Forgot your password?
typodupeerror
The Internet Your Rights Online

CNN Misrepresenting etoy vs. etoys Battle? 200

Posted by Hemos
from the battle-of-domain-names dept.
J Hotch writes "Check out CNN's story: eToys attacks show need for strong Web defenses. Check out this frighteningly inaccurate description of the conflict: "Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name etoy.com." This makes it sound like etoy.com was trying to muscle in on etoys.com. They don't mention that etoy.com was registered years before etoys.com was even a twinkle in some business-major's eye. Unfortunately, they are just using the denial-of-service attacks on etoys.com as a springboard into a web security article. "
This discussion has been archived. No new comments can be posted.

CNN Misrepresenting etoy vs. etoys Battle?

Comments Filter:
  • They do have a link on that very page to an idg.net article which goes into more detail about etoy and etoys, including mentioning that etoy.com was around for a year before etoys.com opened. Guess they don't fol,low their own links either...
  • I didn't see one when I read the article (and I was just about to post it to /. too. :-) )

    I just feel they should be sure and point out who is the original aggressor here. DoS attacks are NOT how you deal with this kind of issue, but it doesn't seem like Big Business is going to leave the little guy with any other choices.

    Stupid People Strike Again.
  • by Myddrin (54596)
    This article is about RTMark's DoS attacks on etoys.com, not about the legal battle.

    Of course it makes RTMark look bad, the way they are behaving is quite childish. They would do better to be raising money to help etoy.com's legal battle. Or informing the public about what is going on. What they are doing now is just going to hurt etoy.com and others in the same situation by raising hostility in the corporate world.
  • The article states that Etoys suffered only a 2% loss to DoS attacks. Anychances anyone knows someone on the inside (or can get info) about more realistic figures. I would be very curious to know actual stats. Also note that Etoys had not made any comments until their peak sales are slowing.
  • do members of the press have a responsibility to check facts.

    Monkey see, monkey do. Monkey hear, monkey say.

  • by lethe (29381) <ben@[ ]iro.net ['sap' in gap]> on Tuesday December 21, 1999 @08:52AM (#1455781) Homepage
    Instead of arguing over the ethics of DoS attacks, why don't all of us just go and visit etoys.com. (let's see how ready they are to handle the onslaught of this community)
  • Quoth the article:
    The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down.

    Why do so many people not understand that IP addresses are not magic? Really, how hard is it to find the IP address that corresponds to etoys.com? If script kiddies can't figure it out, it's their ignorance.

  • Check out this frighteningly inaccurate description of the conflict

    While you're at it, check out this story on /. where someone says CNN is misrepresenting the facts, but neglects to provide any background or sources for "the real story". If you want to hold CNN to a high standard, fine, but don't forget to uphold that standard yourself.
  • by MAXOMENOS (9802) <maxomai@nOSPAm.gmail.com> on Tuesday December 21, 1999 @08:53AM (#1455784) Homepage
    1. Click on this link to the discussion list on computer security [cnn.com]
    2. Scroll to the bottom and create a unique log-in
    3. Post an article about the REAL etoy story

    Please note: they screen each post for relevance, so no Mae Ling Mak Naked Drunk Petrified Spray Painted And Auctioned Off To Disney posts will get through.


    The Kulturwehrmacht [onelist.com]
  • Or they were writing about web security and not about etoy vs etoys. They did not misrepresent the case; they just didn't go into any detail on it. Etoys has taken action to prevent the use of etoy as a domain name. Really, if you want to be pedantic, the word should have been prohibit, but they aren't, as I said, writing about the dispute; just the effects of the dispute.
  • by Masem (1171) on Tuesday December 21, 1999 @08:53AM (#1455786)
    CNN's focus on this article is NOT etoy.com vs eToys.com. It's on how script kiddies can readily and easily cause a pure e-commerce vessle to sink if it's not well prepared.

    Now, let the ranting begin:

    1) The only time that I would ever advocate a DoS attack on a site is never. There is no reason to do so; sure, you might put it down for a while (etoys reported 98% instead of 100% reliability during the last few weeks), but if anything it could lead to worse things (see below). There are more effective ways to state your dislike for something.

    2) CNN's not wrong; their article on the etoy/etoys things is truth. Just using a different set of words that seems to put etoys on the right side of the thing. Words are very powerful, but you can't blame CNN for misusing them.

    3) I really don't like this idea of DoS attacks, especially in light of this article. Chain of events: All over e-commerce they read that a service can be put down because of DoS (they won't care why the DoS was initiated); Etoys says they have to use custom-built DoS prevention tricks to stop it; E-commerce security experts all up in arms on how to stop this; e-commerence management wonders how to easily stop it; e-commerce turns to US Government (using large bags of money) and asks them to stop it; US Government bans all TCPIP tools except port 80's. Ok, so the last one's going a bit far, but I don't doubt that this series of events can happen. Just as with the question of linking, overly long patent and trademarks, poor patents, and other junk, stuff like this only kills the net for anyone not involved in e-commerce, and even then, may take some lowend e-commerce sites down.

    Moral of the story: PLEASE DONT BE A SCRIPT KIDDIE. :-P

  • by BMIComp (87596)
    Well, here's the Wired story [wired.com] on the eToys thing... and they say supporters are calling for.. "virtual riots"...
  • There were all sorts of questionable parts to the article, such as the implication that etoy was in some way in coherts with the crackers.

    The slant was very much one of "etoys are innocent, anyone who says otherwise is guilty", regardless of any details such as facts.

    Mind you, there is that old adage of "never let facts get in the way of a good story". CNN is usually one of the more reputable of a rather poor bunch, but this really doesn't reflect well on them.

  • Get in there and post feedback, comment in the forums, and/or call CNN, and talk to them about what "hacker" means.

    If they want to babble about crackers, fine, but they shouldn't be confusing two very different groups.
  • You can comment at:

    http://www.cnn.com/feedback/
  • This is pretty standard for CNN, unfortunately. Most everything in their "Insurgency on the Internet [cnn.com]" is fluff.

    This looks very much as if they just sat down with eToys and wrote down everything that eToys said to write down. Further, RTMark [rtmark.com] doesn't really do much to make a case against eToys. (Though, to be fair, they may have tried, and CNN simply failed to insert that part.)

    I guess this is symptomatic of the larger problem in media, in which nobody's willing to present a story with more than one side. The easiest side for CNN is to make eToys look like the good guys, and the evil hackers to be the bad guys.

    I'm not sure that this can be turned around, at least not through CNN. Surely, though, we can get other news sources (Wired [wired.com], of course) to do fair coverage of this. But CNN is part of a large group of media outlets that just aren't going to be representing the interests of a small political-arts-action group when their opponent is a large e-commerce business that advertises on their networks.
  • Of course a 'respected' news source is going to side with the toy distributer (intentionally or otherwise) at this time of year, and more so when it is against artists who are not beyond using nudity in their art, which no doubt translates to 'pornographer' in the mind of most people when talking about the Internet. [That was a long sentance. The management apologises.]

    But really, you would hope that someone still believe in *investigative* journalism.
  • Obviously, I don't have all the facts (IANAL). However, from what I've learned from these articles, I won't purchase anything from etoys, and I will encourage others not to do so.

    You do not have free license to be impolite just because you are a large company. A courteous exchange of links would have saved everyone a great deal of trouble.

  • This article is an obvious farse on what is going on. I think anyone who has any idea of what is going on here will immediately realize what hype-motivated trash journalism this really is. What kind of "hacking group" allows themselves to be interviewed by CNN, and mentioned by name? I think this is an article to laugh about, not to be concerned about..

    especially this part :
    Using another method, an attacker can send malformed packets that give routers, firewalls or switches a kind of network indigestion.

    Now.. I've had routers give ME indigestion, but never the other way around.. maybe someone has found some way to make them feel my pain!

    //Phizzy
  • The group's Web site made available information, such as eToys' IP address

    What sickos. Who knows what these loonies will do next.
  • by Gurlia (110988) on Tuesday December 21, 1999 @08:59AM (#1455796)

    That's the problem with freedom of speech (supporters? advocates? zealots?). Doing things like DoS against somebody's server just to "prove a point" will only hurt freedom more than help it, in the long run. We need "peaceful" protests -- not disruptive actions. Yes we have to fight for our freedom rights, but doing childish things like ping floods, etc., will only give a very bad image to people outside of our circle, and actually advance the cause of those who want to take away our freedom (they can point at us and say "look at this bunch of childish fanatics, don't listen to them.")

    I guess this is a principle we should all learn: whether fighting for freedom of speech, advocating Linux, or whatever the noble cause may be. "Promoting" Linux by flaming MS doesn't do any good at all, as most of us know very well. Similarly, DoS'ing etoys.com just to "show them" we don't like their actions won't do much except confirm, in the minds of the unknowing, that we are just a bunch of fanatics that should be ignored. What we need is to protest in a non-disruptive way. If enough of us drop a (polite!) note to etoys.com or to a congressman or whoever's in the position to take action, or raise some legal funds, and take some other means of non-disruptive action against this trend, we might actually make an effect.

    Remember, if we lower ourselves to the opponent's level, we lose. Unfortunately it only takes a small percentage of us to behave in a childish way and people jump to the conclusion we're all like that.

  • by humphrm (18130) on Tuesday December 21, 1999 @08:59AM (#1455797) Homepage
    There are too many right vs. wrongs here, and nobody (except maybe /. and etoy themselves with their legal counter action) is addressing this properly.

    I recieved one of RTMark's e-mails; they clearly got my e-mail address off of /. because I responded to the earlier story [slashdot.org] about this. So, since I piped in with support of etoy (my post included simply options of other toy retailers to use, and my angle was that these other options are actually cheaper than eToys)

    So, let's see... RTMark takes it upon themselves to harvest my e-mail address, send me Spam, and tries to enlist the spam's recipients to engage in an illegal DOS attack against eToys -- and they're the good guys?

    The news article may not have been complete, (gee, Slashdot's never done that...) but they did get it right: this is an illegal attack that does nothing except make legitimate advocates for etoy look bad.

  • This article seems be more about "hackers" (incorrect use again: I like to hack around a bit, but I don't do things like that) than anything else. It must be a slow news day or something as they've resorted to sensationalist stories with no real content.

    Why run such a big article (it's at the top of their page with the main headlines) about "hackers" when all they've done is reduce the availability of the eToys' web site by a huge and crippling 2%!!!? These "hackers" have been fairly inaffective according to this article.

    Bah!
  • You know, what eToys did was really unfair... but these gay DoS attacks from this RFM guy aren't justified. If this guy didn't have a computer, he'd have a can of spray paint instead. He's just trying to get attention.
  • I wouldn't be suprised if theír lawsuit-hungry lawyers sued /. just for you posting that... =P
  • It certainly has the appearence of an attempt to generate a bias from the ignorant public in favor of Etoys. If they can get people to buy into the "corporate = good; independent thought = bad" mindset early on, people will be much less likely to sympathize with etoy even when they do learn all the facts.

    While the article is correct in what it does say, omitting important info about the case leaves people people with the implicit assumption that etoy, and by extension "art groups" and "Internet activists", are automatically untrustworthy.

    What I wonder is whether CNN has some vested interest in seeing Etoys win (Do they receive advertising revenue? Do they own stock in the company?), or it could just be old fashioned promotion of the money-making-above-all-else doctrine.

  • Etoys ping requests are timing out: I suppose these are the advanced "proprietary" defenses they're boasting?

    How does one even disable that? I didn't realize it was a controllable behavior.
  • http://www.cnn.com/feedback/ [cnn.com]

    Please, keep your letters calm, to the point, and refrain from exhibiting the lower reaches of your vocabulary.


    Chas - The one, the only.
    THANK GOD!!!

  • They don't - all media control seems tied up in 5 large companies. The first amendment lets us have our conversation, but it does not force anyone to listen. I feel like the big media can and does force their ideals on people.

    Another thought - why would a small group - other than p0rn0 or 'e-squatters' - want a letter off address? I think eToys should be more sensative.

    About the 98% - I truely wonder how this is derived? In seconds of downtime?
  • "The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down."

    Quick, somebody stop these guys... :)

    I'm not particularly pro-DoS attacks, but given that the courts are incapable or unwilling to understand the dynamics of domain name disputes, it appears there's little recourse for etoy. eToys deserves everything they get.
  • by Rommel (33210) on Tuesday December 21, 1999 @09:07AM (#1455808)
    A visit to netcraft tells me the following: www.etoys.com is running Etoys Web server 1.2 on Linux

    No wonder they have such excellent availability!
  • I read the article as talking about RTM's attacks on etoys. <sarcasm> Which, btw, is really adult. </sarcasm> There are other ways to fight this battle. Etoys is in the wrong. After all, you don't see the government getting an injunction against whitehouse.com [whitehouse.com], do you? And RTM's actions will just serve to possibly bring more calls for legislation here in the US, more than anything else.

    <sarcasm> Thanks guys.</sarcasm>
  • by HomerJ (11142) on Tuesday December 21, 1999 @09:07AM (#1455810)
    That's the impression a got after reading the CNN atricle.

    Not to mention they mention the "unix-based" Tribal Flood Network. As if they are trying to group anyone that uses a non-MS OS into the "script kiddie" catagory that trys to take down "legit" e-commerce sites like etoys.com.

    Which makes me wonder if Ted Turner has some sort of interest in etoys.com. I've seen CNN spin the hell out of other stories that were against a Turner company. Turner uses CNN to promote all of his ideas. It's not called the Clinton News Netowrk for nothing.

    Just my $.02, but NEVER rely on CNN when they put too much of a negative spin on one thing and positive spin on another in the same story. CNN projects it's financial and politcal ideas in it's "unbiased" stories more then any other news organization I've seen.

    I know what really happened. Other news groups reported on what really happened. I take CNN at face value, so the story didn't really surprise me.
  • by phi1o (89700)
    They didn't have links to any of those utilities in their "related websites" section. Is that bad journalism or what?
  • by Anonymous Coward
    neglects to provide any background or sources for "the real story". Have you have not been following the story? /. Already covered that in a previous story.
  • by Anonymous Coward
    Slashdot posting a story about journalist integrity? The same site that will post almost any rumor as news? Hello?
  • I don't see anything wrong with this article. It states simply that etoys.com is "taking legal steps to prevent a Swiss art group from using the domain name etoy.com." They use that statement to lead into the relevant topic of a group launching DoS attacks against etoys.com. Within the scope of this particular article, who cares which site was there first? That's irrelevant. It's just simply stating a fact, nothing more. This fact (etoys.com disputing etoy.com) was the catalyst that started the DoS attacks against etoys.com. That is all the article is saying.

    I don't see any problem whatsoever.

    Furthermore, nowhere in this article does it say anything about who is at fault in the etoys.com - etoy.com issue. So, it does not lay any foundation, whatsoever, that could be used for any misrepresentation of any kind.

    With that in mind, it's easy to see that the poster is obviously reading way too much into this one sentence.

    I fail to even see how this story even made it up on Slashdot.
  • This shouldn't be a big surprise to anyone. We all know the media is clueless. But instead of just being upset about it, take the time to send feedback to CNN. [cnn.com] They'll never learn if we don't tell them.
  • I mostly agree with you. However, the government banning all but tcp port 80 would not improve things significantly, because:

    a) Most sites can already go to their upstream providers and make such requests, which would have largely the same effect.

    b) Despite filtering everything else, I, and many others, could, (and have, to varying degrees) written programs to send TCP fragments (e.g., SIN, FIN, RST) at excessive rates. Furthermore, these types of attacks are, in many ways, more potent than a trivial ping attack against a reasonably configured site.
  • They've probably got their webserver sitting in a DMZ on their firewall. It's actually trivial to drop/reject ping requests from there. You can also do filtering on the router to not accept ICMP packets, yet HTTP will get through.



    Dive Gear [divingdeals.com]
  • doh.
  • by humphrm (18130) on Tuesday December 21, 1999 @09:16AM (#1455820) Homepage
    I spoke to a former ISP employee, who shall remain nameless because he's also on Slashdot.

    At it's peak, Slashdot would probably only add a few percentage points of volume to eToy's site. For your average, low-budget, low-availability server, this results in a temporary loss of responsiveness, AKA "Slashdot Effect."

    For a redundant, possibly clustered dedicated site with fine-tuned web servers, this will have no perceivable impact at all.
  • This story looks like it was planted by etoys. I just don't see how anyone knowledgeable about current events could get it that wrong. As usual, there's no email address on the CNN site. They want you to fill out this form on their website which probably gets copied to /dev/null


  • by shaunj (72350)
    "Denial-of-service attacks can be launched using any of dozens of programs available in hacker chat forums and on the Web" Or they could simply use ping. Which is an essential network tool that comes with just about every operating system. There is no need to blame the "dozens of programs". Blame the ethics of the people doing the DoS's.
  • by dblslash (36525) on Tuesday December 21, 1999 @09:19AM (#1455823) Homepage
    This is the contact info for the author of the article. I've sent her an email with links to the Slashdot articles concerning the etoy/Etoys battle.
    Please, no flames.

    Ellen Messmer
    Senior Editor, Enterprise Applications

    emessmer@nww.com
    (202) 879-6752
    Fax: (202) 347-2365

    Network World
    1331 Pennsylvania Ave., Suite 505
    Washington, DC 20004

  • by Anonymous Coward
    I have chatted with my co-workers about this. They feel that since the legal case involve international entities, it might drag on for a long time. In the meantime, etoy.com will be shutdown pending ruling. We feel destructive hacking might not be good for the cause of helping etoy.com. As an admininstrator working for a network provider, we wish we could call everyone who has the control of the internet core router, pick a time and stop or drop routing for etoy.com traffic for an hour as a silent protest, and show the world we are united!!!
  • I agree with a lot of what you said but have a major problem with your second point.

    Most of what you said about DOS attacks I agree with. Heck I'll agree to everything you said about DOS. But this:

    >2) CNN's not wrong; their article on the > etoy/etoys things is truth. Just using a
    > different set of words that seems to put etoys > on the right side of the thing. Words
    > are very powerful, but you can't blame CNN for > misusing them.

    I agree that different wording can and will change the appearance of who or what is in the wrong in any given situation. But I do blame CNN when they misuse words. Be it intentional or unintentional.

    CNN is a news agency, the public expects them to present fair unbiased reporting on a wide variety of subjects. When CNN misuses words to take sides in an ongoing argument they abuse their power as the press. Because CNN is very infulential and has this power they must be carefull not to abuse it. It's basic good journalism.

    However, this entire article was very "fluffly" IMHO. Very low S/N ratio and not aimed towards anyone with any kind of technical knowledge. Which IMHO makes it even more damaging in that it will infuence people who don't have enough background information to form their own fair beliefs.

    Oh, well I guess I should just shut up and stick to my policy of disregarding anything even remotely technical that CNN tries to do.

  • Woefully, CNN is just using a bit of razzle-dazzle by touching on a hot topic (domain name disputes) to get people to read an otherwise off-putting technical article. They do their integrity a disservice, here. However, there's also a lesson to be learned by the RTMarks of the world: Before you perform an act online terrorism, think about the light that your act will be framed in. Will you help your cause or harm it?

    The net result is that now a lot of people think etoy is some cyber-squatting (what an unfortunate term) semi-terrorist bunch of geeks. Many will never even know that it had anything to do with art.
  • Unless perhaps, you do as I just did, and go to this page: http://www.etoys.com/cgi-bin/email_etoys.cgi?state =email and send them a note telling them how much you despise what they're doing. Maybe it's not gonna put a dent in their server, but it will let them know that people (and potential customers) are opposed to their actions, and will not have anything to do with them as long as they persist. This is all about money, so let them know you'll speak with your wallet...
  • by Spud Zeppelin (13403) on Tuesday December 21, 1999 @09:26AM (#1455828)

    The 1st Law of Mass Media is "Give the people what they want." It appears CNN is doing exactly that... after all, it is Christmas, and (by the way, this has nothing to do with my opinion on the subject [I support eToy], just my perception of how CNN is handling it):

    • Dr. Seuss' Grinch conspired to keep toys out of the hands of children using a dogsled. RTM is conspiring to do likewise (again, in the eyes of the public) using a DoS attack.
    • The Grinch lived on top of a mountain. eToy is based in Switzerland.
    • The Grinch didn't like Christmas because of the noise. eToy (again, popular perception) doesn't like the e-commerce.
    • The Grinch was a mean-spirited recluse. eToy is a group of free-spirited *gasp* performance artists, aligned with a group of *gasp* free-thinking H/CRackers.
    • The Grinch freely exploited his little dog, Max. RTM are freely exploiting the "zombie" machines they've compromised.

    There may be other parallels, these were just readily apparent. Remember what ESR likes to talk about with regard to technology in the media: people only pay attention to tech stories with protagonists. In this case, they've got a protagonist (the Whos down at eToys) and a story that they more-or-less already know (or at least think they do)... what more could John Q. Public ask for?







    This is my opinion and my opinion only. Incidentally, IANAL.

  • Masem,

    Thanks!

    As you'll see from that article, it's originally from Network World, not CNN (hey, click on www.nwfusion.com/news/1999/1220eto ys.html [nwfusion.com] for both the article and our own links).

    Our audience consists mainly of network managers at large companies, i.e., the kind of people who worry (or who should worry) about things like DoS attacks. If you keep reading the article, you'll see we used the etoys case as a hook on which to base a more general article on the issue.

    -- Adam

    Adam Gaffin
    Online Editor, Network World

  • by FFFish (7567)
    It strikes me that the Internet is the closest thing we have to an anarchy: a lack of centralized control, rule by consensus, and sometimes mob rule.

    DoS attacks are the network equivalent to violence. They're intended to "wipe 'em out," as surely as a bullet to the head.

    And put in those terms, it's downright scary. What we have are a bunch of self-righteous hoodlums who put their own *OPINION* of what's right and wrong well above the ability of others to continue to exist.

    Yah, I'm using hyperbole. It's not really that extreme. No one is likely to die from this.

    But the comparisons can be drawn, and perhaps indicate the biggest flaw with anarchic thought. Some right bastard is always gonna be more than willing to go to the extreme, rather than approach a solution from a non-violent direction.

    Inneresting bit of thought, IMHO, anyway. :)
  • by Rombuu (22914) on Tuesday December 21, 1999 @09:30AM (#1455831)
    Man, I've got to write this date down in my diary. Slashdot complaining about someone else's accuracy in reporting. Next thing there will be a story about incorrect grammer or spelling on some site.
  • Figures - CNN came up with the idea of 24hr headline news - perfect for the attention-challenged U.S. teevee watcher. Now something like this. While the stories do relate, it would have been far better to devote the bulk of the column to the background story to explain the lead-in. But, no, it's soooo much hipper to talk about l33t hax0rz because that's much easier to sensationalize. Reporting, yes, but not responsible.

  • Why didn't etoy.com just sue eToys.com first? They should have known that some big ass American company would try to run them off the road.The whole situation is so galling and absurd. Why isn't eToys' email being stopped and its website shutdown? I would like to know who has the authority to shutdown a website in Switzerland anyway.
    The whole nature of the web is way too American. Far from being an international phenom, the web is just an extension of Americana. Not a bad thing, except when American biz interests start to clash with the rest of the world.

    Attn: moderator - score as a 5, my karma needs an upgrade !!!
  • Er, of course, there are anarchists who envision this utopian world of cooperation between people, and are very down on the idea that some 'right bastards' might use force (violence/DoS) to get their way.

    And then there are the anarchists who seem to desire a violent overthrow of government. They're likely to be the 'right bastards' the others are concerned about...

  • "Or informing the public about what is going on."

    Looks like it worked. I probably never would have heard about it if it wasn't posted here. How fqar do you think they would have gotten if they just issued a press release, or tried to get CNN to publish a clarification?
  • Did anyone notice that etoys stock has dropped half its value in the last month? Right in the middle of the xmas buying season too. Perhaps the shareholders are paying attention...

    quote.yahoo.com/q?s=etys [yahoo.com]
  • by lyonsj (51249) on Tuesday December 21, 1999 @09:36AM (#1455838)
    Honestly, it's not a huge surprise that CNN has posted a story that's worded this way. I mean, first of all, they probably get ad dollars from eToys.com. And second, what, did you think the mainstream press would defend some artsy-fartsy freak group, so offensive to blue-collar America? I mean, hello... etoy.com had the work "fuck" on their page! *gasp* Quick, someone get the smelling salts!

    There are many, many things that annoyed me about this CNN article. Here's a short list:

    1) They did not mention that etoy.com was registered two YEARS before eToys.com. The wording makes it sound like etoy.com was just playing off the popularity of eToys.com, which is not the case.

    2) CRACKERS, not HACKERS! For crying out loud! How many times can they get this wrong? Isn't there something we could do to get these reporters a clue? crackers Crackers CRACKERS!

    3) OK, so someone posted eToys.com's IP address on the web. Oh nooo, Mr. Bill! God FORBID anyone should do that! As we all know, nameservers don't do that kind of thing every day. IPs are not meant to be seen by the general public! All them thar numbers and dots, those could mean *anything*!

    Oh, and as for those "proprietary" defenses being used by eToys: why am I not surprised that these people would take from the Open Source community and then not even be willing to disclose new (if they are new) ways of warding off attackers? Yeah, OK, I understand that this might make them more vulnerable, but then again.... well, we all know the good arguments for sharing information, so I won't rehash those.

    All in all, it's no more than I expected from CNN - but I would like to see the bar raised on these types of "mainstream technical" articles.
  • So any press is good press?

    Maybe the should go out a sacrifice a few babies...
  • Yah! I too thought that was the most clueless statement in the article.

    Name: etoys.com
    Address: 204.71.184.182

    Name: www.etoys.com
    Address: 204.71.184.166

    Gee that was hard!

    -M
  • Adam,

    It would have been more representational to have provided a little more context on the issue. While I vehemently disagree with what the crackers and script kiddies are doing, this is clearly a problem which etoys.com brought upon themselves with their unwarrented attack on etoy.com . Network managers at large company, who should be worrying about such things, need to know the context lest they, or their legal departments, step into the same wasps' nests.
  • I'd like to see the email from RTMark. Could you post it here?
  • by FFFish (7567) on Tuesday December 21, 1999 @09:44AM (#1455843) Homepage
    The news does not exist to inform you.

    It exists to sell your eyeballs to advertisers.

    The more eyeballs, the more dollars revenue.

    Facts just scare the audience away.

    Adopt this cynical (and realistic) understanding of the news media, and it'll serve you well.

  • http://www.cnn.com/feedback/ [cnn.com]

    This is the address I used. The form is cramped, but I told them what was on my mind. Remember it's best to offer POLITE constructive criticism.

  • I believe that the correct contact information for the person who wrote the article is at "http://www.idg.net/go.cgi?id=13177".

    Be polite, people - it IS possible to be firm but polite, and your recipient will be more likely to listen to you instead of tuning you out.
  • It's not in what they said it, it's in how it was presented. The title to the CNN article sets the tone for the whole article as the results of an "attack" (a BadThing(tm)) and anyone mentioned is therefor mentally related and thus "attackers" except for the poor-defensless-major-US-corporation-which-was-not -seriously-affected-by-the-DOS-attack.

    The solution to this type of article is the same as the solution to _any_ sort of article like this - MORE REGULAR PEOPLE NEED TO BE INVOLVED!

    The more "normal" people who contact x news agency, the greater the change in how x news agency will report the story. This is true of almost any news agency and almost any news story.

  • > That's the problem with freedom of speech
    > (supporters? advocates? zealots?). Doing things
    > like DoS against somebody's server just to
    > "prove a point" will only hurt freedom more than
    > help it, in the long run.

    The problem is a very vocal minority can ruin
    things for a silent majority. It happens all the
    time.

    Look at Seattle. A small group, perhaps of 15
    people...certainly less than 1/2 of 1% of all the
    people at the protest, were violent. They broke
    store windows and did other violent things. This
    made the entire body of protestors look bad.

    Then again...some could argue that it may have
    been a desired effect...there was an Anarchist
    Doctrine at the turn of the century whereby places
    would be bombed etc in an effort to make the
    government over-react in response - the end result
    being resentment towards the government response
    (looked at in that light...it worked brilliently
    for an excellent movie that adresses this...see
    The Seige where Denzel Washington says "They Have
    already won")

    In any case...it is almost always a minority who
    get noticed. In this case, since there is no
    resonse from the other side really (other than
    pointing out his childish antics) it makes the
    whole of etoy supporters look like a bunch of
    snotty kids.

    Those who really advocate "Free Speach" would
    recognize that etoys.com has a right to their
    free speach and would attempt to speak louder
    rather than annoy and silence them. (much the
    reasoning behind the ACLU regularly defending the
    Ku Klux Klan in court when they are not allowed by
    cities to hold parades,...then turning around and
    fighting for the rights of minorites in other
    cases)
  • CNN didn't write the article, so all the CNN conspiracy theorists can calm down. CNN "outsources" their technical content to IDG.NET. Ellen Messmer, the author, is a writer for Network World, you can contact her at:

    Ellen Messmer
    Senior Editor, Enterprise Applications
    emessmer@nww.com
    (202) 879-6752
    Fax: (202) 347-2365

    Network World
    1331 Pennsylvania Ave., Suite 505
    Washington, DC 20004

    Personally, I find this to be typical sloppy trade rag journalism. I don't think IDG has an private agenda (like the microsoft loving ZDNET). They just slapped a story together and pushed it out without understanding all the background.

    A good solution would be to educate Ms. Messmer is a calm, controlled manner, but somehow I don't see that happening with the /. crowd. The torches are lit, the pitchforks are out, and everyone is all worked up. /. itself pubishes poorly researched stories weekly, and it doesn't ignite this sort of flaming. (Oh wait, it does! I take that back 8-) )


    -Twid

  • Hey, you can bash the l335 13 year old kids out there breaking into systems, but who's fault is it if you leave your car unlocked with the keys in the ignition and leave it unattended while you go shopping all day? Insurance companies will tell you you didn't make a reasonable effort to prevent it, hence you can't collect. Your fault. If they catch the criminal, great - you get your car back. If not, tough.

    There's another spin I want to put on this - and that is that these script kiddies are performing an invaluable job - exposing security holes without doing *too much* damage. What's worse - a defaced webpage (graffiti) or industrial espionage. Which method would you like to have done to your web server? I prefer the former - atleast I know when it happened, and it's easy to clean up.

    Microsoft would never have released any security patches to SMB filesharing, or the SAM database "syskey" in SP6a or a plethora of other fixes if it wasn't for the pervasiveness of these "script kiddies". Conventional methods of writing to Microsoft failed - read any bugtraq posting about M$ and it'll go something like this: "I wrote to them a month ago and never heard anything, so I'm posting this really easy way to compromise any M$ OS to the public. Thanks Microsoft.

    I'm reminded of a quote from Southpark: "Blame Canada! Blame Canada!" It's true, a hundred times over. We'll just shovel the blame around - it's the script kiddies fault (our root password was aadvark, but that's not OUR fault!) - it's the governments fault - it's Microsoft's fault... how about "It's your fault." They point the finger at the admin, the admin points the finger at the vendor, and all the user gets is the finger. Thank god for script kiddies - they crack security enough to get it fixed, and they have the intelligence of lobotomized flatworms - ie: they can't do much real damage. Look at it another way: if they really were a threat, don't you think the FBI would be more active in trying to catch them?

  • by Kaa (21510) on Tuesday December 21, 1999 @10:01AM (#1455862) Homepage
    We need "peaceful" protests -- not disruptive actions. Yes we have to fight for our freedom rights, but doing childish things like ping floods, etc., will only give a very bad image to people outside of our circle, and actually advance the cause of those who want to take away our freedom ...[snip]... What we need is to protest in a non-disruptive way.

    I am usually not in favor of incitement to riots, but this position goes a bit too far the other way. Peaceful and non-disruptive protests make sense only when the imbalance of power between the two sides isn't too great. If your position on the totem pole is several feet below its bottom, then all the non-disruptive protests in the world aren't going to do you and your cause any good. At best you'll politely told to fuck off and not bother important gentlemen busy with their important matters.

    The proper criterion for protest is not how disruptive it is, but rather how effective it is in achieving its aims. Sometimes the best way is to be very, very polite. Other times, being polite is useless but being obnoxious and irritating works wonders. It all depends.

    I am not in favor of ping-flooding etoys' servers -- this attack is ineffective and is not likely to make etoys see the light. The management will just tell their tech people to fix it, and fix it they will, it's not hard at all. On the other hand, I am also not in favor of wringing one's hand lamenting the horrible state of affairs and writing whiny letters to congresscritters. If you want to do something, do something effective instead of pissing in the wind.

    Kaa
  • I have to watch CNN at work and the way they report makes me sick. Rather than giving references, they cave in to cheasy and dubious leads: "Sources say..." "The FBI says..." "Officials report..." That's the only thing that seperates it and the daytime talk shows.

    When is CNN going to do any actual reporting, rather than following up on press releases by contacting the obviously biased three letter agencies? Many stories I have seen where I knew some background, they have screwed up. There are exceptions, where adventurous reporters really mingled with the communities involved. But that's rare. I get to see CNN Headline News rehash what looks like government and sponsor approved spineless news.

    Further, they have to sensationalize on any blood and guts violence and terrorist related thing and hype it up like the world is going to blow at midnight, December 31st.

    Maybe some good old fashioned news reporting and none of their constant speculative biased editorials would be a welcome change. Why don't they pick up local news events from city television stations that are always interesting? Why do we have to watch them stir up the hornet's nest on breaking problems and take the side who has the biggest media relations staff? They keep on reporting on events like compost that doesn't quite yet have a chance of into anything fruitful while they take sides.
  • Having noticed the original article on cnn.com, I immediately went to /. to report the link. Of course, /. being /., there was already a link up to the article, along with a zillion replies.

    I got to thinking - if I were a clever executive at etoys.com who wanted to pump up the publicity for the site, especially during the holiday season, what would be the most efficient resource to use for this purpose?

    Then it hit me - What is the most potent energy source in the universe? Why, the unchecked ire of righteous net.rogues, of course! All that would be needed to harness such energy would be a minor slight, preferably one related to online freedoms.

    A plan is thus hatched - create a decoy company, a "little guy". Abuse the decoy company by throwing around monetary weight. When the decoy goes down for the count, the net.rogues are sure to reach a hand into the ring for a tag, and come in blazing. The media being what it is, it won't be able to resist reporting on the scoundrels and whatever retalitory actions they take.

    Result? My company comes out the hero, having been abused by those evil C^HHackers, and gets a ton of free press to boot, right around our most profitable time.

    Or maybe not.

    :)

    stil
  • by TheCarp (96830) <sjc@@@carpanet...net> on Tuesday December 21, 1999 @10:16AM (#1455875) Homepage
    > The proper criterion for protest is not how
    > disruptive it is, but rather how effective it is
    > in achieving its aims.

    Definitly agreed

    > I am not in favor of ping-flooding etoys'
    > servers -- this attack is ineffective

    Again agreed. The proper way to protest is to
    be disruptive. Be disruptive to their bottom line.
    This is best done by getting the word out and
    convincing people to vote with their dollars.

    If you flood the server and make it impossible for
    people to go there...thats just as bad as etoys
    themselves. To be an effective protester you DO
    have to be "Better than them".

    They should fight this thing tooth and nail. They
    need to get the attention of the media and get
    positive press. Make the entire incident a PR
    disaster for etoys, and don't stop until they
    fold.
  • by plunge (27239)
    While people are of a lot of different opinions about what RTMark does, thye do at least have a more solid philosphy then you're allowing them. Their point is that people all over the place are trying to inform the public at large about what etoys is doing, and no one cares to listen. They like doing disruptive, mean things, its all part of their whole "using the logic of corporations against corporations" sthitck. Personally, I think it's based on a misguided theory about how public information works ("people are ignorant of right and wrong- they just need to be shown what we think is right, and they'll come around), but they're welcome to have their own opinion. I at least respect that they are a group that's out there trying new things instead of mindlessly marching in the streets, a tactic long past its time. Contrary to public opinion, Seattle accomplished nothing and changed almost no one's minds.
  • Your definition of script kiddie is alittle more narrow than mine. A script kiddie in my book is basically someone who scans netblock after netblock looking for a system vulnerable to whatever exploits he downloaded. He logs the results of every scan for later use (when he finds an exploit for that platform / program) and in the meantime tries his current selection of cracks. If it works, he roots the box, scribbles some graffiti on the web page, deletes files, and generally vandalizes the site and moves on. More sophisticated ones might leave backdoors in to collect passwords or make an attempt at getting access elsewhere on the network, but most just root, deface, and move on.

    A script kiddie is usually someone who has alot of time to waste (high school / college student), has limited knowledge of networking (ie: knows how to connect two boxes together, but probably not the difference between a switch and a router), and usually, but not always, has a self-esteem problem which they "resolve" by breaking into sites en masse.

    Now that we're using the same terminology... script kiddies generally are not quiet - you can see them coming a mile away in your logs. If you're like me, you have your syslog piped right to a dedicated terminal sitting at your desk - I can see attacks in the first few seconds of the attempt. But for those that aren't as clued, someone picking through the digital rubble of a now-destroyed site can be a very educational (if sometimes expensive) lesson. Our random vandal just ratcheted up the priority security properly deserves for this sys/netadmin. Unfortunate, but some people learn no other way. Atleast in most cases the damage is a lost webpage or two which can often be restored from backup and a few damaged egos left in the wake.

  • THE GOLDEN RULE: The man with the gold makes the rules. Floods and attacks, as much as I'd hate to admit it, don't do a damn bit of good against a business; they're just going to use it as another reason to say that the internet should be some censored, dumbed-down, uninteresting and bland medium. We're going to have to vote with our dollars, and make sure that the ...persons... at etoys.com don't get a red cent of our money. This incident marks one of the inherit shortcomings of a free market and capitalism: you can buy almost anything, including justice. I'm not trying to bash our system, since it's the best one so far, but it's still something we have to be concerned about. It's a given that politics and economics go hand in hand; look at the internet taxation bills. Their decisions are not by any means rooted in a desire for free speech (which some politicians outright despise), it's to keep the economy running smoothly along. This means, unfortunately, that arts & humanities get the proverbial shaft; the interests of culture are woefully undermined by the interests of business.
  • www.etoy.com is still reachable by its IP-address (for those who don't know how to query DNS): http://www.etoy.com/ [195.49.62.75].

    ETOY.COM was registered in 1995:

    Registrant:
    etoy (ETOY-DOM)
    zwinglistr. 31
    Zuerich, zuerich 8004
    ch

    Domain Name: ETOY.COM

    Administrative Contact:
    Michel, Zai (ZM93) etoyzai@AGENT-ZAI.DE
    +41 79 321 59 40
    Technical Contact, Zone Contact:
    Fabio, Gramazio (GF1088) gramazio@ETOY.COM
    +41 1 242 40 81 (FAX) +41 1 241 60 52
    Billing Contact:
    Michel, Zai (ZM93) etoyzai@AGENT-ZAI.DE
    +41 79 321 59 40

    Record last updated on 10-Dec-1999.
    Record created on 13-Oct-1995.
    Database last updated on 21-Dec-1999 12:33:14 EST.

    while ETOYS:COM was registered more than 2 years later:

    Registrant:
    etoys (ETOYS3-DOM)
    3100 Ocean Park Blvd., Suite 300
    Santa Monica, CA 90405
    US

    Domain Name: ETOYS.COM

    Administrative Contact:
    Admin, eToys (AE247-ORG) admin@ETOYS.COM
    (310) 664-8100
    Fax- - (310) 664-8101
    Technical Contact, Zone Contact:
    eToys HostMaster (EH139-ORG) hostmaster@ETOYS.COM
    +1 310 664 8100Fax- +1 310 664 8101
    Fax- - +1 310 664 8101
    Billing Contact:
    Admin, eToys (AE247-ORG) admin@ETOYS.COM
    (310) 664-8100
    Fax- - (310) 664-8101

    Record last updated on 12-Jul-1999.
    Record created on 03-Nov-1997.
    Database last updated on 21-Dec-1999 12:33:14 EST.

    :-)
    ms

  • Unless you define marches, sit-ins and boycotts as disruptive.

    I do. I think you are confusing "violent" and "disruptive". Disruptive means that the targets of the process cannot carry on as if nothing is happening. Sit-ins, for example, are usually highly disruptive.

    Both Gandhi and Martin Luther King understood the effectiveness of highly disruptive non-violent protests.

    Kaa
  • Hey, you can bash the l335 13 year old kids out there breaking into systems, but who's fault is it if you leave your car unlocked with the keys in the ignition and leave it unattended while you go shopping all day?

    The thief's fault, dammit.

    Let's not lose sight of that; no matter how stupid you are about security, whether it's with your car, your person, or your web site, somebody still has to do something actively *WRONG* here for there to be a true problem.

    It's becoming very fashionable in this country to claim the victim bears the responsibility for the attack, but "she was asking for it, wearing that short skirt and using that old buggy web server without closing down the known holes" doesn't work as a defense.

    In your example, the thief is still guilty of grand theft auto, and you *WILL* collect on your insurance if you push the matter toward court.


    The moral of the story; stay out of other people's holes without permission.
  • I do. I think you are confusing "violent" and "disruptive". Disruptive means that the targets of the process cannot carry on as if nothing is happening. Sit-ins, for example, are usually highly disruptive.
    No, I am not. The protests in Seatle (if their had been no violent minority) where disruptive. They were intending to prevent the meeting.

    The March on Selma was just that a march. Gandhi's boycott of the textile and salt purification industries where boycotts, they did not prevent the companies from doing bussiness.
  • (Links ommitted: If curious do a /. search..)
    Action: Amazon sues B&N - courts act like ninnys
    Response:Richard Stallman calls for an Amazon boycot.
    Response: Amazon doesn't notice.
    Action: WTO goes to Seattle - cops act like ninnys
    Response: Techno-Hippies attempt DOS Sit-in
    Response: WTO doesn't notice.
    Action: EToys sues EToy. - courts act like ninnys
    Response: RTMark attempts DOS attacks.
    Response: EToys doesn't notice.

    Are we seeing a pattern here?
    Oops. I missed something
    Response: Amazon, WTO, and EToys get great press coverage, the kind of coverage PR departments can't buy, and love every minute of it.
    Response: A bunch of people get upset over hacker/cracker definations. (When you get your system raided by the Secret Service, let me know. [I, at least, got a cool T-Shirt.] Until then get off your high horse.)
    Response: People get upset over biased reporting and report on that in a biased manner.

  • by Barbarian (9467) on Tuesday December 21, 1999 @11:08AM (#1455899)
    They're on LINUX, so they can do this on a router:

    /sbin/ipchains -A input -i eth0 -p icmp --icmp-type ping -d 0.0.0.0/0 -j DENY

    using -j DENY over -j REJECT means that the packet is just dropped by the kernel like it never existed. It means that a reply is never sent. It takes a lot less cpu time and bandwidth this way, as a reply packet does not have to be sent.
  • You mean, like you?

    Seriously though, I think you are oversimplifying. The same script kiddies hacking and replacing web pagses through a number of know exploits are also gaining remote root access for the purposes of local and remote password sniffing. Whether it be for their warez server or one of a number of boxes to launch DoS attacks, depends on the particular script kiddie.

    Why are they still script kiddies? Because you can teach anyone with a basic amount of computer knowledge how to do these things in about 10 minutes.

    What script kiddies do is illegal. Period. Likening them to the thief who breaks windows is valid. Just because you aren't in a corporeal world doesn't mean people aren't losing money or time. I should know, I get paid to do damage control as well as passing on important security information before (as to their services running as well as how to properly run a firewall et al).

    You know where most corporate hacks originate? Inside the company.

    Oh, and by the way, any kiddie with a couple of accounts on decent links can completely obliterate the httpd daemon on any host with a couple hundred thousand of spoofed syns a second (firewalls can't protect open services unless they dynamically and elegantly drop attacks such as this -- and even then are a mixed bag).

    Take a ride over to EFNET (and some other) IRC networks some time. A large percentage of these dorks hang out there.
  • If you check out this website [cnn.com], you will find that the planned script includes a nifty advertisement for EToys.com.

    It seems unlikely to me that CNN is going to place any news in such a way that it will make a sponsor look bad. Conversely, it will help insure that their sponsor is able to stay in business if they can denigrate the sponsor's opponents.

    I am posting a politely critical E-mail to CNN, because the last thing that I'll permit anyone to say is that I don't try, but I think they may have already chosen their sides on this one.

  • There's this little thing called "Innocent Until Proven Guilty", that says otherwise.

    Then, there's the problem with over-generalising. The postman "associates voluntarily" with RTMark every time they deliver the phone bill or a birthday card. It doesn't take an Einstein to see that they're not "guilty by association" or any other such nonsense.

    To say that someone is "guilty" is to make a very definite and somewhat condemning statement. When this is done without evidence or basis, it is prejudice. When action is taken on the basis of that prejudice, it is a hate crime - a random act of "retaliation" for something that exists only in the minds of those who are "retaliating".

    Anyone who wishes to live in such an evil, hate-filled society is welcome to do so. Just live in someone else's neighborhood. Better yet, live in someone else's planet. I don't want it here.

  • by homunq (30657) on Tuesday December 21, 1999 @12:36PM (#1455918) Homepage
    That's an excellent metaphor. First I just wanted to point out some facts about what happened in Seattle, then I wanted to show a different side of the metaphor which I think is more relevant to etoys vs. kiddies.

    Here is what I saw in Seattle, as a legal observer, a protestor, and a member of Food Not Bombs (a significant non-destructive Seattle anarchist group):

    The "black bloc" who broke windows numbered at least 40-50. Not all of these people broke windows, but all were collaborating in this action. In terms of "provoking government over-reaction" - it may have been intended that way but the tear gas had been used at least an hour prior to the first broken window. (It's my belief that government overreaction, which despite the chaos on Tuesday really kicked in on Wednesday, was more a factor of Clinton's presence; the Secret Service's "if things go bad Wednesday, we have to have crushing superiority and readiness for ruthless tactics" philosophy became a self-fulfilling prophecy.)

    The Etoy thing is not about provoking overreaction though. To my mind the more pertinent aspect of the metaphor is the black bloc's belief that their actions were necessary to get media coverage, and that even negative coverage served to spread their message. I'm sure that some script kiddies feel the same way. And when major media gets the story totally wrong, as in this case, it only fuels their attitude. "Their gonna twist the story anyway, at least this way they won't ignore it." IMO a counter-productive attitude, but certainly one I can sympathize with.

    (Wouldn't it be nice if etoys sued CNN for indirectly encouraging the DoS attacks through their biased coverage? :)
  • Who's playing good and evil? The law is the law. Are you trying to tell me that many script kiddies are trying to exercise civil disobedience? Even on so called political hacks, I have yet to see a very valid or well though out explanation as to how the hack occured.

    As far as mass media goes, anyone knowledgable in most topics they discuss can laugh knowing they are often presenting candy coated, biased, and misrepresented material.

    CNN may have done this -- though you should remember that reporters all have different perspectives on a situation (as do the readers). But yes, I think defamation is wrong when material is misrepresented or deflected to those who did something stupid in name of a cause (think WTO protests).

    Are they not Job security for you?

    So? What, was I supposed to present a purely biased and flawed argument in my favor? :)
  • News has no business being biased. (One of the reasons the BBC is so respected is that they do make an effort to report the facts, not the editor's opinion of what the boss wants the businessmen he plays golf with to hear.)

    The only accurate (and therefore worthwhile) news is news without an editorial bias. Anything else is a mix of opinion, speculation, manipulation, distorion and plain, old-fashioned FUD.

    Sorry, but if I want FUD, I can always go to www.microsoft.com and do a search for their stuff on Linux. If I switch to a news station, it's because I want news. Real News. You know, the stuff that's actually happening. The stuff they're paid to report. I can find plenty of FUD on my own, I don't need it from the news services.

  • That must be why the guys from eToys are always in their cage when I walk by at FGC Sunnyvale.

    This was not previously the case.
  • Script kiddies, in my experience, don't just "root, deface, move on".

    They install IRC clonebots, "FludNets", BackOrifice, NetBus, r00tkits, and all other manner of crap.

    You make it sound so harmless.

  • We're going to have to vote with our dollars, and make sure that the ...persons... at etoys.com don't get a red cent of our money.

    No offense, but this isn't going to jack poo-poo to eToys. The majority of the shoppers of eToys are not the same people who care that eToys is suing Etoy. Whining, complaining, protesting, even attacking draws attention and while some methods are better than others (Stallman's boycott of Amazon vs. RTMark's [or whoever's] DoS'ing of eToys), attention to the issue is what is needed, not "Oh, I'm going to boycott." If you were RMS, that might carry some weight, but what is really needed is this discussion to be taken to someone like CNN so that rather than doing a report on DoS attacks, they do a report on what exactly the entire fiasco is all about and what it could possibly mean for 'Net law, 'Net activities, and the 'Net community.

    I think the Slashdot Effect sometimes goes to people's heads. Slashdot is not as big and mighty as people claim it to be. It has the potential to influence far many more people than it actually does, though. As it is now (and I'm guilty of this, too, I might add), we're just debating amongst ourselves.
  • You seem to have missed the point, my dear... The "salt" march was chosen specifically because it was highly disruptive. Being disruptive to business-as-usual is, in fact, essential to non-violent movements (otherwise, they're just ignored).

    Of course, the very best disruption, for any corporation, is a highly visible and effective boycott of their product(s). Surely, that's a no-brainer?

    One more thing, while I'm on this subject: The Seattle WTO protests (complete with property-specific violence) were a great success, measured just about any way you like. Somehow nobody seems to ever explain that the 60's were a time of change in part just because there were so many different -- even divergent -- goals and strategies. So, some of us can boycott, some can be messing about with DoS, others can hire lawyers... that's what "do your own thing" meant.

  • by anticypher (48312) <[anticypher] [at] [gmail.com]> on Tuesday December 21, 1999 @02:52PM (#1455936) Homepage
    And eToys are getting help from upstream, but probably not the kind they want.

    The DoS attacks against eToys coming from .ru and many EU countries are causing problems on the trans-atlantic links. Since the traffic patterns contained every type of DoS, it was decided just to drop almost all traffic going to the eToys /27 subnet. The decision was made that eToys was in the wrong, and they clearly were targeting only the US market, so blocking them from Europe would not hurt their revenue.

    Not all of the carriers on the European end of things have blocked traffic, but 80% of traffic, including HTTP, is going into a BGP4 black hole before it clogs the networks. With a little work I can get to eToys, but they are effectively shut out of Europe for now, and will stay that way until the end of the law suit against etoy.

    I also can tell there are some tier 1 carriers in the US blocking traffic to eToys, so this DoS is having a wider effect than just a few ping floods and TFN. It is not just the 2% loss of business now, but a potential 50% or more. eToys actions in court are having an effect on ISPs, so ISPs consider their actions to be a type of attack on the internet, and are blocking their users from the evil eToys.

    /.ers should remember to also write a letter to NSI, complaining about how the loss of etoy.com is hurting you personally, and how eToys are the new interloper causing havoc on the internet.

    the AC
  • Along these lines, there was a case in italy about a year ago where it was ruled that a woman that was wearing tight blue jeans who was raped had to have helped her attackers, because they were so difficult to get out of. The judge said this shows consent, and she _couldn't_ have been raped. Strange, but true.

    Moral of the story: Wear baggy clothes in italy.
  • Were I to launch attacks against online merchants, I wouldn't do something so silly as just trying to create a lot of traffic. I would try to stress out their system as heavily as I could - say with a Perl script generating random "purchases" with garbage names and garbage credit cards...

    Cheers,
    Ben
  • Here is whats wrong with a DoS attack. Just great script kiddys just turnned EToys into innocent victioms and etoy.com into evil vile bad guys in the public eye.
    This in no way helps etoy.com... Many will now reguard them as a website willing to resort to vile tricks. Forget that etoy.com predates etoys by a few years. In launching a DoS attack on Etoys the supporters of etoy.com have hurt etoy.coms position.
    Thanks to this there is little hope that etoy.com will ever hear the end of this (they will win in cort I'm pritty shure of that it's the larger cort of public opinion where they'll continue to do battle)
    This isn't much more than techno chest thumpping and dose no one any good...
  • Try sending them mail asking about the purchase you made that was due to arrive 2 weeks ago...They
    can't afford to not look at those mails..

    //rdj
  • and don't forget etoys.co.uk

    //rdj

HOST SYSTEM NOT RESPONDING, PROBABLY DOWN. DO YOU WANT TO WAIT? (Y/N)

Working...