heh - thanks for this nice story from Gibson.. I love that guy scince 1999
This link was such a pleasure to read.. Thanks You MPOE-PR !
Topic: MTGOX ordering DDOS ATTACKS!?!?!?!!? (Read 5325 times)
heh - thanks for this nice story from Gibson.. I love that guy scince 1999
This link was such a pleasure to read.. Thanks You MPOE-PR !
I don't think Russian courts care about slandering Japanese or American businesses doubt this lawsuit would go anywhere. I also doubt Gox would denial of service their competitors when they don't really have any on their level.
More likely some guy had his money seized by BTC-E for shady trading and reacted by slamming their servers and 'support' is just joking with the idiots in chat
Yeah that, it was very tongue in cheek from a non native English speaker. If you've been around and seen the user "support" 's mishandling of dialogue and sense of humor, you know it wasn't a real accusation, just a quip to say they're number two and getting more serious everyday.
Support had no idea who was DDOSing them when asked and assumed it was a random idiot like we all do.
I don't think Russian courts care about slandering Japanese or American businesses doubt this lawsuit would go anywhere. I also doubt Gox would denial of service their competitors when they don't really have any on their level.
More likely some guy had his money seized by BTC-E for shady trading and reacted by slamming their servers and 'support' is just joking with the idiots in chat
Yeah that, it was very tongue in cheek from a non native English speaker. If you've been around and seen the user "support" 's mishandling of dialogue and sense of humor, you know it wasn't a real accusation, just a quip to say they're number two and getting more serious everyday.
Support had no idea who was DDOSing them when asked and assumed it was a random idiot like we all do.
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel.Explain yourself BTC-e support.
I don't think Russian courts care about slandering Japanese or American businesses doubt this lawsuit would go anywhere. I also doubt Gox would denial of service their competitors when they don't really have any on their level.
More likely some guy had his money seized by BTC-E for shady trading and reacted by slamming their servers and 'support' is just joking with the idiots in chat
It's trivial to generate packets with the wrong source ip, it's not trivial to have some ISP not dropping these packets.
Nobody said it's trivial. Mere possible.
That many DDOS attacks succeed because of poor routing and firewall practices is nothing new.
However i have to say that i really lack knowledge on how hard is it to do such an attack.
It's trivial to generate packets with the wrong source ip, it's not trivial to have some ISP not dropping these packets.
Nobody said it's trivial. Mere possible.
That many DDOS attacks succeed because of poor routing and firewall practices is nothing new.
Thanks, I found it very interesting.
heh - thanks for this nice story from Gibson.. I love that guy scince 1999
This link was such a pleasure to read.. Thanks You MPOE-PR !Over 9000 Internet Years ago....
Proof?
Sounds like BTC-e is trying to get some Mt.Gox customers
Well played BTC-e.
Sounds like BTC-e is trying to get some Mt.Gox customers
Well played BTC-e.
Quote from: Nolo
Yes it could. That is an extremely serious allegation.
Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it."
One screenshot can be taken completely out of context.
Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it."
One screenshot can be taken completely out of context.
+1 this exactly
Is there anything more to this than the one post? If not, it certainly isn't clear what the support person was saying.
They should clear it up, though.
It's trivial to generate packets with the wrong source ip, it's not trivial to have some ISP not dropping these packets.
Why has BTC-e not posted a response on this yet?
Your ISP should lock ips coming from outside their allocated network, same should a server provider.
Quite curious on how easy/hard it's to fake an ip source anyway.
Quite curious on how easy/hard it's to fake an ip source anyway.
With nmap that's just a switch so must be trivial with DDOS tools.
Quote
-S (Spoof source address)
In some circumstances, Nmap may not be able to determine your source address (Nmap will tell you if this is the case). In this situation, use -S with the IP address of the interface you wish to send packets through.
Another possible use of this flag is to spoof the scan to make the targets think that someone else is scanning them. Imagine a company being repeatedly port scanned by a competitor! The -e option and -Pn are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce useful reports.
http://nmap.org/book/man-bypass-firewalls-ids.html In some circumstances, Nmap may not be able to determine your source address (Nmap will tell you if this is the case). In this situation, use -S with the IP address of the interface you wish to send packets through.
Another possible use of this flag is to spoof the scan to make the targets think that someone else is scanning them. Imagine a company being repeatedly port scanned by a competitor! The -e option and -Pn are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce useful reports.
Your ISP should lock ips coming from outside their allocated network, same should a server provider.
Quite curious on how easy/hard it's to fake an ip source anyway.
Quite curious on how easy/hard it's to fake an ip source anyway.
Routers are designed to reject these packets.
It's a security flaw if that wouldn't happend.
Routers drop spoofed internal network address but I don't think they can filter spoofed WAN address. It's a security flaw if that wouldn't happend.
Some more interesting reading"
Quote
Impersonation. In the DNS attacks, each attacking host uses the targeted name server's IP address as its source IP address rather than its own. The effect of spoofing IP addresses in this manner is that responses to DNS requests will be returned to the target rather than the spoofing hosts.
http://www.watchguard.com/infocenter/editorial/41649.asp
Wow talk about taking out your competition...
Routers are designed to reject these packets.
It's a security flaw if that wouldn't happend.
It's a security flaw if that wouldn't happend.
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
This is the most likely explanation...
Absolutely not.
There is not such a thing as the "from" addresses, these are not mails.
The attack you are taking about requires exploit (serious ones) on the edge routers among the attacker and the attacked.
No, that's not going to happen nor has happend.
It's simply them being unable to put in place a minimal dos (I think) or ddos (unlikely) protection in place and blaming their ignorance on their competitor to gain some fan.
Stupid move, dear.
http://en.wikipedia.org/wiki/IP_address_spoofing
There is not such a thing as the "from" addresses, these are not mails.
Dude, every TCP/IP package includes a source address, how do you think communication is facilitated?
And under normal circumstances one can "spoof" this source address.
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel.Explain yourself BTC-e support.
Yes it could. That is an extremely serious allegation.
Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it."
One screenshot can be taken completely out of context.
I witnessed it. It's not out of context at all, in fact that is the only thing support said.
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
This is the most likely explanation...
Absolutely not.
There is not such a thing as the "from" addresses, these are not mails.
The attack you are taking about requires exploit (serious ones) on the edge routers among the attacker and the attacked.
No, that's not going to happen nor has happend.
It's simply them being unable to put in place a minimal dos (I think) or ddos (unlikely) protection in place and blaming their ignorance on their competitor to gain some fan.
Stupid move, dear.
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
COMMENTS?!
What? Pictures?
Ah, lol, found it myself:
https://i.imgur.com/0LXum.jpg
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel.Explain yourself BTC-e support.
Yes it could. That is an extremely serious allegation.
Edit: But we don't have the entire conversation. Support could have said: "All these rumors about the DDOS need to stop." And the question could have been asked: "What is the rumor that is going around?" And support could have replied: "mtgox ordered it."
One screenshot can be taken completely out of context.
heh - thanks for this nice story from Gibson.. I love that guy scince 1999
This link was such a pleasure to read.. Thanks You MPOE-PR ! Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
This is the most likely explanation...
The thing is that anyone competent would know that. The fact that BTC-e support is accusing MtGox of organising a DDOS against them rather than assuming that it's just a script kiddie using the MtGox address for shit and giggles makes me question the technical knowledge and competence of BTC-e staff.
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
Yeah, ofc, still, I guess btc-e wouldn't launch such a rumor without some solid intel. This is the most likely explanation...
Folks, a semi-competent script kiddie can drop a billion IP packets on the internet directed to btc-e (for example) with any "from" address you want (like mt-gox). All the responses will go to the "from" address... so its pretty useless for everything except DDOS attacks. Smart routers might drop the packets, but I guess not in this case.
This is the most likely explanation...
This is the most likely explanation...
Thanks, I found it very interesting.
Down again?
Edit: NVM
Edit: NVM
MtGox have like the biggest customer base and I see no reason for them to do that.
Wouldn't btc-e have to prove it with images showing ip address of an attacker?
Wouldn't btc-e have to prove it with images showing ip address of an attacker?
Hard to believe that industry leader will order ddos attack agains competitor with turnouts 20 time smaller. BTC-e has reason to order ddos-atack against MtGox, hoping that some customers will use then as alternative, but not vice versa. So I suppose support was really on drugs) or mistyped somehow))
it would be funny if someone actually got drunk "sorry for the false accusation, one of the employees had a little bit to much". 
Hard to believe that industry leader will order ddos attack agains competitor with turnouts 20 time smaller. BTC-e has reason to order ddos-atack against MtGox, hoping that some customers will use then as alternative, but not vice versa. So I suppose support was really on drugs) or mistyped somehow))
Tell them that you can configure the max connections per ip variable on nginx and its one line of config.
God I love this place.
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Seriously, that could be grounds for a lawsuit under slander/libel. Explain yourself BTC-e support.
That's one hell of an accusation to make without evidence, and making it without proving it can only damage BTC-e's reputation.
Explain yourself BTC-e support.
Explain yourself BTC-e support.
"Oh, those Russians!"
Tinfoilhat area imo.
But either way, it's disappointing that this community still hasn't outgrown these kind of things, if it is an actual attack or a false accusation either way.
But either way, it's disappointing that this community still hasn't outgrown these kind of things, if it is an actual attack or a false accusation either way.
Thanks for posting the pics. It's their support saying it, so.....
YW, luckily I had one tab open on BTC-e.
BTC-e support has to be joking right? Would Mtgox really order a ddos against them?
Unless someone has control over the BTC-e server...
Unless someone has control over the BTC-e server...
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
COMMENTS?!
What? Pictures?
Ah, lol, found it myself:
http://i.imgur.com/0LXum.jpg
Thanks for posting the pics. It's their support saying it, so.....
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
COMMENTS?!
Yeah...
Can they back that up?
Otherwise its just a bold claim.
Otherwise its just a bold claim.
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
COMMENTS?!
What? Pictures?
Ah, lol, found it myself:
http://i.imgur.com/0LXum.jpg
Told by someone in their web-chat room? 
This is patently absurd.
This is patently absurd.
Just now on BTC-E support has come back online and said they were told MTGOX is behind the DDOS attacks on BTC-E right now.
COMMENTS?!
COMMENTS?!
Jump to: