SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#51 2013-10-18 16:58:37

fiver22
Member
Registered: 2011-10-15
Posts: 34

Re: DDoS Attack 2013-10-17 (resolved)

From my, admittedly limited, experience it's surprisingly easy to mount a DDoS. I was staff at a site that suffered one -we had banned a user -a young, and immature user and she had us DDoS-ed. There was lots of evidence that she was nothing more than a script-kiddie but she managed an attack -a fairly successful one.
When I asked the site coders and sysadmin how someone who seemed to have so little skill was able to bring us down they told me that no real skill is 'needed' by an attacker and that  I'd be shocked at how easy it was to mount a successful/semi-successful attack against any specific non-giant site.
We knew it was her for multiple reasons: she threatened to do it -when she threatened us we doxed her (no we didn't REVEAL her info to the public, but a few of us staff were made aware of her personal details -to this day only a few of us on the site know her personal info -but we did pass it on to staff at some of our sister sites where she may have held accounts); we saw an attempt coming from her that failed; finally when a successful attack was mounted we were able to follow her around he online haunts a bit and found her bragging.
Our site and community was always very careful to be welcoming, to give second chances, and if we decided to ban we always did it as politely as possible.
Again, I have no technical knowledge of these things -I was a moderator mostly for my people skills/level of involvement with the site and a bit of skill in a specific area -but I was told by people who I respected that DDoSes were pretty simple to mount.

Offline

Be excellent to each other!

#52 2013-10-18 18:26:53

saneks
#! Die Hard
Registered: 2009-10-01
Posts: 1,020

Re: DDoS Attack 2013-10-17 (resolved)

just wondering: what is the benefit of attacking a small linux distro? what kind of a**hat would waste his time to attack people that do a good thing? - as I understand, ddos just bombs the servers with requests, so it can't respond to others anymore, right?

technical questions: so right now we can't do upgrades and updates? - is this happening to other distros right now?

this sucks.


eee701 user & other lap/desktops

Offline

#53 2013-10-18 18:43:43

xero
#! Junkie
From: 0x000000
Registered: 2013-09-30
Posts: 382
Website

Re: DDoS Attack 2013-10-17 (resolved)

saneks wrote:

as I understand, ddos just bombs the servers with requests, so it can't respond to others anymore, right?

yes. a ddos is just a huge flood of illegitimate requests. and the sever cant sort out what's real and what's fake.

if your curious to see what a ddos "looks" like...
[video]http://www.youtube.com/watch?v=HfhksnjpbZw[/video]

saneks wrote:

just wondering: what is the benefit of attacking a small linux distro? what kind of a**hat would waste his time to attack people that do a good thing?

who knows.

Last edited by xero (2013-10-18 18:50:14)


▬▬ι═════════-
dotfiles http://git.io/.files

Offline

#54 2013-10-18 19:27:26

GekkoP
#! Junkie
From: Vicenza (Italy)
Registered: 2013-06-17
Posts: 297
Website

Re: DDoS Attack 2013-10-17 (resolved)

Any news here?
I still can't update CrunchBang, it can't reach packages.crunchbang.org.

Offline

#55 2013-10-18 19:47:39

snowpine
#!-a-roo
Registered: 2008-11-24
Posts: 2,984

Re: DDoS Attack 2013-10-17 (resolved)

I blame the ponies.


/hugged

Offline

#56 2013-10-18 19:56:06

KrunchTime
#! Die Hard
From: not where I belong
Registered: 2012-03-02
Posts: 3,264

Re: DDoS Attack 2013-10-17 (resolved)

saneks wrote:

just wondering: what is the benefit of attacking a small linux distro? what kind of a**hat would waste his time to attack people that do a good thing?

It's quite possible it's a current or former forum member who feels that they have been wronged in some way.  There have been enough negative posts in the past to lead me to believe this.


Linux User #586672
Come and Die -- Kyle Idleman

Offline

#57 2013-10-18 19:59:20

Sector11
#!'er to BL'er
From: SR11 Cockpit
Registered: 2010-05-05
Posts: 15,667
Website

Re: DDoS Attack 2013-10-17 (resolved)

snowpine wrote:

I blame the ponies.

NO!  Impossible.  I refuse to believe it!


·  ↓   ↓   ↓   ↓   ↓   ↓  ·
BunsenLabs Forums now Open for Registration
·  ↑   ↑   ↑   ↑   ↑   ↑  · BL ModSquad

Offline

#58 2013-10-18 20:39:34

Argumento
Member
From: Ciudad de México
Registered: 2013-07-30
Posts: 18

Re: DDoS Attack 2013-10-17 (resolved)

Just noticed http://packages.crunchbang.org was down and found this post. This is getting repetitive. Who has the time, resources and plain hate to keep atacking something that's free for the community?

I do have my suspects...

Anyway, hang in there #!


Salud y Revolución Social

Offline

#59 2013-10-18 20:43:51

Argumento
Member
From: Ciudad de México
Registered: 2013-07-30
Posts: 18

Re: DDoS Attack 2013-10-17 (resolved)

snowpine wrote:

I blame the ponies.

Damn those pesky pinky creatures!


Salud y Revolución Social

Offline

#60 2013-10-18 21:04:13

Sir Limpalot
Member
From: Norway
Registered: 2013-10-18
Posts: 12

Re: DDoS Attack 2013-10-17 (resolved)

What kind of bandwidth would one need to set up a temporary repository?
How many repos pushing for example 10Mb would one need to have a working system?
And how hard would it be to have apt try the next of a list if the prefferred repo times out?


“Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying 'End-of-the-World Switch. PLEASE DO NOT TOUCH', the paint wouldn't even have time to dry.”

Offline

#61 2013-10-18 21:33:01

gychang
#! Junkie
From: Phoenix, AZ
Registered: 2009-04-01
Posts: 274

Re: DDoS Attack 2013-10-17 (resolved)

is this why I am getting this error message when I try to update on my new waldorf install?  or is this another problem I need to sort out?

--
Failed to fetch http://packages.crunchbang.org/waldorf/ … elease.gpg  Could not connect to packages.crunchbang.org:80 (178.79.149.101). - connect (110: Connection timed out)
Failed to fetch http://packages.crunchbang.org/waldorf/ … 4/Packages  Unable to connect to packages.crunchbang.org:http:
Failed to fetch http://packages.crunchbang.org/waldorf/ … tion-en_US  Unable to connect to packages.crunchbang.org:http:

--

Offline

#62 2013-10-18 21:34:09

lcafiero
The #! Guy
From: Felton, California, USA
Registered: 2011-07-21
Posts: 2,225
Website

Re: DDoS Attack 2013-10-17 (resolved)

In a word, yes. They'll be back when the DDoS is over.


Res publica non dominetur | Larry the CrunchBang Guy speaks of the pompetous of CrunchBang

CrunchBang Forum moderator

Offline

#63 2013-10-18 21:34:23

pvsage
Internal Affairs
From: North Carolina
Registered: 2009-10-18
Posts: 13,970

Re: DDoS Attack 2013-10-17 (resolved)

@snowpine:  I blame Hasbro. tongue  (No, of course I don't.)

(EDIT:  No idea how the back half of that post got cut off...though the fact that it was cut off at Hasbro raises an eyebrow. roll )

Last edited by pvsage (2013-10-18 21:35:34)

Offline

#64 2013-10-18 21:56:24

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: DDoS Attack 2013-10-17 (resolved)

Sir Limpalot wrote:

What kind of bandwidth would one need to set up a temporary repository?
How many repos pushing for example 10Mb would one need to have a working system?
And how hard would it be to have apt try the next of a list if the prefferred repo times out?

Hi Sir Limpalot and welcome to the forum! Good questions!

corenominal (Philip) would have the usage statistics on the actual bandwidth used but I'm not exactly sure what you mean by your second question? So my best answer would be as many that can successfully retrieve a complete package list and the packages themselves (which could be one or more hosts).

For mirror rotation for apt, it shouldn't be that difficult (in theory). Debian is currently doing this with the http redirector, though there have been some issues with that we've run into with incompletes.

Offline

#65 2013-10-18 22:49:41

Sir Limpalot
Member
From: Norway
Registered: 2013-10-18
Posts: 12

Re: DDoS Attack 2013-10-17 (resolved)

chillicampari wrote:

Hi Sir Limpalot and welcome to the forum! Good questions!

Thank you and thank you. smile
And I completely forgot my manners, an introduction is in order when one barges into a new forum:
Been using Linux since '97 or thereabouts and took my RHCE in 2003, just before discovering Debian  and have hardly used RedHat since.
Been using Debian on server and *ubuntu on workstations due to Debians extremely slow upgrade-cycle, now seen the light and switched all the households laptops to #!
Really really like it and am looking forward to get to know this community I've heard so much bragging about better. wink

chillicampari wrote:

corenominal (Philip) would have the usage statistics on the actual bandwidth used but I'm not exactly sure what you mean by your second question? So my best answer would be as many that can successfully retrieve a complete package list and the packages themselves (which could be one or more hosts).

For mirror rotation for apt, it shouldn't be that difficult (in theory). Debian is currently doing this with the http redirector, though there have been some issues with that we've run into with incompletes.

What I meant is how many such low-bandwidth mirrors would be needed, with mirror rotation, for the apt-system to be usable for #!, I.E. being able to serve updates to all users.
In other words: How many volunteers, such as myself, without 100Mb or more to dedicate to #! would be needed for having at least a workable backup system?
I could easily dedicate 10Mb of bandwidth to such a task, during crisis (like the ongoing DDoS) I could very well boost it to 80Mb, but I don't have the bandwidth or the funding to dedicate 100Mb or more, so I was wondering....
How many here have a dedicated server with a little bandwidth to spare and how many would it take to create a working system, if at all feasible?
It should be fairly simple to write a wrapper-script for apt that tried the next in the list if "apt-get update" didn't complete without errors, shouldn't it?
I know it's crude and that a list of possible repos isn't the most sexy sollution, but it should work?


“Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying 'End-of-the-World Switch. PLEASE DO NOT TOUCH', the paint wouldn't even have time to dry.”

Offline

#66 2013-10-18 23:22:14

Sir Limpalot
Member
From: Norway
Registered: 2013-10-18
Posts: 12

Re: DDoS Attack 2013-10-17 (resolved)

Just off the top of my head and aware of the need of some randomizing of the list if used by many users, since the first low-bandwidth mirror probably would get flooded fast if packages.crunchbang.org was down, and by all means not meant as a substitute for true round-robin functionality built into apt, but just as an emergency backup system:

#!/bin/bash
orgrepo="packages.crunchbang.org"
wget -O /etc/apt/repolist http://packages.crunchbang.org/waldorf/repolist
sort -R /etc/apt/repolist > /etc/apt/repolist.random
mv /etc/apt/repolist.random /etc/apt/repolist

apt-get update
if [ $? -ne 0 ]; then
	repcount=0
	successful=0
	While [ successful -ne 1 ]; do
		repcount=$[$repcount+1]
		repo=`head -n $repcount /etc/apt/repolist|tail -n 1`
		sed -i 's/$orgrepo/$repo/g' /etc/apt/sources.list
                orgrepo=$repo
		apt-get update
		if [ $? -eq 0 ]; then	
			successful=1
		fi
	done
	sed -i 's/$repo/packages.crunchbang.org/g' /etc/apt/sources.list
fi

Comments?
Ridicule? wink

Last edited by Sir Limpalot (2013-10-19 00:02:25)


“Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying 'End-of-the-World Switch. PLEASE DO NOT TOUCH', the paint wouldn't even have time to dry.”

Offline

#67 2013-10-18 23:28:35

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: DDoS Attack 2013-10-17 (resolved)

Thanks for the intro and glad to have you here!

Ahhh... I see what you're saying now! big_smile I have a longer response but it'll be a bit.

Offline

#68 2013-10-19 00:16:40

Argumento
Member
From: Ciudad de México
Registered: 2013-07-30
Posts: 18

Re: DDoS Attack 2013-10-17 (resolved)

Might be unrelated, but I read this in D*

Seis días consecutivos de ataque contra Nodo50

   

Vlax wrote:

Sigue sin haber una reivindicación ni mensaje del atacante sobre los motivos para intentar silenciar los proyectos alojados en Nodo50.
    18 de octubre: continua el ataque de denegación de servicio (DDoS) contra proyectos alojados en Nodo50.
    17 de octubre: Continua ataque contra proyectos alojados en Nodo50. En esta ocasión desde las 16:49 horas están lanzando distintos ataques contra el periódico Diagonal y colectivos anticapitalistas, además de la portada de Nodo50.
    12 de octubre: a las 0:00 horas, comenzaba un ataque de denegación de servicio (DDoS) contra Kaosenlared.net, organización alojada en Nodo50.

Quick translation: Nodo50 has been attacked since october 12, were Diagonal, Kaosenlared.net and other anticapitalist projects are hosted.


Salud y Revolución Social

Offline

#69 2013-10-19 02:05:16

bauwle
#! Member
Registered: 2013-07-29
Posts: 58

Re: DDoS Attack 2013-10-17 (resolved)

So the period of this attack depends entirly on the attacker?
bad day to try ubuntu neutral

Offline

#70 2013-10-19 02:09:30

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: DDoS Attack 2013-10-17 (resolved)

Sir Limpalot wrote:

What I meant is how many such low-bandwidth mirrors would be needed, with mirror rotation, for the apt-system to be usable for #!, I.E. being able to serve updates to all users.
In other words: How many volunteers, such as myself, without 100Mb or more to dedicate to #! would be needed for having at least a workable backup system?
I could easily dedicate 10Mb of bandwidth to such a task, during crisis (like the ongoing DDoS) I could very well boost it to 80Mb, but I don't have the bandwidth or the funding to dedicate 100Mb or more, so I was wondering....

You'll have to bear with me cause I'm a bit sleepy and punchy (and hopefully this makes sense).  The #! repository itself isn't too unwieldy storage wise since most of the applications are native Debian and #! is custom, but the bits add up, especially when you're looking at low-to-micro bandwidth (even as a fallback) so my best guess is "alot". big_smile

ALOT13.png
(image from Hyperbole and a Half)

With a personal or small-scale server to act as a supplementary or backup source you're probably going to want to do it fully distributed (torrent style) with a full network of peers (there's a post upthread that talks about something like that as an alternate delivery method) so there's less burden on a single server at any given time. Even though it'd be a fallback system, speed will still be an issue, so you'll want support for concurrent downloading and some sort of response time check.

How many here have a dedicated server with a little bandwidth to spare and how many would it take to create a working system, if at all feasible?
It should be fairly simple to write a wrapper-script for apt that tried the next in the list if "apt-get update" didn't complete without errors, shouldn't it?
I know it's crude and that a list of possible repos isn't the most sexy sollution, but it should work?

The idea of the script you posted seems like it'd work. I'd present something like a proxy sources.list to apt when you're dealing with dynamically generated addresses over modifying the sources.list itself since that file shouldn't actually care where packages.*. org resides.

Offline

#71 2013-10-19 04:54:55

sysaxed
#! Member
Registered: 2013-03-25
Posts: 77

Re: DDoS Attack 2013-10-17 (resolved)

Sir Limpalot wrote:

Just off the top of my head and aware of the need of some randomizing of the list if used by many users, since the first low-bandwidth mirror probably would get flooded fast if packages.crunchbang.org was down, and by all means not meant as a substitute for true round-robin functionality built into apt, but just as an emergency backup system:

#!/bin/bash
orgrepo="packages.crunchbang.org"
wget -O /etc/apt/repolist http://packages.crunchbang.org/waldorf/repolist
sort -R /etc/apt/repolist > /etc/apt/repolist.random
mv /etc/apt/repolist.random /etc/apt/repolist

apt-get update
if [ $? -ne 0 ]; then
	repcount=0
	successful=0
	While [ successful -ne 1 ]; do
		repcount=$[$repcount+1]
		repo=`head -n $repcount /etc/apt/repolist|tail -n 1`
		sed -i 's/$orgrepo/$repo/g' /etc/apt/sources.list
                orgrepo=$repo
		apt-get update
		if [ $? -eq 0 ]; then	
			successful=1
		fi
	done
	sed -i 's/$repo/packages.crunchbang.org/g' /etc/apt/sources.list
fi

Comments?
Ridicule? wink

That's horrible.
I'm not even sure what did you mean by this code, but here is a refactored version:

#!/bin/bash
orgrepo='packages.crunchbang.org'
wget -O '/etc/apt/repolist' 'http://packages.crunchbang.org/waldorf/repolist'
sort -R -o '/etc/apt/repolist' '/etc/apt/repolist'

if ! apt-get update; then
    repcount=0
    while true; do
	((repcount++))
	repo=$(sed -n "${repcount}p" '/etc/apt/repolist')
	sed -i "s/$orgrepo/$repo/g" '/etc/apt/sources.list'
        orgrepo=$repo
	apt-get update && break
    done
    sed -i "s/$repo/packages.crunchbang.org/g" '/etc/apt/sources.list'
fi

Please note that this script is BROKEN. First of all, $repo would probably contain slashes, which means that sed expression is going to fail. Use other symbols instead of / . Also I am not sure if apt-get update exits with non-zero code if some of the repos failed.

Last edited by sysaxed (2013-10-19 12:25:14)

Offline

#72 2013-10-19 05:12:11

chillicampari
Pinball Wizard
Registered: 2009-10-09
Posts: 2,728

Re: DDoS Attack 2013-10-17 (resolved)

^In context with the conversation I think it was intended as a concept/illustration (and not ready to run) but if you guys want I can break out the scripting talk into another thread to make it easier to follow.

Offline

#73 2013-10-19 08:20:26

jensenbox
New Member
From: Victoria, BC
Registered: 2013-10-17
Posts: 9
Website

Re: DDoS Attack 2013-10-17 (resolved)

Any progress on flipping over to CloudFlare?

Offline

#74 2013-10-19 08:29:18

Sir Limpalot
Member
From: Norway
Registered: 2013-10-18
Posts: 12

Re: DDoS Attack 2013-10-17 (resolved)

sysaxed wrote:

That's horrible.
I'm not even sure what did you mean by this code, but here is a refactored version:

Please note that this script is BROKEN. First of all, $repo would probably contain slashes, which means that sed expression is going to fail. Use other symbols instead of / . Also I am not sure if apt-get update exits with non-zero code if some of the repos failed.

Horrible, but no explanation, that was informative, I really learned a lot...
And if you're not sure what I mean by that code you should probably read the whole thread.
It was just meant as an example, I didn't exactly debug it.
And apt returns 100 when some repos times out.

Last edited by Sir Limpalot (2013-10-19 08:33:59)


“Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying 'End-of-the-World Switch. PLEASE DO NOT TOUCH', the paint wouldn't even have time to dry.”

Offline

Help fund CrunchBang, donate to the project!

#75 2013-10-19 09:01:48

SabreWolfy
#! Die Hard
Registered: 2009-03-09
Posts: 1,285

Re: DDoS Attack 2013-10-17 (resolved)

^ You did say "Ridicule?" smile I think you should make a new thread for this scripting discussion.


Support #!Waldorf • Debian sid • Xubuntu • siduction • Peppermint • OpenBox • Xfce • LXDE •

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat

Debian Logo