Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government Security United Kingdom Your Rights Online

Britain's GCHQ Attacked Anonymous Supporters With DDoS 133

Posted by Unknown Lamer
from the something-about-watching-watchers dept.
An anonymous reader writes "NBC News reports that, during a 2012 NSA conference called SIGDEV, GCHQ's Joint Threat Research Intelligence Group bragged about using Distributed Denial of Service (DDoS) attacks against members of Anonymous during an operation called Rolling Thunder in 2011 (there is evidence that says it was a SYN flood, so technically it was a simple DoS attack). Regular citizens would face 10 years in prison and enormous fines for committing a DoS / DDoS attack. The same applies if they encouraged or assisted in one. But if you work in the government, it seems like you're an exception to the rule."
This discussion has been archived. No new comments can be posted.

Britain's GCHQ Attacked Anonymous Supporters With DDoS

Comments Filter:
  • by Anonymous Coward on Wednesday February 05, 2014 @09:23AM (#46161879)

    DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note)!

    ---

    Microsoft Windows NT-based OS settings vs. DoS:

    Protect Against SYN Attacks

    FROM -> http://msdn.microsoft.com/en-u... [microsoft.com]

    A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.

    To protect the network against SYN attacks, follow these generalized steps, explained later in this document:

    Enable SYN attack protection
    Set SYN protection thresholds
    Set additional protections

    Enable SYN Attack Protection

    ---

    The named value to enable SYN attack protection is located beneath the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.

    Value name: SynAttackProtect

    Recommended value: 2

    Valid values: 0, 1, 2

    Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.

    ---

    Set SYN Protection Thresholds

    The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

    These keys and values are:

    Value name: TcpMaxPortsExhausted

    Recommended value: 5

    Valid values: 0?65535

    Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.

    Value name: TcpMaxHalfOpen

    Recommended value data: 500

    Valid values: 100?65535

    Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.

    Value name: TcpMaxHalfOpenRetried

    Recommended value data: 400

    Valid values: 80?65535

    Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.

    ---

    Set Additional Protections

    All the keys and values in this section are located under the registry key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:

    Value name: TcpMaxConnectResponseRetransmissions

    Recommended value data: 2

    Valid values: 0?255

    Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.

    Value name: TcpMaxDataRetransmissions

    Recommended value data: 2

    Valid values: 0?65535

    Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.

    Value name: EnablePMTUDiscovery

    Recommended value data: 0

    Valid values: 0, 1

    Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.

    Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.

    Value name: KeepAliveTime

    Recommended value data: 300000

    Valid values: 80?4294967295

    Description: Specifies how often T

I have not yet begun to byte!

Working...