Are you certain it was a DoS attempt? They may have just been running a surveillance software package such as URLy warning, which GETs the pages of a site repeatedly and diffs them to watch for updates. In the case of an (non-)organization like Occupy I can't imagine law enforcement would neglect to do this. I've been on the receiving end of this sort of thing myself (long story).
-- Jayfar On Tue, May 21, 2013 at 12:07 AM, Charles Wyble <charles-li...@knownelement.com> wrote: > Sorry. The occupy site was on a shared hosting plan at the company I worked > for. > > Source determined via Whois output for the attacking ip found via our > analysis. It was a rather crude dos attack (repeated get requests). At first > we figured they were just mirroring the site for offline analysis or > something, but it soon became evident they were just hammering the site. > > Yes we could of sued. However the inevitable stonewalling, endless resources > of the feds etc would of made for a long and exhaustive legal battle. > > This was at the height of the occupy activities. Far worse offenses were > being committed by federal, state and local govts during that period than a > dos attack by DHS. > > > "Jason L. Sparks" <jlspa...@gmail.com> wrote: > >>"No attempt to hide the source IP" >>"I mean, they were using a shared hosting plan" >> >>What makes you certain it was DHS? >> >>Genuinely curious, because this is a hell of a claim. >>-- >>Jason >> >> >>On Mon, May 20, 2013 at 3:29 PM, Mike Hale >><eyeronic.des...@gmail.com>wrote: >> >>> Would it be futile though? I mean...DHS running a DOS against an >>> American organization is the kind of stuff that makes Constitutional >>> lawyers salivate. >>> >>> I'm not trying to call you out, btw. I'm genuinely curious why the >>> hosting company itself didn't file suit. You've got a US Government >>> agency abusing your resources and acting in a blatantly illegal >>> manner. That's the kind of stuff that results in letters of >>> resignation when publicized. >>> >>> On Mon, May 20, 2013 at 12:13 PM, Charles Wyble >>> <charles-li...@knownelement.com> wrote: >>> > Yes. I'm aware of that. It would be futile in most cases, which is >>a >>> huge problem in and of itself, as that's really the only recourse. >>> > >>> > I mean they were using a shared hosting plan. Not exactly deep >>pocketed. >>> > >>> > My point is that the abuse of power is blatant and they are >>unafraid of >>> any kind of retaliation. They don't need to hide. >>> > >>> > Mike Hale <eyeronic.des...@gmail.com> wrote: >>> > >>> >>"Sue them?" >>> >>Uhm...yes? That's why we have courts that we can sue federal >>agencies >>> >>in. >>> >> >>> >>On Mon, May 20, 2013 at 11:58 AM, Charles Wyble >>> >><charles-li...@knownelement.com> wrote: >>> >>> No proxy needed. No need to hide. >>> >>> >>> >>> While working for a very large hosting company, I once observed >>DHS >>> >>hammering an occupy related website. No attempt to hide the source >>ip >>> >>or anything. >>> >>> >>> >>> What are you going to do? Sue them? If they wish to take a site >>> >>offline, they will ddos it or simply seize the domain under the >>> >>national security banner. >>> >>> >>> >>> >>> >>> >>> >>> "<<"tei''>>>" <oscar.vi...@gmail.com> wrote: >>> >>> >>> >>>>On 20 May 2013 01:58, Michael Painter <tvhaw...@shaka.com> wrote: >>> >>>>> >>> >>>> >>> >>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/ >>> >>>>> >>> >>>> >>> >>>>More on the same topic. >>> >>>> >>> >>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475 >>> >>>> >>> >>>>Maybe the FBI use this to commit crimes in USA using a foreign >>> >>company >>> >>>>as proxy so nothing dirty show on the books. That way the FBI can >>> >>>>avoid respecting USA laws. >>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>>-- >>> >>>>-- >>> >>>>ℱin del ℳensaje. >>> >>> >>> >>> -- >>> >>> Charles Wyble >>> >>> char...@knownelement.com / 818 280 7059 >>> >>> CTO Free Network Foundation (www.thefnf.org) >>> >> >>> >> >>> >> >>> >>-- >>> >>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 >>> > >>> > -- >>> > Charles Wyble >>> > char...@knownelement.com / 818 280 7059 >>> > CTO Free Network Foundation (www.thefnf.org) >>> >>> >>> >>> -- >>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 >>> >>> > > -- > Charles Wyble > char...@knownelement.com / 818 280 7059 > CTO Free Network Foundation (www.thefnf.org)