Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
In reply to the discussion: Right wing cyber attacks on Healthcare.gov website confirmed [View all]jtuck004
(15,882 posts)95. Sigh. Does nobody read anything for themselves any longer?
So we will keep it simple...
Because a legitimate request is just that - a tcp/ip request, a syn flag that starts the conversation. What is the problem with that? Do you think there is some evil magic smoke in there that's going to dust the software? Understand - that packet is 1s and 0s in a predetermined sequence as prescribed by RFCs. If if varies, it is detectable. When it isn't detected, that is a failure of a human to do their job, or something that hasn't been discovered yet (which happens, but just because it is discovered doesn't mean it was tried or successful). It's not magic.
Also know that there's probably not a single machine under that single server - it's all virtual, created in software, like the other 50 servers on that box, all running under (over) a main server that actually is on the hardware, right? And the whole network they are on doesn't exist except in software. And ALL of that exists behind management and routing hardware and software which takes care of all the packet checking, etc, before it even considers sending on to the virtual network. And ALL of it exists separately and apart from the Internet.
So when that hardware, or software, or management system, or whatever, gets what appears to be a properly formed packet, it opens a session, it gets a packet with a SYN flag but the sender address is forged (one type of DDOS attack), followed by many, many more. The server tries to answer the first few, but there is no answer, and it waits...but as soon as the security software senses the delay it starts looking for just such an attack, (it really is old school, but still used) and routes those packets off the network so they never get to the server. The impact is trivial, and likely has already been addressed by the time you quit thinking about what you were going to have for dinner and realized there was a problem (assuming you are sitting at the console). The job for humans comes after, in documenting, collecting evidence, etc.
So then it gets a packet, opens a session, gets a packet with a SYN flag, but something is different, it's legitimate, and is forwarded to the the server. It establishes it's handshake and serves up the page. Woohoo, Houston, we are ready for launch, And here comes a few hundred more, and then a few thousand.
On a properly designed web site that just means new machines (remember, they are all software), so they start "spinning up" to handle the demand of legitimate requests. And when the requests drop off, so do the machines.
I was just listening to a webcast where they described one of the Amazon services as accepting 14,000 i/o requests a second. How fast you think bubba can send his ddos attack? Think he or she has control of 14,000 machines? Doubt it, but just for arguments sake, let's say yes. Okay, there goes 3-4 seconds. What's next? And if some moron tries to send 14,000 requests from one machine, how many seconds do you think it will be until we figure it out? 2? 3?. The lines on the detection system monitor will be bright red by the time you can look up from your comic book.
If, as you said, it is "indistinguishable from legitimate page requests" then it IS a legitimate request. If it is an attack, it will be formed differently - some 1s and 0s will be in places they should not be - and that is detectable. If the source is forged, the detection will be that there are too many unanswered tcp handshakes, and the response will be appropriate. WHAT they are attacking may change, as new vulnerabilities are seen all the time as new software appears, but in a well-designed system at the level of the government, with thousands of some of the best security people in the world at the controls and gates, the odds of such an attack even getting to it's target is quite small, and actually causing a disruption even less so.
We are really, really good at this as a country. On your WIndows box, or even Linux or Mac, it's simply a different world. At your local ISP, unless it is in a really big data center like IBM's, or maybe RackSpace, or AWS, the odds are somewhere in between. Game players face this problem, because the servers that provide their service are not protected as well, so such an attack (as well as others) has more chance of succeeding. Amazon Web Services is an even higher level, but the use a shared security responsibility model, so you can actually put up a server that has a security issue which it is your responsibility to take care of - and if you don't, it could cost you, and potentially others.
In a government site the entire network is behind a classified network that allows packets onto it, and the technology that protects it is truly amazing. The odds of any such event happening are pretty small, and the silly, amateurish actions being described in the article above are almost trivial compared to what they face every day - say from a few million IP addresses in China used by computer scientists being paid by ??? to get what they can. Or a dedicated radical (not necessarily out of the country) out to kill as many as possible with software placed in a strategic area.
How healthcare.gov is set up is anyone's guess, but why would they leave it open to attacks that we prevent on a daily basis? The simple answer without other evidence to the contrary: it's not. The problems with the site are how it was designed and implemented, and lay at the feet of the project management and who they work for.
Which is why they brought in more help, like the guy who contributed to Obama's campaign. It's the design of the site, not jim bob renaming some worthless piece of crap script just so he can get a bunch of unformed people jumping up and down like meerkats with seizures.
Go read some man pages on TCP/IP, some sites about tcpdump and attacks - hell, just google it and you will see how humorous all this really is.
Edit history
Please sign in to view edit histories.
117 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
RecommendedHighlight replies with 5 or more recommendations
Exactly, it is RW terrorism, it may not be directly violent, but IMO it is terrorism. Also,
RKP5637
Nov 2013
#28
I definitely think so ... it's inciting terror. To me, terror can be physical, violent and/or
RKP5637
Nov 2013
#36
When people see it, they'll want Medicare for All, not the Repuke status quo n/t
eridani
Nov 2013
#4
It's not a complete failure. There are a lot of people who are getting affordable
LuvNewcastle
Nov 2013
#6
Maybe. They are still busting people for using the "anonymous" LOIC against Mastercard, Visa etc
seveneyes
Nov 2013
#41
It's not only proveable, but recordable and traceable. Easily, with the capability of
jtuck004
Nov 2013
#13
Actually, it would make it to the site and impact the site. That's where it is discoverable.
Coyotl
Nov 2013
#42
If it was a Distributed Denial of Service Attack using hijacked computers it can be very hard
PoliticAverse
Nov 2013
#49
Actually it wouldn't "make it to the site" and neither do the thousands of attacks that happen every
jtuck004
Nov 2013
#57
The DoS attack software is being mass distributed, so the requests come in from Anywhere, USA
Coyotl
Nov 2013
#58
Ok, you can think what you want, but on a modern system the attacks aren't directed at the
jtuck004
Nov 2013
#65
When you interact with another computer online, it is a web server. I have a web server.
Coyotl
Nov 2013
#67
Like I said, think what you want. But that doesn't explain the thousands of security people
jtuck004
Nov 2013
#72
Exactly. None of these people understand the scope of what goes on out there, nor do they
jtuck004
Nov 2013
#96
Awww, I'm just irritated by the whole thing. Bunches of people seem to want to grasp at anything and
jtuck004
Nov 2013
#109
The problem is that OUR side doesnt control the NSA or anything related to the Patriot Act. nm
rhett o rick
Nov 2013
#43
The Director of the NSA is approved by the President. And enforcement of the Patriot Act is
PoliticAverse
Nov 2013
#53
By law that's true. IMO the spy agencies have more power than the President.
rhett o rick
Nov 2013
#54
What a waste of time, for more than one reason. First, you can't put a computer on the Internet
jtuck004
Nov 2013
#12
I wonder if a U.S. Attorney will hound the hackers until they are driven to suicide
vt_native
Nov 2013
#19
lol. you really did make me laugh out loud. I tried visiting FR maybe twice… it hurt my eyes.
KittyWampus
Nov 2013
#46
Sic the NSA on them. One would think they could track them right down to their loony fingertips
RKP5637
Nov 2013
#37
The NSA has a completely different agenda and they dont work for the President. nm
rhett o rick
Nov 2013
#55
Publicizing denial of service attacks is a mixed bag, it can ecourage more and make things worse.
PoliticAverse
Nov 2013
#51
I don't know many of the details yet (no time to digest them at the moment) but
deutsey
Nov 2013
#63
COOOOOOOOME OOON, Why is this not at the top of every news paper and every news segment?
Firebrand Gary
Nov 2013
#99
Might it be possible it's not "true" in the sense that it's not "true"?
cherokeeprogressive
Nov 2013
#100
Reminds me of the IRS Scandal when the Tea Party AND Progressive groups were flagged for
SleeplessinSoCal
Nov 2013
#106
Seriously? There are conservatives that are smart enough to run a cyber attack???
Amimnoch
Nov 2013
#107