Great article at 911 about these DOS attacks ..Denial of Service Attacks Continue to Plague Online

Search

Active member
Joined
Jun 20, 2000
Messages
71,780
Tokens
09/20/2003 - 2:03 AM ET



Christopher Costigan, Sports911.com

If it's not one book it's another and Hollywood Sports out of San Pedro, Costa Rica appears to be the latest victim.

Denial of Service attacks can be costly to a business. They occur when computers from all over the world send out spoof ISP numbers obtained from unpatched (i.e. poorly secured) providers, many of which we learned are cable companies such as Comcast. These are also often referred to as SYN Attacks.

When a system (called the client) attempts to establish a TCP connection to a system providing a service (the server), the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections--telnet, Web, email, etc.

The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server. Here is a view of this message flow:

Client Server
------ ------
SYN-------------------->
<--------------------SYN-ACK
ACK-------------------->
Client and server can now
send service-specific data

The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. This is what we mean by half-open connection. The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.

Creating half-open connections is easily accomplished with IP spoofing. The attacking system sends SYN messages to the victim server system; these appear to be legitimate but in fact reference a client system that is unable to respond to the SYN-ACK messages. This means that the final ACK message will never be sent to the victim server system.

There is very little one can do to prevent such an attack other than try and conceal a website's IP number in addition to providing immediate redundancy.

Clients of the affected wagering operations should not fear their personal information such as credit card numbers being leaked to third party perpetrators as DoS attacks do not involve hacking of systems.

It is the business itself that suffers as a result of down time and few Sports books attacked thus far have escaped unscathed.

In recent weeks, World Wide Tele Sports, Pinnacle and BoDog were all hit, though the later company was able to overcome the attack almost immediately.

In order to prevent future Denial of Service attacks from occurring, originating ISPs must apply a patch that prevents spoofing from taking place. Unprotected Internet Service Providers are also prone to hacking. Among those cited in attacks over the past few months, the RIPE Network out of Amsterdam, Comcast Cable out of Michigan, Connecticut and the D.C. area and Asia Pacific.

But in reality, target sites must rely on other ISPs to take the appropriate protective measures and this is not always an easy task.

While law enforcement agencies are willing to assist Internet Service Providers in gathering pertinent information related to the originating source, the World Wide Web remains a relatively lawless territory where pedophiles, terrorists and hackers tend to operate with little fear of apprehension.

There are products on the market to help mitigate DoS attacks.

RackSpace, a leading hosting service based out of San Antonio, Texas, recently entered into a deal with Riverhead Networks, a leading provider of distributed denial-of-service (DDoS) solutions that ensure business continuity for ISPs.

Hosting services like RackSpace often maintain several sites on one server and when DoS attacks occur, they can bring down an entire network. RackSpace witnessed a record number of such attacks back in June and it seems they now understand their vulnerability.

Other large well known hosting services such as Hostway, based out of Chicago, remain oblivious to such attacks and refuse to assist when they do occur.

Rackspace will deploy Riverhead Networks' vanguard product, the Riverhead Guard™, to perform per–flow analysis on suspected attack traffic to identify and block malicious packets.

When a DDoS attack is launched against a Rackspace customer, PrevenTier's monitoring systems will immediately recognize the threat and alert the Guard to begin mitigation services. All traffic destined for the targeted device will be diverted through the Guard for further per–flow analysis and scrubbing.

The Guard applies a series of patented anti-spoofing, anomaly detection and protocol analysis technologies based on Riverhead's Multi–Verification Process™ (MVP) architecture to identify and remove bad packets while allowing “good” packets to pass, ensuring business continuity. Working together in a single solution, these technologies detect and block today's most stealthy attacks to provide Rackspace customers with reliable, uninterrupted service.
 

New member
Joined
Sep 21, 2004
Messages
267
Tokens
Denial of service is bad. However I'm more concerned about compromise of customer account data, especially on the Microshaft software based systems..

..Bill Gates - u BLOW !!
 

New member
Joined
Sep 21, 2004
Messages
267
Tokens
No live incoming odds data from BetGrande, BlueGrass, Hollywood, and BCBets. Are they all getting hit ??
this sux
 

New member
Joined
Sep 21, 2004
Messages
1,818
Tokens
Oh boy, I bet we'll never find out the
true origin of the margarita now....
 

New member
Joined
Sep 21, 2004
Messages
3,854
Tokens
Good article, but we scooped them a week earlier by floating theories that it was indeed DDoS attacks going on - guess Sting must have read our stuff.
1036316054.gif


Anyhow, Bluegass is up right now, don't know about the other books LadyO asked about.
 

New member
Joined
Sep 21, 2004
Messages
272
Tokens
BC Bets and Grande are getting hit right now.

Please call in. We apologize for the inconvenience.

Scott
www.bcbets.com
1-800-259-8406

Grande
wagering: 866-253-6969
customer service: 866-947-2633
 

Forum statistics

Threads
1,106,799
Messages
13,439,033
Members
99,339
Latest member
billcunninghamhomeloans
The RX is the sports betting industry's leading information portal for bonuses, picks, and sportsbook reviews. Find the best deals offered by a sportsbook in your state and browse our free picks section.FacebookTwitterInstagramContact Usforum@therx.com