talking about here? For I don’t think I have the patience to read through all that legalese... From a quick look on Wikipedia, this would certainly seem to apply:

"The Clayton Act prohibits: ...price discrimination between different purchasers if such discrimination substantially lessens competition or tends to create a monopoly in any line of commerce"

Slowing the traffic of small companies, for many of whom the Internet is the primary source of customer contact and arena of sales, would most definitely discriminate in favour of larger companies with the economic clout to insist on faster service.

I know from the travel industry, that the Internet was decisive in the rise of Norwegian Airlines, which in just a few years has risen to challenge the virtual domestic monopoly of SAS-Braathens. And I’m sure we could find tens of thousands of similar cases.

To put it in other words: Dismantling Internet netrality would be a grave blow to economic democracy.

Personally I am even more concerned with the free exchange of ideas that is an essential underpinning of any true democracy. In this regards, the flat structure of the Internet has been a huge blessing. In fact the MacOSX Forums are but one modest example of that.

I suspect this is about telecom profits, but also control -- in the broadest possible sense of that word.

Tragic.

[ArcticStones]

.
I would go so far as to say this: If the US Justice Department recommendation becomes US law and practice, then it is high time the Internet be removed from American hands and placed under an international authority.

Otherwise I wouldn’t mind things continuing as now.
.

[NovaScotian]

Quote: Originally Posted by ArcticStones . I would go so far as to say this: If the US Justice Department recommendation becomes US law and practice, then it is high time the Internet be removed from American hands and placed under an international authority.

Of course, it's high time anyway, no matter which way they go on net neutrality. Clearly, if the US chooses to allow their telcos to throttle the net in the US for their own profit, then the users of the net in the US should take the hit and know that in other parts of the world, that hit isn't being taken. Isn't it possible that a throttled net will just encourage many providers of content to move offshore? Then, the US throttle will look to the hoi polloi like censorship does to Chinese netizons. Until now, the best feature, the enduring feature of the net was that it wasn't politically controlled. Politicians hate that.