[opensource-dev] Malicious payloads in third-party, viewers: is the policy worth anything?
Gareth Nelson
gareth at garethnelson.com
Sun Aug 22 05:16:16 PDT 2010
I've reported emerald for violating this clause of the TPV policy:
"You must not launch Denial of Service (“DoS”) attacks, engage in
griefing, or distribute other functionality that Linden Lab considers
harmful or disruptive to Second Life or the Second Life community."
So, hopefully that'll be the end of it, hopefully......
On Sun, Aug 22, 2010 at 9:36 AM, Michael Daniel <m.a.daniel at iup.edu> wrote:
> Since I am a student on summer break until next week, I have way too
> much time on my hands, and I like numbers (famous last words) so I did
> some analysis of modular systems attack on iheartanime.com.
>
> I think the amount of data involved has been understated in many
> discussions I've seen so far, so I'll show my work, but long story
> short: 4.2 terrabytes of data transfer are involved with this attack
> (2.1 tb up and 2.1 tb down).
>
> I used the screen cap from the following URL to find exactly what was
> downloaded every time somebody logged in with the emerald viewer during
> this attack:
> http://alphavilleherald.com/images/2010/08/modular-bing.jpg
>
> I used Google Chrome's inspect element feature to find the sizes of the
> files downloaded (right click, inspect element - resources - size).
>
> This is what I came up with:
>
> http://iheartanime.com/griffblog.php?article=omnomnomnomnom 163.20k
> times 20 loads is 3264k
> http://iheartanime.com/images/emerald-explore-sounds.png
> 50.03k
> http://iheartanime.com/images/emerald-windows-disclosure.png 55.09kb
> http://iheartanime.com/images/emerald-mac-disclosure.png
> 66.90kb
> http://iheartanime.com/images/emerald-linux-disclosure.png
> 67.32kb
> http://iheartanime.com/images/imgsearch-v0.0.2.png
> 152.37k
> http://iheartanime.com/images/FRIENDLY%20GREETINGS.jpg 77.32k
> http://iheartanime.com/images/inertia-test.jpg
> 113.51k
> http://iheartanime.com/images/inertia-login.jpg `
> 25.78k
> http://iheartanime.com/images/inuyertia.jpg
> 153.68k
> http://iheartanime.com/images/neillife.jpg
> 102.22k
> http://iheartanime.com/images/background-v2.png
> 130.64k
> http://iheartanime.com/images/background.png
> 77.40k
>
> Total size: 4336.26kb, or 4.33626mb per emerald login.
>
> According to the alphaville herald article, "Gazov told the Herald he
> saw 16,541,673 page hits referred by the Emerald login pages over three
> days". I'm sure he has the server logs to back him up, so lets see what
> happens if we take him at his word (which I would do, as he seems pretty
> honest to me).
> link:
> http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html
>
> I count 32 page hits per login, so we divide 16541673 by 32 to get the
> number of emerald logins during the attack.
> 16541673 hits / 32 page loads = 516927.28125 logins from emerald
>
> Since it's not an even number, Hazim's numbers must be off a bit. That
> is no surprise, since his server was under such strain. Lets round it
> up to 516928 logins from emerald during the attack.
>
> 510678 logins during the attack * 4.33626mb requested per login =
> 2214432.58428mb requested from iheartanime.com
>
> I used an online calculator at the following link to translate that into
> terrabytes:
> http://www.matisse.net/bitcalc/
>
> It works out to 2.11184748104095 Terrabytes of bandwidth stolen from
> Hazim in 3 days!
>
> As we all know, this bandwidth was not just stolen from Hazim. It was
> also stolen from Emerald users, so if we multiply that by two we get a
> grand total of 4.22369496154786 terrabyts stolen in three days. To make
> this more concrete, that's over 4.2 tb of transfer. If you'll pardon
> the archaic reference, the library of congress, if compressed, could fit
> into 4.2 tb almost two times. That's a lot of data.
> Citation for LOC measurement: http://bit.ly/9TRWUX
>
> The crazy part is that modular systems shows absolutely no remorse at
> all for stealing Hazim's bandwidth. Most hosts give unlimited
> bandwidth, but some do not. If, for example, his hosting was at
> nextpoint.net, their hosting plans all come with 2000gb of transfer, so
> he would have gone over by 162.53182058594gb. They charge $4.50 per gb
> for overage, so that would have worked out to $731.39 in damages to
> Hazim, not counting his regular traffic. Aren't there laws against this
> kind of thing?
>
> Nextpoint.net reference:
> http://www.nexpoint.net/support/policies/billing.cfm
>
> Video of the emerald team talking about how ridiculous it would be to
> apologize to Hazim, among other things:
> http://www.youtube.com/watch?v=rwmVj9u7C3U
>
> Somebody in the video (I'm assuming the person is Arabella Steadham)
> said, "I'm not going to apologize to Hazim, I mean, why would I?," as
> others agree that they could care less about him. They also said that
> their users take their account names and passwords too seriously.
>
> I don't see how the third party directory can retain any respectability
> at all if they don't remove Emerald. I'd be happy if each and every
> member of Modular Systems was banned from SL, but I know there are
> politics involved, so that probably won't happen.
>
> Anyway, I'm sorry if I distracted this list from more important things
> going on with snowstorm. Given the discussion going on in this thread,
> I thought some people on this list might find these numbers
> interesting. I can't wait to see what you guys come up with for
> snowstorm at the end of the first sprint.
>
> Cheers!
> ~Bubblesort Triskaidekaphobia
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>
--
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
More information about the opensource-dev
mailing list