SDF Punted, Due to DDOS 143
bullshizzle writes "The longest running Public Access UNIX System (SDF, running BSD) est. 1989 had their services terminated abruptly by NWLink because of a DDoS attack. Termination was carried out immediately without prior notification, which violates their contract (page1, page2). Complaints can be filed to the Washington State Attorney General's Office by filling out this simple form conveniently located online. You can follow the story at lonestar.org." While still bad, I've been corrected - SDF was *not* the longest running public access Unix - ArborNet (Located right here in my town) has been around for at least a number more years.
public access (Score:1)
Re:public access (Score:2, Informative)
Yes. I joined up when i heard about it in 99 and really cut my teeth on UNIX there, in spite of having been exposed to UNIX at least a year earlier. What makes SDF so great is that there is a real community of users who have their own chat app, their own "message board" app, all inside the shell. It reminded me of the community on the BBSes of old. Stephen (the sysadmin) regularly participates in user discussions and the opinions of the users help shape the direction of the system. In just the past few years i've seen it grow from a single system running Linux/i386 to seven or eight networked NetBSD/Alpha boxes with a user-built MUD, virtual hosting, special IRC bot accounts, all kinds of things. People who have been there since 1989 have seen it grow from SysV UNIX to 386BSD to Linux, on a dozen architectures.
This is nightmare for some of us regular users. I log on every day and rely on it for all my email, for my web page, for ICQ, for hundreds of personal files... SDF is my all-purpose scratchpad, and my $HOME contains so many little text files and projects i've worked on in the past four years. Some of the users have paid-for virtual host accounts and run business websites hosted on SDF. All these people are losing their business, their sites are inaccessible... It's a sad, sad day. I only recall one time in the past four years SDF has been down for longer than a few hours, and i believe that was due to a DDoS attack while they were located in Texas, and just before they moved from Linux to NetBSD.
*sigh* Some people just don't get it :-(
alison at sdf.lonestar.org
Re:public access (Score:2)
Hey, I tried to respond to you via email but it doesn't seem to be going through...
Re:public access (Score:1)
if not, that's because sdf.lonestar.org is down, which is the entire point of this bruhaha.
damn them, my primary email is through sdf too.
Re:public access - Not the oldest (Score:1)
Re:public access - Not the oldest (Score:1)
Sharing our affection and appreciation... (Score:1)
http://www.nwlink.com/contact/index.php
Easy to get rid of a company you don't like (Score:3, Interesting)
The problem I have with the stories is that they are very brief, only giving one side. One wonders if there was more history here.
Re:Easy to get rid of a company you don't like (Score:3, Informative)
NWLink (aka Pacifier aka Europa) has tens of thousands of customers here in the Northwest, including me, and the DoS effectively shut down their entire customer base -- 3 times over the past 3 weeks.
Either they were going to get complaints from one customer, lonestar.org, or they were going to get complaints from thousands of other customers (many of whom they had to pay monetary damages to make up for the loss of service). I can put up with my Internet access being cut off once, twice, but the 3rd time it happens I'm going to seriously consider switching providers. NWLink did what they had to do to save most of their customer base.
You're missing the point (Score:2)
NWLink certainly owes SDF an apology, at the very least.
Re:You're missing the point (Score:4, Informative)
Re:You're missing the point (Score:2)
Did you warn SDF that their service was going to be terminated when the next attack began?
-OR-
Did you do that the DoS attack failed to do... That is take them off the air?
Re:You're missing the point (Score:2)
I sympathize with your difficulties due to troublemakers; the real bad guys are indeed the ones initiating the flood(s). However, the problem is compounded when "bad" decisions are made by the victims: after reading through the information available to me, it does appear that, although SDF was indeed aware of said attacks, there was no mention of any consequences for SDF. As I understand it, the disconnect was "swift and sudden". I know this would be extremely irritating if it happened to me.
While not a perfect analogy, this is like evicting a family from their apartment complex because someone stole their (properly secured?) car and left it in front of the exit/entrance of the complex. It doesn't really make a lot of sense, outside of the initial panic.
Re:Easy to get rid of a company you don't like (Score:2)
I think an idiot check is in order over there.
Solution: attack all of NWLink's other customers (Score:2, Interesting)
After all, if they drop customers just because they're being attacked..
hmmm (Score:1)
Seriously I never knew this existed
Now I want to check it out
Law suit? (Score:2)
I can't think of any reasonable circumstances prior to this that I've heard of a host cutting your connection just because of one incident without talking first...
Denial of Service Attack? (Score:3, Funny)
The Slashdot Effect
Who can blame them? (Score:1)
Re:Who can blame them? (Score:2, Insightful)
This is similar to: if I wanted to shut down a local unpopular political organization's bookstore, so I picketed and made noise and made things unpleasant out in front of the bookstore, and the result was that the bookstore's lease was revoked by the owner of the building.
Their forum (Score:5, Informative)
Re:slashdotted (Score:2)
Sorry Won't Fly. (Score:5, Interesting)
It doesn't say "prior written notice" but simply "written notice." That means that they can pull the plug on you at any time and tell you why afterwards.
It's interesting that the previous sentence says "either party" can terminate only for breaches of the contract that are not corrected within 15 days. In reality that only applies to Customer since the next sentence authorizes Northwest Link to do whatever it feels like doing.
Anyway, we only have half the story. It would be nice to see what Northwest Link has to say.
Tough luck.
Re:Sorry Won't Fly. (Score:1)
Boo hoo.
Re:Sorry Won't Fly. (Score:2)
Re:Sorry Won't Fly. (Score:5, Informative)
Posted to SDF message board by the owner of NWLink:
Sepplling and grammer count (Score:1)
Your statement makes sense, but you should fire yourself as PR jockey.
That is "without notice" surely? (Score:1)
Dissapointing to see (Score:1)
A breach of contract, a new ISP, and couple the costs for a public service that has been running for fifteen years all because of a dumb DoS attack. As they say, many people have come to rely on SDF. This is one of the dumbest stunts that I have seen an ISP pull in a long time and I hope that NWLink [nwlink.com] have apropriate and successful legal action taken against them.
Re:Dissapointing to see (Score:2)
As for Semaphore, they are *great* people. They were probably the first hardcore corporate data provider in Seattle. Sure, they are expensive, but in my opinion well worth it.
Re:Dissapointing to see (Score:1)
What a shame! And who's to blame? (Score:5, Interesting)
I have got my SDF public shell access at lonestar about two years ago, and I love it! It's (almost, because they required people to send in a buck to show they seriously want to use it and don't create lots of fake accounts) free, they have nice services, rely mostly on their users' affection and willingness to donate money or equipment to them, and you can upgrade for some money to use more features... I hope they will manage to migrate to their new hoster...
What puzzles me is that NWLink seemd to have disconnected SDF because they fell preyto some DDoS'ing, they were not actively involved in some (D)DoS towards other sites, at least that's how I read the announcement!
Consequently, this DDoS might have been one of the most successful one reported, since it not only hogged their connection and thus technically Dos'sed them for a while, but this led to some organizational DoS carried out by NWLink!
How can they dare blaming the victim? And how can they dare putting all the consequences (that is, disconnection) onto the victim as well? Is this legal? Is this good practice? And: Does it help stop the DDoS towards SDF? Okay, the target host(s) is/are down, but the packets might rush to the dangling patch cable end anyway, crossing NWLink's infrastructure...
All in all: Thanks to the DDoS people attacking a nice and free public service! :( (Not that I am some DDoS fan of any kind, but aren't there much more promising targets out there, both in terms of
popularity, evilness and challenging huge trunks? Or did some script kiddies just got their shell accounts revoked, and now they felt like stomping their virtual feet? I hope you have learnt to deal better with your frustration by the age of 12...)
And big thanks to NWLink for dealing with a customer's problem in a great and professional way by supporting a DDos through fully shutting down services!
--
"Where do you wanna go today / Somewhere you could never take me"
-- Chumbawamba
This isn't the best news. (Score:1)
Re:This isn't the best news. (Score:1)
Re:This isn't the best news. (Score:2)
NWLink (Score:3, Informative)
I left NWLink [nwlink.com] DSL a couple of weeks ago over their mediocre uptime and high costs, especially bandwidth costs. They were down quite a few hours per month lately (that I noticed) and their tech support was not so good. They seemed to have a lot of router configuration problems: there were frequent router loops. This may have been partly due to their prime (only?) feed to most of the world being alter.net [alter.net], which at least in this neck of the woods is quite slow and tangled. NWlink claimed at one point that they were just finishing up some big network reconfiguration, and things should get better: when things didn't seem to, that was the end for me. I should have waited to switch: it would be nice to dump them now in protest over their DDOSing of SDF :-).
I chose NWLink several years ago because at the time their prices were good, and my previous provider, NW Nexus [nwnexus.com], had been bought out twice and become expensive and quite unreliable in the process. Now I'm with DSL Only [dsl-only.net], and so far they seem great. ISP service is $18/month for 640/256 DSL, with no bandwidth charges, no restrictions on use, a static IP, and two mailboxes. It's been reliable so far, and they are direct to a local exchange that in turn is direct to my work and to Internet2, so ping times and bandwidth are excellent.
It would be nice to be done with ISP switches forever: maybe this is it. The other good news is that this was the easiest ISP switch so far: Qwest seems to have it figured out now, and it was completely routine.
FYI. As always, YMMV.
Why don't the police think of this? (Score:5, Interesting)
Re:Why don't the police think of this? (Score:1)
Re:Why don't the police think of this? (Score:1)
Re:Link for the online form ? (Score:1)
Looks like the server has been told to block
Tom
Re:Link for the online form ? (Score:1)
Re:Link for the online form ? (Score:1)
why oh why (Score:2, Interesting)
if my link was being used to host a ddos attack I would hope I could get notified of the problem and some assistance in fixing it.
to clean up the net we have to educate the users not move them somewhere else, though not for one second am I sugesting that these perticular admins needed educating but they did need notifying.
--required "I remember when"
years ago I was network admin in the UK for a company our exchange server was managed by the US office (the whole globes exchange services where US managed)
I realised that our server was an open relay and notified my director in the US and was told that it didnt matter because nobody would scan us why would anybody scan an advertising agency.
a quick install of snort on another box and a week later I had proof that we were being scaned.
still no action
a couple of weeks later our ISP sent us an official letter in telling us to fix the relay or be booted.
they could have booted us at any time but they did the right thing and warned us first.
the relay was fixed.
Re:why oh why (Score:1)
it doesnt even seem like they were hosting a ddos they were the target.
bloody isp should get burnt down for the d/c now
Re:why oh why (Score:2)
Re:why oh why (Score:1)
Thoughts from a member... (Score:2, Insightful)
Now, due to a couple of kiddies that wanted to prove their `skills', SDF has to go offline, leaving thousands of users unable to access their email and contact friends, and several more thousands unable to access Web and Gopher resources hosted on SDF... giving commercial providers like AOL just one more argument in their favour. They can afford lawyers to take care of shit like this... we can only depend on community leverage. I hope it will be plentyful. Damn. I wanna play netris on sdf....
You know my thoughts on this? (Score:1)
I woudn't be surprised if the DDOSers were in league with NWLink. Or maybe I'm just paranoid or something. Or maybe, as a member of SDF myself, I'm more than a little annoyed at this incidentr. It is SO WRONG.
M-Net? (Score:1)
Re:M-Net? (Score:2, Informative)
Both systems are still active, still public-access, and still run Unix -- so whichever one is oldest, it isn't SDF.
Re:M-Net? (Score:1)
SDF was moving (Score:4, Interesting)
Personally I find the timing suspicious - the move was originally scheduled for earlier in the week, then was delayed at NWLink's request, then when it actually happened "Oh, we're disconnecting you." Did they decide some time ago to get rid of those pesky SDF people and just try to make it look like an SDF problem instead of a NWLink disconnect?
How to complain? (Score:1)
Trying to link the WA consumer complaint form (Score:3, Informative)
Not Found
The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. Please inform the site administrator of the referring page.
Re:Trying to link the WA consumer complaint form (Score:3, Informative)
For the lazy (was:Re:Trying to link the WA cons... (Score:1)
If you need that in hypertext:
Complaint Form [wa.gov]
This kind of crap will continue (Score:3, Insightful)
And guess what, its EASY to stop! Simply require the netork borders to perform filtering on packets crossing the border. If your cable modem is spewing out packets addressed from China, and you're in Florida, SOMETHING IS WRONG. These packets should have never gotten into the internet in the first place.
Suddenly, when spoofing is no longer possible, DoS doesn't seem like such a great idea. Even with botnets and crap for DDoS usage, if you can be tracked back from a single trojaned box, you'd have to be stupid to try.
Re:This kind of crap will continue (Score:2, Informative)
Here's a few links to the next level of annoyances:
-
http://www.cs.berkeley.edu/~nweaver/cdc.web/ [berkeley.edu]
-
http://blanu.net/curious_yellow.html [blanu.net]
-
http://www.cs.berkeley.edu/~nweaver/warhol.html [berkeley.edu]
There will be no tracking back from a single trojaned box.Re:This kind of crap will continue (Score:2)
FUCKING A!! (Score:1)
FUCK FUCK FUCK FUCK SHIT FUCKING A!
Re:FUCKING A!! (Score:2)
free shells are a dime a dozen (but good ones like SDF are hard to come by) Remember the old-time hacker approach of finding out when it is that almost nobody uses the computer and using it then even if it means re-arranging your life.
Cyberspace.org (also known as Grex)
One of the oldest free shell providers. Volunteer run. 1MB quota, limit of 75 logins at a time. Additional users must queue up to get on when the limit is reached. Running on scavenged Sun hardware. Grex doesn't allow bots. Don't even bother downloading stuff like Eggdrop, BitchX, psybnc, etc. since Grex has filters that won't let them run, and the admins will chase down the files and remove them.
$ telnet cyberspace.org
--
www.publiclinux.net
Linux shell accounts.
$ telnet pub.dtdns.net
--
Shellyeah.org
Reasonable free shell service, somewhat limited command set. Sister service to Ultrashell.net, a commercial shell provider.
$ telnet shellyeah.org
--
ductape.net
Public access unix system offering shell accounts, IMAP Email, web hosting. Web registration.
http://ductape.net
$ telnet ductape.net
--
h14me.yi.org
Freenet system with shell access and a bbs.
$ telnet h14me.yi.org
--
rootshell.be
Shell, 2MB quota, standard tools, no IRC due to ddos attacks. Web registration.
$ telnet phenix.rootshell.be
--
more via google.com [google.com]
Re:FUCKING A!! (Score:1)
Northwest Link (Score:4, Interesting)
I cancelled my account in mid 1999 because I got DSL. I received confirmation of this. Four months later I received a collection agency notice saying that I had not been paying my bill (on an account that I had cancelled). I responded with plenty of evidence that I had cancelled the account. The mailed response ignored any of my evidence and re-iterated the original claim. I finally called the NWLINK offices and talked to the NWLINK collections guy. I don't recall his name, but the collections guy sounded like the most crochety old man I had ever heard. I stated my case and his response was, "Pay your damn bill! We don't run a charity here!!!". It was as if he hadn't even heard a word I said, or as my father likes to say, "we were having two spearate conversations". I got the feeling that he thought I was some punk kid trying to scam NWLINK out of a few months of service.
I will never again do business with them. To those who have asked me about Internet Service Providers over the last 4 years, I have advised that they not do business with NWLINK either. I doubt I've made any impact on their bottom line, however I can assure you that the $75.00 they got out of me cost them at least ten customers. I mean really, all they had to do was treat me with a little respect regardless of who was right and who was wrong...
Re:Northwest Link (Score:2)
Complaint form link (Score:2, Informative)
PLEASE .. BE SENSIBLE! FOR THE SAKE OF SDF! (Score:1, Insightful)
Stephen Jones
Caretaker
SDF Public Access UNIX System
Re:PLEASE .. BE SENSIBLE! FOR THE SAKE OF SDF! (Score:1)
Of course I don't condone DoSing NWLink in turn, as someone suggested. But lawsuits, yes; and spreading this story, discouraging others from doing business with them, absolutely. I think those are the kind of threats that need to be made, and carried out.
Re:PLEASE .. BE SENSIBLE! FOR THE SAKE OF SDF! (Score:1)
I rather think that if we
These idiots who sign guaranteed BW contracts without using a lawyer who actually understands the net and its pitfalls get no sympathy from me.
yogi
All your DOS's are belong to us! (Score:2)
Is there a right way to deal with a DDoS ?? (Score:2)
There appears to be a pretty big need for a form of accountability.. right now, you can get almost any small site/organization off the net, simply by flooding them and getting them to run up their ISP bill. What would be the appropriate course of action for victims to such attacks?
what a bad day (Score:2)
The world loses another (virtual) PDP-10
twenex.org: No address associated with hostname
(That was part of SDF if you didn't already know)
8000 people die of AIDS as usual.
And the space shuttle doesn't make it back.
(I know I shouldn't begin sentances with and)
Can someone please explain... (Score:1)
A DDOS attack is an attack on bandwidth, not an attack on an operating system.
If I was more cynical...wait I am more cynical: I think its just because either Hemos doesn't understand the difference, or more likely, just wants to jump at a chance to badmouth that other operating system [freebsd.org] that he knows is so much of a threat to their treasured linux.
Personally I don't think this story comes under the heading of "News that matters", and even if it was worthy, it should have been put under the 'Security' heading, not "BSD".
Perhaps we can get a new section for Denial of Services, or perhaps, a wider umbrella would be a 'teenage HaX0r' section where we can put DDOSs, Web Defacements and Case Mods all together. (That way, people who have lives can choose the option not to display any of that shit on the front page)
Thanks, majestynine.
Re:Can someone please explain... (Score:2)
"Perhaps we can get a new section for Denial of Services, or perhaps, a wider umbrella would be a 'teenage HaX0r' section where we can put DDOSs, Web Defacements and Case Mods all together. (That way, people who have lives can choose the option not to display any of that shit on the front page)
We already have that [attrition.org].
"Can someone please explain why this was put under the topic of "BSD", and why such a thing was even mentioned in the "article" by Hemos?"
Golly, I sure can explain this. It's cause it's their site, not yours.
Re:Can someone please explain... (Score:2)
Re:Can someone please explain... (Score:1)
Don't blame Hemos. The opinions are that of bullshizzle. Flame him instead.
You're also missing the point of the article.
Yes they were DDoSed, but the point is that NWLink disconnected them unfairly.
SDF withdrawal (Score:2)
I'm going through withdrawal pangs without my shell account. I've heard NWLINK's explanation but the timing and the anecdotes of former customers cast a pall over their credibility. My take on this is they were just covering their butts. As a result, thousands of us who rely on our accounts for email and more are high and dry. If what NWLINK said is true, the script kiddies won. That's the best that I can say for them.
Long live the Super Dimensional Fortress!
Re:SDF withdrawal (Score:2)
Re:SDF withdrawal (Score:2)
You get what you pay for.
That's a seductive line of reasoning with a ring of truth but in the case of shell services it just isn't so. I came from a local ISP which offered shell service. They were bought out and the service deteriorated to the point where it was no longer viable. I paid for shell service but towards the end, didn't get it.
Before that ISP went under, I tried another one that was a bit more expensive. To my surprise, they didn't have a news server and claimed no other shell provider had news either. They had old versions of various applications and had vi aliased to elvis. (!) Another one I tried had all kinds of high minded login messages about using ssh and come to find out they were running version 1. I had to sign up and pay for a couple months to find out these things.
That being said, I do contribute to SDF beyond the arpa fee. I do this because I appreciate how good it is compared with the shell services I "paid" for.
this will happen again.. (Score:1)
Ddos wont be stopped because in its current form, the net facilitates it....
"at least a number more years" is defined as: (Score:1)
Let's see, this one liner:
echo 'main(){printf("according to my calculations \"a number more years\" is: %d.\n",0xa);}'>./a.c;gcc ./a.c;./a.out
seems to produce the following output:
according to my calculations "a number more years" is: 10.
Shell provider + IRC = DDoS inevitability (Score:1)
One of the commercial providers that I use explicity disallows users from using IRC or running bots from their account, for the reason that IRC attracts DDoS. Some user gets into a disagreement with some little script kiddie fuckhead then Wham-O! The systems are knocked over or inaccessible and lots of users are inconvenienced. In this case, inconvenienced beyond the script kiddies wildest dreams. Right now the culprits will be laughing about it between frantic bouts of mutual masturbation.
Once Lonestar is moved to it's new provider or an amiable solution is found with it's current provider, I think it would be wise for to cease all IRC activity so that it can minimise the chances of this happening again.
Same with Dalnet (Score:1)
It's back ! (Score:1)
I can't resolve pop.freeshell.org from my machine, but I can resolve it from the shell on sdf.lonestar.org, so I presume that is a DNS propagation thing.
I took the IP address as found on sdf and put it in my
Woohoo !
I'll be checking the bboard later to see what this has cost SDF, and see if I should be sending them a little bit more money.
Re:I don't understand this. (Score:3, Informative)
(uugh, IHBT)
Re:I don't understand this. (Score:2)
Re:I don't understand this. (Score:2)
Next step is the switch in front again dependant on the type of switch it may have problems with a DOS attack as far as management goes.
The router above That may hav it's wan links flooded effectivly edging out valid traffic again and dependant on the router type taking up enormous ammounts of CPU time.
Then there are all the upstreams. When you buy bandwith from some local provider like they have they dont have the capacity to deal with the attack nessicarily and at minimum it may be degrading there network.
The only good solution to fix these things is source address verification from ALL ISP's (ok not happening any time soon) and oh that breaks mobil IP and some multi homes sites even the cheasy multiple DSL and cable modem setups for more bandwith and reliability configs.