open All Channels
seplocked EVE General Discussion
blankseplocked Question for someone that "knows" about DDoS
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Akara Serine
Posted - 2011.06.15 20:52:00 - [1]
 

So obviously Lulzsec is using a botnet, some may be aware of their computer being a part of the botnet, some may not.

But how would a user's computer respond to actually DDoS'ing a site/server? Im assuming their internet would run very poorly correct? (mines not im just curious).

Comet Catcher
Posted - 2011.06.15 20:55:00 - [2]
 

Kind of depends on how those scriptkiddies configured their crap. If your infected computer uses only 20% of your bandwidth you probably won't even feel a difference.

I really hope those asses get arrested.. DDoS is not even hacking, it's just flooding with large amounts of data.

Hu Lu
Posted - 2011.06.15 20:56:00 - [3]
 

yeah, you’d notice a sudden spike in traffic and thus a drop in performance

Mr M
Posted - 2011.06.15 21:01:00 - [4]
 

Well... it depends on the size of the botnet really. At least in theory every computer in the botnet could send a request every second, and in that case it wouldn't have any effect on your computer.

Orlacc
Posted - 2011.06.15 21:02:00 - [5]
 

The hacking part is that during the DDos, code can be injected into a target net.

Comet Catcher
Posted - 2011.06.15 21:05:00 - [6]
 

Originally by: Orlacc
The hacking part is that during the DDos, code can be injected into a target net.


I'd really like to see some proof of concept about that. DDoS is just pinging an ip with a throng of packets, how would you be able to inject code by doing that? (assuming CCP's netcode isn't total crap with obvious weird vulnerabilities)

Cave Lord
Posted - 2011.06.15 21:06:00 - [7]
 

Edited by: Cave Lord on 15/06/2011 21:11:59
Edited by: Cave Lord on 15/06/2011 21:09:45
DDOS stands for "Distributed Denial of Service". The idea is more than 1 computer (usually hundreds/thousands/millions" of computers each try to send packets as fast as they possibly can to a central point and overload it.

Depending on several factors, this may or may not effect your internet connection speed.

For example, if your machine at home was part of the attack, it might take a few seconds to locate a webpage and a split second to load it. The few seconds trying to get to the page was the delay in sending the request to the DNS server.

Another example might be at work, where you're behind a webfilter, have a local DNS server, and rate-limiting on a per-computer basis. You might actually NEVER know you were participating until you get a phonecall from your I.T. person or you look at traffic graphs and see unexplained network communication. Or you might find yourself completely cut off from your network because a managed switch is detecting goofy activity and shuts down the port you are connected to.

For the most part, the participating computer itself, unless it was very old, would continue to function just fine. Unless the bot-authors decided to do something malicious to your computer.

*edit*
Code Injection and Execution in a DDOS attack:
In a simplified explanation, if you can overload the processing buffers of a host, there's a possibility it will start executing whatever code is in that buffer. (Depends on how the software is coded). The botnet would send this executable code. A DDOS with injection code on a well-coded and protected host will knock it offline. A similar attack on a badly-coded and semi-protected host could have code injected and automatically executed by the host.

Hu Lu
Posted - 2011.06.15 21:06:00 - [8]
 

usually, there aren’t enough zombies to run them on a low frequency and their inability to actually ddos eve’s servers doesn’t really speak for a hugely sophisticated botnet…

Comet Catcher
Posted - 2011.06.15 21:14:00 - [9]
 

Originally by: Cave Lord
Edited by: Cave Lord on 15/06/2011 21:09:45
In a simplified explanation, if you can overload the processing buffers of a host, there's a possibility it will start executing whatever code is in that buffer. (Depends on how the software is coded). A DDOS with injection code on a well-coded and protected host will knock it offline. A similar attack on a badly-coded and semi-protected host could have code injected and automatically executed by the host.


You'd need REALLY bad serverside code for that to work, tho. Database stuff shouldn't even be coupled with serverside code in that way at all and even then we should be able to expect some failsave mechanism from CCP.

DeceivingApperance
Caldari
Posted - 2011.06.15 21:18:00 - [10]
 

Originally by: Comet Catcher
Originally by: Orlacc
The hacking part is that during the DDos, code can be injected into a target net.


I'd really like to see some proof of concept about that. DDoS is just pinging an ip with a throng of packets, how would you be able to inject code by doing that? (assuming CCP's netcode isn't total crap with obvious weird vulnerabilities)


imagine there was a way to make ie. a webserver run in circles literally code-wise
it's a denial of service in that the computer is stuck running either injected code (due to an entry point), or a simple bug that makes this happen
it's not uncommon, but it doesn't require a botnet
i can't remember off the top of my head any examples of a ddos actually making something easier to gain access to besides old router/node software :)
(which im not going to give more elaborate examples about)
they used to reset to some default configuration i believe it was.. and was probably before ddos was widely known about
if you never updated the software on such a hardware, it would be open to such an attack obviously

im surprised that lulzsec gained access to a business line.. didn't think that still happened
the good news is, they probably shouldn't have done that :) now the clock is ticking


Nadrick
Posted - 2011.06.15 21:19:00 - [11]
 

Originally by: Comet Catcher
Originally by: Cave Lord
Edited by: Cave Lord on 15/06/2011 21:09:45
In a simplified explanation, if you can overload the processing buffers of a host, there's a possibility it will start executing whatever code is in that buffer. (Depends on how the software is coded). A DDOS with injection code on a well-coded and protected host will knock it offline. A similar attack on a badly-coded and semi-protected host could have code injected and automatically executed by the host.


You'd need REALLY bad serverside code for that to work, tho. Database stuff shouldn't even be coupled with serverside code in that way at all and even then we should be able to expect some failsave mechanism from CCP.


the might on/off switch is the ultimate failsafe

Comet Catcher
Posted - 2011.06.15 21:24:00 - [12]
 

Originally by: DeceivingApperance
Originally by: Comet Catcher
Originally by: Orlacc
The hacking part is that during the DDos, code can be injected into a target net.


I'd really like to see some proof of concept about that. DDoS is just pinging an ip with a throng of packets, how would you be able to inject code by doing that? (assuming CCP's netcode isn't total crap with obvious weird vulnerabilities)


imagine there was a way to make ie. a webserver run in circles literally code-wise
it's a denial of service in that the computer is stuck running either injected code (due to an entry point), or a simple bug that makes this happen
it's not uncommon, but it doesn't require a botnet
i can't remember off the top of my head any examples of a ddos actually making something easier to gain access to besides old router/node software :)
(which im not going to give more elaborate examples about)
they used to reset to some default configuration i believe it was.. and was probably before ddos was widely known about
if you never updated the software on such a hardware, it would be open to such an attack obviously

im surprised that lulzsec gained access to a business line.. didn't think that still happened
the good news is, they probably shouldn't have done that :) now the clock is ticking




I know how a overflow works, it's kind of a very old technique to f*ck with all kinds of systems, but i don't really believe CCP's serverside code would be that vulnerable, especially since it's not open source. (They didn't actually get CCP's sourcecode, did they?)
Still thanks for taking the time to explain. :3

Orlacc
Posted - 2011.06.15 21:28:00 - [13]
 

I'm glad they shut down the API for now.

CCP Wrangler

Posted - 2011.06.15 21:31:00 - [14]
 

Please go to this forum thread for updates and to discuss the current issues.


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only