Differences

This shows you the differences between two versions of the page.

Link to this comparison view

madoverlord:projects-byebyenet [2016/05/13 21:42]
127.0.0.1 external edit
madoverlord:projects-byebyenet [2016/10/04 14:42]
Line 1: Line 1:
-==== How to Destroy the Internet (Projects) ==== 
- 
-// First, I would like to make it perfectly clear that I am publishing my twisted and evil method for destroying the internet without any intent to encou // 
- 
- 
- 
-=== How To Destroy The Internet - Disclaimer === 
- 
- 
- 
-First, I would like to make it perfectly clear that I am publishing my 
-twisted and evil method for destroying the internet without any intent 
-to encourage anyone to actually do it.  If in fact anyone does this, 
-my Ninja Death Squad will be dispatched to hunt you down and make you 
-watch Powerpuff Girls until you die of cerebral hemmorage. 
- 
- 
- 
- 
-Part of the art of being a Mad Overlord is that it is quite 
-enough to know **how** to wreak chaos and devastation. ​ You 
-don't actually have to go and do it (it's messy, there are more 
-fun things to do, and it attracts the unwelcome attentions of the 
-Forces of Goodness, who are real party-poopers). 
- 
- 
- 
- 
-Thus, this method is published for three reasons; first, and 
-most importantly,​ to impress you with my evil and devious mind; 
-in the hopes that a certain company whose software will almost 
-certainly be used in carrying out this attack (if someone is so clueless 
-as to try it) will get their act together and put some extra effort into 
-making it more difficult; and finally, in an effort to broadly 
-disseminate knowledge of the technique so that it can be discussed 
-and countermeasures developed. 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-=== Distributed Denial of Service Attacks === 
- 
- 
- 
-In early 2000 several major sites (such as Yahoo!) were assaulted by 
-distributed denial of service attacks. ​ These involved a hacker or 
-hackers gaining control of about 100 computers around the net and 
-using them to flood the target server(s) with requests, in the hopes 
-of overloading them.  The computers used were "​slaves"​ used to 
-launch a coordinated attack on the target. 
- 
- 
- 
- 
-The exact details of these denial of service attacks are 
-irrelevant to this discussion. ​ What is relevant is that these attacks 
-are highly assymetric; a small amount of computing and bandwidth 
-(to generate a bogus request and send it to the target) forces the 
-target to consume a larger amount of computing and bandwidth to 
-respond. ​ Thus, each of the slaves can create a load on the target 
-equivalent to thousands of normal users, and a relatively small number 
-of slaves can overwhelm even the mightiest site. 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-=== Email Viruses === 
- 
- 
- 
-In the last year or so, we've also seen quite a few "email viruses";​ 
-malicious emails with embedded scripts or code that could not only 
-do nasty things on a user's machine (a "​trojan horse"​) but could also 
-exploit security flaws in email applications,​ most notably those 
-created by Microsoft, and send themselves on to everyone in the 
-victim'​s address book. 
- 
- 
- 
- 
-It is important to keep in mind that the reason these viruses 
-targeted Microsoft applications is not necessarily that Microsoft apps 
-are more vulnerable than those from other vendors, but that they are 
-much more common. ​ However, it is also important to keep in mind that 
-after each virus release incident, patches were made to the applications 
-involved, sighs of relief were uttered, and the whole cycle repeated 
-when a new vulnerability was uncovered. ​ Thus, we can have no assurance 
-that there are no as yet undiscovered security problems with these 
-programs. 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-=== Put them together and it's adios Internet === 
- 
- 
- 
-Now consider the following hypothetical email virus. ​ The carrier 
-part of the virus exploits a new security hole in a popular email 
-application to email itself to everyone in the victim'​s address 
-book.  But it also installs a trojan horse into the victim'​s computer, 
-which in it's simplest and most insidious form is what I call an 
-**Autonomous Random Denial of Service Robot**. 
- 
- 
- 
- 
-This little chunk of code simply picks urls from major websites 
-at random from a list (or creates them by looking at email addresses from 
-the email application),​ and makes http requests. ​ It doesn'​t need to 
-execute any of the fancy denial of service techniques (though it could 
-if it wanted). ​ It just waits until the computer is connected to 
-the internet, and then, as unobtrusively as possible, uses all the extra 
-bandwidth that the user **isn'​t** using to pester the 
-target websites. 
- 
- 
- 
- 
-If 100 slave computers could overwhelm some of the major sites 
-on the internet, think about what 100,000 machines could do, 
-even if their attack technique was not very sophisticated. ​ In fact, 
-if they just acted like regular browsers and requested homepages, 
-the targets would have little clue that they are being attacked apart 
-from the crippling surge of traffic generated. ​ Such an attack would 
-be very difficult to detect let alone defend against. 
- 
- 
- 
- 
-Scary, isn't it? 
- 
- 
- 
- 
-<A HREF="​mailto:​[email protected]">​Robert Woodhead</​A>​ 
- 
- 
-December 1st, 2K 
- 
- 
- 
- 
-