May 23rd, 2003, 06:56 PM
The Ultimate Worm
imagine a worm if you will, spreading through iis, netbios, sql, exchange, .asp pages, samba, aim file exploit, and a false ms update, the purpose, only to wait until a certain time to start randomly pinging every host on the internet. Seem impossible? Right now there are over 100,000 bots that i have seen, many more which i have not, or are not public, most of which compromised by the methods ive said. 100,000 machines sending an average of 1000k/sec (average from oc-3 to dsl/cable), would create a mass flood of 1000MB/s, as servers stall, more drop, and the internet becomes a standstill. Think my figures are exagerated? I dont beleive so, seeing how many fast servers/iis/exchange have been compromised, this massive DDoS could drop the internet.
The Hack Back Revolution
May 23rd, 2003, 07:05 PM
thats why it should be ok to root lamers
May 23rd, 2003, 09:09 PM
in theory that is a nice idea... but for it to work... seems unlikely
Learn like you are going to live forever, live like you are going to die tomorrow.
May 23rd, 2003, 09:11 PM
in my opinion its because ICMP is so useful yet so hard to control. you can flood the hell out of someone and its hard to stop because of the nature of the thing. Like when yahoo was attacked, its hard to stop because even if you block it, the firewall is taking processes to tell it no and so in one way or another its still able to flood.
Some firewalls let you limit hot many pings you can have ine a certain amount of time but i duno how well this works yet because no ones flooded me in the last week since i put it on....hmmm, ill have to test that and let you all know.
May 23rd, 2003, 09:24 PM
Meh, if you change it from Ping to a fake SYN you all of a sudden amplify your attack by a factor of 4 atleast....the servers attemting to find the source as well as the agregation through well rooted routers (heehee) would cause massive amounts of traffic....all in all...well over 1000Mb/s I'm thinkin 5-6Gb/s or above that even.....the thing is...if you where smart about it...you would incoorperate an OS detect into your Worm so that you could infect Dialup's with only what they needed...thus making millons to weak bot's...but when combined...well....it would be a ****-storm like no other...
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
May 23rd, 2003, 09:29 PM
*near end of movie "hackers"*
Boss: Whats going on plague?
Candy Ass Lamer: A **** storm duke
May 23rd, 2003, 09:29 PM
It's not really because ICMP is hard to control... It's probably easier to control then a stream of UDP packets. A firewall can theoraticaly drop everything without sending a reply or even bother about it more then 1*10^-9 sec, but if one just sends 1000 MB/sec random 100101010010010111 the 4 MB downstream cable connection of yours just can't handle it. Whatever the firewall does, the junk first has to go through that 4 MB pipe before it ever reaches the firewall. Much stronger connections then cable can be "slowed down" so much by sending crap you just can't reach the servcies anymore. The servers stay up (unless the router overheats or the like), but you can't reach it. About taking out the internet with those DDoS attacks is a bit exagerated I think. We are all DDoSing the internet every day with our crap data getting p0rn vids and spam. The amount of bots not is the same as the ammount of compromised servers and even then it's sometimes not even enough to "take out" one webserver. The internet is designed to handle so freaking much data... I think, unless you attack specific targets, you have to have so freaking much combined bandwith the even slow down the internet... ow well... I'm talking like everyone can see I'm not a natice english speaker again... I'd better quit already...
May 23rd, 2003, 10:06 PM
very true, unlikly? if fizzer had been used for what i described, or if the sql worm had hid itself better, it could have easly done the same thing. Its better to preair for something that is going to happen, than to ignore it and assume that it wont happen. Yea, using ACK SYN or a basic SYN flood, it would be a horrible storm of traffic and drop many different servers and systems.
The Hack Back Revolution
May 23rd, 2003, 11:42 PM
And just think, then all the linux users will finally reign supreme when the old empire crumbles.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
May 24th, 2003, 01:33 AM
I doubt the scenario that you mentioned would work because the routers would regulate the speed of the data transfers to something more manageable. To really slow down the internet, I think you would have to take out the top level dns servers so that the ip traffic couldn't be resolved (hostname to ip), and even then, the dns entrys are cached, and there's also several backup top level dns servers. Your talking about a DDOS on servers with fibre optic connections, I doubt a few dos attacks would take out that kind of bandwidth, especially when they start blocking the incomming traffic and bringing backup servers online to handle the extra load.
Good luck with that ultimate worm!