Re: Zayo Extortion
Guys, Actually, thank you for the responses. I was hoping you wouldn’t take my attempt at friendly and humorous conversation the wrong way. I appreciate the education on the topic, as well. :) However, I’d like to ask a few questions on it, if you don’t mind? (Also - you’re right, it’s not the freedom of speech act I’m thinking, wasn’t it some form of ‘decency act’ ? I digress, though…) For something to actually be considered libel, isn’t it required that the statement be untrue, damaging in a way that must be proven and actually knowingly false? Proving damages would be hard… But putting that aside, proving what he is saying is not true (unless it’s just 100% false and they have recorded evidence of it) might be even harder if they don’t have proper records of past due balances, or properly recorded communications (i.e. email). And where is the line drawn with regards to him/her knowingly making statements that are not true? And wouldn’t it still alsol require a general purpose public figure, or a limited purpose public figure, to prove malice in the instance? I don’t think the company would qualify as a general or limited purpose public figure. That would pretty much apply to actors, performer and/or social activist types - or politicians. Not a service provider… If he perceives it to be extortion, then it would be difficult to say that him claiming extortion is libel. The definition of extortion is the general practice of obtaining something, especially money, through the use of force or threats. In this case, the company is using the threat of disconnection as the force, and they are indeed attempting to collect money. So, if we take it from a literal definitive view of ‘extortion,’ the word, by definition, fits the scenario. It doesn’t imply wrong doing, really, and could be applicable to any and every service provider in existence today - even the pharmaceutical companies with regards to withholding medication that can save lives unless absurd amounts of money is paid. I’d say the entire world could be classified as extortionists if we go by the actual definition. J > On 17 Aug 2016, at 15:01, valdis.kletni...@vt.edu wrote: > > On Wed, 17 Aug 2016 01:11:09 +0200, Jonathan Hall said: >> And either way, defamation requires some form of punitive damage be proven in >> order to act ually win that case. > > In addition to the other things already pointed out, punitive damage doesn't > need to be proven. > > *Actual* damages have to be proven. Punitive damages are damages added > as punishment, to make sure the responsible party learned their lesson. > > So fir instance, if a corporation's negligence results in a worker's death, > his family may be awarded $5M in actual damages for the loss of their loved > one - and then another $20 million in punitive damages, to make the > corporation > (and possibly the industry segment as a whole) take notice that sort of > negligent behavior will not be tolerated >
Re: Zayo Extortion
Excuse me for chiming in, here… But, if I’m not mistaken (don’t worry, I’m not) - this doesn’t count as ‘slander’ in any way, shape or form. This mail thread is not any kind of valid FCC controlled or public communications device, as the internet was actually excluded from the public communications device list under the Freedom of Speech Act in… Was it, 1996? Which means, ‘slander’ can’t be called in this case. You could argue that it can, but you’d lose in court in the long run. If you’re aiming for the defamation card? That’s a very difficult one to prove. I’d counter the argument in a court room by asking the judge to prove the plaintiff is NOT an extortionist scum bag. It certainly works both ways. And either way, defamation requires some form of punitive damage be proven in order to actually win that case. Are you saying that the company he is referencing has some way to claim and directly correlate a loss of income or potential loss of income, either present and/or future, due to the comment made on a mail group? I’d love to see that quantification on paper... None the less, regardless of what one accuses or says on the internet, the usage of the word ‘extortion’ is quite open for interpretation with regards to context, and making such a statement does not qualify for slander nor defamation. He could feel he’s being extorted, in which case exasperating his opinion publicly is no less legal than me telling you that I don’t really think you’re a good lawyer. Good luck trying to play that card in a courtroom. Short and simple: One could threaten to sue over it, and one could even try. Personally, I’d turn that court room in to a circus act if someone tried. I’d most likely get fined in contempt a few times, but at least even the judge will go home laughing. :) J > On 16 Aug 2016, at 16:45, Anne Mitchellwrote: > > >>> to say "our accounting system does not track invoice details -- it only >>> shows the total amount due so your numbers mean nothing to us." >>> All the while they relentlessly levied disconnect threats with short >>> timelines such as: "if you don't pay us $128,000 by this Friday, >>> we will shut your operation down." >> [...] >>> At one point their lawyers and accounting people had the nerve to say "our >>> accounting system does not track invoice details >> >> Are you talking with your SP's lawyers without your a legal team of >> your own present and advising you? >> I think one of the first things they should tell you is not to discuss >> pending disputes in public. Time to get >> a consultation with your own Lawyers to assist with billing dispute >> resolution, ASAP. > > Not to mention that accusing someone of a crime (extortion), in public (in > this context I would argue that this is public, especially as the term > 'community' was used in the allegation) is a pretty serious thing. > > Anne P. Mitchell, > Attorney at Law > Legislative Consultant > CEO/President, > SuretyMail Email Reputation Certification and Inbox Delivery Assistance > http://www.SuretyMail.com/ > http://www.SuretyMail.eu/ > > Available for consultations by special arrangement. > > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Member, California Bar Cyberspace Law Committee > Member, Colorado Cybersecurity Consortium > Member, Asilomar Microcomputer Workshop Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop > amitch...@isipp.com | @AnnePMitchell > Facebook/AnnePMitchell | LinkedIn/in/annemitchell > >
Fwd: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
Stupid me forgot to CC the NANOG list. Begin forwarded message: From: Jonathan Hall <jh...@futuresouth.us<mailto:jh...@futuresouth.us>> Date: 13 December 2015 at 11:13:31 GMT+1 To: Jay Ashworth <j...@baylink.com<mailto:j...@baylink.com>> Subject: Re: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app DDoS attacks launched from massive botnets are not unusual, and mobile phones being used as participants of said botnets has been a well known thing since android came to market. People seem to have forgotten about AgoBot/PhatBot/GaoBot. Once upon a time, it was dubbed “The Swiss Army Knife of The Internet,” being fully cross-platform. It compiled on Linux, BSD and Windows with no problem, and as such, had spreading capabilities to infect cross-platform just the same. It was purely P2P at core, but also supported IRC. The P2P portion was for the developers. Anyone who had botnets generally only used and knew of the the IRC control point, and the code was watermarked originally to prevent any random Joe Blow from compiling. The botnets of those who had the code from Ago, Phatty and Wonk (the originators of the first release) were able to be controlled by a select group of friends of the developers. This put more than 4 million bots at the disposal of that group. Examining the synflood code that was contained within would show that the spoofing had multiple options, one of which was 100% completely random spoofed address per a packet. My personal favourite is the 0.0.0.0 source spoof, which spoofs from various random hosts in 0.0.0.0/8 . Good luck filtering those out with ACL’s and mitigation techniques… I’m not certain that would work today, but it most certainly did in 2004. Concepts like this do not die off and just fade away into /dev/null land. People simply get smarter and quieter about it. Ago/Phatty/Wonk got hit in Operation Cyber Slam in 2004 and the bulk of it all was kept very quiet. Coincidentally, Ago’s young brother, Nills, was the developer of msblaster, too. But, alas, I digress... Considering all of that, why would anyone be shocked to find massive attacks being launched from what is technically the easiest point of infection: phones? In this case, all that’s done is an app gets put up and the users download it. And with thinks such as android roots and iPhone jailbreaks being common knowledge and point-and-click easy to do? More and more people are unlocking their devices just for the sake of saying, “My phone is rooted.” And as phones become more and more powerful, as well as bandwidth climbing to record highs on mobile platforms, you can only be assured that this sort of attack vector will continue to increase in popularity. I do think that jumping up and saying, “ISIS is taking over US phones!” is a bit of a wild leap. But at the same time, why would anyone think they aren’t already using this method to fund themselves? Botnets = money, period. Do you have any idea how much money people pay for usage of botnets to launch attacks? Just pure chance says there are members of ISIL as well as present and potentially future supporters of ISIL that have botnets. After all, twelve year old kids with Guy Fawkes masks in their mothers basements have botnets these days… On 12 Dec 2015, at 07:18, Jay Ashworth <j...@baylink.com<mailto:j...@baylink.com>> wrote: Is McAfee just talking to dry his teeth here? This isn't actually practical, is it? Carriers would notice, right? http://www.ibtimes.co.uk/john-mcafee-massive-ddos-attack-internet-was-smartphone-botnet-popular-app-1532993 -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Shellshock vulnerability research leads to WHAT?!
While a little off-topic for the NANOG list, I figured some of you may want to know about this. I started researching and testing this vulnerability the day it was released, and once I started researching its usage/exploitation in the wild, I identified that a few major sites were actually compromised using the vulnerability - Yahoo! being one in particular. Tripod/Lycos and WinZip.com were also compromised. Yahoo! reached out and gave me a response, albeit a very weak one, only after the FBI, media and CEO Marissa Mayers was contacted... WinZip patched their boxes and didn't bother responding or notifying me that they got it done. Please do excuse the scattered nature of the email sent to Marissa Mayers @ Yahoo! - there were other correspondences that are currently being kept private, and at the time that I wrote that one, I had been awake for roughly 48 hours and was fueled on caffeine and nicotine. The chances are highly likely that Yahoo! is going to do their best at keeping this quiet and not release any information or details on this, and I figured that some of at are undoubtedly just as at risk from this as anyone else. Please see the rest of everything related to this at http://www.futuresouth.us/yahoo_hacked.html And http://www.futuresouth.us/yahoo_response.jpg for their initial response. Non-authoritative answer: Name: dip4.gq1.yahoo.com Address: 63.250.204.25 Non-authoritative answer: Name: api118.sports.gq1.yahoo.com Address: 10.212.240.43 These are the two servers that were 100% positively identified thus far as being compromised by both me and Yahoo!, with dip4.gq1.yahoo.com being the initial point of entry via Shellshock. Jonathan D. Hall Future South Technologies www.futuresouth.us (504) 470-3748 - [main] (504) 232-3306 - [cell] Life is a dream for the wise, a game for the fool, a comedy for the rich and a tragedy for the poor.
Re: looking for a tool...
Have you considered wireshark or Ettercap? I¹m not entirely certain they¹ll monitor the throughput, but I know they can open PCAP'sŠ Jon On 2/3/14, 11:34 PM, Mike mike-na...@tiedyenetworks.com wrote: Hello, I was wondering if anyone could point me in the direction of a tool capable of sniffing (or reading pcap files), and reporting on lan station thruput in terms of bits per second. Ideally I'd like to be able to generate a sorted report of the top users and top thruputs observed and so forth. The traffic is pppoe and I need to monitor it at a specific switchport where I can arrange span. Thank you.