From nobody@FreeBSD.org Fri Sep 20 06:18:28 2002 Return-Path: Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE27337B401 for ; Fri, 20 Sep 2002 06:18:28 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77B0243E6E for ; Fri, 20 Sep 2002 06:18:28 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g8KDIS7R055201 for ; Fri, 20 Sep 2002 06:18:28 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.6/8.12.6/Submit) id g8KDISU1055200; Fri, 20 Sep 2002 06:18:28 -0700 (PDT) Message-Id: <200209201318.g8KDISU1055200@www.freebsd.org> Date: Fri, 20 Sep 2002 06:18:28 -0700 (PDT) From: Hiten Pandya To: freebsd-gnats-submit@FreeBSD.org Subject: The Slashdot Effect: A new form of terrorism. X-Send-Pr-Version: www-1.0 >Number: 43035 >Category: junk >Synopsis: The Slashdot Effect: A new form of terrorism. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 20 06:20:27 PDT 2002 >Closed-Date: Fri Sep 20 06:33:45 PDT 2002 >Last-Modified: Fri Sep 20 23:35:29 PDT 2002 >Originator: Hiten Pandya >Release: brokenleg FreeBSD 4.6 >Organization: Assholes, Inc >Environment: I want to break my leg! >Description: As an assistant member of the security team of a large fortune 500 company, I have discovered a new form of terrorism stemming from the deepest underground of the Internet. A site catering to hackers, communists and anti-Americans called Slashdot.org has created a new type of denial-of-service attack known as 'the Slashdot effect'. This attack has been used against what are seen as the enemies of the 'Open source movement' which include many large American companies such as Microsoft as well as many American media companies such as Time-Warner-AOL. The Slashdot Effect could have a potentially crippling effect on the American computer industry and I feel it is justified to offer my own advice on this problem. What is the Slashdot Effect? The Slashdot Effect (also known as Slashdotting) is a new form of denial-of-service attack stemming from the site Slashdot.org. Once they find a 'target' (whether it be a large media company or small personal homepage) the URL of the site is posted on the front page of Slashdot.org. Members of this site attempt as quickly as they can to follow these links and overload the target server. This causes the 'target' website to slow to a grinding halt before going offline. It can sometimes take days or even weeks for the site to recover from such a surge of traffic, and often the servers can be damaged beyond repair (that is, they cannot be fixed with a simple defrag!). Who is normally the target of the Slashdot Effect and how is it done? Many American companies have already been attacked by the Slashdot Effect. Targets often include news sites such as the New York Times as well as well as large American companies such as Intel. Sites that criticize the open-source movement are a prime target. For example, lets say an American media website such as the London Times does a review of a little known operating system known as Linux. Linux is an operating system developed by a hacker from communist Finland, which is based on code stolen from an American operating system known as Unix. It was created in cooperation with a communist group known as g.n.u. (Which stands for Glorified Novelty Unix) and is generally unusable by non-hackers. Obviously since it is such an archaic and unstable operating system compared to those made by American companies such as Microsoft it would get a bad review on the London Times. Once a Slashdot member discovers this honest review the URL would be posted on the front page of Slashdot.o rg. A flood of users would follow the link to the site and bring the server to a grinding halt. Since most of these users are terrorists they would probably have ads disabled using European hacking software. This would mean a potential loss of thousands of dollars worth of ad revenue. To top it off, members of Slashdot.org often plagiarize the articles and post it on illegal mirrors, furthering the loss of ad revenue. Members of Slashdot are rewarded for plagiarizing in the form of 'Karma', a form of hacker currency, on Slashdot.org. What can I do to avoid the Slashdot Effect and how would I deal with it if it happened? The easiest way to avoid the Slashdot effect is to refrain from posting anything about any open-source software, especially Linux. Focus your website on fine American companies such as Microsoft. You can also set up your server to reject any links from Slashdot.org, something many people have done. If you think your site is being attacked by the Slashdot Effect, contact the authorities immediately and report this act of terrorism. The penalties against hacker/terrorists are stiff and you can feel confident that the perpetrators of this terror will be punished in the harshest possible means. by Anonymous Pancake [ Reply to This | Parent ] * Re:The Slashdot Effect: A new form of terrorism. by adhisimon (Score:1) Friday September 20, @07:05AM o Re:The Slashdot Effect: A new form of terrorism. by some guy I know (Score:1) Friday September 20, @12:02PM Can I run my own personal identity server? (Score:4, Insightful) by goingware (crawford@goingware.com) on Friday September 20, @06:25AM (#4295309) Alter Relationship (User #85213 Info | http://www.goingware.com/) So would this mean I can run the server on my home linux box, and store all my private information only on my own machine, in my own house, so that websites would query the server I am operating when I want to log in? If so, then I might have some enthusiasm for it, and I imagine lots of others would as well. If my identity data is to be stored by some commercial service, even a Liberty Alliance member, I'm afraid I have no plans to participate. I won't use any website that requires me to sign up for Passport. I've done a lot of Windows development the last couple years, and I can well imagine it would be to my benefit to pay for M$' developer program, but my understanding is that it requires Passport to participate, so I won't have any part of it. Even if I had my own personal server storing my identity, you can bet I will configure my firewall so it will only accept queries from sites I consciously want to have the information. >How-To-Repeat: I want to break my leg! >Fix: I want to break my leg! >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: netchild State-Changed-When: Fri Sep 20 06:33:36 PDT 2002 State-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=43035 >Unformatted: