In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Tue, 30 May 2006 17:16:36 +0100
<3612751.nMXno1sygV@xxxxxxxxxxxxxxx>:
> __/ [ The Ghost In The Machine ] on Tuesday 30 May 2006 17:00 \__
>
>> In comp.os.linux.advocacy, Roy Schestowitz
>> <newsgroups@xxxxxxxxxxxxxxx>
>> wrote
>> on Tue, 30 May 2006 14:18:30 +0100
>> <1596075.B5JVvugIPQ@xxxxxxxxxxxxxxx>:
>>> __/ [ Linonut ] on Tuesday 30 May 2006 13:01 \__
>>>
>>>> Got this message in a console Window while running Abiword:
>>>>
>>>> Dashboard: Sending cluepacket...
>>>>
>>>> I thought it was funny.
>>>>
>>>> I tried sending a cluepacket to Erik, but it came back:
>>>>
>>>> Dashboard: connect: Connection refused
>>>
>>> That's the status you will typically get when the server is overwhelmed in
>>> the midst of DDOS attacks. The Windows zombies must be attacking
>>> Funkenbusch.com again... which provides a clue.
>>
>> Well, it's apparently up at the moment and
>> it's a...(drum roll)...Apache 2.0.54!
>>
>> (Erm, anyone see a slight incongruity there?)
>>
>> Then again, it may not be the same guy. Does Erik live in Minnesota?
>
> I pointed out this 'Apacheness' to him.
> That was quite some time ago. Yes,
> he's a Webmaster somewhere in that area,
> probably at some academic institute, to be precise.
> This explains why he knows commercial CMS's and
> jumps at any opportunity to rave about them.
>
> Anyhoo... even Apache cannot save you from Windows
> zombies. It can cope with /more/ of them, but they
> cannot be defeated.
I wouldn't expect Apache to. It's a bit like the Dutch
boy with his finger in the dyke -- as the dyke completely
fails. (Hope he can swim in that case. :-) ) Doesn't
matter if said kid is a nice robust kid with muscles to
shame a Russian weightlifter, or a poor skinny sort who
falls over when someone even threatens to sneeze on him;
both get swept away if the flood behind the barrier is
big enough.
For a nastier example, I can point to the US example of
Lake Ponchetrain and New Orleans' levee system, which
isn't looking very new at the moment. :-/
> UIP's are too diverse for filtering because they are
> controlled remotely, by proxy.
Erm..."UIP"? Best I can come up with is "User Interface
Program", or perhaps "Unusual Internet Poundings". :-)
(And regrettably they don't look so unusual to me.)
> I was a sufferer
> myself on several occasions... here's a small sample
> that I could gather by filtering by the keyword 'zombie'...
>
> http://schestowitz.com/Weblog/archives/2005/11/13/zombies-home/
> http://schestowitz.com/Weblog/archives/2005/10/29/microsoft-zombies/
> http://schestowitz.com/Weblog/archives/2005/10/17/under-attack-again/
> http://schestowitz.com/Weblog/archives/2005/10/15/aftermath-attack/
> http://schestowitz.com/Weblog/archives/2005/10/13/windows-attacks-web/
> http://schestowitz.com/Weblog/archives/2005/10/13/zombie-attack/
Ew. Good luck.
I wish there were a nice way for you to charge the virus
writer for the wasted bandwidth. :-) Best I can do here
perhaps is find a good lawyer -- and locate the originator
of the worm(s)/virus(es)/malware. The first should be easy
enough (for the right price), but I can't say regarding
the second.
Of course suing Microsoft might also work, since they
created conditions allowing the worm(s) to spread in the
first place. (A bit like a restaurant cooking bad food
because someone didn't bother to clean the place.)
The "dynamite monkey" is cute, and reminds me of
SNL's Happy Fun Ball:
http://en.wikipedia.org/wiki/Happy_Fun_Ball
>
> It's not just DDOS attacks that zombies are used for to bang on Linux
> servers.
>
> http://schestowitz.com/Weblog/archives/2006/03/01/spam-varieties/
I get a bit o' spam myself -- nothing horribly special.
Since I use mailx/fetchmail I'm perfectly safe, although
Earthlink might not be; I don't know since I'm not all
that familiar with their internal infrastructure regarding
Email reception.
--
#191, ewill3@xxxxxxxxxxxxx
Windows Vista. Because it's time to refresh your hardware. Trust us.
|
|
