Re: Cloud proof of failure - was:: wikileaks unreachable
On 12/6/2010 9:29 AM, Nathan Eisenberg wrote: How is it more or less unattractive than having one's own servers in one's own office? Lieberman and Co would simply have leaned on Mom's Best BGP (r) and Pop's Fastest Packets (r) instead of on Amazon, and the result would have been the same. That is a possibility, though it also depends on the business mentality and AUP. The problem is, it didn't necessarily require any *leaning* and the AUP may have been enforced anyways. That's the catch with this here series of tubes - you don't control all of the tubes, even if you're Amazon, or Giant National ISP Co, or Massive National Fiber Plant Co. The server infrastructure is the least interesting part of what happened to WikiLeaks. Anytime you are dealing with something highly controversial, you open yourself up for technical and social attack. Your business dependencies may be inclined to disassociate themselves with you on any grounds possible; not that they disagree with you, but perhaps they don't want to be that closely associated. It does not require any leaning, notification, or even noticeable service effect for me to decide to shutdown a site/location which is controversial in nature and causing a DOS. If I sold a 'bulletproof' service, I'd have a different through process, but that's because I'd be selling such a service. I don't sell 'bulletproof', and so I'm quickly inclined to request/takedown anything which causes technical/social issues for the network per the AUP. What the Senators did was wrong, but what Amazon did may have not been due to the pressure, but strictly based on "oh, we didn't notice that, and it's violating our AUP." I'm not saying it's the case, but it does happen. I've had to have others tell me of AUP violations from time to time. Jack
RE: Cloud proof of failure - was:: wikileaks unreachable
> In a cloud hosting environment, you typically don't know where your > data and servers are, and thus you don't know what legal and political > pressures they may be subject to. If that means that in practice you > are subject to the combination of any pressure that can be applied to > any one of the hosting centers maintained by your hosting provider, > then "the cloud" indeed would seem pretty unattractive to anyone with > politically or socially controversial content. How is it more or less unattractive than having one's own servers in one's own office? Lieberman and Co would simply have leaned on Mom's Best BGP (r) and Pop's Fastest Packets (r) instead of on Amazon, and the result would have been the same. That's the catch with this here series of tubes - you don't control all of the tubes, even if you're Amazon, or Giant National ISP Co, or Massive National Fiber Plant Co. The server infrastructure is the least interesting part of what happened to WikiLeaks. Nathan
Re: Cloud proof of failure - was:: wikileaks unreachable
On Dec 6, 2010, at 4:49 AM, Nathan Eisenberg wrote: >> The cloud is a failure. Too easy to get it down. >> I guess wikileaks returning to dedicated hosting proofs that. > > No, it just proves that organizational decisions are made by human beings > that have values. Whether or not those values are 'right' isn't the point - > the point is that the technology isn't what failed here. > > There are plenty of dedicated server hosts that would have shut off wikileaks > under political pressure - and there are plenty of 'cloud' hosts who would > have kept them up. I don't think we can draw any pass/fail conclusions WRT > cloud computing (defined here as virtualization-as-a-service) from the > removal of Wikileaks from S3. I do, but not because of Amazon specifically. (As far as I know, Amazon's decision depended not at all on where its servers were located or that they were decentralized.) In a cloud hosting environment, you typically don't know where your data and servers are, and thus you don't know what legal and political pressures they may be subject to. If that means that in practice you are subject to the combination of any pressure that can be applied to any one of the hosting centers maintained by your hosting provider, then "the cloud" indeed would seem pretty unattractive to anyone with politically or socially controversial content. Regards Marshall > > Nathan > > >
Re: Cloud proof of failure - was:: wikileaks unreachable
[peter's theory] > > The cloud is a failure. Too easy to get it down. > > I guess wikileaks returning to dedicated hosting proofs that. > No, it just proves that organizational decisions are made by human beings t= > hat have values. Whether or not those values are 'right' isn't the point -= > the point is that the technology isn't what failed here. > > There are plenty of dedicated server hosts that would have shut off wikilea= > ks under political pressure - and there are plenty of 'cloud' hosts who wou= > ld have kept them up. I don't think we can draw any pass/fail conclusions = > WRT cloud computing (defined here as virtualization-as-a-service) from the = > removal of Wikileaks from S3. The question would appear to be whether attacks outside the technical space should be considered a failure. It should be obvious that if I can attack your site with a blast of IP traffic and deny others access to it, that's an effective takedown. I believe that someone DDoS'ed EveryDNS hosting of Wikileaks DNS. On the other hand, EveryDNS appears to have *chosen* to stop supplying service to Wikileaks, so this was not a purely technological takedown. The neat thing about cloud computing is that it is, to borrow Amazon's term, "elastic." I'm not sure we've seen scalable computing that can be scaled rapidly in this manner for largely arbitrary purposes in the past, and a cloud the size of Amazon's is probably able to cope with a DDoS of virtually any size, assuming a willingness to throw sufficient resources at it. >From that perspective, I cannot see cloud computing as a failure, but instead a massive success. However, I can see outsourcing as a potential failure. When you allow a third party (Amazon, EveryDNS, whoever) to become involved in your operation, you are essentially allowing them a veto over your continued technical operations. This makes the outsourcing provider an attractive target for interference of the legal/political type. How tolerant would your webhosting provider be of continuous DMCA complaints being submitted about your web site, for example, even if they were without merit? >From that point of view, cloud computing may be inherently a bit more vulnerable, because clouds tend to be resources being rented to third parties. With dedicated servers and/or your own IP space/servers, you have increasing amounts of control over the response to certain threats outside the technical realm. A risk analysis of these factors is, therefore, suggested when deploying services. On average, the benefits of being able to rapidly provision and scale resources in the cloud probably vastly outweighs the risks to the average operation of political/legal pressures on the cloud hosting provider; that computation necessarily changes for something like Wikileaks. Of course, if one views the Internet itself as a sort of meta-cloud, it should be obvious that meta-cloud computing is proving to be very resilient. But that brings us to a Tron-like mentality about the whole Internet... how apropos. :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Cloud proof of failure - was:: wikileaks unreachable
On Mon, Dec 6, 2010 at 3:08 PM, Peter Dambier wrote: > The cloud is a failure. Too easy to get it down. > I guess wikileaks returning to dedicated hosting proofs that. I haven't used this sign in nearly a decade. And certainly not on nanog. Anyway .. I'll end this thread now. And folks .. .:\:/:. +---+ .:\:\:/:/:. | PLEASE DO NOT |:.:\:\:/:/:.: | FEED THE TROLLS | :=.' - - '.=: | | '=(\ 9 9 /)=' | Thank you, | ( (_) ) | Management | /`-vvv-'\ +---+ / \ | |@@@ / /|,|\ \ | |@@@ /_// /^\ \\_\ @x@@x@| | |/ WW( ( ) )WW \/| |\| __\,,\ /,,/__ \||/ | | | jgs (__Y__) /\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Cloud proof of failure - was:: wikileaks unreachable
On Monday 06 December 2010 09:47:43 Jay Mitchell wrote: > > "The Cloud" went down? I think not. It did for at least one customer. > Having ones account terminated as opposed to an outage caused by DDoS are > two very different things. Although not for all DNS providers. There are operational lessons here. But do they boil down to technical issues may not be the limiting factor on your uptime. As commented already by someone, perhaps time to review plans for responses to non-technical threats to availability.
RE: Cloud proof of failure - was:: wikileaks unreachable
> The cloud is a failure. Too easy to get it down. > I guess wikileaks returning to dedicated hosting proofs that. No, it just proves that organizational decisions are made by human beings that have values. Whether or not those values are 'right' isn't the point - the point is that the technology isn't what failed here. There are plenty of dedicated server hosts that would have shut off wikileaks under political pressure - and there are plenty of 'cloud' hosts who would have kept them up. I don't think we can draw any pass/fail conclusions WRT cloud computing (defined here as virtualization-as-a-service) from the removal of Wikileaks from S3. Nathan
RE: Cloud proof of failure - was:: wikileaks unreachable
"The Cloud" went down? I think not. Having ones account terminated as opposed to an outage caused by DDoS are two very different things. I'm certainly not an advocate of public cloud computing (I love it inside my own private network though :) ), but in this case asserting that the cloud is a failure is just plain wrong. --jm -Original Message- From: Peter Dambier [mailto:pe...@peter-dambier.de] Sent: Monday, 6 December 2010 8:38 PM To: nanog@nanog.org Subject: Cloud proof of failure - was:: wikileaks unreachable Hi, there has been a lot of ethics and religio, ... but what is really important for operation: The cloud is a failure. Too easy to get it down. I guess wikileaks returning to dedicated hosting proofs that. Next time the board wants to convince me of cloud computing, I'll propose a botnet is cheaper and more reliable. Besides - outsourcing the directors might be a good idea. GM proofs that :) Cheers Peter -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Cloud proof of failure - was:: wikileaks unreachable
Hi, there has been a lot of ethics and religio, ... but what is really important for operation: The cloud is a failure. Too easy to get it down. I guess wikileaks returning to dedicated hosting proofs that. Next time the board wants to convince me of cloud computing, I'll propose a botnet is cheaper and more reliable. Besides - outsourcing the directors might be a good idea. GM proofs that :) Cheers Peter -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Re: wikileaks unreachable
On 12/3/10 1:05 PM, Christopher Morrow wrote: On Fri, Dec 3, 2010 at 1:01 PM, Eric Brunner-Williams wrote: there exists a free speech application for fast flux hosting networks, and its in connecticut, not china. (during the icann gnso pdp on fast flux hosting the above assertion was generally dismissed) 'fast flux hosting' == akamai, no? of course that use case was considered. it was offered as the rational for default (unconditional) rapid update, though it does fall into the stupid-dns-tricks bucket. -e
Re: wikileaks unreachable
On Fri, Dec 3, 2010 at 1:01 PM, Eric Brunner-Williams wrote: > there exists a free speech application for fast flux hosting networks, and > its in connecticut, not china. > > (during the icann gnso pdp on fast flux hosting the above assertion was > generally dismissed) 'fast flux hosting' == akamai, no? -chris
Re: wikileaks unreachable
there exists a free speech application for fast flux hosting networks, and its in connecticut, not china. (during the icann gnso pdp on fast flux hosting the above assertion was generally dismissed) -e On 12/3/10 12:41 PM, Zaid Ali wrote: I see a new T-Shirt "Free speech has an IP address" Zaid On 12/3/10 8:38 AM, "// ravi" wrote: On Dec 3, 2010, at 1:19 AM, Jorge Amodio wrote: and this is based on what facts? Instead of tweeting about how to reach their content, or their IP addresses to bypass DNS [snip happens] http://twitter.com/#!/wikileaks/status/10621245489938433 7 hours ago (Randy, I plan/hope to requote your earlier message ‹ non-commercial use ‹ with attribution) ‹ravi
Re: wikileaks unreachable
> I see a new T-Shirt "Free speech has an IP address" on the front, and on the back "DDOS me Senator if you can" -J
Re: wikileaks unreachable
I see a new T-Shirt "Free speech has an IP address" Zaid On 12/3/10 8:38 AM, "// ravi" wrote: > On Dec 3, 2010, at 1:19 AM, Jorge Amodio wrote: >>> and this is based on what facts? >> >> Instead of tweeting about how to reach their content, or their IP >> addresses to bypass DNS [snip happens] > > > http://twitter.com/#!/wikileaks/status/10621245489938433 > 7 hours ago > > (Randy, I plan/hope to requote your earlier message non-commercial use > with attribution) > > ravi >
Re: wikileaks unreachable
On Dec 3, 2010, at 1:19 AM, Jorge Amodio wrote: >> and this is based on what facts? > > Instead of tweeting about how to reach their content, or their IP > addresses to bypass DNS [snip happens] http://twitter.com/#!/wikileaks/status/10621245489938433 7 hours ago (Randy, I plan/hope to requote your earlier message — non-commercial use — with attribution) —ravi
Re: wikileaks unreachable
> 'they' is a multicast address ... dyn/everydns or wikileaks? which is > the 'they' that is doing the twittering? wikileaks. seems that they (wikileaks) got the message, following tweets included their IP address and the new .ch domain. The current IP address for the cablegate stuff is 213.251.145.96 which is RIPE block assigned to wikileaks, the RIPE WHOIS entry shows 213.251.128.0/18 with AS16276 as originwhois AS16276 (OVH in Paris France), mtr from here (SATX) seems to go through Dallas and enter Global Crossing network or hosting services, currently <2% packet loss. Server seems to be configured to return IP address based URLs. -J
Re: wikileaks unreachable
On Fri, Dec 3, 2010 at 1:19 AM, Jorge Amodio wrote: >> and this is based on what facts? > > Instead of tweeting about how to reach their content, or their IP 'they' is a multicast address ... dyn/everydns or wikileaks? which is the 'they' that is doing the twittering?
Re: wikileaks unreachable
On Wed, Dec 01, 2010 at 04:27:10PM -0500, Marshall Eubanks wrote: > Wikileaks has been booted off Amazon EC2 > > http://arstechnica.com/security/news/2010/12/wikileaks-kicked-out-of-amazons-cloud.ars > > "Senator Joe Lieberman (I-CT), chairman of the Homeland Security and > Governmental Affairs Committee, was among the congressmen who pressured > Amazon to stop hosting Wikileaks... Typo there: that's Joe McCarthy. ---rsk
Re: wikileaks unreachable
On Dec 3, 2010, at 1:11 AM, Jorge Amodio wrote: >> So, is this the end of the wikileaks? :) > > Hardly, IMHO it is a gambit to ask for money. > > Craig, don't you guys at Arbor have the IP addresses that were > tracking for the DDOS attacks ? > http://46.59.1.2 seems to work. Regards Marshall > -J > >
Re: wikileaks unreachable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Dec 2, 2010 at 10:36 PM, Jorge Amodio wrote: >> But Jorge has a point. If they wanted to help users get past their DNS >> problems, they could tweet for assistance, tweet their IP addy and ask >> to be re-tweeted, ask owners of authorities to set up wikileaks.$FOO.com >> to 'crowd source' their name, etc. > > I'll just point to an article I found very interesting about this matter: > http://www.techdirt.com/articles/20101202/02243512089/how-response-to-wik > ileaks-is-exactly-what-assange-wants.shtml > > Aren't we being part of some kind of action-reaction game to produce > systematic changes as side effects ? Yes. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM+JCrq1pz9mNUZTMRAje8AKCSOUdPNKMKhomYOavcAQWeLU9gLwCfTc7W fvFnKA/JRZAOXZ9VMO2zM+k= =3+y3 -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: wikileaks unreachable
> But Jorge has a point. If they wanted to help users get past their DNS > problems, they could tweet for assistance, tweet their IP addy and ask to be > re-tweeted, ask owners of authorities to set up wikileaks.$FOO.com to 'crowd > source' their name, etc. I'll just point to an article I found very interesting about this matter: http://www.techdirt.com/articles/20101202/02243512089/how-response-to-wikileaks-is-exactly-what-assange-wants.shtml Aren't we being part of some kind of action-reaction game to produce systematic changes as side effects ? -J
Re: wikileaks unreachable
On Dec 3, 2010, at 1:20 AM, Randy Bush wrote: >>> and this is based on what facts? >> Instead of tweeting about how to reach their content, or their IP >> addresses to bypass DNS, they are sending repetedly via twitter the >> following URL http://collateralmurder.com/en/support.html > > coincidence != causality Neither does correlation. :) But Jorge has a point. If they wanted to help users get past their DNS problems, they could tweet for assistance, tweet their IP addy and ask to be re-tweeted, ask owners of authorities to set up wikileaks.$FOO.com to 'crowd source' their name, etc. So at the very least, they are guilty of not being imaginative. BTW: I personally doubt they are doing this for money. But I don't have any proof of that either. -- TTFN, patrick
Re: wikileaks unreachable
>> and this is based on what facts? > Instead of tweeting about how to reach their content, or their IP > addresses to bypass DNS, they are sending repetedly via twitter the > following URL http://collateralmurder.com/en/support.html coincidence != causality
Re: wikileaks unreachable
> and this is based on what facts? Instead of tweeting about how to reach their content, or their IP addresses to bypass DNS, they are sending repetedly via twitter the following URL http://collateralmurder.com/en/support.html -J
Re: wikileaks unreachable
> IMHO it is a gambit to ask for money. and this is based on what facts? when this kind of stuff goes down, we need to pay a bit of attention to actual authenticable fact and not indulge in too much conjecturbation. randy
Re: wikileaks unreachable
> Message from twitter @wikileaks: > WikiLeaks,org domain killed by US everydns.net after claimed mass > attacks. as someone who has done a lot of tunneling, uucping, funny routing relays, ... for democratic movements in lots of countries, i am not pleased at seeing the need arise in the so-called democratic states. randy
Re: wikileaks unreachable
> So, is this the end of the wikileaks? :) Hardly, IMHO it is a gambit to ask for money. Craig, don't you guys at Arbor have the IP addresses that were tracking for the DDOS attacks ? -J
Re: wikileaks unreachable
Message from twitter @wikileaks: WikiLeaks,org domain killed by US everydns.net after claimed mass attacks. So, is this the end of the wikileaks? :) -- Sincerely, Mikhail Strizhov On 12/01/2010 06:50 PM, Craig Labovitz wrote: http://asert.arbornetworks.com/2010/11/wikileaks-cablegate-attack/ and http://asert.arbornetworks.com/2010/11/round2-ddos-versus-wikileaks/ - Craig On Dec 1, 2010, at 4:38 PM, Mike wrote: Just on an operational front, does anyone know the nature of the DDoS against wikileaks? eg: spoofed source garbage, http get, synfloods, or ? Mike-
Re: wikileaks unreachable
http://asert.arbornetworks.com/2010/11/wikileaks-cablegate-attack/ and http://asert.arbornetworks.com/2010/11/round2-ddos-versus-wikileaks/ - Craig On Dec 1, 2010, at 4:38 PM, Mike wrote: > Just on an operational front, does anyone know the nature of the DDoS against > wikileaks? eg: spoofed source garbage, http get, synfloods, or ? > > Mike-
Re: wikileaks unreachable
Just on an operational front, does anyone know the nature of the DDoS against wikileaks? eg: spoofed source garbage, http get, synfloods, or ? Mike-
Re: wikileaks unreachable
On Nov 30, 2010, at 11:07 AM, Marshall Eubanks wrote: > > On Nov 28, 2010, at 4:34 PM, Randy Bush wrote: > >> anyone know why https://www.wikileaks.org/ is not reachable? nations >> state level censors trying to close the barn door after the horse has >> left? >> >> randy >> >> > > That was two days ago - as of this morning, there is apparently another > > From @wikileaks on twitter > > wikileaks WikiLeaks > DDOS attack now exceeding 10 Gigabits a second. > 1 hour ago > > wikileaks WikiLeaks > We are currently under another DDOS attack. More routing news : Wikileaks has been booted off Amazon EC2 http://arstechnica.com/security/news/2010/12/wikileaks-kicked-out-of-amazons-cloud.ars "Senator Joe Lieberman (I-CT), chairman of the Homeland Security and Governmental Affairs Committee, was among the congressmen who pressured Amazon to stop hosting Wikileaks... The site was down briefly after being ejected from Amazon, but is back up and once again running on the servers of Bahnhof, its previous Swedish hosting provider." regards Marshall > > Marshall > > >
Re: wikileaks unreachable
On Sun, Nov 28, 2010 at 10:18:18PM -0500, Andrew Kirch said: >Lets be clear here, I'm not encouraging DDoS, I'm enjoying the >possibility that someone will hopefully put a jacketed hollowpoint in >Assange. Not to promote equine defibrilation, but just so you all feel better - http://www.miamiherald.com/2010/11/28/1947638/no-evidence-that-wikileaks-releases.html summary: no one got hurt, and wikileaks lets the newspapers do the hard work of redacting info that'd hurt individuals directly. There has been no loss of lives. But s/lives/political careers/ is a different matter, and might catalyse hyperbole that some are buying into. OBONTOPIC: wikileaks has another DDOS going (real DDOS not plain DOS, apparently.) /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: wikileaks unreachable
On Nov 28, 2010, at 4:34 PM, Randy Bush wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy > > That was two days ago - as of this morning, there is apparently another From @wikileaks on twitter wikileaks WikiLeaks DDOS attack now exceeding 10 Gigabits a second. 1 hour ago wikileaks WikiLeaks We are currently under another DDOS attack. Marshall
Re: wikileaks unreachable
The one thing I found interesting was the InfoSecIsland poll where the majority of Security Practitioners polled actually supported the Jester's methods... Stefan Fouant Sorry for the top post. Sent from my iPad On Nov 28, 2010, at 9:29 PM, "andrew.wallace" wrote: > Hi Nanog, > > > Some more information here - > > http://www.reddit.com/r/netsec/comments/ecwnn/wikileaks_hacked_ahead_of_secret_us_document/c176lcb > > The hacker has featured previously in a news article on his attack platform - > > > https://www.infosecisland.com/blogview/3258-Hacker-Releases-Second-Video-of-Enhanced-XerXeS-DoS-Attack-on-Apache-Vulnerability-.html > > Regards, > > Andrew > > > - Original Message - > From:Joel Esler > To:Marshall Eubanks > Cc:North American Network Operators Group > Sent:Monday, 29 November 2010, 1:56:34 > Subject:Re: wikileaks unreachable > > I've heard it's a DOS (not DDOS) according to twitter. Allegedly according to > the person doing the DOS: > > Just so we are all straight and clear - wikileaks hit is not a > 'Distributed' DoS, its a simple DoS - I dont use intermediaries or > botnets. Sun Nov 16 - 15:28 EST > > http://twitter.com/th3j35t3r > > Joel > > On Nov 28, 2010, at 6:42 PM, Marshall Eubanks wrote: > >> >> On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote: >> >>> DOS is probably because they released some more stuff. >>> >>> "Secret US Embassy Cables" >>> http://cablegate.wikileaks.org/ >>> >> >> DDOS according to this >> >> http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos >> >> Regards >> Marshall >> >>> -wil >>> >>> On Nov 28, 2010, at 1:38 PM, James Downs wrote: >>> >>>> >>>> On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: >>>> >>>>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>>>> state level censors trying to close the barn door after the horse has >>>> >>>> Reported they were under attack: http://bgg.lv/h2pmsd >>>> >>>> >>> >>> >>> >> >> > > > >
Re: wikileaks unreachable
Yes, we've all read your "blog". Good thing this isn't an operations list or anything. -wil On Nov 28, 2010, at 8:06 PM, Andrew Kirch wrote: > On 11/28/2010 10:52 PM, Adrian Chadd wrote: >> On Sun, Nov 28, 2010, Ken Chase wrote: >> >>> This is always the best way to deal with disagreement. >>> >>> But I think this is the wrong list to tender such contracts. Also, it's odd >>> you >>> hate DDOS's more than murder. Time to take some time off work perhaps? >>> >>> For the first time I'm hoping to not meet some of the nanog members in >>> person >>> at a Nanog conference should I ever attend >> I think you've got it backwards. See if he's actively like this in person. >> Email ... "changes things" with communication. >> >> >> >> Adrian >> >> > There's quite a few right now off list laughing, as they know full well > that I'm exactly like this when faced with a threat towards friends and > family serving in uniform overseas. > > Andrew >
Re: wikileaks unreachable
On 11/28/2010 10:52 PM, Adrian Chadd wrote: > On Sun, Nov 28, 2010, Ken Chase wrote: > >> This is always the best way to deal with disagreement. >> >> But I think this is the wrong list to tender such contracts. Also, it's odd >> you >> hate DDOS's more than murder. Time to take some time off work perhaps? >> >> For the first time I'm hoping to not meet some of the nanog members in person >> at a Nanog conference should I ever attend > I think you've got it backwards. See if he's actively like this in person. > Email ... "changes things" with communication. > > > > Adrian > > There's quite a few right now off list laughing, as they know full well that I'm exactly like this when faced with a threat towards friends and family serving in uniform overseas. Andrew
Re: wikileaks unreachable
On Sun, Nov 28, 2010, Ken Chase wrote: > This is always the best way to deal with disagreement. > > But I think this is the wrong list to tender such contracts. Also, it's odd > you > hate DDOS's more than murder. Time to take some time off work perhaps? > > For the first time I'm hoping to not meet some of the nanog members in person > at a Nanog conference should I ever attend I think you've got it backwards. See if he's actively like this in person. Email ... "changes things" with communication. Adrian
Re: wikileaks unreachable
ROFL Sent from my iPhone On Nov 28, 2010, at 10:23 PM, Ken Chase wrote: > On Sun, Nov 28, 2010 at 10:18:18PM -0500, Andrew Kirch said: > >> Lets be clear here, I'm not encouraging DDoS, I'm enjoying the >> possibility that someone will hopefully put a jacketed hollowpoint in >> Assange. >> >> Andrew > > This is always the best way to deal with disagreement. > > But I think this is the wrong list to tender such contracts. Also, it's odd > you > hate DDOS's more than murder. Time to take some time off work perhaps? > > For the first time I'm hoping to not meet some of the nanog members in person > at a Nanog conference should I ever attend > > /kc > -- > Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA > Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 > Front St. W. >
Re: wikileaks unreachable
On Sun, Nov 28, 2010 at 10:18:18PM -0500, Andrew Kirch said: >Lets be clear here, I'm not encouraging DDoS, I'm enjoying the >possibility that someone will hopefully put a jacketed hollowpoint in >Assange. > >Andrew This is always the best way to deal with disagreement. But I think this is the wrong list to tender such contracts. Also, it's odd you hate DDOS's more than murder. Time to take some time off work perhaps? For the first time I'm hoping to not meet some of the nanog members in person at a Nanog conference should I ever attend /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: wikileaks unreachable
On 11/28/2010 6:11 PM, Patrick W. Gilmore wrote: > I find it distressing when Network Operators are willing to encourage > DDoS'ing of a site. Any site. Especially on an operational list, where > politics are specifically prohibited. > > You don't like Wikileaks, that's between you & Julian. A DDoS affects the > infrastructure of multiple networks, users, other websites, etc., etc. Most > people who read the last sentence thought to themselves that is beyond > obvious. It is a shame you do not understand it. > > Put another way, perhaps you should take your own 230gr. Lets be clear here, I'm not encouraging DDoS, I'm enjoying the possibility that someone will hopefully put a jacketed hollowpoint in Assange. Andrew
Re: wikileaks unreachable
Hi Nanog, Some more information here - http://www.reddit.com/r/netsec/comments/ecwnn/wikileaks_hacked_ahead_of_secret_us_document/c176lcb The hacker has featured previously in a news article on his attack platform - https://www.infosecisland.com/blogview/3258-Hacker-Releases-Second-Video-of-Enhanced-XerXeS-DoS-Attack-on-Apache-Vulnerability-.html Regards, Andrew - Original Message - From:Joel Esler To:Marshall Eubanks Cc:North American Network Operators Group Sent:Monday, 29 November 2010, 1:56:34 Subject:Re: wikileaks unreachable I've heard it's a DOS (not DDOS) according to twitter. Allegedly according to the person doing the DOS: Just so we are all straight and clear - wikileaks hit is not a 'Distributed' DoS, its a simple DoS - I dont use intermediaries or botnets. Sun Nov 16 - 15:28 EST http://twitter.com/th3j35t3r Joel On Nov 28, 2010, at 6:42 PM, Marshall Eubanks wrote: > > On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote: > >> DOS is probably because they released some more stuff. >> >> "Secret US Embassy Cables" >> http://cablegate.wikileaks.org/ >> > > DDOS according to this > > http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos > > Regards > Marshall > >> -wil >> >> On Nov 28, 2010, at 1:38 PM, James Downs wrote: >> >>> >>> On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: >>> >>>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>>> state level censors trying to close the barn door after the horse has >>> >>> Reported they were under attack: http://bgg.lv/h2pmsd >>> >>> >> >> >> > >
Re: wikileaks unreachable
On Sun, 28 Nov 2010 21:06:08 -0500 "kmedc...@dessus.com" wrote: > >> botnets. Sun Nov 16 - 15:28 EST > > >That would be just about 2 weeks ago. > > Actually, the last time November 16th fell on a Sunday would have been in > 2008. > > So fifty-four weeks ago ... Um, really? What year is this? Damn! Why didn't I bring back a newspaper from 2010? -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Re: wikileaks unreachable
On 29/11/10 1:06 PM, kmedc...@dessus.com wrote: >> Uh... huh? > >>> Just so we are all straight and clear - wikileaks hit is not a >>> 'Distributed' DoS, its a simple DoS - I dont use intermediaries or >>> botnets. Sun Nov 16 - 15:28 EST > >> That would be just about 2 weeks ago. > > Actually, the last time November 16th fell on a Sunday would have been in > 2008. > > So fifty-four weeks ago ... 106 weeks ago. You need more caffeine. ;) Regards, Ben signature.asc Description: OpenPGP digital signature
Re: wikileaks unreachable
I copied and pasted that from another list, however, when I brought up the twitter feed it said "six hours ago" (when i sent that first email). Now I don't see the tweet. So, the truth may vary. Sent from my iPad On Nov 28, 2010, at 9:06 PM, "kmedc...@dessus.com" wrote: >> Uh... huh? > >>> Just so we are all straight and clear - wikileaks hit is not a >>> 'Distributed' DoS, its a simple DoS - I dont use intermediaries or >>> botnets. Sun Nov 16 - 15:28 EST > >> That would be just about 2 weeks ago. > > Actually, the last time November 16th fell on a Sunday would have been in > 2008. > > So fifty-four weeks ago ... > > -- > () ascii ribbon campaign against html e-mail > /\ www.asciiribbon.org > > > >
RE: wikileaks unreachable
>Uh... huh? >> Just so we are all straight and clear - wikileaks hit is not a >> 'Distributed' DoS, its a simple DoS - I dont use intermediaries or >> botnets. Sun Nov 16 - 15:28 EST >That would be just about 2 weeks ago. Actually, the last time November 16th fell on a Sunday would have been in 2008. So fifty-four weeks ago ... -- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
RE: wikileaks unreachable
Uh... huh? > Just so we are all straight and clear - wikileaks hit is not a > 'Distributed' DoS, its a simple DoS - I dont use intermediaries or > botnets. Sun Nov 16 - 15:28 EST That would be just about 2 weeks ago.
Re: wikileaks unreachable
I've heard it's a DOS (not DDOS) according to twitter. Allegedly according to the person doing the DOS: Just so we are all straight and clear - wikileaks hit is not a 'Distributed' DoS, its a simple DoS - I dont use intermediaries or botnets. Sun Nov 16 - 15:28 EST http://twitter.com/th3j35t3r Joel On Nov 28, 2010, at 6:42 PM, Marshall Eubanks wrote: > > On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote: > >> DOS is probably because they released some more stuff. >> >> "Secret US Embassy Cables" >> http://cablegate.wikileaks.org/ >> > > DDOS according to this > > http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos > > Regards > Marshall > >> -wil >> >> On Nov 28, 2010, at 1:38 PM, James Downs wrote: >> >>> >>> On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: >>> anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has >>> >>> Reported they were under attack: http://bgg.lv/h2pmsd >>> >>> >> >> >> > >
Re: wikileaks unreachable
On Nov 28, 2010, at 4:46 PM, Andrew Kirch wrote: On 11/28/2010 4:34 PM, Randy Bush wrote: anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has left? Good riddance. The sooner someone gives Julian Assange 230gr of shut the f*** up, the better. I find it distressing when Network Operators are willing to encourage DDoS'ing of a site. Any site. Especially on an operational list, where politics are specifically prohibited. You don't like Wikileaks, that's between you & Julian. A DDoS affects the infrastructure of multiple networks, users, other websites, etc., etc. Most people who read the last sentence thought to themselves that is beyond obvious. It is a shame you do not understand it. Put another way, perhaps you should take your own 230gr. ++ Kind regards, Ingo Flaschberger -- "I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'" --Mike Godwin
Re: wikileaks unreachable
On Sun, Nov 28, 2010 at 06:27:13PM -0500, James Jones wrote: > Remember not everyone who is on this list is a network operator > and sometimes their misguided statements make it here. It is an operations list; stick to the topic [reachabinility and the fragmentation of dns or bgp data in this case] or don't post. It doesn't require expert knowledge to stay even remotely on-topic. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Re: wikileaks unreachable
What is the MLC position on threatening the lives of political adversaries via the list? At least he didn't swear, I guess. That would be wrong. "Andrew Kirch" wrote: >On 11/28/2010 4:34 PM, Randy Bush wrote: >> anyone know why https://www.wikileaks.org/ is not reachable? nations >> state level censors trying to close the barn door after the horse has >> left? >> >> randy >> >Good riddance. The sooner someone gives Julian Assange 230gr of shut >the f*** up, the better. > -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: wikileaks unreachable
On Nov 28, 2010, at 6:11 PM, Patrick W. Gilmore wrote: > On Nov 28, 2010, at 4:46 PM, Andrew Kirch wrote: >> On 11/28/2010 4:34 PM, Randy Bush wrote: >>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>> state level censors trying to close the barn door after the horse has >>> left? > >> Good riddance. The sooner someone gives Julian Assange 230gr of shut >> the f*** up, the better. > > I find it distressing when Network Operators are willing to encourage > DDoS'ing of a site. Any site. Especially on an operational list, where > politics are specifically prohibited. > > You don't like Wikileaks, that's between you & Julian. A DDoS affects the > infrastructure of multiple networks, users, other websites, etc., etc. Most > people who read the last sentence thought to themselves that is beyond > obvious. It is a shame you do not understand it. > > Put another way, perhaps you should take your own 230gr. > +1 Marshall > -- > TTFN, > patrick > > >
Re: wikileaks unreachable
On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote: > DOS is probably because they released some more stuff. > > "Secret US Embassy Cables" > http://cablegate.wikileaks.org/ > DDOS according to this http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos Regards Marshall > -wil > > On Nov 28, 2010, at 1:38 PM, James Downs wrote: > >> >> On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: >> >>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>> state level censors trying to close the barn door after the horse has >> >> Reported they were under attack: http://bgg.lv/h2pmsd >> >> > > >
Re: wikileaks unreachable
Didn't took long for Wired to include the "cyberatack" theme on their recent related article. http://www.wired.com/threatlevel/2010/11/cablegate/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+wired/index+(Wired:+Index+3+(Top+Stories+2)) -J
Re: wikileaks unreachable
Remember not everyone who is on this list is a network operator and sometimes their misguided statements make it here. Do not get me wrong I wish wikileaks would disappear, but there are better ways to do this than interfering with other peoples networks. I would hope the moderators are willing to take the correction action when addressing such matters. Sent from my iPhone On Nov 28, 2010, at 6:11 PM, "Patrick W. Gilmore" wrote: > On Nov 28, 2010, at 4:46 PM, Andrew Kirch wrote: >> On 11/28/2010 4:34 PM, Randy Bush wrote: >>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>> state level censors trying to close the barn door after the horse has >>> left? > >> Good riddance. The sooner someone gives Julian Assange 230gr of shut >> the f*** up, the better. > > I find it distressing when Network Operators are willing to encourage > DDoS'ing of a site. Any site. Especially on an operational list, where > politics are specifically prohibited. > > You don't like Wikileaks, that's between you & Julian. A DDoS affects the > infrastructure of multiple networks, users, other websites, etc., etc. Most > people who read the last sentence thought to themselves that is beyond > obvious. It is a shame you do not understand it. > > Put another way, perhaps you should take your own 230gr. > > -- > TTFN, > patrick > >
Re: wikileaks unreachable
On Sun, Nov 28, 2010 at 5:11 PM, Patrick W. Gilmore wrote: > On Nov 28, 2010, at 4:46 PM, Andrew Kirch wrote: >> On 11/28/2010 4:34 PM, Randy Bush wrote: >>> anyone know why https://www.wikileaks.org/ is not reachable? nations >>> state level censors trying to close the barn door after the horse has >>> left? > >> Good riddance. The sooner someone gives Julian Assange 230gr of shut >> the f*** up, the better. > > I find it distressing when Network Operators are willing to encourage > DDoS'ing of a site. Any site. Especially on an operational list, where > politics are specifically prohibited. > > You don't like Wikileaks, that's between you & Julian. A DDoS affects the > infrastructure of multiple networks, users, other websites, etc., etc. Most > people who read the last sentence thought to themselves that is beyond > obvious. It is a shame you do not understand it. > > Put another way, perhaps you should take your own 230gr. +1
Re: wikileaks unreachable
On Nov 28, 2010, at 4:46 PM, Andrew Kirch wrote: > On 11/28/2010 4:34 PM, Randy Bush wrote: >> anyone know why https://www.wikileaks.org/ is not reachable? nations >> state level censors trying to close the barn door after the horse has >> left? > Good riddance. The sooner someone gives Julian Assange 230gr of shut > the f*** up, the better. I find it distressing when Network Operators are willing to encourage DDoS'ing of a site. Any site. Especially on an operational list, where politics are specifically prohibited. You don't like Wikileaks, that's between you & Julian. A DDoS affects the infrastructure of multiple networks, users, other websites, etc., etc. Most people who read the last sentence thought to themselves that is beyond obvious. It is a shame you do not understand it. Put another way, perhaps you should take your own 230gr. -- TTFN, patrick
Re: wikileaks unreachable
On Sun, 28 Nov 2010 16:46:25 EST, Andrew Kirch said: > On 11/28/2010 4:34 PM, Randy Bush wrote: > > anyone know why https://www.wikileaks.org/ is not reachable? nations > > state level censors trying to close the barn door after the horse has > > left? > > > > randy > > > Good riddance. The sooner someone gives Julian Assange 230gr of shut > the f*** up, the better. A lot of people at the Pentagon in 1969 said exactly the same thing about Daniel Ellsberg. Whichever side of the fence you are regarding either Assange or Ellsberg, it doesn't make it right to DDOS the server or break in to Lewis Fielding's office. I'll shut up now. pgpNdoKGtGaQQ.pgp Description: PGP signature
Re: wikileaks unreachable
Seems like they moved to Amazon a few hours ago: $ whois -h whois.bgpmon.net wikileaks.org Prefix: 46.51.128.0/18 Prefix description: Amazon EU AWS Dublin Country code:IE Origin AS: 39111 Origin AS Name: ADSI-AS Amazon EU DC AS .-- My secret spy satellite informs me that at 10-11-28 2:07 PM Jeffrey Lyon wrote: I wouldn't have thought that PRQ would have any significant protection in place. Jeff On Sun, Nov 28, 2010 at 5:03 PM, William Pitcock wrote: On Sun, 2010-11-28 at 16:43 -0500, Jeffrey Lyon wrote: I'm surprised it took this long for the DDoS train to pull into the station. Wikileaks gets DDoSed all the time. My understanding is that PRQ nullrouted the IP because the DDoS is much larger this time. William
Re: wikileaks unreachable
DOS is probably because they released some more stuff. "Secret US Embassy Cables" http://cablegate.wikileaks.org/ -wil On Nov 28, 2010, at 1:38 PM, James Downs wrote: > > On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: > >> anyone know why https://www.wikileaks.org/ is not reachable? nations >> state level censors trying to close the barn door after the horse has > > Reported they were under attack: http://bgg.lv/h2pmsd > >
Re: wikileaks unreachable
On Sun, 2010-11-28 at 17:07 -0500, Jeffrey Lyon wrote: > I wouldn't have thought that PRQ would have any significant protection in > place. They used to host thepiratebay. I would figure that site probably got a lot of ddos attacks... William
Re: wikileaks unreachable
I wouldn't have thought that PRQ would have any significant protection in place. Jeff On Sun, Nov 28, 2010 at 5:03 PM, William Pitcock wrote: > On Sun, 2010-11-28 at 16:43 -0500, Jeffrey Lyon wrote: >> I'm surprised it took this long for the DDoS train to pull into the station. > > Wikileaks gets DDoSed all the time. My understanding is that PRQ > nullrouted the IP because the DDoS is much larger this time. > > William > > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: wikileaks unreachable
On Sun, 2010-11-28 at 16:43 -0500, Jeffrey Lyon wrote: > I'm surprised it took this long for the DDoS train to pull into the station. Wikileaks gets DDoSed all the time. My understanding is that PRQ nullrouted the IP because the DDoS is much larger this time. William
Re: wikileaks unreachable
better late than never -- Sent from my Nokia N900 using Nokia Messaging - Original message - > I'm surprised it took this long for the DDoS train to pull into the > station. > > Jeff > > On Sun, Nov 28, 2010 at 4:38 PM, James Downs wrote: > > > > On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: > > > > > anyone know why https://www.wikileaks.org/ is not reachable? nations > > > state level censors trying to close the barn door after the horse has > > > > Reported they were under attack: http://bgg.lv/h2pmsd > > > > > > > > > > -- > Jeffrey Lyon, Leadership Team > jeffrey.l...@blacklotus.net | http://www.blacklotus.net > Black Lotus Communications - AS32421 > First and Leading in DDoS Protection Solutions >
Re: wikileaks unreachable
On 11/28/2010 4:34 PM, Randy Bush wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy > Good riddance. The sooner someone gives Julian Assange 230gr of shut the f*** up, the better.
Re: wikileaks unreachable
I'm surprised it took this long for the DDoS train to pull into the station. Jeff On Sun, Nov 28, 2010 at 4:38 PM, James Downs wrote: > > On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: > >> anyone know why https://www.wikileaks.org/ is not reachable? nations >> state level censors trying to close the barn door after the horse has > > Reported they were under attack: http://bgg.lv/h2pmsd > > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: wikileaks unreachable
My guess would be that it is busy. Don't know bout your region but au way it has been on the news a bit. M On 29/11/2010, at 8:35, "Randy Bush" wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy >
Re: wikileaks unreachable
I heard there are DDoS attacks on the Wikileaks site. Zaid On 11/28/10 1:34 PM, "Randy Bush" wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy >
Re: wikileaks unreachable
On Nov 28, 2010, at 1:34 PM, Randy Bush wrote: anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has Reported they were under attack: http://bgg.lv/h2pmsd
Re: wikileaks unreachable
They twittered earlier claiming ddos. http://twitter.com/#!/wikileaks/status/8920530488926208 "We are currently under a mass distributed denial of service attack." horse firmly bolted though, The Guardian, NYT etc all have copies apparently. thanks Andrew On Sun, Nov 28, 2010 at 9:34 PM, Randy Bush wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy > >
wikileaks unreachable
anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has left? randy
