[163132] in North American Network Operators' Group
Re: What hath god wrought?
daemon@ATHENA.MIT.EDU (Jay Farrell)
Tue May 21 00:56:50 2013
In-Reply-To: <73b6702f-2233-49f7-ad9b-8c5ddeee5adf@email.android.com>
From: Jay Farrell <jayfar@jayfar.com>
Date: Tue, 21 May 2013 00:56:14 -0400
To: Charles Wyble <charles-lists@knownelement.com>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Are you certain it was a DoS attempt? They may have just been running
a surveillance software package such as URLy warning, which GETs the
pages of a site repeatedly and diffs them to watch for updates. In the
case of an (non-)organization like Occupy I can't imagine law
enforcement would neglect to do this. I've been on the receiving end
of this sort of thing myself (long story).
--=20
Jayfar
On Tue, May 21, 2013 at 12:07 AM, Charles Wyble
<charles-lists@knownelement.com> wrote:
> Sorry. The occupy site was on a shared hosting plan at the company I work=
ed for.
>
> Source determined via Whois output for the attacking ip found via our ana=
lysis. It was a rather crude dos attack (repeated get requests). At first w=
e figured they were just mirroring the site for offline analysis or somethi=
ng, but it soon became evident they were just hammering the site.
>
> Yes we could of sued. However the inevitable stonewalling, endless resour=
ces of the feds etc would of made for a long and exhaustive legal battle.
>
> This was at the height of the occupy activities. Far worse offenses were =
being committed by federal, state and local govts during that period than a=
dos attack by DHS.
>
>
> "Jason L. Sparks" <jlsparks@gmail.com> wrote:
>
>>"No attempt to hide the source IP"
>>"I mean, they were using a shared hosting plan"
>>
>>What makes you certain it was DHS?
>>
>>Genuinely curious, because this is a hell of a claim.
>>--
>>Jason
>>
>>
>>On Mon, May 20, 2013 at 3:29 PM, Mike Hale
>><eyeronic.design@gmail.com>wrote:
>>
>>> Would it be futile though? I mean...DHS running a DOS against an
>>> American organization is the kind of stuff that makes Constitutional
>>> lawyers salivate.
>>>
>>> I'm not trying to call you out, btw. I'm genuinely curious why the
>>> hosting company itself didn't file suit. You've got a US Government
>>> agency abusing your resources and acting in a blatantly illegal
>>> manner. That's the kind of stuff that results in letters of
>>> resignation when publicized.
>>>
>>> On Mon, May 20, 2013 at 12:13 PM, Charles Wyble
>>> <charles-lists@knownelement.com> wrote:
>>> > Yes. I'm aware of that. It would be futile in most cases, which is
>>a
>>> huge problem in and of itself, as that's really the only recourse.
>>> >
>>> > I mean they were using a shared hosting plan. Not exactly deep
>>pocketed.
>>> >
>>> > My point is that the abuse of power is blatant and they are
>>unafraid of
>>> any kind of retaliation. They don't need to hide.
>>> >
>>> > Mike Hale <eyeronic.design@gmail.com> wrote:
>>> >
>>> >>"Sue them?"
>>> >>Uhm...yes? That's why we have courts that we can sue federal
>>agencies
>>> >>in.
>>> >>
>>> >>On Mon, May 20, 2013 at 11:58 AM, Charles Wyble
>>> >><charles-lists@knownelement.com> wrote:
>>> >>> No proxy needed. No need to hide.
>>> >>>
>>> >>> While working for a very large hosting company, I once observed
>>DHS
>>> >>hammering an occupy related website. No attempt to hide the source
>>ip
>>> >>or anything.
>>> >>>
>>> >>> What are you going to do? Sue them? If they wish to take a site
>>> >>offline, they will ddos it or simply seize the domain under the
>>> >>national security banner.
>>> >>>
>>> >>>
>>> >>>
>>> >>> "<<"tei''>>>" <oscar.vives@gmail.com> wrote:
>>> >>>
>>> >>>>On 20 May 2013 01:58, Michael Painter <tvhawaii@shaka.com> wrote:
>>> >>>>>
>>> >>>>
>>>
>>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-=
blessing-of-fbi-operator-says/
>>> >>>>>
>>> >>>>
>>> >>>>More on the same topic.
>>> >>>>
>>>
>>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-b=
ackdoor/#more-19475
>>> >>>>
>>> >>>>Maybe the FBI use this to commit crimes in USA using a foreign
>>> >>company
>>> >>>>as proxy so nothing dirty show on the books. That way the FBI can
>>> >>>>avoid respecting USA laws.
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>--
>>> >>>>--
>>> >>>>=E2=84=B1in del =E2=84=B3ensaje.
>>> >>>
>>> >>> --
>>> >>> Charles Wyble
>>> >>> charles@knownelement.com / 818 280 7059
>>> >>> CTO Free Network Foundation (www.thefnf.org)
>>> >>
>>> >>
>>> >>
>>> >>--
>>> >>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>> >
>>> > --
>>> > Charles Wyble
>>> > charles@knownelement.com / 818 280 7059
>>> > CTO Free Network Foundation (www.thefnf.org)
>>>
>>>
>>>
>>> --
>>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>>
>>>
>
> --
> Charles Wyble
> charles@knownelement.com / 818 280 7059
> CTO Free Network Foundation (www.thefnf.org)
