Thread: Blacklist all Windows demons ...
Okay, we just weathered attack #2 ... the domain that is being attacked has been shut down permanently, but ... ... does anyone know of a way, using javascript or something, detecting whether a virus scanner is running on a machine connecting to a web site? Javascript can do everything else, can it do this? If we could write one that detected no virus checker and pop'd up a big window on the visitors computer to annoy them into installing one, that would make the 'Net so much nicer of a place to live *sigh* ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
It's rumoured that Marc G. Fournier once said: > > Okay, we just weathered attack #2 ... the domain that is being attacked > has been shut down permanently, but ... > > ... does anyone know of a way, using javascript or something, detecting > whether a virus scanner is running on a machine connecting to a web > site? Javascript can do everything else, can it do this? Umm, no. That would come under the category of 'another windows security flaw' I think what is needed is the IP to location software used on the new version of the portal, tied into the guidance systems of a dozen or so ICBMs. The first couple of strikes ought to persuade the rest of the population to invest in a scanner and firewall - unless of course the guidance system is based on Windows CE in which case it could all go horribly wrong! Oh, and hello to all my friends in MI5/6 who are probably reading this via Echelon 'cos it mentioned ICBMs :-) Regards, Dave
On Tue, 30 Mar 2004, Dave Page wrote: > It's rumoured that Marc G. Fournier once said: > > > > Okay, we just weathered attack #2 ... the domain that is being attacked > > has been shut down permanently, but ... > > > > ... does anyone know of a way, using javascript or something, detecting > > whether a virus scanner is running on a machine connecting to a web > > site? Javascript can do everything else, can it do this? > > Umm, no. That would come under the category of 'another windows security > flaw' > I think what is needed is the IP to location software used on the new > version of the portal, tied into the guidance systems of a dozen or so > ICBMs. The first couple of strikes ought to persuade the rest of the > population to invest in a scanner and firewall - unless of course the > guidance system is based on Windows CE in which case it could all go > horribly wrong! > Oh, and hello to all my friends in MI5/6 who are probably reading this via > Echelon 'cos it mentioned ICBMs :-) Well, we can always add in a hearty hello to the US CIA(?) by adding mention that DDoS attacks are a form of terrorism that hurts the US ppl more then anyone else, as it affects more sites in the US then the rest of the world ... maybe we can get some of that anti-terrorism money invested in electronic terrorism? Wow, I got that in, what, 3 times? BTW, the IP to location stuff doesn't help much, unfortunately :( I did some reason on DDoS attacks this morning while it was down, hoping to glean *something* positive that I could do to at least reduce the incidence of it happening again in the future ... and guess, there ain't a thing you can do *sigh* Apparently most of the attacks spoof the IP they are coming from, so that you can't even easily trace the *zombie* computer that is doing the attack, let alone the master that is controlling the zombies *sigh* I've said it once before ... we need a virus to go around that just disables ppls ethernet ports ... that would at least wake ppl up who don't have virus checkers in place to get them installed :( ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
Marc, > Well, we can always add in a hearty hello to the US CIA(?) by adding > mention that DDoS attacks are a form of terrorism that hurts the US ppl > more then anyone else, as it affects more sites in the US then the rest of > the world ... maybe we can get some of that anti-terrorism money invested > in electronic terrorism? Hey, make up your mind. First you make fun of use Americans for our "new Red Scare" and then you want to give the CIA an excuse to go after hackers? -- -Josh Berkus Aglio Database Solutions San Francisco
On Tue, 30 Mar 2004, Josh Berkus wrote: > Marc, > > > Well, we can always add in a hearty hello to the US CIA(?) by adding > > mention that DDoS attacks are a form of terrorism that hurts the US ppl > > more then anyone else, as it affects more sites in the US then the rest of > > the world ... maybe we can get some of that anti-terrorism money invested > > in electronic terrorism? > > Hey, make up your mind. First you make fun of use Americans for our > "new Red Scare" and then you want to give the CIA an excuse to go after > hackers? me, was just rambling ... personally, what I'd like to see (or find) is some sort of organized movement amongst ISPs themselves to combat the problem ... from my scan of Google this morning, apparently there are several things that ISPs *can* do to reduce/prevent the occurance of DDoS attacks, or, at least make it more difficult to do, but most don't ... For instance, how many ISPs out there have anti-spoofing enabled in their routers, which, from what I've read, is the biggest thing that a cyber-terrorist uses in their DDoS attacks. I know when I worked at the University, *I* had to explain to the network manager that our router even supported such a thing :( I guess the biggest nightmare as far as tracking down DDoS attacks is the attacks come from spoof'd IPs, so without *alot* of work involving upstreams, narrowing down where the attack is coming from is near impossible :( ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
I deal with such things on a fairly regular basis. If you want an extra set of eyes or to chat about who/what/how is causing the ddos and an extra opinion on what can be done about it, let me know offlist :) Gavin Marc G. Fournier wrote: >On Tue, 30 Mar 2004, Josh Berkus wrote: > > > >>Marc, >> >> >> >>>Well, we can always add in a hearty hello to the US CIA(?) by adding >>>mention that DDoS attacks are a form of terrorism that hurts the US ppl >>>more then anyone else, as it affects more sites in the US then the rest of >>>the world ... maybe we can get some of that anti-terrorism money invested >>>in electronic terrorism? >>> >>> >>Hey, make up your mind. First you make fun of use Americans for our >>"new Red Scare" and then you want to give the CIA an excuse to go after >>hackers? >> >> > >me, was just rambling ... personally, what I'd like to see (or find) is >some sort of organized movement amongst ISPs themselves to combat the >problem ... from my scan of Google this morning, apparently there are >several things that ISPs *can* do to reduce/prevent the occurance of DDoS >attacks, or, at least make it more difficult to do, but most don't ... > >For instance, how many ISPs out there have anti-spoofing enabled in their >routers, which, from what I've read, is the biggest thing that a >cyber-terrorist uses in their DDoS attacks. I know when I worked at the >University, *I* had to explain to the network manager that our router even >supported such a thing :( > >I guess the biggest nightmare as far as tracking down DDoS attacks is the >attacks come from spoof'd IPs, so without *alot* of work involving >upstreams, narrowing down where the attack is coming from is near >impossible :( > >---- >Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) >Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 > >---------------------------(end of broadcast)--------------------------- >TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org > >