Re: [PLUG] Web site URL points to localhost

2016-09-25 Thread Vedanta Teacher 
I almost wondered if this was going to start just before
the election as a "tech October Surprise". If you cut people
off from information, communication, etc. you control what
they know and hopefully their vote. Just like the Agents Provocateurs
in many critical US cities seem well funded and coordinated (as well
as being bused in)- There are those who profit from chaos.

The Ancient Greeks said: " People get the government they deserve".
As long as the Cardassians (?) are better known than the candidates
& issues nothing will change.

Blessings,
Paul W.

On Sun, Sep 25, 2016 at 11:18 AM, Rich Shepard 
wrote:

> On Fri, 23 Sep 2016, King Beowulf wrote:
>
> > Akamai and others don't protect against this sort of attack because there
> > simply is no business case to support the expenditure (Don't even get me
> > started on Yahoo). Not only do we need to be more cognizant of our own
> > personal security, but we need to force private enterprise to do the
> same.
> > The network backbone is now required infrastructure - just as important
> as
> > roads/bridges and the electric grid.
>
>Brian's site is back up using Google's security. Read all of today's
> article to get the full story. It's both interesting and troubling; wonder
> if there are things we can do as individuals to reduce vulnerabilities.
>
> Rich
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-25 Thread Rich Shepard 
On Fri, 23 Sep 2016, King Beowulf wrote:

> Akamai and others don't protect against this sort of attack because there
> simply is no business case to support the expenditure (Don't even get me
> started on Yahoo). Not only do we need to be more cognizant of our own
> personal security, but we need to force private enterprise to do the same.
> The network backbone is now required infrastructure - just as important as
> roads/bridges and the electric grid.

   Brian's site is back up using Google's security. Read all of today's
article to get the full story. It's both interesting and troubling; wonder
if there are things we can do as individuals to reduce vulnerabilities.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-24 Thread jim karlock 
That is actually a well recognized economic fallacy. What it leaves 
out is the fact that that money could have been spent on other things 
that would improve our lives, instead of replacing perfectly good 
things with no net benefit.

That is why many people oppose "alternative" energy - it will waste 
the billions we spent on our perfectly OK current power system with 
new. While that money would be better spent improving our lives, 
bringing people out of poverty, building new roads, or feeding our families.

Unfortunately most politicians don't have a clue about this or other 
economic concepts.

thanks
JK




At 08:57 AM 9/24/2016, Denis Heidtmann wrote:
>On Fri, Sep 23, 2016 at 8:20 PM, Russell Johnson  wrote:
>
> >
> > ...
> > Just as law enforcement won't eliminate or curtail, or in a lot of
> > instances prosecute these crimes because the gain to the economy is much
> > more than the losses incurred.
> >
>
>
>If true, this is an example of why I could never understand economics.  If
>I set fire to a bunch of buildings, the economy improves since all those
>fire fighters, demolition and construction workers are now employed.  Let's
>become the richest country in the world by setting fire to all our cities!
>Econ-logic.
>
>-Denis
>___
>PLUG mailing list
>PLUG@lists.pdxlinux.org
>http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-24 Thread Rich Shepard 
On Sat, 24 Sep 2016, Denis Heidtmann wrote:

> If true, this is an example of why I could never understand economics. If
> I set fire to a bunch of buildings, the economy improves since all those
> fire fighters, demolition and construction workers are now employed. Let's
> become the richest country in the world by setting fire to all our cities!
> Econ-logic.

   A cynic might apply the same logic to vehicle accidents. There's lot of
economic stimulus that follows an accident.

Rich

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-24 Thread Denis Heidtmann 
On Fri, Sep 23, 2016 at 8:20 PM, Russell Johnson  wrote:

>
> ...
> Just as law enforcement won't eliminate or curtail, or in a lot of
> instances prosecute these crimes because the gain to the economy is much
> more than the losses incurred.
>


If true, this is an example of why I could never understand economics.  If
I set fire to a bunch of buildings, the economy improves since all those
fire fighters, demolition and construction workers are now employed.  Let's
become the richest country in the world by setting fire to all our cities!
Econ-logic.

-Denis
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Russell Johnson 


> On Sep 23, 2016, at 10:30, Rich Shepard  wrote:
> 
>   If it's true that the majority of DDoS attacks use compromised individual
> hosts collected into a botnet, seems to me that reducing the number of such
> compromised systems would be a good place to start.

That would seem logical. 

However, the powers that be have zero interest in making it go away or subside, 
because their mere existence gives rise to a whole industry of products to 
protect people from these things. 

Just as law enforcement won't eliminate or curtail, or in a lot of instances 
prosecute these crimes because the gain to the economy is much more than the 
losses incurred. 
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Rich Shepard 
On Fri, 23 Sep 2016, bro...@netgate.net wrote:

> It's time we start to defend our Internet borders similar to how we defend
> our actual borders. After helping to build this mess I'm convinced it's
> time to make the Internet a much smaller place. Still allowing anyone
> access, but for most services your worldview would be much smaller than it
> is today.

   I'm strictly an end user who runs his own mail server (but not an
externally-pointed web browser). While not a computer professional I've
observed patterns in e-mail UCE abuse, and my limited understanding of bad
actors has depended a lot on what I read here and on Brian Krebs' blog (and
his book). Seems to me there are certain small steps that can be more easily
taken that _could_ reduce DDoS attacks.

   If it's true that the majority of DDoS attacks use compromised individual
hosts collected into a botnet, seems to me that reducing the number of such
compromised systems would be a good place to start.

   There are two reactions to my reports of spam to the ISP that sent them to
me that continue to puzzle me. One is ISPs that have no published abuse@
address. This is almost universal in Latin American countries based on the
spam that makes it into my inbox.

   The second is more puzzling to me: abuse reports that are rejected
because they contain spam or have malicious attachments. Duh! Really? Isn't
that why an ISP has an abuse@ address in the first place? The sub-set of
this is receiving the bounced message because that username's mailbox is
full and cannot take in more reports.

   While the solution is probably more complex than my understanding, seems
to me that taking compromised hosts off the 'Net until cleaned would be a
good first step. After all, as one famous person once said (or wrote), "when
you're in a hole, stop digging."

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread King Beowulf 
On 09/23/2016 09:08 AM, bro...@netgate.net wrote:
> 
> From: STRUCTURE EVENTS Newsletter
> 
> -
> KREBSONSECURITY HIT WITH RECORD DDOS
> 
> Brian Krebs is one of the most hard-working and influential journalists in 
> the field of information security, which means he has made a few enemies 
> over the years. Krebs' site was hit this week by what Akamai called the 
> largest DDoS attack it had ever seen, according to a blog post from Krebs. 
> He later tweeted that Akamai was forced to take his site offline.
> -
> 
>> And the bad guys win; that's exactly what they were trying to achieve. How
>> unfortunate.
> 
> It's time we start to defend our Internet borders similar to how we defend 
> our actual borders. After helping to build this mess I'm convinced it's 
> time to make the Internet a much smaller place. Still allowing anyone 
> access, but for most services your worldview would be much smaller than it 
> is today. If a distributed network such as Akamai can't offer any defense 
> against this sort of attack, no one can. Think about it. This attack 
> caused so much traffic on the Akamai network that it affected other 
> customers. The only way they could defend their network was to remove the 
> endpoint being attacked. It's time to reduce the attack surface we make 
> available to the bad guys.
> 
> Kevin
> 

Absolutely fantastic.  Back to walled gardens then?  I wounder where my
old AOL CD isis Compuserve still up?  I wonder if my house's POTS
wiring still works...

I don't think being shrinking violets is the answer.  The Internet is
now part of the growth of Human culture and knowledge and has no true
border.

Akamai and others don't protect against this sort of attack because
there simply is no business case to support the expenditure (Don't even
get me started on Yahoo).  Not only do we need to be more cognizant of
our own personal security, but we need to force private enterprise to do
the same. The network backbone is now required infrastructure - just as
important as roads/bridges and the electric grid.

After all the old ATT a Bell may have been a pain in the ass, but there
was ALWAYS a dial tone.

Perhaps, too, we should also take a few of our congress critters behind
the wood shed for a security lesson.  They will then not be so keen to
allow our "three letter agencies" to poke holes into our networks, but,
rather, figure ways to improve security.

-Ed
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread brooks 

From: STRUCTURE EVENTS Newsletter

-
KREBSONSECURITY HIT WITH RECORD DDOS

Brian Krebs is one of the most hard-working and influential journalists in 
the field of information security, which means he has made a few enemies 
over the years. Krebs' site was hit this week by what Akamai called the 
largest DDoS attack it had ever seen, according to a blog post from Krebs. 
He later tweeted that Akamai was forced to take his site offline.
-

> And the bad guys win; that's exactly what they were trying to achieve. How
> unfortunate.

It's time we start to defend our Internet borders similar to how we defend 
our actual borders. After helping to build this mess I'm convinced it's 
time to make the Internet a much smaller place. Still allowing anyone 
access, but for most services your worldview would be much smaller than it 
is today. If a distributed network such as Akamai can't offer any defense 
against this sort of attack, no one can. Think about it. This attack 
caused so much traffic on the Akamai network that it affected other 
customers. The only way they could defend their network was to remove the 
endpoint being attacked. It's time to reduce the attack surface we make 
available to the bad guys.

Kevin


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Smith, Cathy 
Also posted by Krebs  yesterday

Also, it seems clear that whoever built this ddos cannon has been 
testing it (in europe at OVH, in South America on Tuesday, elsewhere)

Bruce Schneier had this to say about large scale DDoS attacks
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html




-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] 
On Behalf Of Rich Shepard
Sent: Friday, September 23, 2016 8:24 AM
To: Portland Linux/Unix Group <plug@lists.pdxlinux.org>
Subject: Re: [PLUG] Web site URL points to localhost

On Fri, 23 Sep 2016, Smith, Cathy wrote:

> KrebsOnSecurity is still down this morning.

   So I noticed.

> He posted this on Twitter late last night.
>   It's looking likely that KrebsOnSecurity will be offline for a while. 
> Akamai's kicking me off their network tonight.

   And the bad guys win; that's exactly what they were trying to achieve. How 
unfortunate.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Rich Shepard 
On Fri, 23 Sep 2016, Smith, Cathy wrote:

> KrebsOnSecurity is still down this morning.

   So I noticed.

> He posted this on Twitter late last night.
>   It's looking likely that KrebsOnSecurity will be offline for a
> while. Akamai's kicking me off their network tonight.

   And the bad guys win; that's exactly what they were trying to achieve. How
unfortunate.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Smith, Cathy 
KrebsOnSecurity is still down this morning.  He posted this on Twitter late 
last night.

It's looking likely that KrebsOnSecurity will be offline for a while. 
Akamai's kicking me off their network tonight.



-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] 
On Behalf Of Russell Senior
Sent: Friday, September 23, 2016 12:59 AM
To: Portland Linux/Unix Group <plug@lists.pdxlinux.org>
Subject: Re: [PLUG] Web site URL points to localhost

>>>>> "John" == John Meissen <j...@meissen.org> writes:

John> rshep...@appl-ecosys.com said:
>> I would appreciate someone explaining why I might be seeing these 
>> results and offer ideas how I might once again reach his web site.

John> Because that's what his nameserver is returning as his IP address. 
John> Not much you can do until that changes.

Of course, if you know what his site's actual IP address is, you could 
temporarily plunk it in /etc/hosts and bypass the DNS lookup.  If his site 
really is up, then that should work.

And, no, I don't know his site's ip address.


--
Russell Senior, President
russ...@personaltelco.net
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-23 Thread Russell Senior 
> "John" == John Meissen  writes:

John> rshep...@appl-ecosys.com said:
>> I would appreciate someone explaining why I might be seeing these
>> results and offer ideas how I might once again reach his web site.

John> Because that's what his nameserver is returning as his IP
John> address. Not much you can do until that changes.

Of course, if you know what his site's actual IP address is, you could
temporarily plunk it in /etc/hosts and bypass the DNS lookup.  If his
site really is up, then that should work.

And, no, I don't know his site's ip address.


-- 
Russell Senior, President
russ...@personaltelco.net
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Rich Shepard 
On Thu, 22 Sep 2016, Ronald Chmara wrote:

> https://web.archive.org/web/20160922124922/http://krebsonsecurity.com/ is
> the last internet archive has, from 2016/09/22 (the comments section on
> the article go to 09/21), so it's up to the last 24 hours or so.

   Thanks. That's a good URL to know.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Ronald Chmara 
https://web.archive.org/web/20160922124922/http://krebsonsecurity.com/ is
the last internet archive has, from 2016/09/22 (the comments section on the
article go to 09/21), so it's up to the last 24 hours or so.


On Thu, Sep 22, 2016 at 5:02 PM, Rich Shepard 
wrote:

> On Thu, 22 Sep 2016, Ali Corbin wrote:
>
> > His service provider (who was suffering the affects of the attack)
> > unloaded him. Until he can get back up, your only recourse is to find
> > caches of the site.
>Checking site caches will not show me any articles he's published
> recently. I check his site each morning to learn who else has been hacked
> and whether I'm at risk.
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Rich Shepard 
On Thu, 22 Sep 2016, Ali Corbin wrote:

> His service provider (who was suffering the affects of the attack)
> unloaded him. Until he can get back up, your only recourse is to find
> caches of the site.

Ali,

   I didn't search that far since I'm not well educated on DNS. I also did
not run dig which tells me it's a DNS issue.

   Checking site caches will not show me any articles he's published
recently. I check his site each morning to learn who else has been hacked
and whether I'm at risk.

Thanks for the insight,

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Smith, Cathy 
I'm not surprised.  I was able to get to his site this morning, but not this 
afternoon.

-- 
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the 
U.S. Department of Energy

Phone: 509.375.2687
Fax:       509.375.4399
Email: cathy.sm...@pnnl.gov



-Original Message-
From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] 
On Behalf Of Ali Corbin
Sent: Thursday, September 22, 2016 4:57 PM
To: Portland Linux/Unix Group <plug@lists.pdxlinux.org>
Subject: Re: [PLUG] Web site URL points to localhost

His service provider (who was suffering the affects of the attack) unloaded 
him.  Until he can get back up, your only recourse is to find caches of the 
site.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Ali Corbin 
His service provider (who was suffering the affects of the attack) unloaded
him.  Until he can get back up, your only recourse is to find caches of the
site.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread Rich Shepard 
On Thu, 22 Sep 2016, John Meissen wrote:

> Because that's what his nameserver is returning as his IP address. Not
> much you can do until that changes.

John,

   I suspected as much. Could this be a result of the DDoS attack?

Thanks,

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Web site URL points to localhost

2016-09-22 Thread John Meissen 

rshep...@appl-ecosys.com said:
>I would appreciate someone explaining why I might be seeing these results
> and offer ideas how I might once again reach his web site. 

Because that's what his nameserver is returning as his IP address. Not much you 
can do until that changes.


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Web site URL points to localhost

2016-09-22 Thread Rich Shepard 
   I realized this afternoon that I've not checked Brian Krebs' blog for a
few days so I tried to access www.krebsonsecurity.com. This pointed to
localhost, not his web site.

   A web search revealed that yesterday his site suffered a massive DDoS
attack, apparently from a IOT botnet. But, his site is supposedly up and
running. So why can't I access it?

   When I ping the URL it returns localhost. 'host krebsonsecurity.com
krebsonsecurity.com' tells me it has address 127.0.0.1. traceroute shows the
same thing: 1  localhost (127.0.0.1)  0.016 ms  0.003 ms  0.003 ms

   I would appreciate someone explaining why I might be seeing these results
and offer ideas how I might once again reach his web site.

Rich
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug