[Noisebridge-discuss] I am really disappointed with certain members of noisebridge

Christie Dudley longobord at gmail.com
Fri Oct 30 22:08:51 UTC 2009


Actually, the correct term for this is DoS attack.  DoS attacks are
significantly different than DDoS attacs in that they originate from one or
two machines.  There is no "distributed" part.  This is more than semantics
because a DDoS attack circumvents bandwidth limitations, as well as
processor limitations on a single machine.  It also evades firewall rules
that you'd put in place to stop it, not to mention obscuring the true origin
of the attack.  It's a clear and deliberate malicious intent that cannot be
construed any other way.

A DoS, on the other hand can result from many things other than malicious
intent.  Bad code (loops, etc) is the first thing that comes to mind.
Ballot stuffing, obviously, can be another.  It strikes me as very odd that
you don't have a firewall that would catch such things.  Requests coming in
so fast they impair services should be caught at the firewall and never even
reach your server.  In light of this, I'd strongly recommend you have your
security folks look into that.  I have no doubt that although this may be
the first experience of ballot stuffing, it won't be your last.

I certainly hope none of us knowledgeable folks here would be so silly as to
try a real DDoS.  Then again, we're not script kiddies who sit around
wrangling botnets all day.

Christie
---
Why I take the road less traveled?  Oh, that's easy.  I'm claustrophobic.


On Fri, Oct 30, 2009 at 2:51 PM, Ian <ian at slumbrparty.com> wrote:

> I'm sorry for categorizing it as a DDOS attack where n=2. I should
> have said attempted DDOS attack. Voting 35k times in an hour is
> abnormal behavior on most of our forums, especially one with a total
> of around 50 votes. i'm sure you have seen much better DDOS attacks
> taking down sites much larger than uservoice.
>
> When I talked about legal action, it wasnt a threat coming from me. I
> was relaying what other people were saying. I was trying to resolve
> this so it didnt escalate to anything else. I'm sorry you feel that I
> was trying to scare anyone.
>
> Maybe someone with more skill in computers such as yourself could have
> saw the difference between what happened and malicious intent, but
> unfortunately, i am not and had to make sure via other means. in the
> future, i will make sure not to apply for a computer related job at a
> company you owned.
>
> ian
>
> On Fri, Oct 30, 2009 at 2:44 PM, Crutcher Dunnavant <crutcher at gmail.com>
> wrote:
> > Ian, you're being an ass.
> > No matter how much you "appreciate" Leif coming forward, you walked into
> > this with the threat of Legal Action for something that was obviously not
> a
> > DDOS attack.
> > If you can't tell the difference between this and malicious intent, maybe
> > you shouldn't work with computers.
> >
> > On Fri, Oct 30, 2009 at 2:41 PM, Ian <ian at slumbrparty.com> wrote:
> >>
> >> Leif,
> >>
> >> Thanks for coming forward to say this. You are right in that it is
> >> possible to do the aforementioned curl voting anonymously. We made a
> >> design decision to allow anonymous voting to lower the barrier for
> >> participation. We have fraud detection counter measures to take care
> >> of those situations. You did not cause any damage, but we were more
> >> concerned with the intent. It was unclear to us whether it was people
> >> playing around or someone with malicious intent. if it was not the
> >> latter, then we are okay with people exploring the system.
> >>
> >> I really appreciate you talking about this on the list.
> >>
> >> Thanks,
> >>
> >> Ian
> >>
> >> On Fri, Oct 30, 2009 at 2:30 PM, Leif Ryge <leif at synthesize.us> wrote:
> >> > Ian,
> >> >
> >> > First and foremost, I offer you my sincere apology and my promise that
> I
> >> > personally will not (mis)use your company's service again.
> >> >
> >> > I was the one who pointed out last night that people could run
> >> > curl -d to=3 http://some-uservoice-url/votes
> >> > to vote for something, and that without cookies, they could keep
> voting.
> >> >
> >> > I would characterize this as harmless ballot-stuffing, rather than a
> >> > DDOS,
> >> > but I understand that if it got out of hand it could certainly have
> the
> >> > effect of a DOS. I am very glad to hear it didn't take the site down.
> >> > Taking
> >> > the site down was certainly nobody's intent; the intent was simply to
> >> > get a
> >> > lot of votes on a single item, to demonstrate why voting on things
> with
> >> > a
> >> > tool like this doesn't make any sense for a group like ours.
> >> >
> >> > I personally only sent a few hundred http requests, and in light of
> your
> >> > company's stated interest in legal action (which I think is entirely
> >> > unwarranted given that the whole thing was apparently a few thousand
> >> > http
> >> > requests from a single location) I will not help determine who else
> sent
> >> > more. Obviously, like most things at noisebridge, this was in no way
> an
> >> > action of the organization and was only the action of a few
> individuals.
> >> >
> >> > I regret the strife that this caused you, and hope you can accept my
> >> > apology.
> >> >
> >> > ~leif
> >> >
> >> > Ian wrote:
> >> >>
> >> >> last night, there was an attempted DDOS on the noisebridge forum from
> >> >> 75.101.62.89 and 75.101.62.88. yes. those are both noisebridge IPs.
> >> >> they submitted around 35,000 votes to the forum and could have taken
> >> >> the entire uservoice site down.
> >> >>
> >> >> i have no problem with people voicing their concerns on the mailing
> >> >> list, but to do something destructive and illegal using noisebridge
> >> >> equipment against a company that one of its members works for simply
> >> >> because you didnt agree with its usage is beyond pathetic. rubin, for
> >> >> future reference, even though you may not mean anything destructive
> or
> >> >> personal with your "abrasive" (as you put it in your personal apology
> >> >> to me) comments on the list, other, weaker people on the list who are
> >> >> followers will take them in a different way.
> >> >>
> >> >> i tried to not censor anyone on the feedback forum and accommodate
> >> >> everyone and tried to play the role of strictly the forum admin. one
> >> >> of our staff deleted the suggestion about trying to get root on our
> >> >> site because, well, they simply viewed it as a threat against
> >> >> uservoice. i assured them finding security flaws was legitimate and
> >> >> will even benefit us. then they pointed to the suggestions about
> >> >> disparaging uservoice and my comment facilitating that. then again i
> >> >> reassured them i was only being the site administrator and that we
> >> >> shouldnt censor people who use our product even if their suggestions
> >> >> could hurt our business. the bottom line is i put my neck out to try
> >> >> to provide noisebridge with something that i thought would be useful
> >> >> and this is the thanks i get.
> >> >>
> >> >> aside from my current situation with the company, uservoice is
> talking
> >> >> about taking legal action against noisebridge for the DDOS attack. i
> >> >> have begged them to allow me to solve this without legal
> intervention.
> >> >> i ask that the people who were responsible name themselves and
> >> >> separate them from the rest of noisebridge. if you identify yourself,
> >> >> explain and apologize for your actions, i think i can convince the
> >> >> rest of uservoice to move past this.
> >> >>
> >> >> ian
> >> >> _______________________________________________
> >> >> Noisebridge-discuss mailing list
> >> >> Noisebridge-discuss at lists.noisebridge.net
> >> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >> >
> >> >
> >> _______________________________________________
> >> Noisebridge-discuss mailing list
> >> Noisebridge-discuss at lists.noisebridge.net
> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
> >
> >
> > --
> > Crutcher Dunnavant <crutcher at gmail.com>
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091030/6206d0a3/attachment-0003.html>


More information about the Noisebridge-discuss mailing list