b) IRC is a haven for these people, unfortunately networks like Undernet
take it a step further by providing channel services and host hiding so
that not only the people behind the DDoS are hidden, but so are the bots
themselves. The people running the network fear retaliation too much to
do anything about it.
I didn't mean to put IRC in a bad light, just pointing out that as usual,
any good tool can be abused.
I didn't mean to put IRC in a bad light, just pointing out that as usual,
any good tool can be abused.
Those drone armies that lurk on actual real networks are a major problem for the networks themselves, but I doubt anyone can blame them for:
1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users.
2. Piss enough kiddies and these drone armies will take down servers. Meaning the hosting company might not even want to keep hosting it afterwards.
There have been several examples of servers that were taken down along with the tri-state area, for a few hours. Major losses.
Gadi.
Those drone armies that lurk on actual real networks are a major problem
for the networks themselves, but I doubt anyone can blame them for:
Only when they do something about it.
1. Worrying about personal privacy of their users, not wanting to bend
too many rules to fight these drones that *appear* like regular users.
Appear? If you own one of the blocks below, please do something about it.
sadsa``` ~orion@67.98.36.19 Don't Touch Me
`o`hj`h` ~orion@67.98.36.19 Don't Touch Me
TaiFrunze ~orion@66.136.184.186 Don't Touch Me
Crist9597 ~orion@adsl-66-136-184-186.dsl.stlsmo.swbell.net Don't Touch Me
Mihaiul ~orion@pD9F73FA3.dip.t-dialin.net Don't Touch Me
Cs` ~tayrona@pD9F5AF65.dip.t-dialin.net Don't Touch Me
__intzu__ ~alpina@pD9F5AF65.dip.t-dialin.net Don't Touch Me
_ragonul_ ~alpina@203.115.112.137 Don't Touch Me
Dragonul_ ~alpina@203.115.112.137 Don't Touch Me
}-{ ~orion@66.88.13.142 Don't Touch Me
{}- ~orion@66.88.13.142 Don't Touch Me
Kyia_ ~tayrona@pD9F5AEFB.dip.t-dialin.net Don't Touch Me
Rupetot ~weed@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me
awa` ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me
Raz ~private@pD9F5AF4A.dip.t-dialin.net Don't Touch Me
FacFocu ~orion@66.161.11.110 Don't Touch Me
Cristi-- ~alpina@pD9F5AE4A.dip.t-dialin.net Don't Touch Me
VandFan ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me
Dragonul` ~tayrona@217.245.174.20 Don't Touch Me
Viper18 ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me
\op ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me
Kyia ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me
n3fertiti ~users@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me
_____i___ ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me
Tzucky ~orion@MaKkInSus.users.undernet.org Don't Touch Me
Cristel` ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me
ns0 ~orion@earth.sisioh.com Don't Touch Me
Aiuritul ~ignore@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me
dragonul ~orion@67.40.239.163 Don't Touch Me
Aiure`l ~orion@66.161.11.110 Don't Touch Me
Avi0n ~orion@dsl092-179-090.sfo1.dsl.speakeasy.net Don't Touch Me
Muthi_ ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me
forgrt ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me
Qp` ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me
Pasarel ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me
`p`p`p ~orion@202.39.224.36 Don't Touch Me
Dragonel ~orion@202.39.224.36 Don't Touch Me
polq ~orion@202.37.100.19 Don't Touch Me
`o`o`o`o` ~orion@202.37.100.19 Don't Touch Me
HanPanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me
Hanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me
helpMa ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me
OrlanDo`` ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me
ionmaria ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me
Wow` ~orion@216.138.83.22 Don't Touch Me
heart ~orion@WhaThaFack.users.undernet.org Don't Touch Me
nicknam`` ~orion@67.69.108.212 Don't Touch Me
_o_o_o ~orion@67.69.108.212 Don't Touch Me
apometre ~orion@66.228.198.102 Don't Touch Me
mutule ~orion@66.228.198.102 Don't Touch Me
sugaciu`` ~orion@67.40.239.163 Don't Touch Me
Rezerve ~imagine@c-67-164-103-112.client.comcast.net Don't Touch Me
Sugaci`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me
daasd`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me
Soule ~fucked@c-67-164-103-112.client.comcast.net Don't Touch Me
IP255 ~orion@uslec-66-255-65-10.cust.uslec.net Don't Touch Me
Ghidon ~orion@adsl-66-218-54-38.dslextreme.com Don't Touch Me
Minea ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me
Milimetru ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me
centime ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me
wip` ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me
ijij ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me
_o_ ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me
afchd`` ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me
Aiureai ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me
Save- ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me
Sugativa` ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me
costi`` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me
}-{` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me
`o`o`o ~orion@67.39.113.154 Don't Touch Me
wacdsfc ~orion@67.39.113.154 Don't Touch Me
Cruella ~orion@216.138.83.22 Don't Touch Me
So`what ~orion@ns1.kimbrand.net Don't Touch Me
`o`o ~orion@li9-240.members.linode.com Don't Touch Me
Dragon-` ~orion@li9-240.members.linode.com Don't Touch Me
mysql ~orion@ns1.kimbrand.net Don't Touch Me
MaArunc ~berg@66.192.122.27 Don't Touch Me
InterGame ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me
Ampulea ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me
wadasd` ~orion@213.210.185.47.adsl.nextra.cz Don't Touch Me
Vrabie ~orion@213.210.185.47 Don't Touch Me
Ancas ~orion@66.192.122.27 Don't Touch Me
Hacker-ul ~orion@67.32.12.11 Don't Touch Me
Pilotu ~orion@mumiaX.users.undernet.org Don't Touch Me
lamerul ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me
Muthi ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me
Pasarelu ~orion@216.198.204.226 Don't Touch Me
`o`o``o` ~orion@216.198.204.226 Don't Touch Me
Apometru ~orion@213.234.124.169 Don't Touch Me
Soare` ~orion@213.234.124.169 Don't Touch Me
qwewq ~property@213.237.106.4 Don't Touch Me
Imagine ~orion@server195-228.matrix-server.co.uk Don't Touch Me
SeeN ~orion@Flgurantu.users.undernet.org Don't Touch Me
Saliva ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me
}[} ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me
Polik ~orion@h-66-134-43-212.snvacaid.covad.net Don't Touch Me
Comes ~Read@80.78.226.176 Read Only *
Parts ~Read@206.176.192.111 Read Only *
Officials ~Read@66.98.204.56 Read Only *
BaNNeD ~Read@TurboBDiesel.users.undernet.org Read Only *
Regide ~Read@lahfaye.bgfservers.com Read Only *
ImTheBoss ~Read@exo.phpwebhosting.com Read Only *
Makara ~Read@ds80-237-204-8.dedicated.hosteurope.de Read Only *
Distrus ~Read@69.10.154.150 Read Only *
Read____ ~Read@210.1.50.2 Read Only *
Read__ ~Read@67.18.145.210 Read Only *
Read_____ ~Read@35-11-190-213.customers.iber-x.net Read Only *
Read___ ~Read@80.86.206.30 Read Only *
Read ~Read@217.148.176.138 Read Only *
CapDeTaur httpd@24.180.128.140 Read Only *
Motroi ~Read@195.66.106.30 Read Only *
LcShells ~Read@206.251.242.140 Read Only *
Cifre ~Read@212.43.237.40 Read Only *
Complete ~Read@83.211.141.24 Read Only *
ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!!
CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!!
CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!!
CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!!
CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!!
CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!!
CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!!
CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!!
InDaHouze ~C-Strike@66.193.230.226 Dorohoi-Team
ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!!
CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!!
AlexWget ~C-Strike@server.incomware.com Dorohoi-Team
CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!!
CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!!
A13xandru ~C-Strike@217.98.56.2 Dorohoi-Team
SmEcHeRu ~C-Strike@adyinlove.users.undernet.org Dorohoi-Team
AlexSunos ~C-Strike@66.194.41.172 Dorohoi-Team
CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!!
CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!!
PuiDePix ~C-Strike@66.194.41.171 Dorohoi-Team
AlexRoBoT ~C-Strike@66.194.41.171 Dorohoi-Team
Dumi ~C-Strike@66.194.41.174 Dorohoi-Team
AlexOut ~C-Strike@66.193.175.124 Dorohoi-Team
TheHacers ~C-Strike@66.193.175.124 Dorohoi-Team
CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!!
CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!!
update ~mos@AmCei7Ani.users.undernet.org MariusHacK The Hacker TeaM Dorohoi
AllWanted ~craciun@InferNus.users.undernet.org MariusHacK The Hacker TeaM Dorohoi
Only when they do something about it.
Trouble? When they have 40K extra users to pay for bandwidth (easily eats up a T1 or two), it's damage enough. Besides, would you like someone to launch "cyber A-Bombs" (phaa) from your network?
1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users.
Appear? If you own one of the blocks below, please do something about it.
And I know people who mail abuse reports for hundreds of such *lists*, something /rarely/ gets done.
One thing they focus on it taking down control web pages. For example if the runner would give a command: 'update http://etc.com/evil.trojan.exe’ or if the drones spam themselves on irc.. then it's all about the abuse teams. Some are really responsive, some just ignore.
Last time I took the time to inform ISP's about such a list was when it was a 700 large army of *nix boxes. Haven't seen one of those for years before that. It was 3 months ago or so.
It was rather funny really. Lesson learned: don't use hostnames like "securebox" or "secureserver1" or such.
sadsa``` ~orion@67.98.36.19 Don't Touch Me `o`hj`h` ~orion@67.98.36.19 Don't Touch Me TaiFrunze ~orion@66.136.184.186 Don't Touch Me
{snip}
I try and take care personally of drones and abusers I see coming from Israel.. it's way too much work and annoyance as it is, thanks though.
Most ISP's truly don't want this as their own problem. I personally don't blame them. Luckily the ISP I work for has no home users.
If you have any problem in Israel, whether with finding a contact or reaching law enforcement - feel free to email me and I'd be glad to find you a contact.
Gadi.
Easily over 1 million computers are being fixed every year.
But compared to the success rate of the bot writers, the anti-bot tools
fall far behind. Some people estimate between 10 million and 30 million
new bots have been created this year. That number is probably a bit low,
China was estimating 58% of business computers were infected. Heck, even
Bill Gate's PC was compromised by mal-ware. I wonder if he fixed his
computer himself, or had someone do it for him.
http://www.cornellsun.com/vnews/display.v/ART/2004/10/07/4164c6695f58d
Now I know exactly what you're thinking. Why not just skip the drama and
move back into the dorms? Well, I don't know if I could stand another
year of Resnet, CIT, and the kill-me-please psychological repercussions
of both fiendish institutions. Twelve hours spent on hold for PC
support and virus cleaning that eventually led to the total erasure of
my entire hard drive a week before finals? I think that particular
escapade, like death, classifies as one of those rare, once-in-a-lifetime
experiences that I will never want to go through again.
Masking infections is only a partial answer. As long as the computer is
compromised, it can be taken over again in new ways. Going from fixing a
million PCs a year to fixing 30 million (and probably more) PCs a year,
needs to move beyond just sending complaints.
Why don't people want to fix their computers? And even worse, why are
so many people unsuccessfull fixing their computers? If it was as simple
as making more lists, the problem would be solved. Lots of people are
making lists, and the problem still hasn't been solved. So perhaps we
need something new. There needs to be easy, non-technical things ordinary
users can do to fix their computers, without losing all their files and
spending hours on the phone with tech support. If virus writes are smart
enough to infect their computers with one-click, perhaps the good guys
can come up with ways to fix their computer with one-click.
Sorry Grandma, you've just lost all the digital pictures of your
grandkids growing up.
Why don't people want to fix their computers? And even worse, why are
so many people unsuccessfull fixing their computers?
I had a thread on this a month or two ago (i think it was nanog).. the simple
answer that I find is they just dont care and/or are incapable.
They dont care in that for many people, providing the computer still works,
you're not getting charged (like you would be for pbx hacks) and they dont
consider their PC to be critical to their daily lives they have no motivation to
find the information and start to care.
And they are incapable in that many recent worms/malware have spoofed being from
authorities such as banks, microsoft, their ISP and they cannot distinguish
between real and spoof and therefore ignore it when windows pops up to tell them
they need to install the latest security patch. Coupled with this, they dont
understand what virus scanners, firewalls, security patches are and think that
by having one of these it will (a) be an all round security solution (b) not
need their intervention to setup and maintain it.
If virus writes are smart enough to infect their computers with one-click,
perhaps the good guys can come up with ways to fix their computer with
one-click.
Of course the good guys are constrained by the law which the bad guys arent, we
have seen instances of worms designed to close holes on computers but they are
illegal (and didnt work).
Also, the good guys always seek user authorisation (eg the window which pops up
asking you if you want to install the latest dat) and I suggested above this is
problematic for several reasons (user confusion, not wanting to install at that
moment etc) .. the bad guys just go ahead and infect - and usually their payload
is tiny compared to the Mbs we have to download each month in defenses.
And of course, the final blow .. our OSes and apps will inevitably have holes in
them, thats a consequence of complexity and I'm not sure how you can overcome
that even with much more stringent testing and programming rules.. some of these
hacks are pretty damn clever, abusing systems and having one system exploit a
weakness in another system (eg using IE to circumvent OS security levels) in
ways their designers never imagined and catered for. You only need to find one
chink in the systems to produce malware but you need to find all the bugs to
produce security apps.
Steve
There are plenty of people driving their cars even though they know that
their catalytic converter doesn't work properly, or their ignition is off
and they're putting much more pollution into the air than they have to.
Let's face it, people want their immediate problem solved first, if this
affects others badly, that's a distant second priority, especially if it's
an abstract harm they're causing.
"No single drop of water will claim responsability for the flood" (got
that off of despair.com).
But compared to the success rate of the bot writers, the anti-bot tools
fall far behind. Some people estimate between 10 million and 30 million
Actually, there are some fine Anti Trojan (AT) tools out there. Try out The Cleaner and BOClean.
new bots have been created this year. That number is probably a bit low,
I'd estimate double that, but heck, I estimated there are drone armies when everybody said there is no such animal in existence... so I don't know about estimations.
Masking infections is only a partial answer. As long as the computer is
compromised, it can be taken over again in new ways. Going from fixing a
million PCs a year to fixing 30 million (and probably more) PCs a year,
needs to move beyond just sending complaints.
It would be a good start.
Why don't people want to fix their computers? And even worse, why are
Want to fix their computers? Try smaller and easier.
How about updating AV software, heck - how about INSTALLING AV software?
Some say that computers demand a license, much like cars. I'm beginning to agree. It would never happen.
Sorry Grandma, you've just lost all the digital pictures of your
grandkids growing up.
Eh? What grandkids? Oh! Those yes. Dementia, sorry.
Gadi.
In the future, I'd be careful about posting this list to nanog, rather
than privately to their respective security and abuse desks.
I realize your intentions were good, but it's been pointed out before
that this mailing list is monitored by the crackers controlling a lot
of the bot networks, including Gregory "OseK" Taylor, Brian Bruns, and
Andrew "Trelane" Kirch, so it's probably not a good idea to fuel them
by listing the IP addresses of users with compromised machines.
---R
http://www.washingtonpost.com/wp-dyn/articles/A20665-2004Oct9.html
Harris spent days trying to fix the computer, but the programs had
multiplied to the point where he couldn't run anything else and he
decided to give up on the machine. Last week, the 68-year-old retired
aerospace engineer from Yorktown, Va., shelled out $1,000 for a new
computer, but now he and his wife, Dorothy, use it only when absolutely
necessary.
"We have just about quit using the computer," he said. "It isn't worth
the aggravation."
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
I'm experiencing connection difficulties as well
-rd-
Chaim Fried wrote:
Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Sure. It was also down for "scheduled maintenance" for quite a while yesterday.
Their website also only barfs out messages like
Server Error in '/' Application.
Papal Catholicism?
Ursal defecation in forested terrain?
I've been using MSN messenger all morning and it has been working fine
for me. I havnt heard of anyone having problems with it either.
Ar Mon, 11 Oct 2004 14:26:33 -0400, scr�obh Chaim Fried:
�Anybody know of any prolonged outages at Microsoft (MSN
�messenger)today?
Yes we've been having them for the past two days... messenger.msn.com has been unreachable for approximately 93.27% of the two days. We've had to resort to using ICQ. Doesn't get past the international carrier of any of our providers (4 of).
traceroute: Warning: messenger.msn.com has multiple addresses; using 65.54.213.62
traceroute to messenger.msn.com (65.54.213.62), 30 hops max, 38 byte packets
1 10.2.0.1 (10.2.0.1) 0.217 ms 0.142 ms 0.114 ms
2 62.231.46.89 (62.231.46.89) 3.544 ms 1.687 ms 1.735 ms
3 tallaght-vl-vlan-1.irishbroadband.ie (62.231.34.113) 173.032 ms 23.036 ms 4.221 ms
4 3rock-et-2-4.irishbroadband.ie (62.231.32.149) 7.103 ms 12.946 ms 5.979 ms
5 rte-et-2-7.irishbroadband.ie (62.231.32.182) 6.499 ms 8.569 ms 6.775 ms
6 ix-et-1-1.irishbroadband.ie (195.26.12.61) 13.756 ms 8.465 ms 11.021 ms
7 213.228.228.82 (213.228.228.82) 158.750 ms 157.042 ms 159.437 ms
8 * * *
<snip stars>
Ken
same here at .sv
here we felt it as inconsistent service but then in got kaputt.
not a good forum to make this statement.
Thanks,
German
Experiencing issues all day long here in europe.