' Wrote:EDIT: Any truth about Prague?

' Wrote:that is just wrong.. There are better ways, One would be to make him watch reruns of the help channel on how to use your remote control, That would be very nice of us and after about a year that person wont be able to DDoS anything.. however he would know very much about his remote control...

' Wrote:-Snip-

' Wrote:This is similar to what I used to describe the situation to people on Skype yesterday.

Imagine someone's at your front door (if you don't -have- a front door, imagine someone's trying to buzz into your apartment building/jail cell/etc) and they ring the doorbell holding a package. You see the package is indeed sent to your address, but the name is... ridiculous. You don't know of anyone in your house with that name, so you look at the return address and write a letter to it, saying, "Hey, got your package, ain't nobody here named Yourmum Enjoysyogurt though." Then you go back to your business, little do you know that the return address you sent that letter to was just random numbers and words, but it's an address nonetheless so you can't tell from just looking at it.

But you're a server in this example, so you have a very strange business, it's your job to receive packages (packets) all day long, figure out what's in 'em (examine the data), have people in your house (your processes) tell you what to do with them, and then reply to that package's return address (source IP) with a suiting letter (response packet). You don't reply every time, sometimes it's just someone sayin' "Hey, this is what I'm doing," and sending you a box of stuff related to what they're doing (UDP datagram). But if you get one of those, and you see that it's sent to your address (your IP address in this case) but the name is wrong (it was sent to a port that you don't host anything on) then you DO need to reply to it.

So this is the problem, from what Boss told me, this scriddie (don't call them a hacker, most people don't know the proper definition of hacker, it's actually a good word) had collected a list of a bunch of servers who had a vulnerability to being able to send out UDP datagrams, or in this example packages, to anywhere that -anyone- wants them to. So they told those servers to send millions of these datagrams (datagrams are similar to packets, for our intents and purposes) to our server, but on random/insignificant ports. That caused the disco server to reply to the vast majority of those with a "Destination Unreachable" packet, telling the sender that they were doin' it wrong. This happening once every now and then isn't a problem for a server. This happening millions of times in a matter of minutes is a HUGE problem. The server quickly becomes overwhelmed, and can't process all these datagrams it's receiving and sends out millions of packets to what should be the spoofed IPs that these random datagrams are coming from, this is called backscatter. So since the server's too busy trying to sort out wtf is going on it can't pay attention to the people who need their packet saying "I just shot this rock, did I get Platinum?" replied to, or any datagram in particular for that matter. Not to mention, the shipping company (ISP) that delivers all these packages is like "WTF IS GOING ON HERE!?" Server crashes, and we're left where we are now.

Hopefully that will explain what happened to those who are curious.

' Wrote:-snip-

' Wrote:that is just wrong.. There are better ways, One would be to make him watch reruns of the help channel on how to use your remote control, That would be very nice of us and after about a year that person wont be able to DDoS anything.. however he would know very much about his remote control...

' Wrote:Very good explanation. Sounds really frickin' scary. The guy knows what he's doing.

' Wrote:actually, i dont think that he knows, whats he is doing and since there are programs available for such things....
hehe:D

' Wrote:"black hat hacker" (that's the definition i tend to use on reports for college about this)