|
Forum Rules | Firearms Safety | Firearms Photos | Links | Library | Lost Password | Email Changes |
Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
Thread Tools | Search this Thread |
May 28, 2007, 09:40 AM | #76 | ||
Member
Join Date: June 13, 2002
Location: Austin, TX
Posts: 45
|
I'm not sure how they have their router at THR set up, but if it's a UNIX or Linux box, you just have to add some sanity rules and it will stop DOS attacks. I'm already an IT developer but I'm going to take a class in IT security forensics soon to learn about this sort of thing.
Quote:
Quote:
To explain a little more, two things happened here. Some server somewhere in Chicago got compromised. Meaning that a hacker broke in and put a zombie program on the server in Chicago to launch a DOS attack. The sys admin in Chicago did not do his job and made a situation that allowed this to happen. His server had poor security that allowed it to be hacked. That was mistake number one. Mistake number two happened at the data center where THR's server is housed. They were the recipient of a DOS attack and did not have an adequate response to handle it. The firewall should have recognized immediately that a DOS attack was occurring and at the very least shut down the firewall if it was going to crash their network. A more intelligent approach would have been to recognize and filter DOS traffic from that source IP range, which still lets in most or all legitimate traffic to THR's server. The data center that THR uses isn't prepared to respond to DOS attacks, it seems. So two mistakes were made here that allowed this to happen. I hope that helps. |
||
May 28, 2007, 09:57 AM | #77 |
Senior Member
Join Date: January 18, 2005
Posts: 882
|
Sigh. I don't mind THR being down so much, but I'm having APS withdrawls.
__________________
If we look at the black record of mass murder, exploitation, and tyranny levied on society by governments over the ages, we need not be loath to abandon the Leviathan State and ... try freedom. --Murray Rothbard, For a New Liberty |
May 28, 2007, 10:13 AM | #78 | |
Senior Member
Join Date: October 17, 2006
Location: Richmond, VA
Posts: 167
|
Quote:
|
|
May 28, 2007, 11:03 AM | #79 |
Staff Alumnus
Join Date: December 6, 1999
Location: Nashville, TN
Posts: 7,022
|
THR is in the process of finding a host that we can afford and that also has ability to handle such attacks. It turned out to be a hard search.
|
May 28, 2007, 11:12 AM | #80 | |
Member
Join Date: May 18, 2004
Location: Chicagoland
Posts: 54
|
Quote:
How successful was the fund raiser that we had a while back? Is it something that might need to be revisited? I know an email address was given for Derek if anyone wanted to chip in, I have to think another fund drive would have better results. Ron |
|
May 28, 2007, 11:41 AM | #81 |
Junior Member
Join Date: May 23, 2007
Location: Tx
Posts: 0
|
I am another one who came over due to the outages. I see that another member has posted Derek's donation stations. For those who havent, please see that THR is in need of help. Even a few dollars will help.
I may be taking this a lil bit personal, but, I cut my teeth on THR. Thanks Mot |
May 28, 2007, 12:18 PM | #82 | |
Staff
Join Date: October 13, 2001
Posts: 3,355
|
Quote:
__________________
“The egg hatched...” “...the egg hatched... and a hundred baby spiders came out...” (blade runner) “Who are you?” “A friend. I'm here to prevent you from making a mistake.” “You have no idea what I'm doing here, friend.” “In specific terms, no, but I swore an oath to protect the world...” (continuum) “It's a goal you won't understand until later. Your job is to make sure he doesn't achieve the goal.” (bsg) |
|
May 28, 2007, 12:26 PM | #83 | |
Member
Join Date: July 22, 2006
Posts: 99
|
Quote:
1. The attack still takes up bandwidth, so either the THR router/firewall is overwhelmed or legitimate packets get dropped by the ISP because bandwidth is maxed out. 2. THR is still paying for all the bandwidth used by the attack. So shutting down the site is preferred. |
|
May 28, 2007, 01:14 PM | #84 |
Junior Member
Join Date: May 28, 2007
Posts: 5
|
Well with THR down, I came over here. Hello all.
|
May 28, 2007, 01:16 PM | #85 | |
Member
Join Date: May 28, 2007
Location: DFW, Tx
Posts: 17
|
Quote:
This is nutz. I hope they get things fixed soon. Good to know whats going on at least. |
|
May 28, 2007, 01:21 PM | #86 |
Junior Member
Join Date: May 25, 2004
Posts: 12
|
I am totally amazed from what I've read here that there seems to be no recourse but take it.
Can't find those responsible and prosecute. Can't stop the DOS attacks. Can't filter the attacks reducing their impact. One would think that with all the expertise in internet technology out there that some way of making DOS attacks no threat would have been devised by now. If it's so easy and almost risk free why aren't the a'holes doing this attacking banks or big businesses that rely on the internet and collecting protection money? The mafia ran the same scheme for years only face to face. This DOS thing seems to be almost risk free from what the local guys who seem to know what they're talking about say. Why screw with THR? |
May 28, 2007, 01:57 PM | #87 |
Member
Join Date: April 3, 2006
Location: Purdue
Posts: 75
|
guys, i'm not going to make it, the site has been down for what seems like days. TFL is good, but i need my high road. i've got nervous convulsions, cold sweats, the urge to go fondle my own guns, or to even surf the net looking for gunp0rn. i'm glad you guys are here to keep me from losing it.
__________________
Ess Kay Ess |
May 28, 2007, 01:58 PM | #88 | |
Senior Member
Join Date: March 11, 2000
Posts: 1,080
|
Quote:
__________________
"Know that the pistol has no value, we practically don't use it. We need grenades, rifles, machine guns, and explosives." Mordechai Anielewicz, April 23, 1943 |
|
May 28, 2007, 02:41 PM | #89 |
Member
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
|
Money?
I daresay there are several of us (and I would be one) who would be willing to make a dollar commitment monthly to see THR up and running reliably.
A few bucks from a hundred of us (or two) would, I'm sure go a long way. Of course, there are hosts out there that charge 5-digit sums for the kind of reliability we'd really like. It seems to me, however, that isolating the offending servers should not be that difficult. It doesn't matter that they're zombies, the provider at that level should be able to simply kill packets from those boxes before they ever get to the backbone. It might require blue envelope treatment, but the compromised boxes (if they're centralized) should be subject to summary isolation. If the zombies are spread out, then it's harder.
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- gh@c2 "Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- gh@c2 |
May 28, 2007, 03:01 PM | #90 |
Senior Member
Join Date: August 14, 2006
Location: Huntsville, AL
Posts: 437
|
Oleg,
How about the host that TFL uses? We haven't seen them drop off the map but maybe once (that I'm aware of.) I've sent Derek some coin. I'm sure there are many more members that are willing to do the same. Just point us in a direction. |
May 28, 2007, 04:14 PM | #91 |
Staff
Join Date: October 13, 2001
Posts: 3,355
|
Arfin, if the attack's coming from the same place it was last time, the colo in question is notorious for not handling abuse issues.
__________________
“The egg hatched...” “...the egg hatched... and a hundred baby spiders came out...” (blade runner) “Who are you?” “A friend. I'm here to prevent you from making a mistake.” “You have no idea what I'm doing here, friend.” “In specific terms, no, but I swore an oath to protect the world...” (continuum) “It's a goal you won't understand until later. Your job is to make sure he doesn't achieve the goal.” (bsg) |
May 28, 2007, 04:31 PM | #92 |
Member
Join Date: November 3, 2006
Location: North Idaho
Posts: 48
|
colo abuse response
Perhaps a blue envelope would wake them up.
__________________
"Truth is a dangerous thing: once found, you must never turn your back on it." -- gh@c2 "Look at it this way. If America frightens you, feel free to live somewhere else. There are plenty of other countries that don't suffer from excessive liberty. America is where the Liberty is. Liberty is not certified safe." -- gh@c2 |
May 28, 2007, 04:39 PM | #93 | |
Senior Member
Join Date: October 17, 2006
Location: Richmond, VA
Posts: 167
|
Quote:
What we know now as the Internet began as a government research project back in the 1960's when the Advanced Research Projects Agency (ARPA) was given the task of developing a decentralized, packet switched computer network which could survive efforts at sabotage. Major universities were eventually invited to participate in developing the new network and eventually the universities took the lead as ARPA eventually moved on to other things. Most of the communications protocols that underly the Internet were developed in an academic setting with no real thought given to security or preventing rogue behavior. The original developers just saw the experimental network as an academic project that universities used to talk to each other. No one ever imagined that the 'net would ever become a commercial entity. Eventually, the rest of the world discovered the Internet and it became one of the biggest success stories in the history of modern technology. But, unfortunately, we're still hamstrung with the short sighted thinking of the early developers who failed to build proper security controls into the basic protocols. And changing those protocols at this point in the game to remedy some of those old problems is very, very difficult. The reason that DOS attacks are so hard to stop is because it's very difficult to tell where the packets are coming from. The source addresses on IP packets can be easily forged (one of the weaknesses in the IP protocols) and when the packet arrives at your router, there's no way to tell where it came from if the source address is fake. If you try to filter the packets based on source address, the attacker just changes the source address in the packets and they go right past your filter rules. There is no easy way to stop a determined DOS attack without spending BIG $$$. |
|
May 28, 2007, 04:42 PM | #94 | |
Senior Member
Join Date: October 17, 2006
Location: Richmond, VA
Posts: 167
|
Quote:
|
|
May 28, 2007, 05:52 PM | #95 |
Member
Join Date: May 28, 2007
Posts: 50
|
But, but- I thought Al Gore invented the internet
At least, that is who I blame for THR going down. Seriously, this has got to stop. I can't live w/o my THR fix! But, TFL will substitute for now... |
May 28, 2007, 06:03 PM | #96 |
Senior Member
Join Date: May 28, 2007
Location: Reno, Nevada
Posts: 196
|
we should all take a look at various left/rino forums
to see if some one is bragging about it.
I have encountered hackers before when starting up internet groups to protest illegal immigration, I believe it was supporters of "southern poverty law center" that attacked me. I had to shut down my groups because I am neither savvy enough and don't have the time. |
May 28, 2007, 06:09 PM | #97 |
Member
Join Date: May 28, 2007
Location: W. Texas
Posts: 83
|
The THR outages brought me here too. Well, I've been a lurker at TFL for years, but never signed up. 'Bout time I participate here anyway.
|
May 28, 2007, 07:32 PM | #98 |
Senior Member
Join Date: April 2, 2007
Location: In Oz, next door to the Lollipop Guild's HQ
Posts: 404
|
I really think THR was attacked as payback for all the left wing polls we swept after the VT tragedy. If you'll recall, we really made Second Amendment freedom ring in those polls. Remember where at least one liberal news agency made their anti-gun poll completely disappear after they didn't get the results they wanted? I firmly believe we ruined a lot of their polls, making them look like their lefty-leaning readers suddenly had an epiphany concerning Second Amendment Rights.
I believe a hacker was brought in by someone from one of those agencies for a little payback. Either with the approval of the front office or an angry individual bringing in a cyber-hitman. I keep loosening my tin foil hat, but, I can't shake this feeling that this is the case. Maybe I need another layer of foil? Also, you all just signing up will really enjoy this forum. These folks are every bit as "High Road" as the folks over at the home forum. It's a great place to talk guns. Last edited by Mike U.; May 28, 2007 at 07:37 PM. Reason: adding a thought |
May 28, 2007, 07:57 PM | #99 |
Member
Join Date: September 26, 2005
Posts: 45
|
Not only to enjoy this board. This is what THR was modeled after originally.
I do not think this is a professional hit on THR. If it is still out of one DC in Chicago then it may only be an individual that has some support roll in that DC. After all they have not shut us down for 2 whole weeks solid. Someone hired for this nasty could use resources from all over the internet through different sets of compromised systems. So far this has mostly been over weekends.
__________________
socialnewswatchDOTcom instead of Drudge |
May 28, 2007, 08:08 PM | #100 |
Junior Member
Join Date: May 28, 2007
Location: PRK
Posts: 1
|
I needed my gun forum fix-hopefully THR will be up again, but now I have an alternative.
|
Thread Tools | Search this Thread |
|
|