Do not use scripts !!!!

**savant123456** · 29th October 2003, 11:13 AM

I would advise you all to stop using these scripts immediately. Most scripts like this which access a web site multiple times are illegal. If needed BCIS can track ur identity and then people like India1975 and others may be in trouble. I think posting the script on this bbs was a bad idea to start with.

Looking at other people EAC number may be illegal as well, even if you may not be aware of their identities. In understand that we are all getting impatient about processing (including myself) but considering that all of us are smart and informed people we should consider such legalites before posting such scripts.

-Savant

**GCvomit** · 29th October 2003, 12:39 PM

I totally agree with you.

**waytoolong** · 29th October 2003, 02:33 PM

The information is public, there are no legal restrictions on how many times you can access a public domain website. Collecting data to create a graph is not an illegal act.

BCIS can put restrictions on multiple access to protect against "denial of service" attacks.

If "looking at other peoples EAC numbers" is illegal then posting them in a public domain is illegal as well. I would advise you to sue BCIS or keep your ignorant trap shut.

**savant123456** · 29th October 2003, 03:09 PM

Waytoolong (my bitch),

Before I keep my ignorant trap shut and mind my own business, I would like to put in my two cents worth:

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include : attempts to "flood" a network, thereby preventing legitimate network traffic

Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three types of attack:

- consumption of scarce, limited, or non-renewable resources
- destruction or alteration of configuration information
- physical destruction or alteration of network components

Lets just talk about the first one,

Consumption of Scarce Resources
Computers and networks need certain things to operate: network bandwidth, memory and disk space, CPU time, data structures etc.

Bandwidth Consumption
An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network. Typically, these packets are ICMP ECHO packets, but in principle they may be anything. Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect. (Like multiple idiots using this script)

Consumption of Other Resources
In addition to network bandwidth, intruders may be able to consume other resources that your systems need in order to operate. For example, in many systems, a limited number of data structures are available to hold process information (process identifiers, process table entries, process slots, etc.). An intruder may be able to consume these data structures by writing a simple program or script that does nothing but repeatedly generating queries. Many modern operating systems have quota facilities to protect against this problem, but not all do. Further, even if the process table is not filled, the CPU may be consumed by a large number of processes and the associated time spent switching between processes.

Also, many sites have schemes in place to "lockout" an account after a certain number of failed login attempts. A typical set up locks out an account after 3 or 5 failed login attempts. An intruder may be able to use this scheme to prevent legitimate users from logging in. (Like in this case where the status is not available to other users due to quota restrictions)

Legal Issues:
Many organizations can suffer financial loss as a result of such tacttics and may wish to pursue criminal or civil charges against the intruder. Many goverment organizations such as BCIS are vulnerable to such attacks and hence enlist the help of private soft companies for tracking an intruder.

Idiots like waytoolong do not understand the complexity of an issue but feel threatened if someone makes them aware of it. I have no vested interest in this. Feel free to use this facility at ur own discretion.

-Savant

**gzhang3000** · 29th October 2003, 03:28 PM

BCIS data is useless anyway - so why bother collecting data in the first place ?

The data also does not tell if an application is for family-based immigration or employment-based or refugee etc. So, no valid conclusion can be made.

Yeah if no other excuse, they can label you as "cyber terrorist" trying to "disrupt and expose the BCIS harmony of no work, no progress."

**gzhang3000** · 29th October 2003, 03:44 PM

I would like to add that BCIS can improve
its dumbness marginally better if it asked
for A# after asking for the case number (and/or I-94 number for non-immigrant case) before displaying the results.

Also, the quality of the case-status dsiplayed sucks. It would be good if they can display some more information such as "case assigned to an officer" etc.

**waytoolong** · 29th October 2003, 04:26 PM

Originally posted by savant123456
Waytoolong (my bitch),

Before I keep my ignorant trap shut and mind my own business, I would like to put in my two cents worth:

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include : attempts to "flood" a network, thereby preventing legitimate network traffic

Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three types of attack:

- consumption of scarce, limited, or non-renewable resources
- destruction or alteration of configuration information
- physical destruction or alteration of network components

Lets just talk about the first one,

Consumption of Scarce Resources
Computers and networks need certain things to operate: network bandwidth, memory and disk space, CPU time, data structures etc.

Bandwidth Consumption
An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network. Typically, these packets are ICMP ECHO packets, but in principle they may be anything. Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect. (Like multiple idiots using this script)

Consumption of Other Resources
In addition to network bandwidth, intruders may be able to consume other resources that your systems need in order to operate. For example, in many systems, a limited number of data structures are available to hold process information (process identifiers, process table entries, process slots, etc.). An intruder may be able to consume these data structures by writing a simple program or script that does nothing but repeatedly generating queries. Many modern operating systems have quota facilities to protect against this problem, but not all do. Further, even if the process table is not filled, the CPU may be consumed by a large number of processes and the associated time spent switching between processes.

Also, many sites have schemes in place to "lockout" an account after a certain number of failed login attempts. A typical set up locks out an account after 3 or 5 failed login attempts. An intruder may be able to use this scheme to prevent legitimate users from logging in. (Like in this case where the status is not available to other users due to quota restrictions)

Legal Issues:
Many organizations can suffer financial loss as a result of such tacttics and may wish to pursue criminal or civil charges against the intruder. Many goverment organizations such as BCIS are vulnerable to such attacks and hence enlist the help of private soft companies for tracking an intruder.

Idiots like waytoolong do not understand the complexity of an issue but feel threatened if someone makes them aware of it. I have no vested interest in this. Feel free to use this facility at ur own discretion.

-Savant

You freaking idiot - You cut-and-paste some gobbledegook from the internet and think you can create an impression of authority. Here is the problem - it goes to the intent of the user. Those resources you so eloquently cut-and-pasted are allocated for public use and are paid for by the taxpayers. Running the script to access that website a 1000 times does not create financial difficulty for BCIS.

You jackass - your one-size-fits-all argument does not even realize BCIS is the government, the ultimate owners are the people accessing the systems. That is different from running the script on amazon.com, Kapitsch, moron ?

**waytoolong** · 29th October 2003, 04:31 PM

By the way - since you are just a rocket scientist, make sure you don't use I-95 for more than 5 times a day. More then that is illegal

Get it, genius ?

**ind15** · 29th October 2003, 06:31 PM

savant123456,

It's not possible for the script to cause a DoS.
The bandwidth consumtion & CPU cycles that the script might result in are hardly significant.

ICMPs will not cause a DoS, anywhich way you try to cause it.
open a continous ping to the target machine & come back after a week, every thing will be still fine.

To cause a DoS, you need more sinister things like stealth SYN & FINS.

Technical reasons apart, I dont see any differnence between running this script & ftp'ing images from NASA

Even if what you say is somehow right, waytoolong can legitimately explain that his machine was hacked & that the script was run by someone else.

lets not spread conspiracy theories.

**savant123456** · 29th October 2003, 09:19 PM

waytoolong,

An idiot will remain an idiot, you are the proof and your arguments are the evidence. If you recall certain people mentioned that the website was rendered useless for a while after the scripts were run. This was primarily due to the exceeding of valid sessions in the BCIS web site. In my opinion such a use of a resource, which goes beyond the normal usage and results in blocking access to a resource to others is illegal.

Hey by the way your analogy about I-95 was pretty darn stupid. It's not illegal to travel I-95 5 times a day, but in case you are planning to take a procession thru that highway they will put ur *** up in some local county jail. Leper brains like you can argue that taking a procession is your right since the highway is a public property for public use but then you idiot you don't realize that it is for PUBLIC use not just urs ... kapish ?

-Savant

**GC_GoneCase** · 29th October 2003, 11:00 PM

Hi Savant and Waytoolong...
Your net counter attacks on each other have grown waytoolong...Please don't mind..you are senior members on this forum..and exchange of mails full of abuse really create bad taste...I am not giving an opinion who is right or wrong..but in these hardships and painful waiting for the GC...we need to stand together...Not that it would help to get GC faster..but atleast it makes the wait less painful...
So Smile again...Say Cheese...