Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Gambling Sites Battle DDoS Attacks 296

Posted by michael from the aces-over-eights dept.
the-dark-kangaroo writes "Gambling sites are fighting back against extortion from hackers using Distributed Denial of Service (DDoS) attacks. According to the report released by the BBC many of these attacks are coming from infected home PCs which have succumbed to a worm or virus. The gambling sites are bringing in reinforcements: Pipex, Cisco and security firm Energis are creating 'intelligent' traffic monitoring systems to help stop these attacks."
This discussion has been archived. No new comments can be posted.

Gambling Sites Battle DDoS Attacks More

Gambling Sites Battle DDoS Attacks

Comments Filter:

  • I try and try.. (Score:3, Interesting)

    by XaXXon ( 202882 ) * <xaxxon&gmail,com> on Monday January 17, 2005 @04:06AM (#11383606) Homepage
    But I just can't feel too sorry for them.

    I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.

    • Re:I try and try.. (Score:5, Insightful)

      by LordNightwalker ( 256873 ) on Monday January 17, 2005 @04:16AM (#11383631)
      Yah, and I'd feel sorry for them if they'd play nice and stop writing worms to crawl blogs and paste poker spam in the comments. You wouldn't believe the amount of spam I had to clear from my blog comment area already. Imagine my surprise when I saw the same poker spam in the comments of every single post in my blog on some computer graphics project I'm working on... Feel sorry for them? Not really.

      • Re:I try and try.. (Score:4, Insightful)

        by really? ( 199452 ) on Monday January 17, 2005 @04:22AM (#11383646)
        Two wrongs=right?? To each his own I guess.

      • Re:I try and try.. (Score:5, Informative)

        by legoburner ( 702695 ) on Monday January 17, 2005 @04:26AM (#11383661) Homepage Journal
        Though a lot of online casinos do that*, not all do that and it is somewhat unfair to lump all of them in as deserving of the dDoSes.

        Some interesting stats about online gambling:
        - Those dDoSes hit 2GB/sec. More than Energis' internal network can cope with.
        - The primary dDoSers (some russian guys) were caught and arrested last year, there was a /. story about it too
        - The mafia have been involved with some US sites, but I know of at least one that got shut down when the entire board of the company got arrested
        - The WTO is trying to make the US ban on Internet gambling illegal
        - The biggest online casino is israeli-founded/based www.888.com who do multiple billion per month in turnover. You can get house win from that by taking off about 98-99.5%. (turnover counts every value of every spin of a slot machine or every wager, remove the odds of winning % for the house win)

        In conclusion, the world does not have the same laws as the US (gambling is perfectly fine in the UK for instance) and some people run responsible gambling sites and still have to put up with all the tiring crap from crackers and dDoSers.

        * technically it is their affiliates who do it through affiliate programs, but same difference, they are all guilty and could crack down on it if they wanted.
        • - The WTO is trying to make the US ban on Internet gambling illegal

          Sovereignty, anyone? That's the most ridiculous thing I've ever heard.

          No, wait. There was that thing about the Earth being hollow, with openings at the poles and the lost ten tribes of Israel walking around upside-down on the other side of the crust.... I think that was the most ridiculous thing I've ever heard.

          It was close, though.
      • Personally, I don't feel sorry for them at all. It seems like just desserts to me since they are responsible for a LARGE portion of the spyware that we end up removing from PC's on a regular basis.

        My reply to them is WAAAAAA!!! We (the internet community) asked you not to do a bunch of things which were "bad" (spam and spyware). You went ahead and did the "bad" things and now someone who is "badder" is doing "bad" things to you and you want us to help you.

        Hmmmm...let me think about this - help the spam

        • Re:I try and try.. (Score:2, Informative)

          by 91degrees ( 207121 )
          It seems like just desserts to me since they are responsible for a LARGE portion of the spyware that we end up removing from PC's on a regular basis.

          Some of them aren't. A lot of them run a perfectly legitimate business advertising through tradiaiton means.

          In addition, I fail to see what benefit you provide anyone. Someone mentioned taxes. Most of the gambling sites are located in a few countries in Central America (like Belize) where the money is usually paid to a corrupt goverment that uses it to mo
      • Try the WordPress SpamAssassin plugin [ioerror.us], which has also been ported to Movable Type [kahunaburger.com], to kill all that comment spam.
      • These are not the gambling sites that do this. These are affiliates. The gambling sites very much frown on spam, which is why some of them won't even accept traffic from e-mail, and other sources that is likely to be spam. But it's quite difficult for them to police traffic sources from tens of thousands of affiliates.

        From the PartyPoker Affiliate Agreement [iglobalmedia.com]:

        2.13 "Spam" or "Unsolicited Promotions" means emails or any other messages that are circulated by you, directly or indirectly, including messages t

        • Yeah, because we know they'd NEVER have an AUP like that just for show.

          If they don't immediately terminate spamming affiliates,they are knowingly profitting from the spam. If the actually PAY OUT to the spammer, then they are condoning it.

          This tends to be the case, or else it wouldn't be a problem.

    • Re:I try and try.. (Score:4, Insightful)

      by John Seminal ( 698722 ) on Monday January 17, 2005 @04:24AM (#11383656) Journal
      But I just can't feel too sorry for them. I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.

      Would you prefer to deal with a bookie or a regulated buisness? At least the on-line gambling websites have to pay taxes.

    • Re:I try and try.. (Score:5, Insightful)

      by really? ( 199452 ) on Monday January 17, 2005 @04:25AM (#11383659)
      Why is gambling a shady biz? I don't gamble myself, but as long as they don't come to my house and force me to gamble, I don't see the shady part.
      Tax on those poor at math? Perhaps. But, why shady?
      • isn't it obvious? The Bible said so!

      • Re:I try and try.. (Score:3, Interesting)

        by Technician ( 215283 )
        I look at it as a zero sum gain industry. It only re-distributes wealth. It has no wealth creation or real value growth. Many industries such as farming take labor and make a product. Other than entertainment value, gambling has no product. All gambeling money is re-distributed with no net gain. That's the thing I have against the state lottery or state video poker. The state provides no product and just takes the suckers money.

        I would rather see the state earn money by providing services such as af

        • Re:I try and try.. (Score:4, Insightful)

          by azaris ( 699901 ) on Monday January 17, 2005 @08:06AM (#11384198) Journal

          I look at it as a zero sum gain industry. It only re-distributes wealth. It has no wealth creation or real value growth.

          Well duh. Most industries today create nothing tangible. Think all of the services you can buy that generate no physical substance. Wash your car for $10, nothing of value is generated. In fact, the act of washing a car consumes large amounts of natural resources in the form of energy consumed and detergents that must be recovered before they are released into the natural water reserves. Does this mean we should abolish all carwashes?

          The economy isn't really about creating goods for consumption. Yes, those things are important for sustaining people but in reality as long as there is sufficient natural resources being converted to goods, the rest of the society can just spend their time trading money from one hand to another in exchange for services like gambling. Like it or not, it IS a part of the economy and provides livelyhood for hundreds of thousands.

          Many industries such as farming take labor and make a product. Other than entertainment value, gambling has no product.

          You can probably come up with a dozen other industries that similarly offer only entertainment.

          All gambeling money is re-distributed with no net gain. That's the thing I have against the state lottery or state video poker. The state provides no product and just takes the suckers money.

          You can justify all you want, but the truth is that any objection against gambling is purely moral. I'm always amazed at how ass-backward conservative Slashdot is when it comes to things like gambling, but I guess that's the US mentality of "gambling evil" at work.

          I would rather see the state earn money by providing services such as affordable broadband such as in Washington State. The state is providing $40/month broadband with telephone and 5 Gig bandwidth. It beats video poker.

          Did it ever occur to you that maybe the proceeds from the state lottery are used to subsidize such projects? Duh indeed.

          • The only problem I see with gambling is that is very easy to make everyone loose (everyone but the site/cassino owner). If the game is balanced to take out only the needed money to maintain the infrastructure and give a reasonable profit, I have nothing against it.

            Also I think that since there are people who gamble until broke, there could/should probably exist some kind of safe keep for those people. To protect them of them selves.

    • Re:I try and try.. (Score:5, Insightful)

      by WIAKywbfatw ( 307557 ) on Monday January 17, 2005 @04:42AM (#11383718) Journal
      Sorry but you're displaying your ignorance. Gambling is legal in most societies, and in some (eg, Hong Kong) it's a common activity that the majority of the population enjoy.

      Betting on the result of a sporting event, or anything else, via a legally authorised bookmaker is no more shady than having a cup of coffee.

      Just because you have this image of gambling that seems to be more to do with smoke-filled secret back rooms where you have to know the password and the guy behind the bar to get in than legitimate, publicly-traded and -scrutinied businesses that doesn't make it a reality.

      The gambling sites being DDOSed aren't run by crooks, they're the legitimate and legal online presences of bricks-and-mortar bookmakers as well as internet gambling start-ups.
      • Maybe this isn't really an authority on the subject, but in SimCity, when you allow gambling in your city, your crime rate goes up significantly.

        In all the gangster movies, they are always involved in gambling.

        Basically anywhere that kind of money changes hands is going to attract people you wouldn't normally want to associate yourself with.

        Casinos seem morally irresponsible to me, letting people run up debt to the point where they put a burdon on society in order to make a profit. I'm sure this is an a

        • Re:I try and try.. (Score:5, Insightful)

          by WIAKywbfatw ( 307557 ) on Monday January 17, 2005 @05:49AM (#11383904) Journal
          Casinos seem morally irresponsible to me, letting people run up debt to the point where they put a burdon on society in order to make a profit. I'm sure this is an argument for another place at another time, but that's how I feel.

          I'm sorry, but in the US couldn't you apply that label to hospitals too? Medical bills that run into 5 or 6 figures aren't uncommon and it's a sad fact that the biggest factor in personal bankrupcy in the US is unpaid (and, more importantly, unpayable) medical bills.

          And, out of interest, where do you draw the line at what is and what isn't gambling? Is playing the lottery gambling? And in a so-called "free" society, shouldn't you be able to do what you want with your hard-earned cash? Does anyone really have the right to tell you how you can and can't use it to entertain (and possibly enrich) yourself if you're not hurting anyone else in the process?

          To be honest, I'm not in favour of unchecked gambling, but then I'm not in favour of unchecked alcohol abuse either, but you don't see church and state bringing the roof down on that ballgame, do you?
          • Medical bills that run into 5 or 6 figures aren't uncommon and it's a sad fact that the biggest factor in personal bankrupcy in the US is unpaid (and, more importantly, unpayable) medical bills.

            I'd like you to cite a source for that. I googled for it and found a few charts, most of them indicating loss of job as the #1 cause.

          • Re:I try and try.. (Score:3, Interesting)

            by pk2000 ( 792069 )
            The most overlooked form of gambling is insurance. You place a bet that your house will catch fire. If it doesn't then you loose your bet. If it does you win!! But your winnings are actually less than the value of the damage.
      • No, I have this image with ads that say "Win now!", or do you believe that you will "Win now!"?
        • It's called gambling for a reason: sometimes you win, sometimes you don't. Unless you're mentally deficient then you know that you've got less chance of winning than losing. Duh.
          • Well I don't see "You will lose more than win!" in their ads.
            • Yes. People often hightlight the negative aspects of the product they're advertising. It's a sure fire way of selling more stuff.
              • If the truth is a negative aspect I would call the businesses is shady.
                • So that's all businesses then.

                  "Hi, we at company X have the lowest customer satisfaction record for after sales support. Buy our stuff."

                  Even the best products and companies have problems.
                • "Buy our soft drink and get tooth decay and diabetes."

                  "Buy our car and have twice the chance that it'll get broken into or stolen."

                  "Buy our notebook PC and have a 1/4 chance that it'll break down within a year."

                  "Buy our burgers and watch your health suffer."

                  "Buy a ticket to come see our totally unappealing movie."

                  "Buy our sports shoes and clothing that were made by child labourers in a far eastern sweatshop."

                  "Buy our clothes that lose their colours and their shape after minimal wear."

                  "Buy our toothpa

            • Re:I try and try.. (Score:4, Insightful)

              by Sircus ( 16869 ) on Monday January 17, 2005 @07:32AM (#11384134) Homepage
              You also don't see "Fly with us! We'll cram you into a tiny seat, next to a fat guy, have former-prison-warder-host(esses) serve you luke-warm food at 3-hour intervals and play a film with anything even potentially offensive cut from it!" ads for airlines. You see wide, open spaces, people sleeping like babies and beautiful hostesses caring for people's every need.

              It's common practice to advertise an image of something which bears no relation to reality.

      • Re:I try and try.. (Score:4, Insightful)

        by vandan ( 151516 ) on Monday January 17, 2005 @06:46AM (#11384044) Homepage
        Sorry but you're displaying your ignorance. Gambling is legal in most societies ...


        Sorry but you're displaying your arrogance. Just because something is legal doesn't mean it is ethical. I could give you plenty of examples, but I'll leave it up to people's imagination.

        Betting on the result of a sporting event, or anything else, via a legally authorised bookmaker is no more shady than having a cup of coffee.


        What sort of a dim-witted comparison is that? Gambling devastates many people's lives. That makes people who push their gambling 'services' onto us 'shady'. Having a cup of coffee has nothing to do with it.

        Just because you have this image of gambling that seems to be more to do with smoke-filled secret back rooms where you have to know the password and the guy behind the bar to get in than legitimate, publicly-traded and -scrutinied businesses that doesn't make it a reality.


        You don't need smoke-filled, secret rooms or passwords to have a shady business. You just need to have a deficient conscience, or excess greed, and an online gambling site. Then you sit back and wait for the poor suckers to 'click', 'click', 'click', 'click', 'click', 'click', 'click'. People don't rock up to a gambling establishment and try their luck once. They stay their until they're out of money. You can disagree with me if you like, but every time I go to a casino ( get dragged their by workmates once a year or so ), the above is what I witness.

        The gambling sites being DDOSed aren't run by crooks, they're the legitimate and legal online presences of bricks-and-mortar bookmakers


        I don't think so. People running gambling sites are far more likely to be dodgy than those in a physical establishment. It's far easier to police a 'real' gambling business than a virtual one, especially since a virtual one can hide it's location and reside in a place that has no regulation.

        Also, I get a fucking shitload of SPAM from gambling sites. Right away that says to me that the people running the sites are far from innocent, law-abiding citizens.

        You seem to try to make the point throughout your post that because something is legal, that somehow blesses the activity. I suppose the opposite of this is that everything which is illegal is patently evil. Both points are absolutely ridiculous. There are plenty of things which are legal which are evil:

        - selling carcinogen-soaked cigarettes
        - selling alcohol
        - selling weapons
        - having a monopoly ( esp. a media monopoly )

        Likewise, there are plenty of things which are illegal which are quite harmless ... possibly even good ... and should be legal:

        - recreational drugs
        - not voting if there's no-one worth voting for ( Australia )
        - being a member of the Iraqi resistance

        I'm pretty sure that I'd get disagreement on all of the above points. This reinforces my argument that:

        - you should never use the law to enforce ethical behaviour in private matters
        - you should never use an activity's legal status as an indicator of it's ethical status

        Back to the topic of the actual article ... I don't really relate to the DDOSers ( they're probably just other gambling sites or spammers who haven't been paid for their advertising services ), but I couldn't give a toss about the online gambling sites.

        • Re:I try and try.. (Score:3, Insightful)

          by csteinle ( 68146 )
          So, selling alcohol is "evil", but recreational drug use is morally acceptable. What? Way to go on the consistent argument there.
    • It's a good idea to point out that there's a difference between state/province run lotteries and brick and mortar casinos and online casinos. The first two usually end up giving some money to charity. Online casinos always send out tons of spam. But that's the only way to compete in the online casino business. Could you imagine trying to run an online casino by following good business ethics? could it be done?

      I would also like to mention that the IRS sucks. In Canada, we don't tax lottery winnings.
    • Gambling doesn't have to be shadier than say women's makeup or Disney resorts. They all exploit certain partly irrational needs and desires of human beings.

      So who's shadier? The bookie who gives you less than generous odds or the mouse that uses your six year old kids to get into your wallet? I really don't know myself.

  • Great Idea (Score:5, Funny)

    by IInventedTheInternet ( 818590 ) on Monday January 17, 2005 @04:09AM (#11383613)

    A moment of silence for the kneecaps of the virus writers if/when discovered.
    • No, the people behind online gambling are more devious than that. They'll use hundreds of bots to spam the virus writers websites with gambling related links.

    • Good job, Virus Writers! (Score:2, Funny)

      by Anonymous Coward
      Now when they learn how to hack into
      their cement shoes under 100 feet of water,
      I'll be even more impressed!

  • Where's my violin? (Score:4, Insightful)

    by mizhi ( 186984 ) on Monday January 17, 2005 @04:12AM (#11383622)
    I know these gambling sites are legitimate companies, but it seems the worms that most people get are advertising either porno shops or gambling shops.

    It's difficult for me to feel sorry for gambling sites getting DDoSed.
    • They're going after businesses that are 100% reliant on their internet connection. Online casinos get hit a lot because they fit the bill, and they're not so big that they can put up an effective defense (and they don't have much clout with law enforcement). Plus gambling operators have been known to put up the ransom money before - they're pretty shady operators themselves so they understand this kind of tactic.

      I agree with you though, gambling operators get zero sympathy from me. Just desserts I say, fo

  • Legal issues? (Score:5, Interesting)

    by britneys 9th husband ( 741556 ) on Monday January 17, 2005 @04:15AM (#11383628) Homepage Journal
    Ok, I'm not sure about those other companies that were mentioned, but Cisco is a U.S. company. And internet gambling is illegal in the United States. Now, don't get me wrong, I don't give a shit whether people gamble on the internet, and I see the anti-internet-gambling laws as having as much to do with protecting monopolies [powerball.com] as anything else.

    Now that I've said that, how is this not a legal issue for Cisco? Surely the FBI, DEA, and assorted other federal agencies would be all over Cisco if they were helping Colombian drug cartels in any way whatsoever. How do they "get away" with it? Aren't they essentially aiding and abetting what in the U.S. is considered a criminal enterprise? I mean, as an individual I can go place bets at some offshore casino and fly under the radar, but a big company like Cisco is going to have a hard time doing that, especially if their help is on the front page of Slashdot and other news sources.

    • Re:Legal issues? (Score:5, Insightful)

      by LordNightwalker ( 256873 ) on Monday January 17, 2005 @04:20AM (#11383642)

      Cisco is just working on solutions against DDOS attacks; it's not Cisco's responsibility if that technology is used to protect the Pentagon or some online gambling site. Following your logic, Cisco is already in trouble because those online gambling companies already use Cisco hardware in their setup... And so is Dell, 'coz they made the PCs used by the casino staff, and so is the company who made the bricks for the building their HQ is located in etc...

      See how ridiculous it gets if you stop to think about it? ;)

    • Re:Legal issues? (Score:3, Insightful)

      by wildBoar ( 181352 )
      The Colombian cartels are illegal in their own countries as well as in the US, the internet Gambling operations are legitimate companies operating in compliance with their local laws.

      It is a big difference.

      I'm afraid despite all attempts (wishes) to the contrary the US can't apply any law it likes on any country in the world.

      Well, not without invading it first ;-)
    • And it doesn't even matter whether Cisco is a US company or not. US invaded Panama, a sovereign country, and arrested Manuel Noriega for violations of US law, so logically they could invade Great Britain and arrest all those scofflaws who are driving on the wrong side of the road!

    • Re:Legal issues? (Score:4, Informative)

      by nrlightfoot ( 607666 ) on Monday January 17, 2005 @04:54AM (#11383759) Homepage
      As far as I'm aware the law commonly cited as making internet gambling illegal in the US is dubiously applied to the internet, and not likely to stand up as covering internet gambling if tested in court. As far as I know there is no legal precedent for the legality of internet gambling. There are however, states which have blanket laws prohibiting any gambling, and then they make specific exeptions to the law for casinos and lotteries and such.

  • Filtering doesn't save incoming bandwidth (Score:4, Insightful)

    by A1kmm ( 218902 ) on Monday January 17, 2005 @04:16AM (#11383630)
    The bottleneck is probably bandwidth, not CPU. A network of drones can send traffic in the GBit/s range, and even if these packets are not replied to and the CPU and memory resources can cope, a lot of damage will still be caused.

    The only way to make this work is to block traffic at a site far enough back to cope with the level of traffic(and the size of botnets will only grow, so even a reasonably large network company could be knocked out).
    • The bottleneck is probably bandwidth, not CPU. A network of drones can send traffic in the GBit/s range, and even if these packets are not replied to and the CPU and memory resources can cope, a lot of damage will still be caused.

      The only way to make this work is to block traffic at a site far enough back to cope with the level of traffic(and the size of botnets will only grow, so even a reasonably large network company could be knocked out).

      If I were a gambling site (or a porn site for that matter), I'd
      • Except that many of the DDOS attacks take the form of continued HTTP requests to valid URLs. Given that you're still getting port 80/443 traffic passed across your site is still going to get taken out.

        If avoiding these DDOS attacks were easy they wouldn't be newsworthy. Unfortunately it's anything but a simple problem.

        • If avoiding these DDOS attacks were easy they wouldn't be newsworthy. Unfortunately it's anything but a simple problem.

          Exactly. If the internet provider is not willing or sufficiently capable of helping, then it is an impossible problem.

          You can't save the incoming bandwidth, because you don't know what a packet is until it has already consumed that bandwidth.

          Your upstream provider could help on a short term basis, but it would take a while (longer term) to implement something which works. In which case
    • "The only way to make this work is to block traffic at a site far enough back to cope with the level of traffic"

      And build a list of IP addresses to allow the botnets' ISPs to cut their accounts until they speak to someone about not being a Typhoid Mary.

      In fact, it's getting close to the time when we should be doing this.

  • NAT (Score:5, Interesting)

    by Underholdning ( 758194 ) on Monday January 17, 2005 @04:20AM (#11383639) Homepage Journal
    I wonder if the ISP's will continue selling solutions where the PC is connected directly to the internet. We've all seen the tests. It takes less than 5 minutes for a Windows PC to be taken over (or 0wned as they say). But - a simple router with NAT helps immensly. Would it help if the ISP's were forced to only sell internet access with at least a router?
    • But - a simple router with NAT helps immensly.

      You don't need NAT (and if/when IPv6 goes mainstream you won't want NAT). All you need is a connection tracking firewall.

    • Re:NAT (Score:4, Insightful)

      by ZorbaTHut ( 126196 ) on Monday January 17, 2005 @05:03AM (#11383784) Homepage
      Oh, yeah. That'd be great. Instead of having to squeeze the public services I want behind a single IP, I'd just be screwed. That's a real step up.

      Encouraged? Sure. Forced? I like having my open static IP, thanks.

      • Re:NAT (Score:3, Interesting)

        by bani ( 467531 )
        how about fines if your pc is found to be infected and participating in ddos?

        that would sure help encourage you to keep your pc clean.

        otherwise, nobody is going to bother lifting a finger protecting their windoze boxen. which is the situation now. and look at the results.
    • Would it help if the ISP's were forced to only sell internet access with at least a router?

      Ask MSN DSL users. The last time I checked they offered an Arescom modem [arescom.com] with nat enabled without the ability for the end user to configure it.

    • Re:NAT (Score:4, Interesting)

      by Anne Thwacks ( 531696 ) on Monday January 17, 2005 @05:40AM (#11383876)
      What would really help is Microsoft being forced to sell software that is reasonably fit for the purpose for which it is sold. I seem to recall they mention that Windows is meant for use with the internet - that surely implies that it ought not to be 0wned in 5 minutes.

      In the UK, and most probably Europe, it is a very serious offence to sell goods unfit for the purpose for which they are advertised.

      Lock them up and throw away the key. Mwa, ha, ha haaar!

      • ISPs (Score:3, Insightful)

        by gilesjuk ( 604902 )
        It should be part of your ISPs AUP that you take precautions to prevent your computer becoming infected. In fact I would suggest that it be made possible that you aren't allowed a net account unless you pay for anti-virus software as part of the signup process (if using Windows).

        Everyone I know who is using Windows is getting sick of all the viruses and junk, It tires me to hear about it and I'm now at the stage where I say "put up with it or let me install Linux". At some point the pain level will grow su
    • I wonder if the ISP's will continue selling solutions where the PC is connected directly to the internet. ...and will they be scalable enterprise solutions?
    • I always thought ISPs should at least be made to supply info on what a firewall, adware etc. is, and how to get the free apps (sygate etc) to combat it. I think that would help a lot.
    • NAT won't help at all. Most malware comes through mail, browser vulnerabilities or users that click on everthing without thinking (while logged in as admin of course). Besides, with forced NAT, people would start complaining that their favourite P2P or online game won't work.

  • Devils advocate... (Score:5, Insightful)

    by John Seminal ( 698722 ) on Monday January 17, 2005 @04:22AM (#11383647) Journal
    Many extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid.

    Okay, I understand that we're talking about gambling websites. But these same methods can be used to take down just about any website. Society makes the final call on what is legal and illegal. Some might say the hackers are using their ethics to take down a vice. But if that was the hackers goal, why ask for money? Second, the tax revenue gambling generates often goes to schools. By taking them down, it would seem harm is being done in unexpected places. Politicans are responsible for planning funding, and if a bubble bursts, the community is in trouble.

    Second, do we want one, or a small group of people, telling society what they can and can't do? What if a group of Jehova's Witnesses hackers decided to remove ALL porn off the web. People would freak out. One man's utopia is another mans hell.

    • Re:Devils advocate... (Score:4, Informative)

      by d1v1d3byz3r0 ( 758848 ) on Monday January 17, 2005 @04:30AM (#11383683)
      Gambling revenue, in this case, would not be going to schools as the revenue is not within states jurisdiction. To my knowledge, online gambling sites are illegal to be hosted in the states. So the money is going directly into the pockets of some guy with a Carribean bank account.
    • The reason these "hackers" are going after online casinos is simple. Their legality is shaky and they have little public sympathy. Essentially it's the same relationship as organized crime and bootleggers had during Prohibition in the US.
    • They're not going after the online casinos because they're opposed to vice - many of the extortionists appear to be Russian mafias, who are perfectly happy to have vice around as long as they get a piece of the action. They're going after the online casinos because they're cranking a lot of money, and they depend on the internet, and their internet connections are easily attacked, and the attacks are relatively untraceable.

      You're thinking about this as a US couch potato that believes that what your gover

  • Prevention? (Score:3, Interesting)

    by peasleer ( 806038 ) on Monday January 17, 2005 @04:28AM (#11383672) Journal
    I know Linux based servers have the ability to limit the amount of damage a DOS/DDOS can do. I do it with my server: run daemons as their own user and limit the amount of resources they can use, both CPU and memory. That way, the system may get bogged down, but will never suffer a complete failure from a DOS attack. I am curious as to why some larger sites like the gambling networks aren't using such preventative measures. Are they not effective against larger attacks?

    • Re:Prevention? (Score:3, Insightful)

      by gtoomey ( 528943 )
      Working out whats network traffic is valid becomes the issue. eg you cant easily differentiate between a valid http request and one from a zombie. If you thousands of requests/second then the site may be effectively unreachable.

    • Re:Prevention? (Score:5, Informative)

      by jwdb ( 526327 ) on Monday January 17, 2005 @06:01AM (#11383927)
      As someone stated in an earlier comment, the biggest problem is bandwidth. Your CPU may be able to handle the traffic, but when you've got a botnet spanning thousands of computers, sending you traffic in the Gb/sec range, even a serious backbone connection will begin to stutter.

      Jw

  • Hackers (Score:5, Insightful)

    by jnguy ( 683993 ) on Monday January 17, 2005 @04:31AM (#11383688) Homepage
    Why are a bunch of script kiddies being called hackers again?

    • Re:Hackers (Score:2, Insightful)

      by DingerX ( 847589 )
      I think the hacker line is a troll man. Just call script kiddies/crackers/wire defrauders/pirates "hackers" and you automatically generate 25 indignant posts on slashdot from folks like us who remember when hacking meant turning a spare cassette port into an audio device, and a 1200-baud touchscreen vector graphics terminal was a hotrod.

      Anyway, yeah, I'm surprised online gambling hasn't been hit earlier: here you have a huge industry that relies on a single technology for all its business, and is complet
  • Can't we finally cut the problem at its roots? And the roots are a criminally insecure poor-excuse-for-an-OS.

    If your car notoriously breaks causing harm to other users of the road, you won't get your car's paper prolonged. If a company keeps producing cars that damage other users of the roads, that company has to replace/fix all the cars sold. Now, tell me why exactly Microsoft can get away with selling software that's harmful for the community at large?
    • Well, Windows by itself is not harmful to anyone else other than its user. It's the criminals who break into a Windows computer and hijack it that's causing the harm.

      Taking your analogy further, it's a fact that some cars are easier to break into than others. Should Ford be held responsible because the Pinto has such a flimsy ignition lock that it's the preferred vehicle of bank robbers for stealing and using during robberies?

    • Because the Internet is not controlled and maintained by the government like the road system is. (Purposely, I might add, and with many benefits. If the government controlled the Internet it would be much different than it is today. It would probably suck.) That is why your analogy is flawed.

      The market must act as the force that keeps Microsoft honest. Why the market has not done so is an interesting question. My theory is that since Windows *is* the computer for most people, any problems with Micro

  • online poker (Score:3, Funny)

    by davids-world.com ( 551216 ) on Monday January 17, 2005 @05:15AM (#11383805) Homepage
    How sad.

    I fear this 'online poker' guy is getting attacked, too, in which case we would miss out on all the great spam comments in our blogs. Wouldn't that be a sad, sad world?

  • Legality and Cause (Score:5, Interesting)

    by robdavy ( 850571 ) on Monday January 17, 2005 @06:07AM (#11383939) Homepage
    Firstly, the legality issue is weird to me. I come from the UK were licensed gambling (be it online or in real life) is perfectly legal. I find it rather ammusing that a whole State would ban something like gambling. Anyway, people seem to think that the reason a site dies during a DDoS attack is CPU usage. It's not. It's not related to the servers at all (at least not in the case of big attacks) We were recently hit by a DDoS attack (don't ask) and we were having our 100mb uplink saturated. That's where the problem occured. Our 13 machines could cope with the requests - the pipe couldn't. Even if we went to a Gig uplink (which was considered), they'd simply saturate that. A few hundred compromised machines on DSL/Cable can easily do that. Scary stuff I must admit.
  • The only real way to combat DDoS through botnets is to go after the owners of the botnets... No, I'm not talking about the hackers that created or controls the botnets; taking one down only opens up a slot for someone else. No, I'm talking about the owners of the PC's that comprise the botnets. Making it a crime to participate in botnets, knowingly or not. Make people TURN OFF their PC's if they're not 200% certain they're patched and firewalled as much as possible, or face billion dollar fines and lengthy
    • No, I'm talking about the owners of the PC's that comprise the botnets. Making it a crime to participate in botnets, knowingly or not.

      That's ridiculous, If I'm running a fully secured and patched system, but I need to run a particular web facing service, and that service happens to have an undiscovered vulnerability in it, why should I be liable for it?

      A better car analogy would be making the driver liable if his car's breaks failed, it's just not fair. We can't expect everyone to be computer savy, it'
      • A car driver is liable if their brakes fail. This is why Third Party insurance is compulsory -- you can't be sued for money you haven't got.

        However, a technological solution might actually be better in this case. It's not like spam, which is meant for human beings and hard for a machine to determine accurately. DDoS attacks are just streams of packets. Threatening hanging and flogging only works against people who take notice of what you say and who you have a reasonable chance of catching. Nailing s

    • How about the ISPs (Score:3, Interesting)

      by phorm ( 591458 )
      I think a big probably is not only the "clueless users" as it were, but the ISPs who put them online. They advertise all the wonders of the modern internet (blazing speeds, media downloads, etc) with complete lack of reference to such problems.

      Some ISPs do offer firewall/antivirus services, though most I've seen either suck or cost an additional fee.

      But the thing is, it's probably not that difficult to tell if the users on your ISP are owned. And the ISP can disconnect those users until they are patche
  • Part of the problem these days is most virii involve smtp spam and trojan horse bot's - both of which your average punter can live with and won't notice. What I'd like to see is more viruses of the smoke your hardrive and blow up your monitor kind. People would be damn careful about popups, AV products and firewalls if this were the case.

  • Zzz's Casino (Score:4, Funny)

    by offpath3 ( 604739 ) <offpath4@ya h o o . c o .jp> on Monday January 17, 2005 @07:34AM (#11384136)
    You can see them going alphabetically through the list with the gambling sites, trying one after another.

    We here at Zzz's Casino guarantee no interuption to our service due to DDoS attacks.

  • Alternative Theory (Score:5, Interesting)

    by Salamander ( 33735 ) <jeff@ p l . a t y p.us> on Monday January 17, 2005 @08:32AM (#11384242) Homepage Journal

    On my website 90% of the comment spam was from online poker sites. That added up to hundreds of messages per day that I had to delete, and I know many others had similar experiences. I know I was thinking that they deserve a lesson, and maybe some folks decided to teach them one. While I don't necessarily approve of the method, I fully understand the impulse. Many online gambling sites are run by pricks; I won't shed a tear for them and their self-inflicted troubles any more than I would for the RIAA/MPAA.

  • Give me a break... (Score:2, Informative)

    by t0mass ( 789381 )
    Since when DDoS attacks are considered as hacking?
    Every idiot with internet access can make a DoS attack, and not everyone with access is a hacker.

  • Hate It (Score:3, Insightful)

    by CypherXero ( 798440 ) on Monday January 17, 2005 @08:58AM (#11384314) Homepage
    I've gotten SO MUCH spam on my blog and via e-mail about online poker, that I HATE poker now, and I've never even played it. If the gambling sites are worried about DDoS, tell those bastards to stop pissing off the rest of the world.

Slashdot Top Deals

Kleeneness is next to Godelness.

Close