Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Apr 2002
Posts: 212
Member
Member
Joined: Apr 2002
Posts: 212
dunno why i dind't think about posting this 5 hours ago when this [censored] started. the intraweb is fuXored.

Massive ddos attack on our name servers

This was taking from the military forums, looks like a all out cyberattack has just started taking place. heres some info

/quoted from forums.military.com/
AmericanIntel
Basic Training

Registered: Friday, 03 January 2003
Posts: 10
MASSIVE DDOS ATTACKS ALL OVER U.S.
------------------------------------------------------------------------ --------
We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight starting at around 11:30 PM CST. As many as 5 of the 13 root nameserver have been down, up to 10 with massive packet loss (xx%):

Internet Status to Root Name Servers
Date: Fri Jan 24 21:37:00 PST 2003

Place Address Packet Loss Time: Min/Avg/Max
Root b.root-servers.net 53% 25/40/48
Root c.root-servers.net 0% 82/82/82
Root e.root-servers.net 20% 16/29/33
Root f.root-servers.net 26% 17/27/32
Root h.root-servers.net 20% 91/101/108
Root i.root-servers.net 26% 190/199/205
Root j.root-servers.net 26% 81/91/96
Root k.root-servers.net 64% 172/188/201
Root l.root-servers.net 0% 5/5/6
Root m.root-servers.net 33% 160/171/205
GTLD b.gtld-servers.net 26% 52/63/67
GTLD c.gtld-servers.net 31% 85/93/95
GTLD d.gtld-servers.net 13% 88/100/103
GTLD f.gtld-servers.net 22% 38/50/57
GTLD i.gtld-servers.net 0% 198/200/203
GTLD k.gtld-servers.net 24% 90/100/105
GTLD l.gtld-servers.net 33% 128/138/171

All backbone providers are suffering major packet loss (XX%):

Place Address Packet Loss Time: Min/Avg/Max
AboveNet ns.above.net 28% 53/64/66
AGIS ns1.agis.net 26% 62/74/78
AlohaNet nuhou.aloha.net 35% 84/94/98
ANS ns.ans.net 26% 83/97/100
BBN-NearNet nic.near.net 28% 91/114/572
BBN-BARRnet ns1.barrnet.net 26% 16/26/32
Best ns.best.com 35% 79/89/95
Concentric nameserver.concentric.net 35% 18/31/56
CW ns.cw.net 28% 88/98/105
DIGEX ns.digex.net 31% 78/86/91
ENTER.NET dns.enter.net 28% 91/104/108
Epoch Internet ns1.hlc.net 33% 37/48/52
Flash net ns1.flash.net 17% 80/92/94
GetNet ns1.getnet.com 20% 40/52/56
GlobalCrossing name.roc.gblx.net 24% 85/97/104
GoodNet ns1.good.net 31% 83/92/97
GridNet grid.net 20% 80/92/101
IDT Net ns.idt.net 20% 91/104/121
Internex nic1.internex.net 26% 18/31/35
MCI ns.mci.net 22% 91/103/107
MindSpring itchy.mindspring.net 15% 75/88/106
NAP.NET ns2.nap.net 20% 73/85/94
PacBell ns1.pbi.net 0% 89/89/90
Primenet dns1.primenet.net 20% 31/41/45
PSI ns.psi.net 0% 82/84/160
RAINet ns.rain.net 31% 40/49/53
SAVVIS ns1.savvis.net 31% 88/99/102
SprintLink ns1.sprintlink.net 11% 15/27/35
UUNet,AlterNet auth00.ns.uu.net 26% 89/98/103
Verio-West ns0.verio.net 22% 31/42/47
Verio-East ns1.verio.net 22% 86/96/101
VISInet ceylon.visinet.ca 20% 102/116/188
MoonGlobal-ClubNET ns.clubnet.net 0% 0/1/2
MoonGlobal-Netway dns.nwc.net 4% 6/6/7
MoonGlobal-Netxactics verdi.netxactics.com 4% 6/6/7
InterWorld ns.interworld.net 0% 4/4/5

It's massive, no word on source yet. We are watching it closely.

Brad G
American Intelligence
www.americanintelligence.us

Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
3 hours after above post...

I'm checking out the response time of some of the nameservers right now. Obviously they're doing pretty good still. Why people bother to ddos the root servers is beyond me. They can't keep them down long enough to make a difference.


Domain Registration, Hosting, Management
http://www.dollardns.net
Joined: Mar 2002
Posts: 197
P
Member
Member
P Offline
Joined: Mar 2002
Posts: 197
It's a worm that sends out 376 byte UDP packets to port 1434 (ms-sql-m) And trying to exploit mssql. This scanning has been slowing down the internet for several hours now. It seems people are getting it under control.

As an example how much traffic the worm generates. Trueserver filters( a datacenter in the Netherlands) are dropping packets with 16 terrabyte /hour only cause of that worm smirk


Never argue with fools... They will only drag you down to their level, and beat you with experience...
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
I guess this screwed up some verizon networks this weekend... I heard about it as soon as I came in this morning.

here is some info
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
A virus similar to Code Red, which caused network chaos in the summer of 2002, today paralyzed much of the Internet for several hours.

The virus exploits a known flaw in MS SQL Server, whereby infected servers send out thousands of queries per second to find other vulnerable servers.

As many as 22.000 machines are currently infected. The virus does not appear to do anything but spread itself.

http://www.chron.com/cs/CDA/story.hts/business/1750941

Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
We were playing Scorched Earth when it hit, all of a sudden half the net was down lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Mar 2002
Posts: 1,136
P
UGN Elite Poster
UGN Elite Poster
P Offline
Joined: Mar 2002
Posts: 1,136
I heard that MS released a fix for this vuln a while back, like over a month ago. Kinda amazes me that the nameserver admins wouldn't be all over it... It was weird, apparently ATMs communicate over the net, too. I mean I know they have to, but I figured Wells Fargo would have a private network or something. But I couldn't get any cash out the other day because of that.

Joined: Mar 2002
Posts: 109
T
Member
Member
T Offline
Joined: Mar 2002
Posts: 109
6 months ago.


"There is no end. There is no beginning. There is only the infinite passion of life."
--Fellini
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
ATM's/ Automated teller machines usally usw virtual private networking through some telco. Something like a

DS0 (64 kbs) Frame Relay Line to the circuit and a PVC (permanet virtual connection) to the bank which has a DS3 or OC3 that all these PVC's go back too.

If your bank sends traffic across the WWW from thier ATM they might have looked into DSL for thier services. A few banks have started to use DSL due to the savings verses. The trade off however is security. DSL is a public network there are many theoritcal way your data could be interceped.

I think a bussiness should have to dissclose what type of networking they use. FIDDI or TLS (Trans Lan Service) is the most secure. it is 100% fiber. As of yet to my knowledge no one has learned how to tap into a fiber line. Add to that in TLS the telco provides the equipment but thier lines are all thiers. There is no muxing (multiplexing) multiple customers data into 1 cable.

I say if they are not using ATM or TLS/FIDDI they could care less about protecting your info. If your bank runs across the www, they are greedy. Think of all the money they make on ATM fees. they could at least put that toward a decent secure network.

If a bank uses ATM, Frame Relay, SMDS, or TLS there is no domain name. TLS uses I.P. address's. But SMDS uses something like a phone number to route traffic, Frame relay uses a circuit ID and Switch info, and PVC/DLCI numbers.


http://frforum.com/


ATM uses something similar But the terms are different. VPI's and VCI's

http://www.atmforum.com/


Both sites above have tons of info. These are the heavy duty commecial alternatives to TCP/IP.


ATM is a service/protocol suit that can guarentee bandwidth. It is the only one that can. It is also the best at video and voice. It breaks data up into 53 octet (basicaly bytes) cells. It is usaly the back bone network DSL rides across.

Frame relay uses packets. Packets can have variable length unlike ATM.

Anyway I will get off my soap box now.

Joined: Oct 2002
Posts: 955
UGN Super Poster
UGN Super Poster
Joined: Oct 2002
Posts: 955
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?

Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Quote:
Originally posted by jonconley:
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?
ATM you mean automaed teller machine?


Well they might dial in to do a diagnostic test. My job we do lots of loop back testing. We put a piece of equipment in loop. Then run testing patterns of various 1's and 0's to that equipment. If we get errors on different patterns we know what is wrong.

Could be that. Or maybe they dial in to retrive data the ATM has stored? When you swipe a card at a gas pump you are only checking to see if you have a buck or 2 in your account. the actual money isn't with drawn till well after you have pumped and left.

So based on that, I wonder if it is possible to hack into a gas pump and take out your credit purchase before the company gets it. I doubt it.

I would think it would make a connection with a home server or something and store the data. Then again...


you swipe the card,

pump your gass after.

When you are done do you think it dails back out to some server to record how much you pumped? Or maybe that is done remotely to the pump 1 or 2 times a day...

Think of it, free gas.

Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Quote:
Originally posted by jonconley:
OK, so working at gas stations I have heard the ATMs drop connections, dialout, or even hear ringing when someone is dialing in. Any ideas on this. I can understand if they dialed into somewhere, but why would ppl/machines be dialing into the ATM then?
ATM you mean automaed teller machine?


Well they might dial in to do a diagnostic test. My job we do lots of loop back testing. We put a piece of equipment in loop. Then run testing patterns of various 1's and 0's to that equipment. If we get errors on different patterns we know what is wrong.

Could be that. Or maybe they dial in to retrive data the ATM has stored? When you swipe a card at a gas pump you are only checking to see if you have a buck or 2 in your account. the actual money isn't with drawn till well after you have pumped and left.

So based on that, I wonder if it is possible to hack into a gas pump and take out your credit purchase before the company gets it. I doubt it.

I would think it would make a connection with a home server or something and store the data. Then again...


you swipe the card,

pump your gass after.

When you are done do you think it dails back out to some server to record how much you pumped? Or maybe that is done remotely to the pump 1 or 2 times a day...

Think of it, free gas.


Link Copied to Clipboard
Member Spotlight
None yet
Forum Statistics
Forums41
Topics33,840
Posts68,858
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Dartur 1
Cyrez 1
Girlie 1
unreal 1
Powered by UBB.threads™ PHP Forum Software 8.0.0