i never followed wikileaks until recently, but their twitter stuff sounds like its operated by a 9 year old who hasnt gotten his chicken nuggets or adderal
On Fri, Oct 21, 2016 at 4:17 PM, Tushar Patel <tpa...@ecpi.com> wrote: > Lol was for the "wall". > > Tushar > > > On Oct 21, 2016, at 4:14 PM, Tim Reichhart <timreichh...@hometowncable.net> > wrote: > > > > <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwiWw6Pz5-zPAhULw4MKHXxzAdEQqQIIIzAC&url=http%3A%2F%2Fwww.nbcnews.com%2Fnews%2Fus-news%2Fu-s-urged-ecuador-act-against-assange-n669271&usg=AFQjCNFuBoBAn34nGg1E9PfoLvURndTCFQ> > I say this major ddos attack is sure blow back on what US told Ecuador to > Act Against WikiLeaks Leader. > > ------------------------------ > -----Original Message----- > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > To: af@afmug.com > Date: 10/21/16 05:06 PM > Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick > > i think there are only two hackers left, the rest are script kiddies > half of these mopes calling themselves "hackers" have little education, > hacking quite often requires a high degree of mathmatics capability, most > of these l77t "hackers" cant even multiply > > > On Fri, Oct 21, 2016 at 3:52 PM, Paul Stewart <p...@paulstewart.org> > wrote: > >> Good point … and totally agree that the word "hacking" used to mean >> something - now it just kinda makes people laugh and not take it seriously >> at all anymore… >> >> >> On Oct 21, 2016, at 4:44 PM, Ken Hohhof <af...@kwisp.com> wrote: >> >> >> I think his point was that a denial of service attack is not hacking. >> >> I just heard on the radio someone was asking, if I try to use Twitter and >> it doesn't work because of this attack, is my computer how hacked? >> >> Even stuff that rightly gets called hacking is an insult to hackers. Like >> if your webcam is on a public IP address and I guess that the password is >> 1234, and that gets me root access to install whatever I want, it hardly >> seems right to call that hacking. >> >> But taking down a site by flooding it (or its authoritative DNS servers) >> with traffic is not the same as hacking the site. >> >> >> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On >> Behalf Of *Paul Stewart >> *Sent:* Friday, October 21, 2016 3:34 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> Agree…. it should be focused on end users better securing themselves …. >> >> >> On Oct 21, 2016, at 3:44 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >> Im getting irritated by news reports calling this hacking. That term has >> been so obfuscated by dimwits that it has no value >> >> On Fri, Oct 21, 2016 at 1:54 PM, Josh Luthman < >> j...@imaginenetworksllc.com> wrote: >> >> It works great for me 90% of the time. The other 10% it refuses to >> function at all. >> >> >> Josh Luthman >> Office: 937-552-2340 <http://tel:937-552-2340> >> Direct: 937-552-2343 <http://tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> On Fri, Oct 21, 2016 at 2:50 PM, Paul Stewart <p...@paulstewart.org> >> wrote: >> >> LOL …. scary shit…. >> >> Facebook being slow isn't anything new in my experience … they have to be >> having a hard time keeping up sometimes …. last I heard they were adding >> something around 200-300 new servers a day in each data centre >> >> >> On Oct 21, 2016, at 2:48 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >> forcing people to interact in person... a dangerous prospect in these >> times >> >> On Fri, Oct 21, 2016 at 1:43 PM, Tim Reichhart < >> timreichh...@hometowncable.net> wrote: >> >> It seems like facebook is also getting slow. >> >> >> ------------------------------ >> >> -----Original Message----- >> From: "Travis Johnson" <t...@ida.net> >> To: af@afmug.com >> Date: 10/21/16 02:37 PM >> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> This is still going right now... big and small websites and ISP's are >> unreachable and unresponsive. :( >> >> Travis >> >> On 10/21/2016 12:19 PM, Ken Hohhof wrote: >> >> >> Interesting, according to that, the ISP DNS servers are recruited as part >> of the attack on the victim's authoritative DNS servers, by sending queries >> from within the ISP's network. >> >> No spoofing, no amplification, no misconfigured DNS servers required, yet >> the ISP's DNS servers are used to send the attack traffic. All that is >> needed is a compromised IoT to send the query. >> >> >> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On >> Behalf Of* Josh Baird >> *Sent:* Friday, October 21, 2016 12:42 PM >> >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> Right - crap IoT devices on the Mirai botnet were responsible for shoving >> 620+Gbps of traffic at Akamai to take down Krebs (and over 1Tbps to take >> down OVH). No spoofing involved. >> >> Interesting article on the techniques used by Mirai: >> >> https://f5.com/about-us/news/articles/mirai-the-iot-bot-that >> -took-down-krebs-and-launched-a-tbps-ddos-attack-on-ovh-21937 >> >> >> >> On Fri, Oct 21, 2016 at 1:30 PM, Ken Hohhof <af...@kwisp.com> wrote: >> >> The amplifier would receive a query from a spoofed IP address, and >> respond using a legit IP address. So the attacker needs to control some >> computers that can spoof the victim's IP address, but the actual attack >> traffic comes from the amplifiers using legit source IPs. >> >> In the case of IoT botnets, I'm not sure any spoofing is required. >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of* Josh Baird >> *Sent:* Friday, October 21, 2016 12:21 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> It's a good start. It attempts to prevent spoofed traffic originating >> from your network to leave your network (or BCP38). >> >> On Fri, Oct 21, 2016 at 1:19 PM, Josh Luthman < >> j...@imaginenetworksllc.com> wrote: >> >> It can't be that simple...can it? >> >> >> Josh Luthman >> Office: 937-552-2340 <http://tel:937-552-2340> >> Direct: 937-552-2343 <http://tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> >> On Fri, Oct 21, 2016 at 1:17 PM, Mike Hammett <af...@ics-il.net> wrote: >> >> /ip firewall address-list >> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" >> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream >> customer X IPs" >> >> /ip firewall filter >> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no >> out-interface="To-Upstream" dst-address-list=!"Public-IPs" >> >> That was largely composed off of the top of my head and typed on my >> phone, so it may not be completely accurate. >> >> >> You should also do it on customer-facing ports not allowing anything to >> come in, but that would be best approached once Mikrotik and the per >> interface setting for unicast reverse path filtering. You would then said >> customer facing interfaces to strict and all other interfaces to loose. >> They accepted the feature request, just haven't implemented it yet. >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> >> *From:* "Mike Hammett" <af...@ics-il.net> >> *To:* af@afmug.com >> *Sent:* Friday, October 21, 2016 11:21:35 AM >> *Subject:* [AFMUG] Another large DDoS, Stop Being a Dick >> >> There's another large DDoS going on now. Go to this page to see if you >> can be used for UDP amplification (or other spoofing) attacks: >> >> https://www.caida.org/projects/spoofer/ >> >> Go to these pages for more longer term bad behavior monitoring: >> >> https://www.shadowserver.org/wiki/ >> https://radar.qrator.net/ >> >> >> Maybe we need to start a database of ASNs WISPs are using and start >> naming and shaming them when they have bad actors on their network. This is >> serious, people. Take it seriously. >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> >> >> > > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
