What hath god wrought?

Jay Farrell jayfar at jayfar.com
Tue May 21 04:56:14 UTC 2013


Are you certain it was a DoS attempt? They may have just been running
a surveillance software package such as URLy warning, which GETs the
pages of a site repeatedly and diffs them to watch for updates. In the
case of an (non-)organization like Occupy I can't imagine law
enforcement would neglect to do this. I've been on the receiving end
of this sort of thing myself (long story).

-- 
Jayfar


On Tue, May 21, 2013 at 12:07 AM, Charles Wyble
<charles-lists at knownelement.com> wrote:
> Sorry. The occupy site was on a shared hosting plan at the company I worked for.
>
> Source determined via Whois output for the attacking ip found via our analysis. It was a rather crude dos attack (repeated get requests). At first we figured they were just mirroring the site for offline analysis or something, but it soon became evident they were just hammering the site.
>
> Yes we could of sued. However the inevitable stonewalling, endless resources of the feds etc would of made for a long and exhaustive legal battle.
>
> This was at the height of the occupy activities. Far worse offenses were being committed by federal, state and local govts during that period than a dos attack by DHS.
>
>
> "Jason L. Sparks" <jlsparks at gmail.com> wrote:
>
>>"No attempt to hide the source IP"
>>"I mean, they were using a shared hosting plan"
>>
>>What makes you certain it was DHS?
>>
>>Genuinely curious, because this is a hell of a claim.
>>--
>>Jason
>>
>>
>>On Mon, May 20, 2013 at 3:29 PM, Mike Hale
>><eyeronic.design at gmail.com>wrote:
>>
>>> Would it be futile though?  I mean...DHS running a DOS against an
>>> American organization is the kind of stuff that makes Constitutional
>>> lawyers salivate.
>>>
>>> I'm not trying to call you out, btw.  I'm genuinely curious why the
>>> hosting company itself didn't file suit.  You've got a US Government
>>> agency abusing your resources and acting in a blatantly illegal
>>> manner.  That's the kind of stuff that results in letters of
>>> resignation when publicized.
>>>
>>> On Mon, May 20, 2013 at 12:13 PM, Charles Wyble
>>> <charles-lists at knownelement.com> wrote:
>>> > Yes. I'm aware of that. It would be futile in most cases, which is
>>a
>>> huge problem in and of itself, as that's really the only recourse.
>>> >
>>> > I mean they were using a shared hosting plan. Not exactly deep
>>pocketed.
>>> >
>>> > My point is that the abuse of power is blatant and they are
>>unafraid of
>>> any kind of retaliation. They don't need to hide.
>>> >
>>> > Mike Hale <eyeronic.design at gmail.com> wrote:
>>> >
>>> >>"Sue them?"
>>> >>Uhm...yes?  That's why we have courts that we can sue federal
>>agencies
>>> >>in.
>>> >>
>>> >>On Mon, May 20, 2013 at 11:58 AM, Charles Wyble
>>> >><charles-lists at knownelement.com> wrote:
>>> >>> No proxy needed. No need to hide.
>>> >>>
>>> >>> While working for a very large hosting company, I once observed
>>DHS
>>> >>hammering an occupy related website. No attempt to hide the source
>>ip
>>> >>or anything.
>>> >>>
>>> >>> What are you going to do? Sue them? If they wish to take a site
>>> >>offline, they will ddos it or simply seize the domain under the
>>> >>national security banner.
>>> >>>
>>> >>>
>>> >>>
>>> >>> "<<"tei''>>>" <oscar.vives at gmail.com> wrote:
>>> >>>
>>> >>>>On 20 May 2013 01:58, Michael Painter <tvhawaii at shaka.com> wrote:
>>> >>>>>
>>> >>>>
>>>
>>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
>>> >>>>>
>>> >>>>
>>> >>>>More on the same topic.
>>> >>>>
>>>
>>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
>>> >>>>
>>> >>>>Maybe the FBI use this to commit crimes in USA using a foreign
>>> >>company
>>> >>>>as proxy so nothing dirty show on the books. That way the FBI can
>>> >>>>avoid respecting USA laws.
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>>--
>>> >>>>--
>>> >>>>ℱin del ℳensaje.
>>> >>>
>>> >>> --
>>> >>> Charles Wyble
>>> >>> charles at knownelement.com / 818 280 7059
>>> >>> CTO Free Network Foundation (www.thefnf.org)
>>> >>
>>> >>
>>> >>
>>> >>--
>>> >>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>> >
>>> > --
>>> > Charles Wyble
>>> > charles at knownelement.com / 818 280 7059
>>> > CTO Free Network Foundation (www.thefnf.org)
>>>
>>>
>>>
>>> --
>>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>>
>>>
>
> --
> Charles Wyble
> charles at knownelement.com / 818 280 7059
> CTO Free Network Foundation (www.thefnf.org)



More information about the NANOG mailing list