MASSIVE DDOS ATTACKS ALL OVER U.S.We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight starting at around 11:30 PM CST. As many as 5 of the 13 root nameserver have been down, up to 10 with massive packet loss (xx%):
Internet Status to Root Name Servers Date: Fri Jan 24 21:37:00 PST 2003
Major Attack!Yes i noticed the start of this about 2 hours ago. it seems to be affecting udp port 1434, some kind of worm exploiting mysql server. It may or may not be a DoS attack. Its messing everything up, good think its the middle of the night.
Oh and I bet you think that US is the centre of world did u consider other countrys its Day here some ppl or countries with there 1 track mind get out of the dirt
I don't know if there's an attack or not, but something is definitely up.
Like I said, I can't get to any of my sites and http://www.internethealthreport.com/ is showing that UUnet/Worldcom is screwed. Earlier tonight all of Internap was in the red, too.
It looks like now most of the problems are centered in Dallas.
Learn to read "We are monitoring massive Distributed Denial of Service attacks all over the U.S. tonight..."
You see.. that says "all over the U.S." where it is currently nighttime.
That being said, this is really f**king with me as I am trying to get some webdev done and my sites are all down, or at least not accessible to me. =================================postedy by the willy
erm 1 did i say i was talking to you i can read nicely but your point is really beside the point dont or is it that 1 track mind agin?
DDoS attacks....As to the DDoS attacks (thats the acronym). They are old news. Starting what was it September/October of last year, the www root servers (the ones that tell ur computer what ip the http address www.website.com is assigned to) were attacked using a simple Denial of service bug. The interesting thing here was the huge amount of traffic that was flooding the root servers. It wasnt just one or two or even a dozen machines. It was over a million of them. My thing? I say its a virus or trojan that at certain times (triggered by a date, time, or even a simple packet sent out by the creator) will start transmitting the DDoS targeting the www root servers. This is old news. The guy who posted bout it starting back up is funny. He/she must not have been aware of the Sept./Oct. incidents....I believe it is more widespread now. That is why you are seeing it cover more of the root servers and not just the original 5 it targeted.
Isnt DRDoS more apropriateConsidering there is many sources of this "attack", and considering there is likely less than 200 PCs involved in kicking it off, having found and developed programs to exploit the weakness, the Term DRDoS (Distributed Reflected Denial of Service) seems more fitting... Where traffic is bounced off affected servers? right?
some was ask me to give root at me server just read ...some ask me for root for 30 last night mins crazy i think ... Poll Question: some was ask last night to get root for 30 mins he had no way to go but strange at all hello last night was an idiot from some servers on mine chat server and was ask for root for 30 mins juts i think this figures like to hack things we have kline him after pushing to get root access on me server ... strange enough than i now read this all wen some like to post at our caht server please tel us maybe you can get the persons may that do this we have never before see any such users that was ask about starnge things ps wen some will see things log at icq.zapto.org port 6667 on a mirc chat client wen you not have that download it on our site http://members.chello.nl/~h.meesters/index maye we can get the persons . the nickname from the person was One_lamer*@w3 & Apokalipse << host Pasarika@gepedo.astral.ro << i think that host is fake from the person >>> i think its a very dangerous person hes kiline..
Op/root begging is not uncommon, however i dont think it's anything too serious. If you Klined him it should be sorted -- he cant connect and can certainly not get root access because his address is banned, and you have to ident with the server to get your rights. Might be best to get a decent firewall if you think he might try something on you. (Zonealarm free edition is -great- wheras blackice defender is -awful-).
Hey Asus... give it a rest! When I first posted this 5 of the 13 root name servers that were down were all in the U.S.. Most of the backbone providers that were down were all in the U.S.. We hadn't captured a packet yet and didn't know what the cause was at the time then we weren't able to connect to military.com to update.
This affected everyone around the world but the U.S. was hardest hit as far as we can tell.
DDoS worm via MS SQL (pre-SP2) on port 1434/UDPJust in case anyone wanted a more complete story of what is happening...
There is a worm spreading RAPIDLY throughout the world (regardless of border, etc) via port 1434/UDP specifically targeting a security vulnarability http://www.nextgenss.com/advisories/mssql-udp.txt that has apparently been patched with SP2. Still unclear if this is the specific issue that this worm is hitting.
The worm then uses the maximum bandwidth to "spray" itself to any IP address in a scan mode. This volume and non-directional spray is causing overloads in network switches as well as backbone routers.
Starting around midnight (PST) backbone operators throughout the world began filtering port 1434/UDP on both inbound as well as outbound interfaces.
The US only appears to be hardest hit because with the greater bandwidth between systems, it has a more spectacular effect of the spraying. It is no less a problem anywhere else in the world however.
The main reason for the root servers to go down have nothing to do with the servers, its all the dang equipment between you and them. Most backbone routers were running at 100% CPU since 9:30pm PST until around 1-2am PST where people started getting a grip on the traffic...
well ok then ill give it a rest i just wont share the valuabel information of this attack to any one then im srue i a have all the inside info and details how it actauly works perfectly cya
/me coughs and points at part of the codechar exploit_code[]= "\x55\x8B\xEC\x68\x18\x10\xAE\x42\x68\x1C" "\x10\xAE\x42\xEB\x03\x5B\xEB\x05\xE8\xF8" .........to be continued :P
Asus??Asus whats your problem, his post said monitoring all over the U.S. it was the middle of the night for me, and yes i was on my way to bed so i made a quick post. I dont see why you took it so personal, it was a little mistake. It did hit the eastern united states first on the uunet backbone, as of when i posted, so it was not affecting everyone at that time. You need to seriously loosen up!
Asus1I don't see why you're getting so worked up about someone who lives in the US being happy about the fact that its night time for him... should every person in the US take the rest of the world into account when making a generic statement about time? I mean, come on.
quote:Originally posted by Lagoudakos: i cannot understand you can find so many bugs for MS i think they try on purpose to make the bugs it cannot be coinsidence to have so many :P
Dude... The patch that fixes the vulnerability is over a year old. How is that Microsoft's fault? Maybe if companies would conduct a little more thorough screening of applicants for IT positions, they'd get people who knew how to download and install service packs.
Email this page to someone!
Next
