Re: [PLUG] Web site URL points to localhost
I almost wondered if this was going to start just before the election as a "tech October Surprise". If you cut people off from information, communication, etc. you control what they know and hopefully their vote. Just like the Agents Provocateurs in many critical US cities seem well funded and coordinated (as well as being bused in)- There are those who profit from chaos. The Ancient Greeks said: " People get the government they deserve". As long as the Cardassians (?) are better known than the candidates & issues nothing will change. Blessings, Paul W. On Sun, Sep 25, 2016 at 11:18 AM, Rich Shepardwrote: > On Fri, 23 Sep 2016, King Beowulf wrote: > > > Akamai and others don't protect against this sort of attack because there > > simply is no business case to support the expenditure (Don't even get me > > started on Yahoo). Not only do we need to be more cognizant of our own > > personal security, but we need to force private enterprise to do the > same. > > The network backbone is now required infrastructure - just as important > as > > roads/bridges and the electric grid. > >Brian's site is back up using Google's security. Read all of today's > article to get the full story. It's both interesting and troubling; wonder > if there are things we can do as individuals to reduce vulnerabilities. > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Fri, 23 Sep 2016, King Beowulf wrote: > Akamai and others don't protect against this sort of attack because there > simply is no business case to support the expenditure (Don't even get me > started on Yahoo). Not only do we need to be more cognizant of our own > personal security, but we need to force private enterprise to do the same. > The network backbone is now required infrastructure - just as important as > roads/bridges and the electric grid. Brian's site is back up using Google's security. Read all of today's article to get the full story. It's both interesting and troubling; wonder if there are things we can do as individuals to reduce vulnerabilities. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
That is actually a well recognized economic fallacy. What it leaves out is the fact that that money could have been spent on other things that would improve our lives, instead of replacing perfectly good things with no net benefit. That is why many people oppose "alternative" energy - it will waste the billions we spent on our perfectly OK current power system with new. While that money would be better spent improving our lives, bringing people out of poverty, building new roads, or feeding our families. Unfortunately most politicians don't have a clue about this or other economic concepts. thanks JK At 08:57 AM 9/24/2016, Denis Heidtmann wrote: >On Fri, Sep 23, 2016 at 8:20 PM, Russell Johnsonwrote: > > > > > ... > > Just as law enforcement won't eliminate or curtail, or in a lot of > > instances prosecute these crimes because the gain to the economy is much > > more than the losses incurred. > > > > >If true, this is an example of why I could never understand economics. If >I set fire to a bunch of buildings, the economy improves since all those >fire fighters, demolition and construction workers are now employed. Let's >become the richest country in the world by setting fire to all our cities! >Econ-logic. > >-Denis >___ >PLUG mailing list >PLUG@lists.pdxlinux.org >http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Sat, 24 Sep 2016, Denis Heidtmann wrote: > If true, this is an example of why I could never understand economics. If > I set fire to a bunch of buildings, the economy improves since all those > fire fighters, demolition and construction workers are now employed. Let's > become the richest country in the world by setting fire to all our cities! > Econ-logic. A cynic might apply the same logic to vehicle accidents. There's lot of economic stimulus that follows an accident. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Fri, Sep 23, 2016 at 8:20 PM, Russell Johnsonwrote: > > ... > Just as law enforcement won't eliminate or curtail, or in a lot of > instances prosecute these crimes because the gain to the economy is much > more than the losses incurred. > If true, this is an example of why I could never understand economics. If I set fire to a bunch of buildings, the economy improves since all those fire fighters, demolition and construction workers are now employed. Let's become the richest country in the world by setting fire to all our cities! Econ-logic. -Denis ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
> On Sep 23, 2016, at 10:30, Rich Shepardwrote: > > If it's true that the majority of DDoS attacks use compromised individual > hosts collected into a botnet, seems to me that reducing the number of such > compromised systems would be a good place to start. That would seem logical. However, the powers that be have zero interest in making it go away or subside, because their mere existence gives rise to a whole industry of products to protect people from these things. Just as law enforcement won't eliminate or curtail, or in a lot of instances prosecute these crimes because the gain to the economy is much more than the losses incurred. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Fri, 23 Sep 2016, bro...@netgate.net wrote: > It's time we start to defend our Internet borders similar to how we defend > our actual borders. After helping to build this mess I'm convinced it's > time to make the Internet a much smaller place. Still allowing anyone > access, but for most services your worldview would be much smaller than it > is today. I'm strictly an end user who runs his own mail server (but not an externally-pointed web browser). While not a computer professional I've observed patterns in e-mail UCE abuse, and my limited understanding of bad actors has depended a lot on what I read here and on Brian Krebs' blog (and his book). Seems to me there are certain small steps that can be more easily taken that _could_ reduce DDoS attacks. If it's true that the majority of DDoS attacks use compromised individual hosts collected into a botnet, seems to me that reducing the number of such compromised systems would be a good place to start. There are two reactions to my reports of spam to the ISP that sent them to me that continue to puzzle me. One is ISPs that have no published abuse@ address. This is almost universal in Latin American countries based on the spam that makes it into my inbox. The second is more puzzling to me: abuse reports that are rejected because they contain spam or have malicious attachments. Duh! Really? Isn't that why an ISP has an abuse@ address in the first place? The sub-set of this is receiving the bounced message because that username's mailbox is full and cannot take in more reports. While the solution is probably more complex than my understanding, seems to me that taking compromised hosts off the 'Net until cleaned would be a good first step. After all, as one famous person once said (or wrote), "when you're in a hole, stop digging." Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On 09/23/2016 09:08 AM, bro...@netgate.net wrote: > > From: STRUCTURE EVENTS Newsletter > > - > KREBSONSECURITY HIT WITH RECORD DDOS > > Brian Krebs is one of the most hard-working and influential journalists in > the field of information security, which means he has made a few enemies > over the years. Krebs' site was hit this week by what Akamai called the > largest DDoS attack it had ever seen, according to a blog post from Krebs. > He later tweeted that Akamai was forced to take his site offline. > - > >> And the bad guys win; that's exactly what they were trying to achieve. How >> unfortunate. > > It's time we start to defend our Internet borders similar to how we defend > our actual borders. After helping to build this mess I'm convinced it's > time to make the Internet a much smaller place. Still allowing anyone > access, but for most services your worldview would be much smaller than it > is today. If a distributed network such as Akamai can't offer any defense > against this sort of attack, no one can. Think about it. This attack > caused so much traffic on the Akamai network that it affected other > customers. The only way they could defend their network was to remove the > endpoint being attacked. It's time to reduce the attack surface we make > available to the bad guys. > > Kevin > Absolutely fantastic. Back to walled gardens then? I wounder where my old AOL CD isis Compuserve still up? I wonder if my house's POTS wiring still works... I don't think being shrinking violets is the answer. The Internet is now part of the growth of Human culture and knowledge and has no true border. Akamai and others don't protect against this sort of attack because there simply is no business case to support the expenditure (Don't even get me started on Yahoo). Not only do we need to be more cognizant of our own personal security, but we need to force private enterprise to do the same. The network backbone is now required infrastructure - just as important as roads/bridges and the electric grid. After all the old ATT a Bell may have been a pain in the ass, but there was ALWAYS a dial tone. Perhaps, too, we should also take a few of our congress critters behind the wood shed for a security lesson. They will then not be so keen to allow our "three letter agencies" to poke holes into our networks, but, rather, figure ways to improve security. -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
From: STRUCTURE EVENTS Newsletter - KREBSONSECURITY HIT WITH RECORD DDOS Brian Krebs is one of the most hard-working and influential journalists in the field of information security, which means he has made a few enemies over the years. Krebs' site was hit this week by what Akamai called the largest DDoS attack it had ever seen, according to a blog post from Krebs. He later tweeted that Akamai was forced to take his site offline. - > And the bad guys win; that's exactly what they were trying to achieve. How > unfortunate. It's time we start to defend our Internet borders similar to how we defend our actual borders. After helping to build this mess I'm convinced it's time to make the Internet a much smaller place. Still allowing anyone access, but for most services your worldview would be much smaller than it is today. If a distributed network such as Akamai can't offer any defense against this sort of attack, no one can. Think about it. This attack caused so much traffic on the Akamai network that it affected other customers. The only way they could defend their network was to remove the endpoint being attacked. It's time to reduce the attack surface we make available to the bad guys. Kevin ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
Also posted by Krebs yesterday Also, it seems clear that whoever built this ddos cannon has been testing it (in europe at OVH, in South America on Tuesday, elsewhere) Bruce Schneier had this to say about large scale DDoS attacks https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html -- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Phone: 509.375.2687 Fax: 509.375.4399 Email: cathy.sm...@pnnl.gov -Original Message- From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Rich Shepard Sent: Friday, September 23, 2016 8:24 AM To: Portland Linux/Unix Group <plug@lists.pdxlinux.org> Subject: Re: [PLUG] Web site URL points to localhost On Fri, 23 Sep 2016, Smith, Cathy wrote: > KrebsOnSecurity is still down this morning. So I noticed. > He posted this on Twitter late last night. > It's looking likely that KrebsOnSecurity will be offline for a while. > Akamai's kicking me off their network tonight. And the bad guys win; that's exactly what they were trying to achieve. How unfortunate. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Fri, 23 Sep 2016, Smith, Cathy wrote: > KrebsOnSecurity is still down this morning. So I noticed. > He posted this on Twitter late last night. > It's looking likely that KrebsOnSecurity will be offline for a > while. Akamai's kicking me off their network tonight. And the bad guys win; that's exactly what they were trying to achieve. How unfortunate. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
KrebsOnSecurity is still down this morning. He posted this on Twitter late last night. It's looking likely that KrebsOnSecurity will be offline for a while. Akamai's kicking me off their network tonight. -- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Phone: 509.375.2687 Fax: 509.375.4399 Email: cathy.sm...@pnnl.gov -Original Message- From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Russell Senior Sent: Friday, September 23, 2016 12:59 AM To: Portland Linux/Unix Group <plug@lists.pdxlinux.org> Subject: Re: [PLUG] Web site URL points to localhost >>>>> "John" == John Meissen <j...@meissen.org> writes: John> rshep...@appl-ecosys.com said: >> I would appreciate someone explaining why I might be seeing these >> results and offer ideas how I might once again reach his web site. John> Because that's what his nameserver is returning as his IP address. John> Not much you can do until that changes. Of course, if you know what his site's actual IP address is, you could temporarily plunk it in /etc/hosts and bypass the DNS lookup. If his site really is up, then that should work. And, no, I don't know his site's ip address. -- Russell Senior, President russ...@personaltelco.net ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
> "John" == John Meissenwrites: John> rshep...@appl-ecosys.com said: >> I would appreciate someone explaining why I might be seeing these >> results and offer ideas how I might once again reach his web site. John> Because that's what his nameserver is returning as his IP John> address. Not much you can do until that changes. Of course, if you know what his site's actual IP address is, you could temporarily plunk it in /etc/hosts and bypass the DNS lookup. If his site really is up, then that should work. And, no, I don't know his site's ip address. -- Russell Senior, President russ...@personaltelco.net ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Thu, 22 Sep 2016, Ronald Chmara wrote: > https://web.archive.org/web/20160922124922/http://krebsonsecurity.com/ is > the last internet archive has, from 2016/09/22 (the comments section on > the article go to 09/21), so it's up to the last 24 hours or so. Thanks. That's a good URL to know. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
https://web.archive.org/web/20160922124922/http://krebsonsecurity.com/ is the last internet archive has, from 2016/09/22 (the comments section on the article go to 09/21), so it's up to the last 24 hours or so. On Thu, Sep 22, 2016 at 5:02 PM, Rich Shepardwrote: > On Thu, 22 Sep 2016, Ali Corbin wrote: > > > His service provider (who was suffering the affects of the attack) > > unloaded him. Until he can get back up, your only recourse is to find > > caches of the site. >Checking site caches will not show me any articles he's published > recently. I check his site each morning to learn who else has been hacked > and whether I'm at risk. > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Thu, 22 Sep 2016, Ali Corbin wrote: > His service provider (who was suffering the affects of the attack) > unloaded him. Until he can get back up, your only recourse is to find > caches of the site. Ali, I didn't search that far since I'm not well educated on DNS. I also did not run dig which tells me it's a DNS issue. Checking site caches will not show me any articles he's published recently. I check his site each morning to learn who else has been hacked and whether I'm at risk. Thanks for the insight, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
I'm not surprised. I was able to get to his site this morning, but not this afternoon. -- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Phone: 509.375.2687 Fax: 509.375.4399 Email: cathy.sm...@pnnl.gov -Original Message- From: plug-boun...@lists.pdxlinux.org [mailto:plug-boun...@lists.pdxlinux.org] On Behalf Of Ali Corbin Sent: Thursday, September 22, 2016 4:57 PM To: Portland Linux/Unix Group <plug@lists.pdxlinux.org> Subject: Re: [PLUG] Web site URL points to localhost His service provider (who was suffering the affects of the attack) unloaded him. Until he can get back up, your only recourse is to find caches of the site. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
His service provider (who was suffering the affects of the attack) unloaded him. Until he can get back up, your only recourse is to find caches of the site. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
On Thu, 22 Sep 2016, John Meissen wrote: > Because that's what his nameserver is returning as his IP address. Not > much you can do until that changes. John, I suspected as much. Could this be a result of the DDoS attack? Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Web site URL points to localhost
rshep...@appl-ecosys.com said: >I would appreciate someone explaining why I might be seeing these results > and offer ideas how I might once again reach his web site. Because that's what his nameserver is returning as his IP address. Not much you can do until that changes. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Web site URL points to localhost
I realized this afternoon that I've not checked Brian Krebs' blog for a few days so I tried to access www.krebsonsecurity.com. This pointed to localhost, not his web site. A web search revealed that yesterday his site suffered a massive DDoS attack, apparently from a IOT botnet. But, his site is supposedly up and running. So why can't I access it? When I ping the URL it returns localhost. 'host krebsonsecurity.com krebsonsecurity.com' tells me it has address 127.0.0.1. traceroute shows the same thing: 1 localhost (127.0.0.1) 0.016 ms 0.003 ms 0.003 ms I would appreciate someone explaining why I might be seeing these results and offer ideas how I might once again reach his web site. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug