Denial of Service Rant - Digital Ebola
-------------------------------------------------------------------------------

Greetings! This rant is to make a few points extremely clear. If you do not
like to read rantings, then you should go somewhere else. To those of you 
that are the object of my rantings, I just want to say thank you, and you 
WILL get what is coming to you.

First, a introduction. People call me Digital Ebola. I have been a net addict
since 1995, and have been into computers since I was 4 years old. I work in 
the computer industry, my current assignment is a NOC engineering position.
My favorite things include UNIX, Linux, perl, and security. 

In the course of my travels, I have met lots of great people on the internet.
Some of them, are the best and brightest minds that will ever grace this 
world. I have seen many things, and have been referred to by a few to be a 
"a hyperactive UNIX advocate bent on controlling the world with his 80's music
and funny rantings." You name the name, I have prolly been called it. I find
it all to be amusing. 

Anyways, moving right along, in the middle of my rantings, and life in general,
I inherieted legions.org. I am still to this day not sure how this happened,
but it did. Legions.org is as you know, the domain for the LoU, otherwise 
known as the Legions of the Underground. I have served as the editor for their
ezine since issue 5, and I have done everything in my power to direct the group
to better places. Which, I believe, is being done to great success. 

You can take everything you have read, or heard about the LoU, and you can 
believe some of it, or all of it, but the fact remains the same: its just a 
bunch of people who like the same things, and who have had the same growing 
pains as anyone else. We just have expressed them a bit differently in the 
past. Which is why, again, I have tried to provide a different direction.

Legions.org as it exists, is that direction. The domain, and the bandwidth 
that was behind it, was a resource to many, and a godsend to others. We study
anything that interest us, write about it to publish in the ezine, and talk 
about it to others. I have been fortunate to be able to provide the kinds of
machines that exist on the network, and for a decent few, they have gotten to 
have as much fun with it, as myself. Again, this is part of the direction.

Now, among all the reading, writing, discussing, working and living, we have 
taken on some of the worlds problems. We sponsor non-profit causes to benefit
humanity. Our contributions are small, but they are contributions all the same.
We may donate our time, or our online resources, or even in some cases, we 
may work for free for a organization. This is kind of giving something back,
a realization, that we may not have always been right in the past, but are 
willing to help others out to rectify it. 

Now, which brings me to the center of my rant. Legions.org is hosted from 
my house. I pay over 200 dollars a month for it to exist. It is not only 
a resources to many, a godsend to others, but mine and my fiance's personal
link to the Internet. This link has now been taken away from us, because some
kid had a bad day.

That's right. We were victims of a Denial of Service attack. To those who are
close, this may seem like nothing new. DoS attacks happen. This one was 
different. This one prompted my ISP, known as Directlink.net who is owned by
ARC, out of Dallas, Texas, to cancel our business grade, 230 dollar a month
account. Why? Well, wondering the same thing, I called ARC/Directlink and spoke
with a admin named Matt. These are his reasons:

1. Canceling your account stops the attacks.
2. We can't afford to lose customers due to DoS attacks.
3. I do not have the time to research a 900 host attack.
4. I do not have the resources to research a 900 host attack.
5. I have researched attacks in the past with no luck whatsoever.
6. Our corperate policy is to cancel you after X number of attacks.
7. The attack could be spoofed, if I installed ACL's, I could deny 
   legitimate sites, and my customers may not reach them!
8. Well, you probably made someone mad.

When asked if ARC/Directlink had a security department, he responded with 
"Hey, I look at logs!". Obviously, this a first rate operation. Instead of 
persecuting the attacking hosts, he would rather kill the target, and hope for
the best. Brilliant. Sweep the problem under the rug. This seems to be a 
growing trend. 

I can understand that it's easier to cut the target off. It's easier to lose
230 dollars a month rather then devote hours and days to fixing the problem.
Every ISP thinks exactly like this. This is why DoS kiddies run rampant. This
is why they can get away with it. This is why incidents such as CNN/Yahoo/Ebay
can happen. Nobody cares, because nobody will step up to the plate and say 
"Hey! This is a real problem we need to fix!". 

IF ARE WILLING TO ROLL OVER AND LET DOS ATTACKS HAPPEN, YOU ARE NOT DOING YOUR
JOB. 

Period. Killing my account off lost revenue. Imagine now, if the same attackers
went down the netblock, now DoS'ing at random. Why? Now, they know they can 
get ANYONE canceled. I wonder how many customers ARC/Directlink will cancel now.

I wonder how many times it will take, before someone actually listens.

I can relate packeting to cyber-terrorism in the truest sense. The attackers
do not realize or care, that when you DoS something, you are not only taking 
out the intended target, but the provider of the service. People work at this
provider, to feed their families. If the business goes down, due to loss of 
link, these people lose their jobs. Without jobs, they cannot feed their
families. All, because some little kiddie had a bad day. And because they 
know they can get away with it. And because, the admins refuse to take a 
interest in their jobs. They sweep it under a rug, and hope for the best. 

This behavior must stop. Our infrastructure is in danger. Grave danger. At any
given time, any service that we depend on on the internet may go down. Not due
to hardware malfunction, not due to acts of god, maintainence windows, or 
legitimate outages, but rather by the whims of a packet kiddie. 

This is a crime. 

Anyone who now refuses to take action to counter these acts of terrorism, 
immediately gives up their right to gripe when they lose their businesses
as a result of these attacks. This is everyone's problem. You can say it 
can't happen to you, but you will be fooling yourself. 

Well, that's my rant. I am now in the mode of picking up the pieces, doing
what I can to get my link back up. Assuring, the people that legions.org host
for free that everything will be well. And now devoting time to finding a 
solution. I hold no grudge against ARC/Directlink. I have just come to the
conclusion, that they are a example of what the industry offers. The poor 
business practice of disconnecting the very ones that help bring revenue to 
them. The lack of interest or motivation to find a better way. They are the 
prime example of what a provider should not do. Maybe this is a blessing in
disguise, as it has prompted me to start thinking on solutions. Their act 
and the act of the DoS kiddies, have inspired me to research further, and of 
course, have inspired me to write this rant. Which, no doubt, will gain many
comments. These comments may be directed to digiebola@hackphreak.org - I am 
always up for stimulating conversation, or a laugh, depending on which side of
the fence you reside.