Archive for March, 2012

Always Test the RAM on a New Server!

Don’t expect your provider to do it for you! I ran into paging errors on bootup with the monolithic 2.6.38 paravirtualized Xen kernel I published here and have been using without issue for over three months on a new dedicated server with a similar dom0 software configuration as the one it was compiled for. The tell-tale sign that I was seeing a physical (re-mapped virtual) memory error rather than a flaw in the kernel was the fact that it only happened when the virtual machine was allocated over a certain amount of RAM, but never under. Unfortunately, this server is an i5 and lacks ECC RAM or an IPMI for hardware logging so I was forced to take a gamble on support fees and get their techs to attach an IP KVM so I could run memtest86.

As you can see, after at least 16 clean passes memtest shit the bed. The golden rule has always been to test the RAM on a new server for at least 24 hours straight. Of course, the other golden rule is to only get servers with ECC – not that it makes having bad RAM OK, it just makes it easily detectable and recoverable. I’m certainly going to start practising what I preach as were it not for some fortunate last minute scheduling changes this could have been a rather costly inconvenience!

“Anonymous” Threatening to “Shut Down Internet” March 31

Apparently some among legion want to DRDoS the root name servers with the same sort of UDP-spoofing DNS amplification attack I have had personal experience defending against.

I’m not going to get into how horribly misguided this is, how negatively this is going to affect the cause’s image or some long-winded speech on ethics. I only plead with interested parties not to get involved.

Attacking “the Internet” itself for any reason makes you an enemy of freedom, an enemy of progress and above all else a disgrace to hacking.

The hottest places in hell are reserved for traitors and heretics.

“The greatest enemy of freedom is a happy slave.”

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
bankers who are starving the world for their own selfish needs out of
sheer sadistic fun, On March 31, anonymous will shut the Internet down.


In order to shut the Internet down, one thing is to be done. Down the
13 root DNS servers of the Internet. Those servers are as follow:


By cutting these off the Internet, nobody will be able to perform a
domain name look-up, thus, disabling the HTTP Internet, which is,
after all, the most widely used function of the Web. Anybody entering
“” or ANY other url, will get an error page,
thus, they will think the Internet is down, which is, close enough.
Remember, this is a protest, we are not trying to ‘kill’ the Internet,
we are only temporarily shutting it down where it hurts the most.

While some ISPs uses DNS caching, most are configured to use a low
expire time for the cache, thus not being a valid failover solution
in the case the root servers are down. It is mostly used for speed,
not redundancy.

We have compiled a Reflective DNS Amplification DDoS tool to be used for
this attack. It is based on AntiSec’s DHN, contains a few bugfix, a
different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be
used to trigger a rush of DNS queries all redirected and reflected to
those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
we can change the source IP of the sender to our target, thus spoofing
the source of the DNS query.

The DNS server will then respond to that query by sending the answer to
the spoofed IP. Since the answer is always bigger than the query, the
DNS answers will then flood the target ip. It is called an amplified
because we can use small packets to generate large traffic. It is called
reflective because we will not send the queries to the root name servers,
instead, we will use a list of known vulnerable DNS servers which will
attack the root servers for us.

DDoS request —> [Vulnerable DNS Server ] Normal client requests
| ( Spoofed UDP requests
| will redirect the answers
| to the root name server )
[ 13 root servers ] * BAM

Since the attack will be using static IP addresses, it will not rely
on name server resolution, thus enabling us to keep the attack up even
while the Internet is down. The very fact that nobody will be able to
make new requests to use the Internet will slow down those who will try
to stop the attack. It may only lasts one hour, maybe more, maybe even
a few days. No matter what, it will be global. It will be known.


download link in #opGlobalBlackout
The tool is named “ramp” and stands for Reflective Amplification. It is
located in the \ramp\ folder.

———-> Windows users

In order to run “ramp”, you will need to download and install these two


The Winpcap driver is a standard library and the TOR client is used as
a proxy client for using the TOR network.

It is also recommended to use a VPN, feel free to choose your own flavor of this.

To launch the tool, just execute “\ramp\launch.bat” and wait. The attack
will start by itself.

———-> Linux users

The “ramp” linux client is located under the \ramp\linux\ folder and
needs a working installation of python and scapy.

Read more:

“He who sacrifices freedom for security deserves neither.”
Benjamin Franklin

We know you won’t listen. We know you won’t change. We know it’s because
you don’t want to. We know it’s because you like it how it is. You bullied
us into your delusion. We have seen you brutalize harmless old womans who were
protesting for peace. We do not forget because we know you will only use that
to start again. We know your true face. We know you will never stop. Neither
are we. We know.

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
You know who you are, Expect us.

UPDATE And then there are those who do God’s work: Anonymous hacks Chinese websites

Portage Errors: sys-devel/patch is blocking sys-libs/glibc

If you run into this error while updating glibc:

# emerge --update gcc glibc

 * IMPORTANT: 6 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.

Calculating dependencies -[root@hd-t3672cl ~]# xm console dns2
... done!
[ebuild     U ] dev-libs/mpfr-3.0.1_p4 [2.4.1_p5]
[ebuild     U ] sys-devel/gcc-config-1.5-r2 [1.4.1]
[ebuild  N    ] virtual/os-headers-0 
[ebuild  N    ] dev-libs/mpc-0.8.2 
[ebuild  NS   ] sys-devel/gcc-4.5.3-r2 [4.3.4] USE="cxx hardened mudflap nls nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran -gcj -graphite -gtk (-libssp) -lto (-multilib) -multislot -nocxx -nopie -nossp -objc -objc++ -objc-gc -test -vanilla" 
[ebuild     U ] sys-libs/glibc-2.13-r4 [2.10.1-r1] USE="hardened*" 
[ebuild     U ] sys-devel/gcc-4.3.6-r1 [4.3.4] USE="cxx%* hardened* nptl* -fortran* (-libssp) -nossp%" 
[blocks B     ] <sys-devel/patch-2.6 ("<sys-devel/patch-2.6" is blocking sys-libs/glibc-2.13-r4)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  ('ebuild', '/', 'sys-libs/glibc-2.13-r4', 'merge') pulled in by
    >=sys-libs/glibc-2.8 required by ('ebuild', '/', 'sys-devel/gcc-4.5.3-r2', 'merge')
    >=sys-libs/glibc-2.8 required by ('ebuild', '/', 'sys-devel/gcc-4.3.6-r1', 'merge')

For more information about Blocked Packages, please refer to the following
section of the Gentoo Linux x86 Handbook (architecture is irrelevant):

 * IMPORTANT: 6 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.

Update patch first and carry on:

# emerge --update patch
# emerge --update glibc gcc
Return top
Online Marketing Toplist
Technology Blogs - Blog Rankings

Internet Blogs - BlogCatalog Blog Directory

Bad Karma Networks

Please Donate!

Made in Canada  •  There's a fox in the Gibson!  •  2010-12