Author: Robert Hyatt
Date: 13:01:25 02/11/03
Go up one level in this thread
On February 11, 2003 at 15:43:54, Matthew Hull wrote: >On February 11, 2003 at 15:29:57, Robert Hyatt wrote: > >>On February 11, 2003 at 13:42:16, Bob Durrett wrote: >> >>> >>>This computer chess bulletin board has, historically, been mostly preoccupied >>>with chess engines, with an occasional reference to chess database management >>>software as an afterthought. But there are other kinds of chess software which >>>could and should be discussed here. These include chess servers, such as the >>>Internet Chess Club [ICC] server, and online databases, such as the ChessBase >>>online database. >>> >>>Now that the USA Federal Government has formally announced, thru CNN and other >>>news media, that it has formed an Internet Warfare unit [presumably to interfere >>>with IRAQ internet], ALL nations, international corporations, and other >>>international organizations will feel the necessity of following suit, >>>developing and using their own internet warfare capabilities, both defensive and >>>offensive. Within a few years, the Internet may be VERY different. >>> >>>How will this affect the operation of internet chess software? Consider two >>>cases: >>> >>>(1) Internet Chess Club: >>> >>>It is not uncommon to have thousands of people using the ICC server >>>simultaneously. Each user relies on software, such as Blitzin, on their >>>computers. The composite of the ICC server(s), the thousands of computers >>>hooked up to the ICC server, and the interconnecting internet may be considered >>>to be a large "system." Interference with the operation of this large system >>>would disrupt ICC-related operations. >>> >>>A few years ago, a malicious computer guru decided to shut down ICC because he >>>had been kicked out for misbehavior. That malcontent effectively "all but shut >>>down" the system by sending thousands of messages to ICC. Essentially, the >>>internet routers were overloaded so that ICC's server could not use the >>>internet. Somehow, ICC got that *&^#$ to quit. Maybe they shot him, I don't >>>know. But that was a warning! It showed that ICC is vulnerable to "internet >>>warfare." >>> >>>It would have been quite irritating if ICC’s coverage of the Kasparov vs DJ >>>match had been disrupted. >>> >>> >>>(2) ChessBase On-line Database: >>> >>>I do not know about any history of interference in this case, perhaps because >>>the on-line server has not been online very long. >>> >>>SUMMARY: >>> >>>Is this just "unnecessary worrying"? After all, who would care about chess??? >>> >>>Bob D. >> >> >>The problem is known as a "denial of service (DOS) attack". It's based on the >>idea of initiating a TCP/IP session by sending a SYN packet with a bogus return >>address. The remote machine sends a packet back to start the tcp/ip handshake >>negotiation, but gets no response. However, it has to wait for quite a while >>before timing the connection attempt out, since net lag can cause significant >>delays. If you do this over and over, you keep all "available" connections >>tied up (a machine has a max number of simultaneous TCP/IP connections it >>can handle) so that legit users can rarely slip into one of the free slots >>since the abuser is bombarding them with new connections (most of which are >>rejected due to no more slots). >> >>There is little that can be done. It happens to businesses around the world >>on a weekly basis, and it has resulted in some businesses having to close down >>permanently. A well-known ISP in NY had this happen a couple of years ago and >>their customers had to move elsewhere as the ISP could not provide any tcp/ip >>connectivity. >> >>The internet is a hostile place, but it will get better. One long-overdue >>change is the elimination of _all_ anonymous activities, from anonymous >>remailers, to allowing someone to send a packet that doesn't have them as the >>return address, etc. >> >>It will eventually be fixed. IPV6 is one approach that is picking up steam. > > >I beleive SYN floods can be easily counteracted through the activation of SYN >Cookies on Linux firewall machines. For Windows boxes, I think Steve Gibson has >devolped an equivalent technology, (though it is not clear whether it is for >sale). > >Matt SYN cookies don't apply to all tcpip ports. IE chessclub uses ports 5000 and above. You have to have a way to exchange the "cookie" first. And then you have to make this work for all ports, on all servers. That's a tough problem... IE there are thousands of well-known port numbers that are not going to work with this.
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.