|
beekeeper
|
 |
October 27, 2012, 12:23:21 AM
Last edit: October 27, 2012, 05:10:46 AM by beekeeper |
|
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
Yeah, ofc, still, I guess btc-e wouldn't launch such a rumor without some solid intel. |
|
|
|
|
repentance
|
|
October 27, 2012, 12:34:03 AM |
|
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
The thing is that anyone competent would know that. The fact that BTC-e support is accusing MtGox of organising a DDOS against them rather than assuming that it's just a script kiddie using the MtGox address for shit and giggles makes me question the technical knowledge and competence of BTC-e staff. |
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
DoomDumas
Legendary
 Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
October 27, 2012, 05:09:00 AM |
|
heh - thanks for this nice story from Gibson.. I love that guy scince 1999  This link was such a pleasure to read.. Thanks You MPOE-PR ! |
|
|
|
|
|
Nolo
|
|
October 27, 2012, 05:12:58 AM
Last edit: October 27, 2012, 05:53:20 AM by Nolo |
|
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel. Yes it could. That is an extremely serious allegation. Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it." One screenshot can be taken completely out of context. |
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
|
niko
|
|
October 27, 2012, 05:32:39 AM |
|
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
What? Pictures? Ah, lol, found it myself: https://i.imgur.com/0LXum.jpgI've been avoiding this thread based on its title, and finally decided to peek in before going to bed. I am happy I did, and can go to sleep laughing. This is priceless. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
October 27, 2012, 06:06:07 AM |
|
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
Absolutely not. There is not such a thing as the "from" addresses, these are not mails. The attack you are taking about requires exploit (serious ones) on the edge routers among the attacker and the attacked. No, that's not going to happen nor has happend. It's simply them being unable to put in place a minimal dos (I think) or ddos (unlikely) protection in place and blaming their ignorance on their competitor to gain some fan. Stupid move, dear. |
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers |
|
|
|
Yuhfhrh
|
|
October 27, 2012, 07:03:14 AM |
|
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel. Yes it could. That is an extremely serious allegation. Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it." One screenshot can be taken completely out of context. I witnessed it. It's not out of context at all, in fact that is the only thing support said. |
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
October 27, 2012, 07:07:53 AM |
|
There is not such a thing as the "from" addresses, these are not mails.
Dude, every TCP/IP package includes a source address, how do you think communication is facilitated? And under normal circumstances one can "spoof" this source address. |
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
October 27, 2012, 07:10:17 AM |
|
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
Absolutely not. There is not such a thing as the "from" addresses, these are not mails. The attack you are taking about requires exploit (serious ones) on the edge routers among the attacker and the attacked. No, that's not going to happen nor has happend. It's simply them being unable to put in place a minimal dos (I think) or ddos (unlikely) protection in place and blaming their ignorance on their competitor to gain some fan. Stupid move, dear. Wait wut? http://en.wikipedia.org/wiki/IP_address_spoofing |
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
October 27, 2012, 07:53:46 AM |
|
Routers are designed to reject these packets.
It's a security flaw if that wouldn't happend.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers |
|
|
|
panda1
|
|
October 27, 2012, 07:57:55 AM |
|
Wow talk about taking out your competition...
|
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
October 27, 2012, 08:49:40 AM |
|
Routers are designed to reject these packets.
It's a security flaw if that wouldn't happend.
Routers drop spoofed internal network address but I don't think they can filter spoofed WAN address. Some more interesting reading" Impersonation. In the DNS attacks, each attacking host uses the targeted name server's IP address as its source IP address rather than its own. The effect of spoofing IP addresses in this manner is that responses to DNS requests will be returned to the target rather than the spoofing hosts. http://www.watchguard.com/infocenter/editorial/41649.asp |
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
October 27, 2012, 09:18:52 AM |
|
Your ISP should lock ips coming from outside their allocated network, same should a server provider.
Quite curious on how easy/hard it's to fake an ip source anyway.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers |
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
October 27, 2012, 09:23:01 AM |
|
Your ISP should lock ips coming from outside their allocated network, same should a server provider.
Quite curious on how easy/hard it's to fake an ip source anyway.
With nmap that's just a switch so must be trivial with DDOS tools. -S <IP_Address> (Spoof source address)
In some circumstances, Nmap may not be able to determine your source address (Nmap will tell you if this is the case). In this situation, use -S with the IP address of the interface you wish to send packets through.
Another possible use of this flag is to spoof the scan to make the targets think that someone else is scanning them. Imagine a company being repeatedly port scanned by a competitor! The -e option and -Pn are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce useful reports. http://nmap.org/book/man-bypass-firewalls-ids.html |
|
|
|
|
|
Yuhfhrh
|
|
October 27, 2012, 09:55:46 AM |
|
Why has BTC-e not posted a response on this yet?
|
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
October 27, 2012, 11:21:42 AM |
|
It's trivial to generate packets with the wrong source ip, it's not trivial to have some ISP not dropping these packets.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers |
|
|
|
BlackHeartFund
|
|
October 27, 2012, 11:26:13 AM |
|
Yes it could. That is an extremely serious allegation.
Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it."
One screenshot can be taken completely out of context.
+1 this exactly Is there anything more to this than the one post? If not, it certainly isn't clear what the support person was saying. They should clear it up, though. |
|
|
|
|
chmod755
Legendary
Offline
Activity: 1414
Merit: 1021
|
|
October 27, 2012, 12:40:04 PM |
|
Proof? Sounds like BTC-e is trying to get some Mt.Gox customers  Well played BTC-e. |
|
|
|
|
MPOE-PR
|
|
October 27, 2012, 02:36:53 PM |
|
Thanks, I found it very interesting. heh - thanks for this nice story from Gibson.. I love that guy scince 1999 This link was such a pleasure to read.. Thanks You MPOE-PR ! Over 9000 Internet Years ago.... |
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
October 27, 2012, 04:34:20 PM |
|
It's trivial to generate packets with the wrong source ip, it's not trivial to have some ISP not dropping these packets.
Nobody said it's trivial. Mere possible. That many DDOS attacks succeed because of poor routing and firewall practices is nothing new. |
|
|
|
|
|
