Playstation Network's been down a while...

[Dark Jaguar]

<img src="http://art.penny-arcade.com/photos/1261596481_3Fw2MnJ-L.jpg">

Sony's official announcement is some hacker or another is responsible. Well, dandy. I mean I'll give them some credit here, it may be a concerted effort. The internet is full of these sorts so I wouldn't put it past some of them to come up with something pretty dastardly. Still, a major company should be able to defeat just about any hack job fairly easily with a combination of solid server backups, cutting off the responsible IP addresses, and... that's it actually. Did they not do a backup? Usually any company that values up-time could deal with this sort of annoyance within hours, not days.

[lazyfatbum]

and they said it couldn't be done. This is what happens when you make a system that HAS NO GAMES.

[EdenMaster]

PS3 is relevant? When did that happen?

[A Black Falcon]

I wonder what actually happened, it's apparently been down for several days now, and yeah, a major company like Sony really should have better security than this, if it actually was hackers... and if it wasn't, who knows what happened but it's bad.

[etoven]

Network security is pritty tricky sometimes.. For example they could be under a DOS attack in which case banning IP's does very little good.. Pretty much waiting out the storm in your only option. Plus if you ban to many IP's the firewall cant handle all the 'kill' packets which is a issue in itself.. Plus it could be a simple matter of their DMZ caught fire and now they have to wait 5 days for a new one to be rush ordered and configured. That's one of the reasons I like Cisco so much, you can basically build a device image and dump that config on a replacement part in about 5 minutes, which is great for minimizing down time.. The only real work is just physically hooking the thing up..

I say don't be so quick to judge, some hackers can really inflect damning damage to a network, and recovery can be slow.

[Dark Jaguar]

DOS attacks... how old school... Do we seriously not have a decent defense to this yet? One would think just reassigning the IP address quickly or setting up a backup network would do the trick. Seriously though, how can some small group's computers possibly overwhelm a massive network's system, even with a DOS attack? One would think no matter how much they try, the number of simultaneous connections they could muster would pale in comparison to what Sony's routers could handle and deny. I mean, how about something as simple as refusing to even open a connection with any IP address that makes a certain number of failed connection attempts in a specific amount of time?

[etoven]

DOS attacks... how old school... Do we seriously not have a decent defense to this yet? One would think just reassigning the IP address quickly or setting up a backup network would do the trick. Seriously though, how can some small group's computers possibly overwhelm a massive network's system, even with a DOS attack? One would think no matter how much they try, the number of simultaneous connections they could muster would pale in comparison to what Sony's routers could handle and deny. I mean, how about something as simple as refusing to even open a connection with any IP address that makes a certain number of failed connection attempts in a specific amount of time?

Most modern DOS attacks come from BOTNets which are made up of millions and millions of zombie computers.. So where are not talking about a small group here. And a backup network, while it's a good idea, really isn't feasible.. You might be able reassign DNS so the playstations look for service at a different IP, but playstation wouldn't be able to change their ip all that easily, it would require a change from there telcom provider.. One option is to have a backup network ready to go from a supernet of IP addresses but even still that dosn't stop the attack on the existing network.

[etoven]

One thing I forgot to add.. Gateways can't simply ignore a packet.. It dosn't work that way.. Here's how a DOS works...

A normal connection is made in three packets..
Client --> SYN (Send Request)
Server --> SYN ACK (Send Request Acknowledge)
Client --> ACK (Send Request Acknowledge Acknowledge)
-- Connection is now open..

A DOS attack works like this
Client --> SYN
Server --> SYN ACK
Client --> Does nothing
-- Connection is in limbo consuming router resources

Now to deny a request
Client --> SYN
Server --> KILL Packet
-- Connection is dropped..

Now if you try this...
Client --> SYN
Server --> Does nothing...

Then TCP waits for a time out and request that the conversation be retransmitted.. No help there.. Remember TCP automatically provides for error correction and delivery confirmation.

[Dark Jaguar]

Millions? Really? How do you get MILLIONS of computers infected with the same virus under one person's control? That really sounds like a lot. I'd believe thousands, and that's enough to take down, say, a church web site or something, but to suggest the population of an entire city or small nation would be at the beck and call of one hacker? That's a bit hard to swallow.

At any rate, I forgot to mention something. Some DDOS attacks have been happening for the past few weeks, which took down Sony's network but it was back up in a matter of a couple of hours. This seems like something completely different.

[lazyfatbum]

Protip: it was 4chan and a collective effort.

[etoven]

Millions? Really? How do you get MILLIONS of computers infected with the same virus under one person's control? That really sounds like a lot. I'd believe thousands, and that's enough to take down, say, a church web site or something, but to suggest the population of an entire city or small nation would be at the beck and call of one hacker? That's a bit hard to swallow.

At any rate, I forgot to mention something. Some DDOS attacks have been happening for the past few weeks, which took down Sony's network but it was back up in a matter of a couple of hours. This seems like something completely different.

You get millions because most hackers use BOTnets.. These are already pre-established networks of zombie computers that the hacker community shares. For example Microsoft once got hit by a BotNet community of over 4 million computers.

[A Black Falcon]

Yeah, infecting people's computers is easier than ever now... you don't even need to download anything, just viewing an infected webpage, or ad banner, can do the trick...

[Dark Jaguar]

I don't know what a 4chan is.

Anyway, most of those bot nets are only in the thousands. Anything as concerted as millions is probably the work of a concerted professional (read: not basement hacker) effort. One thing's for sure, no DDOS attack is ever going to take down a distributed computing giant in the cloud like Google. Sony's network isn't that big, but the recent DDOS attacks haven't taken it down for more than a couple hours at a time. This really doesn't seem like that, and I don't think any government agency or criminal organization (the only ones that'd have MILLIONS of sleeper computers at their disposal) is going to have it in for Sony.

Sony's official announcement is they are taking down their systems for upgrades against the recent attacks. A little late to say that though...

ABF, you're a little confused. Every single thing you ever view, every single page, every single "stream", is a download. "Viewing a page" can trigger a download through an exploit, I think that's what you mean, and while it's possible, today's browsers are more secure than ever against that sort of thing. The majority of virus infections are the result of outdated software, such as people running Windows 98 and using Internet Explorer 5. In other words, I bet a lot of these bot nets are to be found in retirement homes.

[etoven]

The Dutch police found a 1.5 million node botnet<sup class="reference" id="cite_ref-2">[3]</sup> and the Norwegian ISP Telenor disbanded a 10,000-node botnet.<sup class="reference" id="cite_ref-3">[4]</sup> In July 2010, the FBI arrested a 23-year old Slovenian held responsible for the malicious software that integrated an estimated 12 million computers into a botnet.

Source: http://en.wikipedia.org/wiki/Botnet

Those are some pretty packed retirement homes DJ..

On Saturday, Google Bangladesh appeared to have been hacked. When some users went to the Google site, they saw a message from the TiGER-M@TE hacker group that the site was taken over.It looked like this:



Reports came in at the Google Webmaster Help forum where we learned the issue was around DNS servers being taken over and some users who replied on those DNS servers were being taken from Google.com.bd to this hacked version.

The DNS server was restored soon later and Google returned for these Bangladesh searchers.

Google itself was not hacked, it was the servers that controlled where users went when they typed in google.com.bd that was hacked.


Source: http://www.seroundtable.com/google-bangl...12773.html

Again.. Your not as safe as you think..

[Dark Jaguar]

Your second link has nothing to do with DDOS. I'm saying that this attack couldn't have been DDOS because that's just a lockout attempt, one which, as we've established, Sony can take care of in a few hours. That's kinda what this has all been about. DDOS can't do that on that scale. Also, who cares about some small time Bangladesh google? The article you quoted ends with "google itself was not hacked".

I really don't see how any of that has anything to do with what happened to Sony.

Here's their latest by the way:

http://arstechnica.com/gaming/news/2011/...comments=1

It wasn't a DDOS attack. It was some sort of direct intrusion which "compromised" just about every data anyone's ever put on that service. Before Weltall can joke, that's 70 million users world wide. If you'll excuse me, I've got some things to take care of. Fortunately I always put fake addresses and things in online forms, so that's still good.

[EdenMaster]

If you'll excuse me, I've got some things to take care of. Fortunately I always put fake addresses and things in online forms, so that's still good.

Because the next step is to carefully and systematically attack all 70 million people in order

[Great Rumbler]

Fortunately I always put fake addresses and things in online forms, so that's still good.

Doesn't really help if you put in your credit/debit card information.

[Dark Jaguar]

That's true. There are other ways to deal with that though, which have already been set in motion.

[etoven]

Doesn't really help if you put in your credit/debit card information.

Epically since banking protocols can be used to retrieve personal information about the the account holder, such as their name and address.

Your second link has nothing to do with DDOS. I'm saying that this attack couldn't have been DDOS because that's just a lockout attempt, one which, as we've established, Sony can take care of in a few hours.

Your right DJ.. all that random stuff you posted you know nothing about is 100% correct.. Never mind that I graduated top of my class with a degree in network security from one of the most respected institutes in the country. I guess I'll take my silver valedictorian plaque, all 42 of my deans list awards, and my IT manager job, and just shove it in the trash.. I guess I'll just go work at burger king.

[Great Rumbler]

Oh yeah? Well, DJ is...is...err...actually, we don't know much of anything about DJ, other than the fact that he lives in Tulsa.

[etoven]

"My slow decent into madness is just like corn.. It makes no sense, just like this post." ~Me

[A Black Falcon]

I don't know what a 4chan is.

Anyway, most of those bot nets are only in the thousands. Anything as concerted as millions is probably the work of a concerted professional (read: not basement hacker) effort. One thing's for sure, no DDOS attack is ever going to take down a distributed computing giant in the cloud like Google. Sony's network isn't that big, but the recent DDOS attacks haven't taken it down for more than a couple hours at a time. This really doesn't seem like that, and I don't think any government agency or criminal organization (the only ones that'd have MILLIONS of sleeper computers at their disposal) is going to have it in for Sony.

Sony's official announcement is they are taking down their systems for upgrades against the recent attacks. A little late to say that though...

ABF, you're a little confused. Every single thing you ever view, every single page, every single "stream", is a download. "Viewing a page" can trigger a download through an exploit, I think that's what you mean, and while it's possible, today's browsers are more secure than ever against that sort of thing. The majority of virus infections are the result of outdated software, such as people running Windows 98 and using Internet Explorer 5. In other words, I bet a lot of these bot nets are to be found in retirement homes.

You significantly underestimate how easy it is these days to infect a computer, or how many computers are infected with these things.

And no, infecting computers these days doesn't require crude methods like getting people to actually download, or even click on, anything. You can easily infect a computer through things like infected Javascript -- you don't click on anything of actually download any files, it just infects you when you view the page, or ad.

But yeah, you think it's only thousands, DJ? No, botnets number in the millions. And add to that the number of computers infected with lesser viruses/rootkits/etc. that "only" are there to inject spam ads, fake antivirus programs, and search redirect, I imagine that number is higher. Much higher.

Again.. Your not as safe as you think...

Indeed. I've gotten a computer infection or two within the past year (major pains to get rid of! And yes, I had a virus scanner running, and a firewall too I think. Didn't help.), and never from downloading anything... I think infected ads were the culprit, which is why now I'm using Adblock. I don't want to use it, I have no problem with ads when they're safe (websites have to make money somehow), but after two infections almost certainly due from infected ads in under a year, I have to block them.

[etoven]

ABF is correct..
Many viruses don't involve a download..

For example several types of malicious websites compromise the RPC service running on windows machines with a simple buffer underflow attack. I once saw a packet tracer log that showed RPC being compromised in just three malformed packets! Once compromised the RPC service can be used to remotely execute commands on the host computer.

[A Black Falcon]

Yeah. it's very frustrating, but right now the badguys seem to be way, way ahead, anti-virus/rootkit/hacking/etc things just aren't keeping up, it seems.

[A Black Falcon]

SOE recently learned that their databases were compromised too, so this applies to people playing Sony MMOs too, not just consoles...