Just too cold | Main | This guy walks into a bar

Saturday, January 25, 2003

Elizabeth this is the big one

Or, was the big one. Late last nght the Internet was hit with what is being referred to as the largest denial of service attack in the history of the Internet. Yeah, I was affected, as was this web site, and many of my favorite sites. But, I didn't go into blog withdrawal. Nope. I took the opportunity to sleep. Anyway, it looks like things are pretty much back to normal (whatever that is) now.

News sources:
InfoWorld: Internet slowed by suspected denial-of-service attack
Cnet: Computer worm slows global Net traffic
CNN: Electronic attack slows Internet: 'SQL' worm like 'Code Red,' but not as serious
LightReading: The Internet Has Broken

Some other valuable sources:
CERT: Denial of Service Attacks
Matrix: Internet Averages
The Internet Health Report
Thanks to the lovely Kristine for those links

For an account of one person's DOS attacks and how he survived them, see Steve Gibson:
Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet
Distributed Reflection Denial of Service

Posted by Marie at January 25, 2003 11:57 AM


Oh, thanks for the other links! When I posted earlier, there weren't that many articles out there about it; but now that the country is waking up and wanting to know what's going on, you found some good sources! :)

Posted by: kristine at January 25, 2003 12:04 PM

Yeah, my site(s) were down due to this - fortunately my work site wasn't, but all the backbones of zaldor.com were down (even though my web host is LINUX...)

Posted by: Zaldor at January 25, 2003 5:50 PM

Small world. I think all three of us might be on the same web server.

Posted by: Marie at January 25, 2003 10:08 PM

The suck suck suck part about all of this is the fact that the corrective patch is many months old. The reason it wasn't as broadly applied: it isn't a double click and reboot patch and actually requires a little editing of system files. The next time a Windows admin is all snarky to me about never needing to edit text files I'll have all the ammunition I need.

The reason this slowed down Linux servers was simply due to the sheer number of packets this worm generated on any given leg of a network. There's only so much pipe available and most of the real damage was done by flooding networks with crap. The firewall logs from all of my machine are nearly comical. Port 1443 (which doesn't exist on my machines) was getting pounded with request after request. It peaked at a few hundred per second. It didn't really have much effect because the packets were dropped rather than rejected but it gives you an indication of how bright this particular worm was.

This should not have been such a fiasco.

Posted by: goneaway at January 26, 2003 1:35 AM

I didn't get that many hits on this machine. Maybe like 10 or 20 for each down web site I tried to go to.

Posted by: Marie at January 26, 2003 1:55 AM