The real story about TF2-TRADER

[daem0n]

hey asshole

"D) Disrespecting other traders or an admin is childish. Admins are simply there to help ppl make safe trades. They give up many hours a day to help ppl make safe trades. Be respectful to these ppl they spend countless hours helping others for free."

--

"Closed minds ? why am I not surprised.

Fuck STEAMREP and their unprofessional BS. Marked me as a scammer on ASSUMPTION, not facts. What sort of fucking shit site marks me as a scammer ! Steamrep, thats what.

Those morons don't even know how steam friends works, proven when they attacked me.. "noobinator" seems to think if someone deletes you, they're still on your list. No, dickhead I didn't delete you. You deleted me.

They put themselves in charge. Noone with a brain would leave these kids in charge."

"PS...by the way daemon #ee this looks good in your sourceop rep thread
your a joke daemon. how about going after actual scammers who scam unusuals and promos instead of trolling on random topics. You are by far the most useless admin on all the trade sites. you do nothing but bitch about the littlest things."

" daem0n has done nothing but subtle (quite often blatant) bashing of posts all over the place. I'm a bit confused as to what he even does for any of these communities other than such. These kinds of posts don't belong here, or anywhere for that matter. Between design threads, topic trolling, and essentially useless admin status; I'm confused as to where you're ever useful in the conversations you participate in. You act all high and mighty and better than everyone else about SO many things, but you have little to nothing to back it up, why bother? I have held my tongue on many occasions with you, however there comes a point in which enough is enough. Stop trolling and try to provide some real insight and/or useful information to the posts you make for a change."

"you're a grade A classic forum troll, period."

"I can give you more than a "handful" of people who have had issues with you at one time or another bud, doesn't mean such a thing holds merit because I say so."

courtesy of tf2-trader admins (all of the above actually)

gr8 thread, videogames

also that stupid paypal pic: you're not even trying anymore, the net amount is -$15 (not that you'd understand what that means)

back to crying over mizzou (and hopefully not duke too....)

[TheDopp]

I know I'm probably going to take some flak for trying to fact check something that's speaking out against a folk devil, but something about this really irked me and I have a few thoughts I would like to clear up.

Please note that I'm not being hostile and I'm not questioning the legitimacy of anything else in the post Nor am I attempting to defend any of the accused, the DDoS part just really seems fishy to me, and it strongly begs clarification as you're publicly accusing somebody of a federal crime.

The first thing about this is that most modern ISP's have a safe-guards such as rate-limiting and delayed binding, which make directly attacking a client within that ISP extremely difficult.

A second stage of security comes from your router. With proper ACLs (such as port filtering) a DDoS attack is nearly impossible unless you have a broadcast security fault or home server that they somehow knew about.

The third one pertains to the second one. Unless you had something akin to remote management enabled, and they had the exact port that was setup on, they would have no way to directly attack your router.

It just seems odd that somebody could perform a brute-force packet flood through a modern ISP upon a person who has no feasible target for a DoS to hit. (This comes with the understanding that you can't just send somebody billions of packets and crash their router, there has to be something receiving this packets, processing them, and authenticating them or else they would be filtered by TCP splicing)

*thread derail*
It's been ages since I did anything truly indepth network related, and the Glendfiddich is kicked in, but don't most home routers (assuming it's like a WRT54G or something just common) have a TCP connection limit? I'm assuming most ISP's block TCP ACK/SYN attacks, but what if it's on an established port (e.g. TF2, though I cant remember if the TCP ports are used for the client beyond first connect) or something common (e.g. torrents, faceyspaces, whatever the kids these days are using)?

[TRUNK_SLAMCHEST]

hey blackened you have plenty of time to defend yourself in other threads....


WHY NOT HERE?

[OhMygah]

hey blackened you have plenty of time to defend yourself in other threads....


WHY NOT HERE?

I'm pretty sure Blackened hasn't actually made an effort to defend himself at all or debunk anything we say. His posts usually consist of LOLUMAD-esque logic followed by "Haters gonna hate" and "MY COMMUNITY IS THRIVING AND WE'RE GREAT" etc etc. That's when he decides to reply to anybody at all, however, as usually he completely ignores every fact thrown against him.

[TRUNK_SLAMCHEST]

hey blackened you have plenty of time to defend yourself in other threads....


WHY NOT HERE?

I'm pretty sure Blackened hasn't actually made an effort to defend himself at all or debunk anything we say. His posts usually consist of LOLUMAD-esque logic followed by "Haters gonna hate" and "MY COMMUNITY IS THRIVING AND WE'RE GREAT" etc etc. That's when he decides to reply to anybody at all, however, as usually he completely ignores every fact thrown against him.

ahaha the good ole deflect & flame.

i used to use that when i first found out what 4chan was.

STEP YOUR GAME UP BLACKBANNED

[OmegaZero_Alpha]

thread derail*
It's been ages since I did anything truly indepth network related, and the Glendfiddich is kicked in, but don't most home routers (assuming it's like a WRT54G or something just common) have a TCP connection limit? I'm assuming most ISP's block TCP ACK/SYN attacks, but what if it's on an established port (e.g. TF2, though I cant remember if the TCP ports are used for the client beyond first connect) or something common (e.g. torrents, faceyspaces, whatever the kids these days are using)?

Assuming the program was caching or processing all of the malicious packets it could bog down his computer significantly, but even then the program would simply crash, worst case his computer crashes altogether.

I know that you can connect as many connections as you want through a WRT54G and it will still function normally, because the connection limit for windows is much lower than the router can handle. Maybe if the guy had about 12 devices and each one of them were being targeted separately, but once again there is no way to target a device itself except through the software's external port, and as I mentioned above it would simply crash the program or device.

Attacking a router or a modem directly seems really complicated and contrived if all the person wanted to do was mess with the guy.

[TheDopp]

Assuming the program was caching or processing all of the malicious packets it could bog down his computer significantly, but even then the program would simply crash, worst case his computer crashes altogether.

I know that you can connect as many connections as you want through a WRT54G and it will still function normally, because the connection limit for windows is much lower than the router can handle. Maybe if the guy had about 12 devices and each one of them were being targeted separately, but once again there is no way to target a device itself except through the software's external port, and as I mentioned above it would simply crash the program or device.

Attacking a router or a modem directly seems really complicated and contrived if all the person wanted to do was mess with the guy.

Well if the RAM in the router is only 8MB (assuming an older router that's been in the house for a while) the limit is probably 512 or 1024, which even with Windows default behavior of 10 (Honestly have no idea if that was ever changed after XPSP3 since I've been mac since then) that's still Windows saying no - the router is just going to pass the connection attempt along until it's table is full. It's not attacking the router directly, just attacking it being dumb.
Though if I'm way off just tell me and I'll shush. That just always seemed the most logical response in my head to people going 'zomg I've been ddos'd!!11'.

[Archey]

hmm.. interesting.

[OmegaZero_Alpha]

Well if the RAM in the router is only 8MB (assuming an older router that's been in the house for a while) the limit is probably 512 or 1024, which even with Windows default behavior of 10 (Honestly have no idea if that was ever changed after XPSP3 since I've been mac since then) that's still Windows saying no - the router is just going to pass the connection attempt along until it's table is full. It's not attacking the router directly, just attacking it being dumb.
Though if I'm way off just tell me and I'll shush. That just always seemed the most logical response in my head to people going 'zomg I've been ddos'd!!11'.

Well when windows rejects the connection it is practically no load on the router, especially compared to heavy gaming or downloading a file, because it basically ignores bogus packets. If you could crash a router by spamming it with too many packets from too many sources then how do you think that people could download torrents from 500+ peers simultaneously at the maximum speed of their Internet connection?

Also keep in mind that routers don't keep every connection in its DHCP table, only those that are connected to the internal network. In fact the reason that home routers themselves are so impervious to denial of service is BECAUSE they are dumb and don't bother with any of the packet shaping or any other advanced networking features that enterprise routers generally would. If they send a packet (or even hundred trillion packets) to a port that isn't forwarded they're all dropped with no increased load on the router whatsoever.

This is why DoS works on websites and servers. Every 'request-packet' you send to a website MUST be responded to tenfold, which creates load for the server. These things all need to be logged and shaped, which creates more load for the server. When you have tens of thousands of request packets it maxes out the server's client capacity (Not it's connection speed, as popular opinion dictates.) and it starts to run out of available CPU cycles, memory, and hard drive space. In a home network when a request-packet is sent the computer drops it and doesn't give it another thought, because it has nothing to respond with.

The only way I've been able to think of that could have crashed his router directly is if he had a custom firmware that he hacked to remove the restriction of remote-management login attempts, and then programmed it to respond to packet-sniffing on every port from an external source or publicly broadcast his remote management port. Basically neither of these things could possibly serve a practical purpose, though, so I assumed if he had the programming knowledge then he wouldn't bother.

[TheDopp]

Also keep in mind that routers don't keep every connection in its DHCP table, only those that are connected to the internal network.

Makes sense, but last stupid question:
Isn't there a TCP connection table with timeouts that it does keep track of since most home routers are doing NAT? So it has to keep track of the TCP connection (and where its going, and if I remember right what specific Socket its related to on the destination PC), and the timeout for it. Which means if there are 1024 "active" TCP connections on the network (or 512 for really old routers) and the timeout for them hasn't been reached to knock them off the table, wouldn't the next one (depending again on the age, table size, and intelligence of the router) cause the thing to twitch and die?